positron.js 1.0.6 → 1.1.0

package/core/mac/main.swift

@@ -127,6 +127,22 @@ func printError(_ message: String) {
     let tag = isWarning ? "WARNING" : (isInfo ? "INFO" : "ERROR")
 
     print("\(red)[SWIFT \(tag)] \(msg)\(reset)")
+
+    if(tag == "INFO") {
+        return
+    }
+
+    if msg.contains("IPC response") || msg.contains("WebSocket error") || msg.contains("Reconnecting to") || msg.contains("IPC message") {
+        return
+    }
+
+    if let ipcClient = AppDelegate.shared?.ipcClient {
+        ipcClient.send(
+            IPCResponse(windowId: -1, event: "nativeError", data: ["message": message, "type": tag])
+        )
+    } else {
+        print("\(red)[SWIFT ERROR] No IPC client available to send error message over. \(reset)")
+    }
 }
 
 public protocol PositronExtension {
@@ -370,6 +386,10 @@ case "forceCloseWindow":
             printError("loadURL — invalid or missing URL")
             return
         }
+        if let scheme = url.scheme?.lowercased(), !["http", "https", "file"].contains(scheme) {
+            printError("loadURL — blocked unauthorized URL scheme: \(scheme)")
+            return
+        }
         (window.contentView as? WKWebView)?.load(URLRequest(url: url))
 
     case "hide":
@@ -585,19 +605,6 @@ UNUserNotificationCenter.current().requestAuthorization(
                 IPCResponse(windowId: windowId, event: args.last ?? "getTitle-reply-\(windowId)", data: ["title": title])
             )
 
-        case "executeAppleScript":
-            guard let scriptSource = args.first else {
-                printError("executeAppleScript — missing script argument")
-                return
-            }
-            let script = NSAppleScript(source: scriptSource)
-            var errorInfo: NSDictionary?
-            script?.executeAndReturnError(&errorInfo)
-            if let errorInfo {
-                let errorMessage = errorInfo[NSAppleScript.errorMessage] as? String ?? "Unknown error"
-                printError("executeAppleScript failed: \(errorMessage)")
-            }
-
 case "isVisible":
     guard let window = windows[windowId] else { return }
     let isVisible = window.isVisible
@@ -819,7 +826,7 @@ case "addToContentBlocker":
         alert.addButton(withTitle: "Cancel")
 
         alert.beginSheetModal(for: window) { response in
-            let confirmed = (response == .alertFirstButtonReturn)
+            let confirmed = (response == .alertSecondButtonReturn) ? false : true
             AppDelegate.shared?.ipcClient.send(
                 IPCResponse(windowId: windowId, event: args.last ?? "confirm-reply-\(windowId)", data: ["confirmed": confirmed ? "true" : "false"])
             )
@@ -926,6 +933,14 @@ final class WebViewNavigationDelegate: NSObject, WKNavigationDelegate {
             IPCResponse(windowId: windowId, event: eventName, data: ["url": webView.url?.absoluteString ?? "", "title": webView.title ?? "", "canGoBack": (webView.canGoBack ? "true" : "false"), "canGoForward": (webView.canGoForward ? "true" : "false")])
         )
     }
+
+    func webView(_ webView: WKWebView, didFail navigation: WKNavigation!, withError error: Error) {
+        printError("Navigation failed: \(error.localizedDescription)")
+    }
+
+    func webView(_ webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: Error) {
+        printError("Provisional navigation failed: \(error.localizedDescription)")
+    }
 }
 
 // MARK: - WebView → Swift IPC Handler
@@ -1035,9 +1050,9 @@ final class IPCClient {
     private let maxReconnectAttempts = 10
     private let reconnectDelay: TimeInterval = 2.0
 
-    init(serverURL: URL = URL(string: "ws://localhost:9000")!) {
+    init(serverURL: URL = URL(string: "ws://127.0.0.1:9000")!) {
         let POSITRON_IPC_PORT = port ?? 9000
-        self.serverURL = URL(string: "ws://localhost:\(POSITRON_IPC_PORT)")!
+        self.serverURL = URL(string: "ws://127.0.0.1:\(POSITRON_IPC_PORT)")!
         self.authToken = AUTH_TOKEN
     }
 
@@ -1052,7 +1067,6 @@ final class IPCClient {
         webSocketTask = session.webSocketTask(with: request)
         webSocketTask?.resume()
         printError("INFO: Connecting to IPC server (attempt \(reconnectAttempts + 1))…")
-        reconnectAttempts = 0 // reset on successful connect
         receiveMessage()
     }
 
