Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
- Switch from deprecated Vue CLI plugin to `electron-vite` (see
nklayman/vue-cli-plugin-electron-builder#1982)
- Update main/preload scripts to use `index.cjs` filenames to support
`"type": "module"`, resolving crash issue (#233). This crash was
related to Electron not supporting ESM (see electron/asar#249,
electron/electron#21457).
- This commit completes migration to Vite from Vue CLI (#230).
Structure changes:
- Introduce separate folders for Electron's main and preload processes.
- Move TypeHelpers to `src/` to mark tit as accessible by the rest of
the code.
Config changes:
- Make `vite.config.ts` reusable by Electron configuration.
- On electron-builder, use `--publish` flag instead of `-p` for clarity.
Tests:
- Add log for preload script loading verification.
- Implement runtime environment sanity checks.
- Enhance logging in `check-desktop-runtime-errors`.
This commit progresses the migration from Vue CLI to Vite (#230).
TypeScript migration:
- Convert JavaScript Cypress tests and configurations to TypeScript.
- Introduce `tsconfig.json` for Cypress, following official
recommendation.
Test execution:
- Use Cypress CLI to run the tests.
- Rename Cypress commands to reflect official naming conventions.
- Start Vue server prior to Cypress execution, using
`start-server-and-test` package based on official documentation.
- Remove dependency on Vue CLI plugin ((`@vue/cli-plugin-e2e-cypress`).
Configuration standardization (based on Cypress docs):
- Delete unused `plugins/` directory.
- Move test (spec) files to to the root directory.
- Add official ESLint plugin (`eslint-plugin-cypress`).
Changes for importing `vite.config.ts` into `cypress.config.ts`:
- Add TypeScript import assertations to files importing JSON files.
- Use ESM friendly way instead of `__dirname` to solve `ReferenceError:
__dirname is not defined in ES module scrope`.
Other changes:
- Simplify comments in placeholder files.
- Create Cypress specific `.gitignore` for enhanced maintainability,
clarity and scalability.
- Remove redundant `vue.config.cjs`.
This commit changes the web application's build, transpilation and
minification process from Vue CLI to Vite. This shift paves the way for
a full migration to Vite as the primary build tool (#230).
Configuration changes:
- `.vscode/extensions.json`: Update recommended plugins, replacing
unmaintained ones with official recommendations.
- Legacy browser support:
- Use `@vitejs/plugin-legacy` to transpile for older browsers.
- Remove `core-js` dependency and `babel.config.cjs` configuration as
they're now handled by the legacy plugin.
- Delete `@babel/preset-typescript` and `@babel/preset-typescript`
dependencies as legacy plugin handles babel dependencies by default.
- Add `terser` dependency that's used by the legacy plugin for
minification, as per Vite's official documentation.
- `tsconfig.json`:
- Remove obsolete `webpack-env` types.
- Add `"resolveJsonModule": true` to be able to read JSON files in
right way.
- Use correct casing as configuration values.
- Simplify `lib` to align with Vite and Vue starter configuration.
- Add `"skipLibCheck": true` as `npm run build` now runs `tsc` which
fails on inconsistent typings inside `node_modules` due to npm's
weak dependency resoultion.
- PostCSS:
- Add `autoprefixer` as dependency, no longer installed by Vue CLI.
- Epxlicitly added `postcss` as dependency to anticipate potential
peer dependency changes.
- Remove related `@vue/cli` dependencies.
- Remove `sass-loader` as Vite has native CSS preprocessing support.
- Run integration tests with `jsdom` environment so `window` object can
be used.
Client-side changes:
- Abstract build tool specific environment variable population.
Environment variables were previously populated by Vue CLI and now by
Vite but not having an abstraction caused issues. This abstraction
solves build errors and allows easier future migrations and testing.
- Change Vue CLI-specific `~@` aliases to `@` to be able to compile with
Vite.
- Update types in LiquorTree to satisfy `tsc`.
- Remove Vue CLI-specific workaround from `src/presentation/main.ts`.
Restructuring:
- Move `public/` to `presentation/` to align with the layered structure,
which was not possible with Vue CLI.
- Move `index.html` to web root instead of having it inside `public/` to
align with official recommended structure.
- Move logic shared by both integration and unit tests to
`tests/shared`.
- Move logo creation script to `scripts/` and its npm command to include
`build` to align with rest of the structure.
The Vue ESLint plugin is not compatible with Vite and isn't provided in
Vite's default template. By removing it, the codebase progresses toward
the migration to Vue 3.0 and Vite (#230).
Changes:
- Directly execute `eslint` in the `npm run lint:eslint` command.
- Fix previously undetected linting issues that weren't covered by Vue
CLI's default configuration.
- Updated various configuration files, reflecting the removal and lint
fixes.
- Remove unused `eslint-plugin-import` dependency that is already
imported by `@vue/eslint-config-airbnb-with-typescript`.
In `.eslintrc.cjs`:
- Add `es2022` as environment in to simplify setting parser options and
align with Vite starter configuration.
- Remove useless tests override.
- Move tests override in root `.eslintrc.cjs` to `tests/` for clarity,
better organization, scalability and separation of concerns.
As part of transition to Vue 3.0 and Vite (#230), this commit
facilitates the shift towards building rest of the application using
Vite. By doing so, it eliminates reliance on outdated Electron building
system that offered limited control, blocking desktop builds (#233).
Changes include:
- Introduce Vite with Vue 2.0 plugin for test execution.
- Remove `mocha`, `chai` and other related dependencies.
- Adjust test to Vitest syntax.
- Revise and update `tests.md` to document the changes.
- Add `@modyfi/vite-plugin-yaml` plugin to be able to use yaml file
depended logic on test files, replacing previous webpack behavior.
- Fix failing tests that are revealed by Vitest due to unhandled errors
and lack of assertments.
- Remove the test that depends on Vue CLI populating `process.env`.
- Use `jsdom` for unit test environment, adding it to dependency to
`package.json` as project now depends on it and it was not specified
even though `package-lock.json` included it.
