This commit upgrades TypeScript from 5.4 to 5.5 and enables the
`noImplicitAny` option for stricter type checking. It refactors code to
comply with `noImplicitAny` and adapts to new TypeScript features and
limitations.
Key changes:
- Migrate from TypeScript 5.4 to 5.5
- Enable `noImplicitAny` for stricter type checking
- Refactor code to comply with new TypeScript features and limitations
Other supporting changes:
- Refactor progress bar handling for type safety
- Drop 'I' prefix from interfaces to align with new code convention
- Update TypeScript target from `ES2017` and `ES2018`.
This allows named capturing groups. Otherwise, new TypeScript compiler
does not compile the project and shows the following error:
```
...
TimestampedFilenameGenerator.spec.ts:105:23 - error TS1503: Named capturing groups are only available when targeting 'ES2018' or later
const pattern = /^(?<timestamp>\d{4}-\d{2}-\d{2}_\d{2}-\d{2}-\d{2})-(?<scriptName>[^.]+?)(?:\.(?<extension>[^.]+))?$/;// timestamp-scriptName.extension
...
```
- Refactor usage of `electron-progressbar` for type safety and
less complexity.
This commit unifies executable ID structure across categories and
scripts, paving the way for more complex ID solutions for #262.
It also refactors related code to adapt to the changes.
Key changes:
- Change numeric IDs to string IDs for categories
- Use named types for string IDs to improve code clarity
- Add unit tests to verify ID uniqueness
Other supporting changes:
- Separate concerns in entities for data access and executables by using
separate abstractions (`Identifiable` and `RepositoryEntity`)
- Simplify usage and construction of entities.
- Remove `BaseEntity` for simplicity.
- Move creation of categories/scripts to domain layer
- Refactor CategoryCollection for better validation logic isolation
- Rename some categories to keep the names (used as pseudo-IDs) unique
on Windows.
This commit increases strictnes of tests by failing on tests (even
though they pass) if `console.warn` or `console.error` is used. This is
used to fix warning outputs from Vue, cleaning up test output and
preventing potential issues with tests.
This commit fixes all of the failing tests, including refactoring in
code to make them more testable through injecting Vue lifecycle
hook function stubs. This removes `shallowMount`ing done on places,
improving the speed of executing unit tests. It also reduces complexity
and increases maintainability by removing `@vue/test-utils` dependency
for these tests.
Changes:
- Register global hook for all tests to fail if console.error or
console.warn is being used.
- Fix all issues with failing tests.
- Create test helper function for running code in a wrapper component to
run code in reliable/unified way to surpress Vue warnings about code
not running inside `setup`.
This commit introduces type validation for parameter values within the
parser/compiler, aligning with the YAML schema. It aims to eliminate
dependencies on side effects in the collection files.
This update changes the treatment of data types in the Windows
collection, moving away from unintended type casting by the compiler.
Previously, numeric and boolean values were used even though only
string types were supported. This behavior was unstable and untested,
and has now been adjusted to use strings exclusively.
Changes ensure that parameter values are correctly validated
as strings, enhancing stability and maintainability.
This commit fixes a bug that causes tooltips to be slightly misaligned.
Tooltip positioning was incorrect during modal transitions due to their
initial movement, causing tooltips to align incorrectly at the start of
the animation rather than the end.
One way to solve this would be using `autoUpdate` from `floating-ui`
with `animationFrame: true`. However, this recalculates positions tens
of times per second, impacting performance. This is a monkey solution.
This commit adopts a more efficient approach by updating tooltip
positions only at the end of the transitions, which reduces calculations
and conserves resources.
Key changes:
- Addd transition end event listener for updating tooltip positions.
- Use throttling to eliminate excessive position recalculations.
Other supporting changes:
- Improve throttle function to support efficient recalculations of
positions:
- Add ability to optionally exclude the first execution (leading
call).
- Refactor to simplify it make it easier to follow and read.
- Fix a bug where initial calls were incorrectly throttled if
`dateNow()` returned `0`.
- Introduce and use a global hook for efficient DOM event management.
This greatily introduce safety, reuse and testability of event
listening.
This commit improves the management of script execution process by
enhancing the way terminal commands are handled, paving the way for
easier future modifications and providing clearer feedback to users when
scripts are cancelled.
Previously, the UI displayed a generic error message which could lead to
confusion if the user intentionally cancelled the script execution. Now,
a specific error dialog will appear, improving the user experience by
accurately reflecting the action taken by the user.
