efa05f42bc
This commit enhances application security against potential attacks by isolating dependencies that access the host system (like file operations) from the renderer process. It narrows the exposed functionality to script execution only, adding an extra security layer. The changes allow secure and scalable API exposure, preparing for future functionalities such as desktop notifications for script errors (#264), improved script execution handling (#296), and creating restore points (#50) in a secure and repeatable way. Changes include: - Inject `CodeRunner` into Vue components via dependency injection. - Move `CodeRunner` to the application layer as an abstraction for better domain-driven design alignment. - Refactor `SystemOperations` and related interfaces, removing the `I` prefix. - Update architecture documentation for clarity. - Update return types in `NodeSystemOperations` to match the Node APIs. - Improve `WindowVariablesProvider` integration tests for better error context. - Centralize type checks with common functions like `isArray` and `isNumber`. - Change `CodeRunner` to use `os` parameter, ensuring correct window variable injection. - Streamline API exposure to the renderer process: - Automatically bind function contexts to prevent loss of original context. - Implement a way to create facades (wrapper/proxy objects) for increased security.
106 lines
3.6 KiB
TypeScript
106 lines
3.6 KiB
TypeScript
import { describe } from 'vitest';
|
|
import { VueDependencyInjectionApiStub } from '@tests/unit/shared/Stubs/VueDependencyInjectionApiStub';
|
|
import { InjectionKeys } from '@/presentation/injectionSymbols';
|
|
import { provideDependencies, VueDependencyInjectionApi } from '@/presentation/bootstrapping/DependencyProvider';
|
|
import { ApplicationContextStub } from '@tests/unit/shared/Stubs/ApplicationContextStub';
|
|
import { itIsSingleton } from '@tests/unit/shared/TestCases/SingletonTests';
|
|
|
|
describe('DependencyProvider', () => {
|
|
describe('provideDependencies', () => {
|
|
const testCases: {
|
|
readonly [K in keyof typeof InjectionKeys]: (injectionKey: symbol) => void;
|
|
} = {
|
|
useCollectionState: createTransientTests(),
|
|
useApplication: createSingletonTests(),
|
|
useRuntimeEnvironment: createSingletonTests(),
|
|
useAutoUnsubscribedEvents: createTransientTests(),
|
|
useClipboard: createTransientTests(),
|
|
useCurrentCode: createTransientTests(),
|
|
useUserSelectionState: createTransientTests(),
|
|
useLogger: createTransientTests(),
|
|
useCodeRunner: createTransientTests(),
|
|
};
|
|
Object.entries(testCases).forEach(([key, runTests]) => {
|
|
const registeredKey = InjectionKeys[key].key;
|
|
describe(`Key: "${registeredKey.toString()}"`, () => {
|
|
runTests(registeredKey);
|
|
});
|
|
});
|
|
});
|
|
});
|
|
|
|
function createTransientTests() {
|
|
return (injectionKey: symbol) => {
|
|
it('should register a function when transient dependency is resolved', () => {
|
|
// arrange
|
|
const api = new VueDependencyInjectionApiStub();
|
|
// act
|
|
new ProvideDependenciesBuilder()
|
|
.withApi(api)
|
|
.provideDependencies();
|
|
// expect
|
|
const registeredObject = api.inject(injectionKey);
|
|
expect(registeredObject).to.be.instanceOf(Function);
|
|
});
|
|
it('should return different instances for transient dependency', () => {
|
|
// arrange
|
|
const api = new VueDependencyInjectionApiStub();
|
|
// act
|
|
new ProvideDependenciesBuilder()
|
|
.withApi(api)
|
|
.provideDependencies();
|
|
// expect
|
|
const registeredObject = api.inject(injectionKey);
|
|
const factory = registeredObject as () => unknown;
|
|
const firstResult = factory();
|
|
const secondResult = factory();
|
|
expect(firstResult).to.not.equal(secondResult);
|
|
});
|
|
};
|
|
}
|
|
|
|
function createSingletonTests() {
|
|
return (injectionKey: symbol) => {
|
|
it('should register an object when singleton dependency is resolved', () => {
|
|
// arrange
|
|
const api = new VueDependencyInjectionApiStub();
|
|
// act
|
|
new ProvideDependenciesBuilder()
|
|
.withApi(api)
|
|
.provideDependencies();
|
|
// expect
|
|
const registeredObject = api.inject(injectionKey);
|
|
expect(registeredObject).to.be.instanceOf(Object);
|
|
});
|
|
it('should return the same instance for singleton dependency', () => {
|
|
itIsSingleton({
|
|
getter: () => {
|
|
// arrange
|
|
const api = new VueDependencyInjectionApiStub();
|
|
// act
|
|
new ProvideDependenciesBuilder()
|
|
.withApi(api)
|
|
.provideDependencies();
|
|
// expect
|
|
const registeredObject = api.inject(injectionKey);
|
|
return registeredObject;
|
|
},
|
|
});
|
|
});
|
|
};
|
|
}
|
|
class ProvideDependenciesBuilder {
|
|
private context = new ApplicationContextStub();
|
|
|
|
private api: VueDependencyInjectionApi = new VueDependencyInjectionApiStub();
|
|
|
|
public withApi(api: VueDependencyInjectionApi): this {
|
|
this.api = api;
|
|
return this;
|
|
}
|
|
|
|
public provideDependencies() {
|
|
return provideDependencies(this.context, this.api);
|
|
}
|
|
}
|