mirror of
https://github.com/finos/SymphonyElectron.git
synced 2024-12-27 01:11:13 -06:00
update preload files
This commit is contained in:
parent
760252cef6
commit
074d73c712
@ -18,8 +18,8 @@ Build Instructions:
|
||||
- to locally run mac version: npm run dev:mac
|
||||
- to locally run windows (64 bit) version: npm run dev:win
|
||||
- to build mac dmg: npm run dist-mac
|
||||
- to build win exe installer (64 bit): npm run dist-win
|
||||
- to build win exe installer (32 bit): npm run dist-win-x86
|
||||
- to build win squirrel msi exe installer (64 bit): npm run dist-win
|
||||
- to build win squirrel msi exe installer (32 bit): npm run dist-win-x86
|
||||
|
||||
to change the url start location, edit package.json and change 'homepage' variable.
|
||||
|
||||
|
@ -1,24 +0,0 @@
|
||||
// script run before others and still has access to node integration, even
|
||||
// when turned off - allows us to leak only what want into window object.
|
||||
// see: http://electron.atom.io/docs/api/browser-window/
|
||||
//
|
||||
// to leak some node module into:
|
||||
// https://medium.com/@leonli/securing-embedded-external-content-in-electron-node-js-8b6ef665cd8e#.fex4e68p7
|
||||
// https://slack.engineering/building-hybrid-applications-with-electron-dc67686de5fb#.tp6zz1nrk
|
||||
//
|
||||
// also to bring pieces of node.js:
|
||||
// https://github.com/electron/electron/issues/2984
|
||||
//
|
||||
|
||||
const { ipcRenderer } = require('electron');
|
||||
|
||||
// hold ref so doesn't get GC'ed
|
||||
const local = {
|
||||
ipcRenderer: ipcRenderer
|
||||
};
|
||||
|
||||
// API exposed by Symphony to a child window:
|
||||
window.SYM_API = {
|
||||
};
|
||||
|
||||
Object.freeze(window.SYM_API);
|
37
js/main.js
37
js/main.js
@ -1,3 +1,5 @@
|
||||
'use strict';
|
||||
|
||||
const electron = require('electron');
|
||||
const packageJSON = require('../package.json');
|
||||
const menuTemplate = require('./menuTemplate.js');
|
||||
@ -38,7 +40,7 @@ function createMainWindow () {
|
||||
webPreferences: {
|
||||
sandbox: true,
|
||||
nodeIntegration: false,
|
||||
preload: path.join(__dirname, '/main-preload.js'),
|
||||
preload: path.join(__dirname, '/preload.js'),
|
||||
winKey: key
|
||||
}
|
||||
});
|
||||
@ -103,7 +105,7 @@ function storeWindowKey(key, browserWin) {
|
||||
function isValidWindow(event) {
|
||||
if (event && event.sender) {
|
||||
// validate that event sender is from window we created
|
||||
let browserWin = electron.BrowserWindow.fromWebContents(event.sender)
|
||||
let browserWin = electron.BrowserWindow.fromWebContents(event.sender);
|
||||
let winKey = event.sender.browserWindowOptions &&
|
||||
event.sender.browserWindowOptions.webPreferences &&
|
||||
event.sender.browserWindowOptions.webPreferences.winKey;
|
||||
@ -117,6 +119,30 @@ function isValidWindow(event) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Only permit certain cmds for some windows
|
||||
* @param {EventEmitter} event node emitter event to be tested
|
||||
* @param {String} cmd cmd name
|
||||
* @return {Boolean} true if cmd is allowed for window, otherwise false
|
||||
*/
|
||||
function isCmdAllowed(event, cmd) {
|
||||
if (event && event.sender && cmd) {
|
||||
// validate that event sender is from window we created
|
||||
let browserWin = electron.BrowserWindow.fromWebContents(event.sender);
|
||||
|
||||
if (browserWin === mainWindow) {
|
||||
// allow all commands for main window
|
||||
return true;
|
||||
} else {
|
||||
// allow only certain cmds for child windows
|
||||
// e.g., open cmd not allowed for child windows
|
||||
return (arg.cmd !== 'open');
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle ipc messages from renderers. Only messages from windows we have
|
||||
* created are allowed.
|
||||
@ -127,6 +153,11 @@ electron.ipcMain.on('symphony-msg', (event, arg) => {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isCmdAllowed(event, arg && arg.cmd)) {
|
||||
console.log('cmd is not allowed for this window: ' + arg.cmd);
|
||||
return;
|
||||
}
|
||||
|
||||
if (arg && arg.cmd === 'open' && arg.url) {
|
||||
let width = arg.width || 1024;
|
||||
let height = arg.height || 768;
|
||||
@ -140,7 +171,7 @@ electron.ipcMain.on('symphony-msg', (event, arg) => {
|
||||
webPreferences: {
|
||||
sandbox: true,
|
||||
nodeIntegration: false,
|
||||
preload: path.join(__dirname, '/child-preload.js'),
|
||||
preload: path.join(__dirname, '/preload.js'),
|
||||
winKey: winKey
|
||||
}
|
||||
});
|
||||
|
@ -1,3 +1,5 @@
|
||||
'use strict';
|
||||
|
||||
const template = [
|
||||
{
|
||||
label: 'Edit',
|
||||
|
@ -1,3 +1,5 @@
|
||||
'use strict';
|
||||
|
||||
// script run before others and still has access to node integration, even
|
||||
// when turned off - allows us to leak only what want into window object.
|
||||
// see: http://electron.atom.io/docs/api/browser-window/
|
||||
@ -17,8 +19,13 @@ const local = {
|
||||
ipcRenderer: ipcRenderer
|
||||
};
|
||||
|
||||
// API exposed by Symphony to main window:
|
||||
// API exposed by Symphony to renderer processes:
|
||||
// Note: certain cmds are only allowed on some windows, this is checked by
|
||||
// main process.
|
||||
window.SYM_API = {
|
||||
version: '1.0.0', // api version
|
||||
|
||||
// only allowed by main window - enforced by main process.
|
||||
openWindow: function(url) {
|
||||
local.ipcRenderer.send('symphony-msg', {
|
||||
cmd: 'open',
|
Loading…
Reference in New Issue
Block a user