This change affects code execution on Linux where closing GNOME terminal
returns exit code `137` which is then treated by script cancellation by
privacy.sexy to show the accurate error dialog. It does not affect macOS
and Windows as curret commands result in success (`0`) exit code on
cancellation.
Additionally, this update encapsulates OS-specific logic into dedicated
classes, promoting better separation of concerns and increasing the
modularity of the codebase. This makes it simpler to maintain and extend
the application.
Key changes:
- Display a specific error message for script cancellations.
- Refactor command execution into dedicated classes.
- Improve file permission setting flexibility and avoid setting file
permissions on Windows as it's not required to execute files.
- Introduce more granular error types for script execution.
- Increase logging for shell commands to aid in debugging.
- Expand test coverage to ensure reliability.
- Fix error dialogs not showing the error messages due to incorrect
propagation of errors.
Other supported changes:
- Update `SECURITY.md` with details on script readback and verification.
- Fix a typo in `IpcRegistration.spec.ts`.
- Document antivirus scans in `desktop-vs-web-features.md`.
This commit updates the project's npm dependencies to their
latest versions.
Updates to the following dependencies are on hold due to compatibility
issues:
- `@typescript-eslint/eslint-plugin`:
- Blocked by `@vue/eslint-config-airbnb-with-typescript`
(vuejs/eslint-config-airbnb#63).
- `@typescript-eslint/parser`:
- Blocked by `@vue/eslint-config-airbnb-with-typescript`
(vuejs/eslint-config-airbnb#63).
- `@vue/eslint-config-typescript`:
- Blocked by `@vue/eslint-config-airbnb-with-typescript`
(vuejs/eslint-config-airbnb#63).
- `eslint`:
- Blocked by `@vue/eslint-config-airbnb-with-typescript`
(vuejs/eslint-config-airbnb#65).
- Blocked by `@typescript-eslint/eslint-plugin` and
`@typescript-eslint/parser`
(typescript-eslint/typescript-eslint#8211).
These dependencies remain at their current major versions, and
their status is documented in the `package.json` to inform future
updates.
Other supporting changes:
- Moves `@types/markdown-it` to `devDependencies` which was incorrectly
included in `dependencies`.
- Fix error in `TreeView.spec` tests, revealed by the version bump.
- Update `markdown-it` import to match the new file.
This commit upgrades TypeScript to the latest version 5.3 and introduces
`verbatimModuleSyntax` in line with the official Vue guide
recommendatinos (vuejs/docs#2592).
By enforcing `import type` for type-only imports, this commit improves
code clarity and supports tooling optimization, ensuring imports are
only bundled when necessary for runtime.
Changes:
- Bump TypeScript to 5.3.3 across the project.
- Adjust import statements to utilize `import type` where applicable,
promoting cleaner and more efficient code.
This commit improves markdown rendering to convert reference labels
(e.g., `[1]`) to superscripts, improving document readability without
cluttering the text. This improvement applies documentation of all
scripts and categories.
Changes:
- Implement superscript conversion for reference labels within markdown
content, ensuring a cleaner presentation of textual references.
- Enable HTML content within markdown, necessary for inserting `<sup>`
elements due to limitations in `markdown-it`, see
markdown-it/markdown-it#999 for details.
- Refactor markdown rendering process for improved testability and
adherence to the Single Responsibility Principle.
- Create `_typography.scss` with font size definitions, facilitating
better control over text presentation.
- Adjust external URL indicator icon sizing for consistency, aligning
images with the top of the text to maintain a uniform appearence.
- Use normal font-size explicitly for documentation text to ensure
consistency.
- Remove text size specification in `markdown-styles` mixin, using `1em`
for spacing to simplify styling.
- Rename font sizing variables for clarity, distinguishing between
absolute and relative units.
- Change `font-size-relative-smaller` to be `80%`, browser default for
`font-size: smaller;` CSS style and use it with `<sup>` elements.
- Improve the logic for converting plain URLs to hyperlinks, removing
trailing whitespace for cleaner link generation.
- Fix plain URL to hyperlink (autolinking) logic removing trailing
whitespace from the original markdown content. This was revealed by
tests after separating its logic.
- Increase test coverage with more tests.
- Add types for `markdown-it` through `@types/markdown-it` package for
better editor support and maintainability.
- Simplify implementation of adding custom anchor attributes in
`markdown-it` using latest documentation.
Add markdown rendering for script and category titles to improve the
presentation of textual content.
- Introduce reusable `MarkdownText` for markdown rendering.
- Incorporate markdown styling into dedicated SCSS file for clarity.
