@nemigo/electron 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/security.d.ts +13 -0
- package/dist/security.js +45 -0
- package/package.json +28 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Политика защиты навигации и управления доступом к внешним URL.
|
|
3
|
+
* Защищает от навигационных атак, ограничивая переходы только разрешенным источникам
|
|
4
|
+
*
|
|
5
|
+
* @see https://www.electronjs.org/docs/latest/tutorial/security#13-disable-or-limit-navigation
|
|
6
|
+
*/
|
|
7
|
+
export declare class NetworkSecurity {
|
|
8
|
+
#private;
|
|
9
|
+
constructor(allowedOrigins?: string[], allowedExternalUrls?: string[]);
|
|
10
|
+
init(): this;
|
|
11
|
+
private handleNavigation;
|
|
12
|
+
private handleWindowOpen;
|
|
13
|
+
}
|
package/dist/security.js
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { app, shell } from "electron";
|
|
2
|
+
/**
|
|
3
|
+
* Политика защиты навигации и управления доступом к внешним URL.
|
|
4
|
+
* Защищает от навигационных атак, ограничивая переходы только разрешенным источникам
|
|
5
|
+
*
|
|
6
|
+
* @see https://www.electronjs.org/docs/latest/tutorial/security#13-disable-or-limit-navigation
|
|
7
|
+
*/
|
|
8
|
+
export class NetworkSecurity {
|
|
9
|
+
#allowedOrigins;
|
|
10
|
+
#allowedExternalUrls;
|
|
11
|
+
constructor(allowedOrigins = [], allowedExternalUrls = []) {
|
|
12
|
+
this.#allowedOrigins = new Set(allowedOrigins);
|
|
13
|
+
this.#allowedExternalUrls = new Set(allowedExternalUrls);
|
|
14
|
+
}
|
|
15
|
+
init() {
|
|
16
|
+
app.on("web-contents-created", (_, contents) => {
|
|
17
|
+
this.handleNavigation(contents);
|
|
18
|
+
this.handleWindowOpen(contents);
|
|
19
|
+
});
|
|
20
|
+
return this;
|
|
21
|
+
}
|
|
22
|
+
handleNavigation(contents) {
|
|
23
|
+
contents.on("will-navigate", (e, url) => {
|
|
24
|
+
const { origin } = new URL(url);
|
|
25
|
+
if (!this.#allowedOrigins.has(origin)) {
|
|
26
|
+
e.preventDefault();
|
|
27
|
+
console.warn(`Blocked navigating to disallowed origin: ${origin}`);
|
|
28
|
+
}
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
handleWindowOpen(contents) {
|
|
32
|
+
contents.setWindowOpenHandler(({ url }) => {
|
|
33
|
+
const { origin } = new URL(url);
|
|
34
|
+
// Если URL в разрешенном списке — открываем во внешнем браузере
|
|
35
|
+
if (this.#allowedExternalUrls.has(origin)) {
|
|
36
|
+
shell.openExternal(url).catch(console.error);
|
|
37
|
+
}
|
|
38
|
+
else {
|
|
39
|
+
console.warn(`Blocked external opening of disallowed origin: ${origin}`);
|
|
40
|
+
}
|
|
41
|
+
// Запрещаем создание нового окна в приложении
|
|
42
|
+
return { action: "deny" };
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
}
|
package/package.json
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@nemigo/electron",
|
|
3
|
+
"version": "0.0.1",
|
|
4
|
+
"private": false,
|
|
5
|
+
"author": {
|
|
6
|
+
"name": "Vlad Logvin",
|
|
7
|
+
"email": "vlad.logvin84@gmail.com"
|
|
8
|
+
},
|
|
9
|
+
"type": "module",
|
|
10
|
+
"scripts": {
|
|
11
|
+
"build": "svelte-package && rimraf .svelte-kit",
|
|
12
|
+
"check": "tsc --noemit",
|
|
13
|
+
"lint": "eslint ./",
|
|
14
|
+
"format": "prettier --write ./"
|
|
15
|
+
},
|
|
16
|
+
"exports": {
|
|
17
|
+
"./security": {
|
|
18
|
+
"types": "./dist/security.d.ts",
|
|
19
|
+
"default": "./dist/security.js"
|
|
20
|
+
}
|
|
21
|
+
},
|
|
22
|
+
"peerDependencies": {
|
|
23
|
+
"electron": ">=35.0.0"
|
|
24
|
+
},
|
|
25
|
+
"devDependencies": {
|
|
26
|
+
"@nemigo/configs": "workspace:*"
|
|
27
|
+
}
|
|
28
|
+
}
|