@@ -1064,7 +1078,12 @@ final class IPCClient {
         }
         webSocketTask?.send(.string(text)) { error in
             if let error {
-                printError("Failed to send IPC response: \(error.localizedDescription)")
+                let errorMsg = error.localizedDescription
+                printError("Failed to send IPC response: \(errorMsg)")
+                if errorMsg.lowercased().contains("bad response from the server") {
+                    printError("Fatal connection error (Unauthorized or Port Hijacked). Exiting immediately.")
+                    exit(1)
+                }
             }
         }
     }
@@ -1074,9 +1093,15 @@ final class IPCClient {
             guard let self else { return }
             switch result {
             case .failure(let error):
-                printError("WebSocket error: \(error.localizedDescription).")
+                let errorMsg = error.localizedDescription
+                printError("WebSocket error: \(errorMsg).")
+                if errorMsg.contains("503") || errorMsg.contains("401") || errorMsg.contains("403") || errorMsg.lowercased().contains("bad response from the server") {
+                    printError("Fatal connection error (Unauthorized or Port Hijacked). Exiting immediately.")
+                    exit(1)
+                }
                 self.scheduleReconnect()
             case .success(let message):
+                self.reconnectAttempts = 0
                 switch message {
                 case .string(let text):
                     self.parseAndDispatch(text)
@@ -1108,7 +1133,7 @@ final class IPCClient {
         reconnectAttempts += 1
         guard reconnectAttempts < maxReconnectAttempts else {
             printError("Exceeded maximum reconnect attempts (\(maxReconnectAttempts)). Giving up.")
-            return
+            exit(1)
         }
         printError("Reconnecting to \(serverURL) in \(reconnectDelay)s… (attempt \(reconnectAttempts)/\(maxReconnectAttempts))")
         DispatchQueue.global().asyncAfter(deadline: .now() + reconnectDelay) { [weak self] in

package/core/win/main.cs

@@ -131,6 +131,20 @@ namespace PositronWindows
 
     string reset = "\u001b[0m";
     Console.WriteLine($"{red}[C# {tag}] {message}{reset}");
+
+    if (_ipcClient != null)    {
+        if (tag != "INFO") {
+            _ipcClient.Send(new IPCResponse
+            {
+                windowId = -1,
+                @event = "nativeError",
+                data = new() { { "message", message }, { "type", tag } }
+            });
+        }
+    } else
+            {
+                Console.WriteLine($"{red}[C# ERROR] No IPC client available to send error message over. {reset}");
+            }
 }
 
         private static readonly string AuthToken = 
@@ -222,7 +236,7 @@ namespace PositronWindows
             };
 
             await Task.Delay(500);
-            _ipcClient = new IPCClient(new Uri($"ws://localhost:{_ipcPort}"));
+            _ipcClient = new IPCClient(new Uri($"ws://127.0.0.1:{_ipcPort}"));
             _ = _ipcClient.ConnectAsync(AuthToken);
         }
 
@@ -377,12 +391,16 @@ private void StartNodeProcess(string workingDirectory, string backendExeName)
                     {
                         bool isFile = webView.Source != null && webView.Source.IsFile;
                         string eventName = isFile ? $"loadFile-reply-{windowId}" : $"loadURL-reply-{windowId}";
-                        _ipcClient.Send(new IPCResponse
-                        {
-                            windowId = windowId,
-                            @event = eventName,
-                            data = new() { { "url", webView.Source?.ToString() ?? "" }, { "title", webView.CoreWebView2.DocumentTitle }, { "canGoBack", webView.CoreWebView2.CanGoBack.ToString().ToLower() }, { "canGoForward", webView.CoreWebView2.CanGoForward.ToString().ToLower() } }
-                        });
+                        if (e.IsSuccess) {
+                            _ipcClient.Send(new IPCResponse
+                            {
+                                windowId = windowId,
+                                @event = eventName,
+                                data = new() { { "url", webView.Source?.ToString() ?? "" }, { "title", webView.CoreWebView2.DocumentTitle }, { "canGoBack", webView.CoreWebView2.CanGoBack.ToString().ToLower() }, { "canGoForward", webView.CoreWebView2.CanGoForward.ToString().ToLower() } }
+                            });
+                        } else {
+                            error($"Navigation failed: {e.WebErrorStatus}");
+                        }
                     };
 
             webView.CoreWebView2.ContextMenuRequested += (s, e) =>
@@ -624,14 +642,19 @@ case "forceCloseWindow":
 