- Define explicit font sizes for consistent visual experience.
- Apply `MarkdownText` usage across UI for unified markdown rendering.
- Streamline related styles and layout for improved maintainability
- Set font sizes explicitly for better consistency and to avoid
unexpected inheritence.
This enhancement enables richer text formatting and improves the user
interface's flexibility in displaying content.
This commit introduces system-native error dialogs on desktop
application for code save or execution failures, addressing user confusion
described in issue #264.
This commit adds informative feedback when script execution or saving
fails.
Changes:
- Implement support for system-native error dialogs.
- Refactor `CodeRunner` and `Dialog` interfaces and their
implementations to improve error handling and provide better type
safety.
- Introduce structured error handling, allowing UI to display detailed
error messages.
- Replace error throwing with an error object interface for controlled
handling. This ensures that errors are propagated to the renderer
process without being limited by Electron's error object
serialization limitations as detailed in electron/electron#24427.
- Add logging for dialog actions to aid in troubleshooting.
- Rename `fileName` to `defaultFilename` in `saveFile` functions
to clarify its purpose.
- Centralize message assertion in `LoggerStub` for consistency.
- Introduce `expectTrue` in tests for clearer boolean assertions.
- Standardize `filename` usage across the codebase.
- Enhance existing test names and organization for clarity.
- Update related documentation.
This commit introduces native operating system file dialogs in the
desktop application replacing the existing web-based dialogs.
It lays the foundation for future enhancements such as:
- Providing error messages when saving or executing files, addressing
#264.
- Creating system restore points, addressing #50.
Documentation updates:
- Update `desktop-vs-web-features.md` with added functionality.
- Update `README.md` with security feature highlights.
- Update home page documentation to emphasize security features.
Other supporting changes include:
- Integrate IPC communication channels for secure Electron dialog API
interactions.
- Refactor `IpcRegistration` for more type-safety and simplicity.
- Introduce a Vue hook to encapsulate dialog functionality.
- Improve errors during IPC registration for easier troubleshooting.
- Move `ClientLoggerFactory` for consistency in hooks organization and
remove `LoggerFactory` interface for simplicity.
- Add tests for the save file dialog in the browser context.
- Add `Blob` polyfill in tests to compensate for the missing
`blob.text()` function in `jsdom` (see jsdom/jsdom#2555).
Improve environment detection logic:
- Treat test environment as browser environments to correctly activate
features based on the environment. This resolves issues where the
environment is misidentified as desktop, but Electron preloader APIs
are missing.
- Rename `isDesktop` environment identification variable to
`isRunningAsDesktopApplication` for better clarity and to avoid
confusion with desktop environments in web/browser/test environments.
- Simplify `BrowserRuntimeEnvironment` to consistently detect
non-desktop application environments.
- Improve environment detection for Electron main process
(electron/electron#2288).
This commit addresses an issue in the privacy.sexy desktop application
where scripts executed as administrator on Windows were running in the
background. This was observed in environments like Windows Pro VMs on
Azure, where operations typically run with administrative privileges.
Previously, the application used the `"$path"` shell command to execute
scripts. This mechanism failed to activate the logic for requesting
admin privileges if the app itself was running as an administrator.
To resolve this, the script execution process has been modified to
explicitly ask for administrator privileges using the `VerbAs` method.
This ensures that the script always runs in a new `cmd.exe` window,
enhancing visibility and user interaction.
Other supporting changes:
- Rename the generated script file from `run-{timestamp}-{extension}` er
to `{timestamp}-privacy-script-{extension}` for clearer identification
and better file sorting.
- Refactor `ScriptFileCreator` to parameterize file extension and
script name.
- Rename `OsTimestampedFilenameGenerator` to
`TimestampedFilenameGenerator` to better reflect its new and more
scoped functionality after refactoring mentioned abvoe.
- Remove `setAppName()` due to ineffective behavior in Windows.
- Update `SECURITY.md` to highlight that the app doesn't require admin
rights for standard operations.
- Add `.editorconfig` settings for PowerShell scripts.
- Add a integration test for script execution logic. Improve environment
detection for more reliable test execution.
- Disable application logging during unit/integration tests to keep test
outputs clean and focused.
This commit fixes an issue seen on certain Windows environments (Windows
10 22H2 and 11 23H2 Pro Azure VMs) where scripts were being deleted
during execution due to temporary directory usage. To resolve this,
scripts are now stored in a persistent directory, enhancing reliability
for long-running scripts and improving auditability along with
troubleshooting.
