Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
This commit changes the web application's build, transpilation and
minification process from Vue CLI to Vite. This shift paves the way for
a full migration to Vite as the primary build tool (#230).
Configuration changes:
- `.vscode/extensions.json`: Update recommended plugins, replacing
unmaintained ones with official recommendations.
- Legacy browser support:
- Use `@vitejs/plugin-legacy` to transpile for older browsers.
- Remove `core-js` dependency and `babel.config.cjs` configuration as
they're now handled by the legacy plugin.
- Delete `@babel/preset-typescript` and `@babel/preset-typescript`
dependencies as legacy plugin handles babel dependencies by default.
- Add `terser` dependency that's used by the legacy plugin for
minification, as per Vite's official documentation.
- `tsconfig.json`:
- Remove obsolete `webpack-env` types.
- Add `"resolveJsonModule": true` to be able to read JSON files in
right way.
- Use correct casing as configuration values.
- Simplify `lib` to align with Vite and Vue starter configuration.
- Add `"skipLibCheck": true` as `npm run build` now runs `tsc` which
fails on inconsistent typings inside `node_modules` due to npm's
weak dependency resoultion.
- PostCSS:
- Add `autoprefixer` as dependency, no longer installed by Vue CLI.
- Epxlicitly added `postcss` as dependency to anticipate potential
peer dependency changes.
- Remove related `@vue/cli` dependencies.
- Remove `sass-loader` as Vite has native CSS preprocessing support.
- Run integration tests with `jsdom` environment so `window` object can
be used.
Client-side changes:
- Abstract build tool specific environment variable population.
Environment variables were previously populated by Vue CLI and now by
Vite but not having an abstraction caused issues. This abstraction
solves build errors and allows easier future migrations and testing.
- Change Vue CLI-specific `~@` aliases to `@` to be able to compile with
Vite.
- Update types in LiquorTree to satisfy `tsc`.
- Remove Vue CLI-specific workaround from `src/presentation/main.ts`.
Restructuring:
- Move `public/` to `presentation/` to align with the layered structure,
which was not possible with Vue CLI.
- Move `index.html` to web root instead of having it inside `public/` to
align with official recommended structure.
- Move logic shared by both integration and unit tests to
`tests/shared`.
- Move logo creation script to `scripts/` and its npm command to include
`build` to align with rest of the structure.
Key features of Linux support:
- It supports python 3 scripts execution.
- It supports Flatpak and Snap installation for software
clean-up/configurations.
- Extensive documentation.
- Unify test data for nonexistence of an object/string and collection.
- Introduce more test through adding missing test data to existing tests.
- Improve logic for checking absence of values to match tests.
- Add missing tests for absent value validation.
- Update documentation to include shared test functionality.
Major refactoring using ESLint with rules from AirBnb and Vue.
Enable most of the ESLint rules and do necessary linting in the code.
Also add more information for rules that are disabled to describe what
they are and why they are disabled.
Allow logging (`console.log`) in test files, and in development mode
(e.g. when working with `npm run serve`), but disable it when
environment is production (as pre-configured by Vue). Also add flag
(`--mode production`) in `lint:eslint` command so production linting is
executed earlier in lifecycle.
Disable rules that requires a separate work. Such as ESLint rules that
are broken in TypeScript: no-useless-constructor (eslint/eslint#14118)
and no-shadow (eslint/eslint#13014).
Remove convention where Async suffix is added to functions that returns
a Promise. It was a habit from C#, but is not widely used in JavaScript
/ TypeScript world, also bloats the code. The code is more consistent
with third party dependencies/frameworks without the suffix.
- refactor array equality check and add tests
- remove OperatingSystem.Unknown causing extra logic, return undefined instead
- refactor enum validation to share same logic
- refactor scripting language factories to share same logic
- refactor too many args in runCodeAsync
- refactor ScriptCode constructor to reduce complexity
- fix writing useless write to member object since another property write always override it