                 case "loadURL":
                     if (!WindowsMap.TryGetValue(windowId, out _)) break;
-                    if (args.Count == 0)
+                    if (args.Count == 0 || !Uri.TryCreate(args[0], UriKind.Absolute, out var loadUrlUri))
                     {
                         error("loadURL — invalid or missing URL");
                         break;
                     }
+                    if (loadUrlUri.Scheme != Uri.UriSchemeHttp && loadUrlUri.Scheme != Uri.UriSchemeHttps && loadUrlUri.Scheme != Uri.UriSchemeFile)
+                    {
+                        error($"loadURL — blocked unauthorized URL scheme: {loadUrlUri.Scheme}");
+                        break;
+                    }
                     {
                         var wv = GetWebView(windowId);
-                        if (wv != null) wv.Source = new Uri(args[0]);
+                        if (wv != null) wv.Source = loadUrlUri;
                     }
                     break;
 
@@ -1269,11 +1292,12 @@ case "setBounds":
                 if (_reconnectAttempts >= MaxReconnectAttempts)
                 {
                     error($"Exceeded maximum reconnect attempts ({MaxReconnectAttempts}). Giving up.");
-                    return;
+                    Environment.Exit(1);
                 }
 
                 try
                 {
+                    if (_ws != null) _ws.Dispose();
                     _ws = new ClientWebSocket();
                     _ws.Options.SetRequestHeader("x-positron-auth-token", authToken);
                     error($"INFO: Connecting to IPC server (attempt {_reconnectAttempts + 1})…");
@@ -1285,8 +1309,18 @@ case "setBounds":
                 catch (Exception ex)
                 { 
                     _reconnectAttempts++;
-                    error($"WebSocket error: {ex.Message}. Reconnecting in {ReconnectDelayMs / 1000}s… (attempt {_reconnectAttempts}/{MaxReconnectAttempts})");
-                    await Task.Delay(ReconnectDelayMs);
+                    string errorMsg = ex.Message;
+                    if (ex.InnerException != null) errorMsg += " | " + ex.InnerException.Message;
+
+                    error($"WebSocket error: {errorMsg}. Reconnecting in {ReconnectDelayMs / 1000}s… (attempt {_reconnectAttempts}/{MaxReconnectAttempts})");
+                    
+                    if (errorMsg.Contains("503") || errorMsg.Contains("401") || errorMsg.Contains("403"))
+                    {
+                        error("Fatal connection error (Unauthorized or Port Hijacked). Exiting immediately.");
+                        Environment.Exit(1);
+                    }
+
+                    await Task.Delay(ReconnectDelayMs, _cts.Token);
                 }
             }
         }

package/index.js

@@ -37,12 +37,11 @@ const binaryPath = path.join(appRoot, "bin", binaryName);
 
 const appEvents = new Events.EventEmitter();
 
-
 const isPackaged = process.env.POSITRON_PACKAGED === "true";
 
 if(isPackaged) {
 if (typeof process.pkg !== 'undefined') {
-  if (process.platform === 'darwin') {
+  if (process.platform === 'darwin' || process.platform === 'linux') {
     __dirname = path.join(path.dirname(process.execPath), '.');
   } else {
     __dirname = path.dirname(process.execPath);
@@ -52,11 +51,6 @@ if (typeof process.pkg !== 'undefined') {
 
 const EXPECTED_TOKEN = process.env.POSITRON_AUTH_TOKEN;
 
-const parseRes = (obj) => {
-  if (Object.keys(obj) > 1) return obj;
-
-  return Object.values(obj)[0];
-}
 
 if (!isPackaged) {
     // DEV MODE
@@ -69,6 +63,8 @@ if (!isPackaged) {
         }
     }
 
+ //   setTimeout(() => { // FOR HIJACK TESTING
+
     info("Starting Positron render process...");
     const renderProcess = cp.spawn(binaryPath, {
       env: {
@@ -102,12 +98,20 @@ process.on("uncaughtException", (err) => {
         info(`[Positron] Render process exited with code ${code}`);
         process.exit(code);
     });
+ //   }, 60000);
 } else {
     // PRODUCTION MODE
     info("[Positron] Packaged mode detected. Skipping native binary spawn.");
 }
 
 const httpServer = http.createServer((req, res) => {
+  const clientToken = req.headers["x-positron-auth-token"];
+  if (clientToken !== EXPECTED_TOKEN) {
+    res.writeHead(401, { 'Content-Type': 'text/plain' });
+    res.end('Unauthorized');
+    return;
+  }
+
   if (req.method === 'GET' && req.url === '/running') {
     res.writeHead(200, { 'Content-Type': 'text/plain' });
     res.end('true');
@@ -117,7 +121,25 @@ const httpServer = http.createServer((req, res) => {
   }
 });
 