Key changes:
- Move script execution logic to the `main` process from `preloader` to
utilize Electron's `app.getPath`.
- Improve runtime environment detection for non-browser environments to
allow its usage in Electron main process.
- Introduce a secure module to expose IPC channels from the main process
to the renderer via the preloader process.
Supporting refactorings include:
- Simplify `CodeRunner` interface by removing the `tempScriptFolderName`
parameter.
- Rename `NodeSystemOperations` to `NodeElectronSystemOperations` as it
now wraps electron APIs too, and convert it to class for simplicity.
- Rename `TemporaryFileCodeRunner` to `ScriptFileCodeRunner` to reflect
its new functinoality.
- Rename `SystemOperations` folder to `System` for simplicity.
- Rename `HostRuntimeEnvironment` to `BrowserRuntimeEnvironment` for
clarity.
- Refactor main Electron process configuration to align with latest
Electron documentation/recommendations.
- Refactor unit tests `BrowserRuntimeEnvironment` to simplify singleton
workaround.
- Use alias imports like `electron/main` and `electron/common` for
better clarity.
This commit addresses an issue where macOS was incorrectly identified as
iPadOS in Chromium-based browsers. The root cause was related to touch
support detection being inaccurately triggered on Chromium browsers,
leading to misidentification.
The bug caused two issues:
1. Desktop version: Script execution on macOS did not work as the
desktop app wrongly assumed that it was running on iPadOS.
2. Web and desktop version: The UI didn't default to macOS, presuming an
iPadOS environment.
This bug was exclusive to Chromium browsers on macOS. Firefox and Safari
didn't exhibit this behavior, as they handle touch event browser API
as differently and initially expected.
Key changes:
- Improve touch support detection to accurately differentiate between
macOS and iPadOS by removing an identification method used that is not
reliable for Chromium-based browsers.
- Update user agent detection to correctly identify Electron-based
applications as macOS even without needing the information from the
preloader context.
This commit improves the handling of paths with spaces or special
characters during script execution in the desktop application.
Key improvements:
- Paths are now quoted for macOS/Linux, addressing issues with
whitespace or single quotes.
- Windows paths are enclosed in double quotes to handle special
characters.
Other supporting changes:
- Add more documentation for terminal execution commands.
- Refactor terminal script file execution into a dedicated file for
improved separation of concerns.
- Refactor naming of `RuntimeEnvironment` to align with naming
conventions (no interface with I prefix) and for clarity.
- Refactor `TemporaryFileCodeRunner` to simplify it by removing the `os`
parameter and handling OS-specific logic within the filename generator
instead.
- Refactor `fileName` to `filename` for consistency.
This commit enhances application security against potential attacks by
isolating dependencies that access the host system (like file
operations) from the renderer process. It narrows the exposed
functionality to script execution only, adding an extra security layer.
The changes allow secure and scalable API exposure, preparing for future
functionalities such as desktop notifications for script errors (#264),
improved script execution handling (#296), and creating restore points
(#50) in a secure and repeatable way.
Changes include:
- Inject `CodeRunner` into Vue components via dependency injection.
- Move `CodeRunner` to the application layer as an abstraction for
better domain-driven design alignment.
- Refactor `SystemOperations` and related interfaces, removing the `I`
prefix.
- Update architecture documentation for clarity.
- Update return types in `NodeSystemOperations` to match the Node APIs.
- Improve `WindowVariablesProvider` integration tests for better error
context.
- Centralize type checks with common functions like `isArray` and
`isNumber`.
- Change `CodeRunner` to use `os` parameter, ensuring correct window
variable injection.
- Streamline API exposure to the renderer process:
- Automatically bind function contexts to prevent loss of original
context.
- Implement a way to create facades (wrapper/proxy objects) for
increased security.
This commit resolves a rendering bug in the tree view component.
Previously, updating the tree collection prior to node updates led to
rendering errors due to the presence of non-existent nodes in the new
collection.
Changes:
- Implement manual control over the rendering process in tree view. This
includes clearing the rendering queue and currently rendered nodes
before updates, aligning the rendering process with the updated
collection.
- Add Cypress E2E tests to test switching between all operating systems
and script views, ensuring no uncaught errors and preventing
regression.
- Replace hardcoded operating system lists in the download URL list view
with a unified `getSupportedOsList()` method from the application,
reducing duplication and simplifying future updates.
- Rename `initial-nodes` to `nodes` in `TreeView.vue` to reflect their
mutable nature.
