This commit fixes an issue seen on certain Windows environments (Windows
10 22H2 and 11 23H2 Pro Azure VMs) where scripts were being deleted
during execution due to temporary directory usage. To resolve this,
scripts are now stored in a persistent directory, enhancing reliability
for long-running scripts and improving auditability along with
troubleshooting.
Key changes:
- Move script execution logic to the `main` process from `preloader` to
utilize Electron's `app.getPath`.
- Improve runtime environment detection for non-browser environments to
allow its usage in Electron main process.
- Introduce a secure module to expose IPC channels from the main process
to the renderer via the preloader process.
Supporting refactorings include:
- Simplify `CodeRunner` interface by removing the `tempScriptFolderName`
parameter.
- Rename `NodeSystemOperations` to `NodeElectronSystemOperations` as it
now wraps electron APIs too, and convert it to class for simplicity.
- Rename `TemporaryFileCodeRunner` to `ScriptFileCodeRunner` to reflect
its new functinoality.
- Rename `SystemOperations` folder to `System` for simplicity.
- Rename `HostRuntimeEnvironment` to `BrowserRuntimeEnvironment` for
clarity.
- Refactor main Electron process configuration to align with latest
Electron documentation/recommendations.
- Refactor unit tests `BrowserRuntimeEnvironment` to simplify singleton
workaround.
- Use alias imports like `electron/main` and `electron/common` for
better clarity.
This commit enhances application security against potential attacks by
isolating dependencies that access the host system (like file
operations) from the renderer process. It narrows the exposed
functionality to script execution only, adding an extra security layer.
The changes allow secure and scalable API exposure, preparing for future
functionalities such as desktop notifications for script errors (#264),
improved script execution handling (#296), and creating restore points
(#50) in a secure and repeatable way.
Changes include:
- Inject `CodeRunner` into Vue components via dependency injection.
- Move `CodeRunner` to the application layer as an abstraction for
better domain-driven design alignment.
- Refactor `SystemOperations` and related interfaces, removing the `I`
prefix.
- Update architecture documentation for clarity.
- Update return types in `NodeSystemOperations` to match the Node APIs.
- Improve `WindowVariablesProvider` integration tests for better error
context.
- Centralize type checks with common functions like `isArray` and
`isNumber`.
- Change `CodeRunner` to use `os` parameter, ensuring correct window
variable injection.
- Streamline API exposure to the renderer process:
- Automatically bind function contexts to prevent loss of original
context.
- Implement a way to create facades (wrapper/proxy objects) for
increased security.
