This commit addresses an issue in the privacy.sexy desktop application
where scripts executed as administrator on Windows were running in the
background. This was observed in environments like Windows Pro VMs on
Azure, where operations typically run with administrative privileges.
Previously, the application used the `"$path"` shell command to execute
scripts. This mechanism failed to activate the logic for requesting
admin privileges if the app itself was running as an administrator.
To resolve this, the script execution process has been modified to
explicitly ask for administrator privileges using the `VerbAs` method.
This ensures that the script always runs in a new `cmd.exe` window,
enhancing visibility and user interaction.
Other supporting changes:
- Rename the generated script file from `run-{timestamp}-{extension}` er
to `{timestamp}-privacy-script-{extension}` for clearer identification
and better file sorting.
- Refactor `ScriptFileCreator` to parameterize file extension and
script name.
- Rename `OsTimestampedFilenameGenerator` to
`TimestampedFilenameGenerator` to better reflect its new and more
scoped functionality after refactoring mentioned abvoe.
- Remove `setAppName()` due to ineffective behavior in Windows.
- Update `SECURITY.md` to highlight that the app doesn't require admin
rights for standard operations.
- Add `.editorconfig` settings for PowerShell scripts.
- Add a integration test for script execution logic. Improve environment
detection for more reliable test execution.
- Disable application logging during unit/integration tests to keep test
outputs clean and focused.
This commit fixes an issue seen on certain Windows environments (Windows
10 22H2 and 11 23H2 Pro Azure VMs) where scripts were being deleted
during execution due to temporary directory usage. To resolve this,
scripts are now stored in a persistent directory, enhancing reliability
for long-running scripts and improving auditability along with
troubleshooting.
Key changes:
- Move script execution logic to the `main` process from `preloader` to
utilize Electron's `app.getPath`.
- Improve runtime environment detection for non-browser environments to
allow its usage in Electron main process.
- Introduce a secure module to expose IPC channels from the main process
to the renderer via the preloader process.
Supporting refactorings include:
- Simplify `CodeRunner` interface by removing the `tempScriptFolderName`
parameter.
- Rename `NodeSystemOperations` to `NodeElectronSystemOperations` as it
now wraps electron APIs too, and convert it to class for simplicity.
- Rename `TemporaryFileCodeRunner` to `ScriptFileCodeRunner` to reflect
its new functinoality.
- Rename `SystemOperations` folder to `System` for simplicity.
- Rename `HostRuntimeEnvironment` to `BrowserRuntimeEnvironment` for
clarity.
- Refactor main Electron process configuration to align with latest
Electron documentation/recommendations.
- Refactor unit tests `BrowserRuntimeEnvironment` to simplify singleton
workaround.
- Use alias imports like `electron/main` and `electron/common` for
better clarity.
This commit addresses an issue where macOS was incorrectly identified as
iPadOS in Chromium-based browsers. The root cause was related to touch
support detection being inaccurately triggered on Chromium browsers,
leading to misidentification.
The bug caused two issues:
1. Desktop version: Script execution on macOS did not work as the
desktop app wrongly assumed that it was running on iPadOS.
2. Web and desktop version: The UI didn't default to macOS, presuming an
iPadOS environment.
This bug was exclusive to Chromium browsers on macOS. Firefox and Safari
didn't exhibit this behavior, as they handle touch event browser API
as differently and initially expected.
Key changes:
- Improve touch support detection to accurately differentiate between
macOS and iPadOS by removing an identification method used that is not
reliable for Chromium-based browsers.
- Update user agent detection to correctly identify Electron-based
applications as macOS even without needing the information from the
preloader context.
This commit enhances application security against potential attacks by
isolating dependencies that access the host system (like file
operations) from the renderer process. It narrows the exposed
functionality to script execution only, adding an extra security layer.
The changes allow secure and scalable API exposure, preparing for future
functionalities such as desktop notifications for script errors (#264),
improved script execution handling (#296), and creating restore points
(#50) in a secure and repeatable way.
Changes include:
- Inject `CodeRunner` into Vue components via dependency injection.
- Move `CodeRunner` to the application layer as an abstraction for
better domain-driven design alignment.
- Refactor `SystemOperations` and related interfaces, removing the `I`
prefix.
- Update architecture documentation for clarity.
- Update return types in `NodeSystemOperations` to match the Node APIs.
- Improve `WindowVariablesProvider` integration tests for better error
context.
- Centralize type checks with common functions like `isArray` and
`isNumber`.
- Change `CodeRunner` to use `os` parameter, ensuring correct window
variable injection.
- Streamline API exposure to the renderer process:
- Automatically bind function contexts to prevent loss of original
context.
- Implement a way to create facades (wrapper/proxy objects) for
increased security.
This commit resolves the issue with the `:active` pseudo-class not
activating in mobile Safari on iOS devices. It introduces a workaround
specifically for mobile Safari on iOS/iPadOS to enable the `:active`
pseudo-class. This ensures a consistent and responsive user interface
in response to touch states on mobile Safari.
Other supporting changes:
- Introduce new test utility functions such as `createWindowEventSpies`
and `formatAssertionMessage` to improve code reusability and
maintainability.
- Improve browser detection:
- Add detection for iPadOS and Windows 10 Mobile.
- Add touch support detection to correctly determine iPadOS vs macOS.
- Fix misidentification of some Windows 10 Mobile platforms as Windows
Phone.
- Improve test coverage and refactor tests.
This commit applies `strictNullChecks` to the entire codebase to improve
maintainability and type safety. Key changes include:
- Remove some explicit null-checks where unnecessary.
- Add necessary null-checks.
- Refactor static factory functions for a more functional approach.
- Improve some test names and contexts for better debugging.