- Centralize the function for getting operating system names into
`OperatingSystemNames.ts`, improving reusability in E2E tests.
This commit resolves the issue with the `:active` pseudo-class not
activating in mobile Safari on iOS devices. It introduces a workaround
specifically for mobile Safari on iOS/iPadOS to enable the `:active`
pseudo-class. This ensures a consistent and responsive user interface
in response to touch states on mobile Safari.
Other supporting changes:
- Introduce new test utility functions such as `createWindowEventSpies`
and `formatAssertionMessage` to improve code reusability and
maintainability.
- Improve browser detection:
- Add detection for iPadOS and Windows 10 Mobile.
- Add touch support detection to correctly determine iPadOS vs macOS.
- Fix misidentification of some Windows 10 Mobile platforms as Windows
Phone.
- Improve test coverage and refactor tests.
This commit addresses incorrect URL rendering within documentation text
by improving auto-linkified URL labels, handling `+` symbols as spaces,
enhancing readability of encoded path segments and manually updating
some of the documetation.
Key improvements:
- Parse `+` as whitespace in URLs for accurate script labeling.
- Interpret multiple whitespaces as single for robustness.
- Decode path segments for clearer links.
- Refactor markdown renderer.
- Expand unit tests for comprehensive coverage.
Documentation has been updated to fix inline URL references and improve
linkification across several scripts, ensuring more readable and
user-friendly content.
Affected files and documentation sections have been adjusted
accordingly, including script and category names for consistency and
clarity.
Some of the script/category documentation changing fixing URL rendering
includes:
- 'Disable sending information to Customer Experience Improvement
Program':
- Fix reference URLs being inlined.
- 'Disable "Secure boot" button in "Windows Security"':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Clear Internet Explorer DOMStore':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- 'Disable "Windows Defender Firewall" service':
- Fix rendering issue due to auto-linkification of `markdown-it`.
- Convert YAML comments to markdown comments visible by users.
- Add breaking behavior to script name, changing script name to.
- 'Disable Microsoft Defender Firewall services and drivers':
- Remove information about breaking behavior to avoid duplication and
be consistent with the documentation of the rest of the collections.
- Use consistent styling for warning texts starting with `Caution:`.
- Rename 'Remove extensions' category to 'Remove extension apps' for
consistency with names of its sibling categories.
This commit applies `strictNullChecks` to the entire codebase to improve
maintainability and type safety. Key changes include:
- Remove some explicit null-checks where unnecessary.
- Add necessary null-checks.
- Refactor static factory functions for a more functional approach.
- Improve some test names and contexts for better debugging.
- Add unit tests for any additional logic introduced.
- Refactor `createPositionFromRegexFullMatch` to its own function as the
logic is reused.
- Prefer `find` prefix on functions that may return `undefined` and
`get` prefix for those that always return a value.
This commit improves the dependency injection mechanism by introducing a
custom `injectKey` function.
Key improvements are:
- Enforced type consistency during dependency registration and
instantiation.
- Simplified injection process, abstracting away the complexity with a
uniform API, regardless of the dependency's lifetime.
- Eliminated the possibility of `undefined` returns during dependency
injection, promoting fail-fast behavior.
- Removed the necessity for type casting to `symbol` for injection keys
in unit tests by using existing types.
- Consalidated imports, combining keys and injection functions in one
`import` statement.
- Replace `ref`s with `shallowRef` when deep reactivity is not needed.
- Replace `readonly`s with `shallowReadonly` where the goal is to only
prevent `.value` mutation.
- Remove redundant `ref` in `SizeObserver.vue`.
- Remove redundant nested `ref` in `TooltipWrapper.vue`.
- Remove redundant `events` export from `UseCollectionState.ts`.
- Remove redundant `computed` from `UseCollectionState.ts`.
- Remove `timestamp` from `TreeViewFilterEvent` that becomes unnecessary
after using `shallowRef`.
- Add missing unit tests for `UseTreeViewFilterEvent`.
- Add missing stub for `FilterChangeDetails`.
Key highlights:
- Written from scratch to cater specifically to privacy.sexy's
needs and requirements.
- The visual look mimics the previous component with minimal changes,
but its internal code is completely rewritten.
- Lays groundwork for future functionalities like the "expand all"
button a flat view mode as discussed in #158.
- Facilitates the transition to Vue 3 by omitting the Vue 2.0 dependent
`liquour-tree` as part of #230.
Improvements and features:
- Caching for quicker node queries.
- Gradual rendering of nodes that introduces a noticable boost in
performance, particularly during search/filtering.
- `TreeView` solely governs the check states of branch nodes.
Changes:
- Keyboard interactions now alter the background color to highlight the
focused item. Previously, it was changing the color of the text.
- Better state management with clear separation of concerns:
- `TreeView` exclusively manages indeterminate states.
- `TreeView` solely governs the check states of branch nodes.
- Introduce transaction pattern to update state in batches to minimize
amount of events handled.
- Improve keyboard focus, style background instead of foreground. Use
hover/touch color on keyboard focus.
- `SelectableTree` has been removed. Instead, `TreeView` is now directly
integrated with `ScriptsTree`.
- `ScriptsTree` has been refactored to incorporate hooks for clearer
code and separation of duties.
- Adopt Vue-idiomatic bindings instead of keeping a reference of the
tree component.
- Simplify and change filter event management.
- Abandon global styles in favor of class-scoped styles.
- Use global mixins with descriptive names to clarify indended
functionality.
- Move external URL checks to its own module under `tests/`. This
separates them from integration test, addressing long runs and
frequent failures that led to ignoring test results.
- Move `check-desktop-runtime-errors` to `tests/checks` to keep all
test-related checks into one directory.
- Replace `ts-node` with `vite` for running
`check-desktop-runtime-errors` to maintain a consistent execution
environment across checks.
- Implement a timeout for each fetch call.
- Be nice to external sources, wait 5 seconds before sending another
request to an URL under same domain. This solves rate-limiting issues.
- Instead of running test on every push/pull request, run them only
weekly.
- Do not run tests on each commit/PR but only scheduled (weekly) to
minimize noise.
- Fix URLs are not captured correctly inside backticks or parenthesis.
Test improvements:
- Capture titles for all macOS windows, not just the frontmost.
- Incorporate missing application log files.
- Improve log clarity with enriched context.
- Improve application termination on macOS by reducing grace period.
- Ensure complete application termination on macOS.
- Validate Vue application loading through an initial log.
- Support ignoring environment-specific `stderr` errors.
- Do not fail the test if working directory cannot be deleted.
- Use retry pattern when installing dependencies due to network errors.
Refactorings:
- Migrate the test code to TypeScript.
- Replace deprecated `rmdir` with `rm` for error-resistant directory
removal.
- Improve sanity checking by shifting from App.vue to Vue bootstrapper.
- Centralize environment variable management with `EnvironmentVariables`
construct.
- Rename infrastructure/Environment to RuntimeEnvironment for clarity.
- Isolate WindowVariables and SystemOperations from RuntimeEnvironment.
- Inject logging via preloader.
- Correct mislabeled RuntimeSanity tests.
Configuration:
- Introduce `npm run check:desktop` for simplified execution.
- Omit `console.log` override due to `nodeIntegration` restrictions and
reveal logging functionality using context-bridging.
Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
- Switch from deprecated Vue CLI plugin to `electron-vite` (see
nklayman/vue-cli-plugin-electron-builder#1982)
- Update main/preload scripts to use `index.cjs` filenames to support
`"type": "module"`, resolving crash issue (#233). This crash was
related to Electron not supporting ESM (see electron/asar#249,
electron/electron#21457).
- This commit completes migration to Vite from Vue CLI (#230).
Structure changes:
- Introduce separate folders for Electron's main and preload processes.
- Move TypeHelpers to `src/` to mark tit as accessible by the rest of
the code.
Config changes:
- Make `vite.config.ts` reusable by Electron configuration.
- On electron-builder, use `--publish` flag instead of `-p` for clarity.
Tests:
- Add log for preload script loading verification.
- Implement runtime environment sanity checks.
- Enhance logging in `check-desktop-runtime-errors`.
This commit progresses the migration from Vue CLI to Vite (#230).
TypeScript migration:
- Convert JavaScript Cypress tests and configurations to TypeScript.
- Introduce `tsconfig.json` for Cypress, following official
recommendation.
Test execution:
- Use Cypress CLI to run the tests.
- Rename Cypress commands to reflect official naming conventions.
- Start Vue server prior to Cypress execution, using
`start-server-and-test` package based on official documentation.
- Remove dependency on Vue CLI plugin ((`@vue/cli-plugin-e2e-cypress`).
Configuration standardization (based on Cypress docs):
- Delete unused `plugins/` directory.
- Move test (spec) files to to the root directory.
- Add official ESLint plugin (`eslint-plugin-cypress`).
Changes for importing `vite.config.ts` into `cypress.config.ts`:
- Add TypeScript import assertations to files importing JSON files.