- Add unit tests for any additional logic introduced.
- Refactor `createPositionFromRegexFullMatch` to its own function as the
logic is reused.
- Prefer `find` prefix on functions that may return `undefined` and
`get` prefix for those that always return a value.
Test improvements:
- Capture titles for all macOS windows, not just the frontmost.
- Incorporate missing application log files.
- Improve log clarity with enriched context.
- Improve application termination on macOS by reducing grace period.
- Ensure complete application termination on macOS.
- Validate Vue application loading through an initial log.
- Support ignoring environment-specific `stderr` errors.
- Do not fail the test if working directory cannot be deleted.
- Use retry pattern when installing dependencies due to network errors.
Refactorings:
- Migrate the test code to TypeScript.
- Replace deprecated `rmdir` with `rm` for error-resistant directory
removal.
- Improve sanity checking by shifting from App.vue to Vue bootstrapper.
- Centralize environment variable management with `EnvironmentVariables`
construct.
- Rename infrastructure/Environment to RuntimeEnvironment for clarity.
- Isolate WindowVariables and SystemOperations from RuntimeEnvironment.
- Inject logging via preloader.
- Correct mislabeled RuntimeSanity tests.
Configuration:
- Introduce `npm run check:desktop` for simplified execution.
- Omit `console.log` override due to `nodeIntegration` restrictions and
reveal logging functionality using context-bridging.
Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
- Switch from deprecated Vue CLI plugin to `electron-vite` (see
nklayman/vue-cli-plugin-electron-builder#1982)
- Update main/preload scripts to use `index.cjs` filenames to support
`"type": "module"`, resolving crash issue (#233). This crash was
related to Electron not supporting ESM (see electron/asar#249,
electron/electron#21457).
- This commit completes migration to Vite from Vue CLI (#230).
Structure changes:
- Introduce separate folders for Electron's main and preload processes.
- Move TypeHelpers to `src/` to mark tit as accessible by the rest of
the code.
Config changes:
- Make `vite.config.ts` reusable by Electron configuration.
- On electron-builder, use `--publish` flag instead of `-p` for clarity.
Tests:
- Add log for preload script loading verification.
- Implement runtime environment sanity checks.
- Enhance logging in `check-desktop-runtime-errors`.
This commit progresses the migration from Vue CLI to Vite (#230).
TypeScript migration:
- Convert JavaScript Cypress tests and configurations to TypeScript.
- Introduce `tsconfig.json` for Cypress, following official
recommendation.
Test execution:
- Use Cypress CLI to run the tests.
- Rename Cypress commands to reflect official naming conventions.
- Start Vue server prior to Cypress execution, using
`start-server-and-test` package based on official documentation.
- Remove dependency on Vue CLI plugin ((`@vue/cli-plugin-e2e-cypress`).
Configuration standardization (based on Cypress docs):
- Delete unused `plugins/` directory.
- Move test (spec) files to to the root directory.
- Add official ESLint plugin (`eslint-plugin-cypress`).
Changes for importing `vite.config.ts` into `cypress.config.ts`:
- Add TypeScript import assertations to files importing JSON files.
- Use ESM friendly way instead of `__dirname` to solve `ReferenceError:
__dirname is not defined in ES module scrope`.
Other changes:
- Simplify comments in placeholder files.
- Create Cypress specific `.gitignore` for enhanced maintainability,
clarity and scalability.
- Remove redundant `vue.config.cjs`.
This commit changes the web application's build, transpilation and
minification process from Vue CLI to Vite. This shift paves the way for
a full migration to Vite as the primary build tool (#230).
Configuration changes:
- `.vscode/extensions.json`: Update recommended plugins, replacing
unmaintained ones with official recommendations.
- Legacy browser support:
- Use `@vitejs/plugin-legacy` to transpile for older browsers.
- Remove `core-js` dependency and `babel.config.cjs` configuration as
they're now handled by the legacy plugin.
- Delete `@babel/preset-typescript` and `@babel/preset-typescript`
dependencies as legacy plugin handles babel dependencies by default.
- Add `terser` dependency that's used by the legacy plugin for
minification, as per Vite's official documentation.
- `tsconfig.json`:
- Remove obsolete `webpack-env` types.
- Add `"resolveJsonModule": true` to be able to read JSON files in
right way.
- Use correct casing as configuration values.
- Simplify `lib` to align with Vite and Vue starter configuration.
- Add `"skipLibCheck": true` as `npm run build` now runs `tsc` which
fails on inconsistent typings inside `node_modules` due to npm's
weak dependency resoultion.
- PostCSS:
- Add `autoprefixer` as dependency, no longer installed by Vue CLI.
- Epxlicitly added `postcss` as dependency to anticipate potential
peer dependency changes.
- Remove related `@vue/cli` dependencies.
- Remove `sass-loader` as Vite has native CSS preprocessing support.
- Run integration tests with `jsdom` environment so `window` object can
be used.
Client-side changes:
- Abstract build tool specific environment variable population.
Environment variables were previously populated by Vue CLI and now by
Vite but not having an abstraction caused issues. This abstraction
solves build errors and allows easier future migrations and testing.
- Change Vue CLI-specific `~@` aliases to `@` to be able to compile with
Vite.
- Update types in LiquorTree to satisfy `tsc`.
- Remove Vue CLI-specific workaround from `src/presentation/main.ts`.
Restructuring:
- Move `public/` to `presentation/` to align with the layered structure,
which was not possible with Vue CLI.
- Move `index.html` to web root instead of having it inside `public/` to
align with official recommended structure.
- Move logic shared by both integration and unit tests to
`tests/shared`.
- Move logo creation script to `scripts/` and its npm command to include
`build` to align with rest of the structure.