- Use ESM friendly way instead of `__dirname` to solve `ReferenceError:
__dirname is not defined in ES module scrope`.
Other changes:
- Simplify comments in placeholder files.
- Create Cypress specific `.gitignore` for enhanced maintainability,
clarity and scalability.
- Remove redundant `vue.config.cjs`.
This commit changes the web application's build, transpilation and
minification process from Vue CLI to Vite. This shift paves the way for
a full migration to Vite as the primary build tool (#230).
Configuration changes:
- `.vscode/extensions.json`: Update recommended plugins, replacing
unmaintained ones with official recommendations.
- Legacy browser support:
- Use `@vitejs/plugin-legacy` to transpile for older browsers.
- Remove `core-js` dependency and `babel.config.cjs` configuration as
they're now handled by the legacy plugin.
- Delete `@babel/preset-typescript` and `@babel/preset-typescript`
dependencies as legacy plugin handles babel dependencies by default.
- Add `terser` dependency that's used by the legacy plugin for
minification, as per Vite's official documentation.
- `tsconfig.json`:
- Remove obsolete `webpack-env` types.
- Add `"resolveJsonModule": true` to be able to read JSON files in
right way.
- Use correct casing as configuration values.
- Simplify `lib` to align with Vite and Vue starter configuration.
- Add `"skipLibCheck": true` as `npm run build` now runs `tsc` which
fails on inconsistent typings inside `node_modules` due to npm's
weak dependency resoultion.
- PostCSS:
- Add `autoprefixer` as dependency, no longer installed by Vue CLI.
- Epxlicitly added `postcss` as dependency to anticipate potential
peer dependency changes.
- Remove related `@vue/cli` dependencies.
- Remove `sass-loader` as Vite has native CSS preprocessing support.
- Run integration tests with `jsdom` environment so `window` object can
be used.
Client-side changes:
- Abstract build tool specific environment variable population.
Environment variables were previously populated by Vue CLI and now by
Vite but not having an abstraction caused issues. This abstraction
solves build errors and allows easier future migrations and testing.
- Change Vue CLI-specific `~@` aliases to `@` to be able to compile with
Vite.
- Update types in LiquorTree to satisfy `tsc`.
- Remove Vue CLI-specific workaround from `src/presentation/main.ts`.
Restructuring:
- Move `public/` to `presentation/` to align with the layered structure,
which was not possible with Vue CLI.
- Move `index.html` to web root instead of having it inside `public/` to
align with official recommended structure.
- Move logic shared by both integration and unit tests to
`tests/shared`.
- Move logo creation script to `scripts/` and its npm command to include
`build` to align with rest of the structure.
As part of transition to Vue 3.0 and Vite (#230), this commit
facilitates the shift towards building rest of the application using
Vite. By doing so, it eliminates reliance on outdated Electron building
system that offered limited control, blocking desktop builds (#233).
Changes include:
- Introduce Vite with Vue 2.0 plugin for test execution.
- Remove `mocha`, `chai` and other related dependencies.
- Adjust test to Vitest syntax.
- Revise and update `tests.md` to document the changes.
- Add `@modyfi/vite-plugin-yaml` plugin to be able to use yaml file
depended logic on test files, replacing previous webpack behavior.
- Fix failing tests that are revealed by Vitest due to unhandled errors
and lack of assertments.
- Remove the test that depends on Vue CLI populating `process.env`.
- Use `jsdom` for unit test environment, adding it to dependency to
`package.json` as project now depends on it and it was not specified
even though `package-lock.json` included it.
- Remove existing integration tests for hooks as they're redundant after
this change.
- Document the pattern in relevant documentation.
- Introduce `useEnvironment` to increase testability.
- Update components to inject dependencies rather than importing hooks
directly.
- Migrate `StatefulVue`:
- Introduce `UseCollectionState` that replaces its behavior and acts
as a shared state store.
- Add more encapsulated, granular functions based on read or write
access to state in CollectionState.
- Some linting rules get activates due to new code-base compability to
modern parses, fix linting errors.
- Rename Dialog to ModalDialog as after refactoring,
eslintvue/no-reserved-component-names does not allow name Dialog.
- To comply with `vue/multi-word-component-names`, rename:
- `Code` -> `CodeInstruction`
- `Handle` -> `SliderHandle`
- `Documentable` -> `DocumentableNode`
- `Node` -> `NodeContent`
- `INode` -> `INodeContent`
- `Responsive` -> `SizeObserver`
- Remove `vue-property-decorator` and `vue-class-component`
dependencies.
- Refactor `watch` with computed properties when possible for cleaner
code.
- Introduce `UseApplication` to reduce repeated code in new components
that use `computed` more heavily than before.
- Change TypeScript target to `es2017` to allow top level async calls
for getting application context/state/instance to simplify the code by
removing async calls. However, mocha (unit and integration) tests do
not run with top level awaits, so a workaround is used.
Key features of Linux support:
- It supports python 3 scripts execution.
- It supports Flatpak and Snap installation for software
clean-up/configurations.
- Extensive documentation.
Rework documentation URLs as inline markdown.
Redesign documentations with markdown text.
Redesign way to document scripts/categories and present the
documentation.
Documentation is showed in an expandable box instead of tooltip. This is
to allow writing longer documentation (tooltips are meant to be used for
short text) and have better experience on mobile.
If a node (script/category) has documentation it's now shown with single
information icon (ℹ) aligned to right.
Add support for rendering documentation as markdown. It automatically
converts plain URLs to URLs with display names (e.g.
https://docs.microsoft.com/..) will be rendered automatically like
"docs.microsoft.com - Windows 11 Privacy...".
Major refactoring using ESLint with rules from AirBnb and Vue.
Enable most of the ESLint rules and do necessary linting in the code.
Also add more information for rules that are disabled to describe what
they are and why they are disabled.
Allow logging (`console.log`) in test files, and in development mode
(e.g. when working with `npm run serve`), but disable it when
environment is production (as pre-configured by Vue). Also add flag
(`--mode production`) in `lint:eslint` command so production linting is
executed earlier in lifecycle.
Disable rules that requires a separate work. Such as ESLint rules that
are broken in TypeScript: no-useless-constructor (eslint/eslint#14118)
and no-shadow (eslint/eslint#13014).
TSLint deprecated and is being replaced by ESLint.
Add Vue CLI plugin (@vue/cli-plugin-eslint) using:
`vue add @vue/cli-plugin-eslint`. It also adds `.eslintrc.js` manually
for Cypress since Vue CLI for ESLint misses it (vuejs/vue-cli#6892).
Also rename `npm run lint:vue` to `npm run lint:eslint` for better
clarification.
This commit disables all rules that the current code is not compliant
with. This allows for enabling them gradually and separating commits
instead of mixing ESLint introduction with other code changes.
AirBnb is chosen as base configuration.
"Standard" is not chosen due to its poor defaults. It makes code cleaner
but harder to maintain:
- It converts interfaces to types which is harder to read.
- Removes semicolons that helps to eliminate some ambigious code.
"Airbnb" on the other hand helps for easier future changes and
maintinability:
- Includes more useful rules.
- Keeps the semicolons and interfaces.
- Enforces trailing commas that makes it easier to delete lines later on.
- Delete branches: standard, prettier.
Remove convention where Async suffix is added to functions that returns
a Promise. It was a habit from C#, but is not widely used in JavaScript
/ TypeScript world, also bloats the code. The code is more consistent
with third party dependencies/frameworks without the suffix.
Implement following redirects over `fetch` supporting cookies.
`node-fetch` does not support sending cookies during redirect. However,
this is needed to not end-up in a redirect loop for a sign-in callback.
Fix integration tests failing due to redirects and 403 errors:
- Many redirects from `answers.microsoft.com` was throwing: throwing
`FetchError: maximum redirect reached` error. It was caused by not
having cookies when following redirects therefore having an infinite
sign-in callback for the webpage.
- Fixes integration tests failing due to additional referer header being
sent by the application. It adds support for making exceptions to
additional header sending through a list of regexes.
Add in-depth documentation for URL status checking.
This commit:
- Fixes broken URLs using archive.org or other references.
- Replaces tenforums.com URLs with better documentation as they tend to return HTTP status code 403 to tests and also are low quality source.
- Changes all insecure http sources to https alternatives
- Adds integration tests to check for broken URLs
- There's logic implemented for having a delay inbetween when sending requests to same domains, however it's not used as the sources can respond to totally parallelized requests.
- Run test pipeline weekly to get notified about broken URls without commits
Integration tests are executed using vue-cli-service with double quotes as following: `vue-cli-service test:unit "tests/integration/**/*.spec.ts"`. Using single quotes (mochajs/mocha#1828) works on macOS and Ubuntu but does not on Windows (tests are not found). Double quotes is the only portable way that works on all three platforms (mochajs/mocha#3136).