-const _ipcWS = new WebSocket.Server({ server: httpServer });
+const MAX_CONNECTIONS = 1;
+
+const _ipcWS = new WebSocket.Server({ server: httpServer, verifyClient: (info, cb) => {
+
+  const clientToken = info.req.headers["x-positron-auth-token"];
+  if (clientToken !== EXPECTED_TOKEN) {
+    warn("[Security] Unauthorized local connection attempt rejected.");
+    cb(false, 401, "Unauthorized token match failure.");
+    return
+  } 
+
+  if (_ipcWS.clients.size >= MAX_CONNECTIONS) {
+      return cb(false, 503, 'IPC client already connected. Only one client allowed at a time.');
+    }
+  
+  cb(true);
+}
+
+});
 let activeSocket = null;
 const pendingWindows = new Set(); 
 
@@ -127,14 +149,6 @@ const commandQueue = [];
 let activeWindows = new Set();
 
 _ipcWS.on("connection", (ws, req) => {
-const clientToken = req.headers["x-positron-auth-token"];
-
-  if (clientToken !== EXPECTED_TOKEN) {
-    warn("[Security] Unauthorized local connection attempt rejected. Token:", clientToken, "Expected:", EXPECTED_TOKEN);
-    ws.close(4001, "Unauthorized token match failure.");
-    return;
-  }
-
   activeSocket = ws;
   success("Client connected to IPC");
 
@@ -154,7 +168,7 @@ ws.on("message", raw => {
 
    if(process.env.POSITRON_LOG_IPC) console.log("Received IPC message:", msg);
 
-    if (msg.event === "ipcMessage" || msg.event.includes("-reply-") || msg.event.includes("-result-")) {
+    if (msg.event === "ipcMessage" || msg.event.includes("-reply-") || msg.event.includes("-result-") || msg.event === "nativeError") {
       
       const simulatedMsg = msg.event === "ipcMessage" ? msg : {
         event: "ipcMessage",
@@ -216,7 +230,7 @@ ws.on("message", raw => {
       appEvents.emit(msg.event, msg.data);
     }
   } catch (err) {
-    error("Failed to process incoming IPC network frame:", err);
+    error("Failed to process incoming IPC network frame:", err, err.stack.split('\n').slice(1).join('\n'));
   }
 });
 
@@ -243,12 +257,20 @@ class Window extends Events.EventEmitter {
       minimizable: true,
       titlebarTransparent: false,
       titlebarVisible: true
-    }
+    },
+    linuxOptions: {
+      closable: true,
+      resizable: true,
+      minimizable: true,
+      titlebarTransparent: false,
+      titlebarVisible: true
+    },
+    allowEvaluateJS: false
 
   }) {
     super();
     this.id = ++_windowCounter;
-    this.options = options;
+    this.options = { allowEvaluateJS: false, ...options };
     activeWindows.add(this);
 
     if (activeSocket && activeSocket.readyState === WebSocket.OPEN) {
@@ -261,7 +283,11 @@ class Window extends Events.EventEmitter {
     const height = options.height ? String(options.height) : "600";
 
     if(!this.options.skipCreate) {
-      this.create(width, height, options.darwinOptions);
+      if (process.platform === "linux") {
+        this.create(width, height, options.linuxOptions || options.darwinOptions);
+      } else {
+        this.create(width, height, options.darwinOptions);
+      }
     }
 
   }
@@ -698,7 +724,8 @@ async request(command, ...args) {
       }
     });
 
-    let timeout;
+        let timeout;
+
 
     if(!options.noTimeout) {
       let timeoutDuration = 7000;
@@ -712,7 +739,8 @@ if (options.timeout) {
       if (!settled) {
         settled = true;
         unsubscribe();
-        reject(new Error(`Request timed out waiting for reply on channel "${replyChannel}"`));
+    //    reject(new Error(`Request timed out waiting for reply on channel "${replyChannel}"`));
+    resolve({ error: `Request timed out waiting for reply on channel "${replyChannel}"` });
       }
     }, timeoutDuration);
   } else {
@@ -882,8 +910,16 @@ setTitlebarTransparent(isTransparent) {
  * @returns {Promise<*>} A Promise that resolves to the result of the evaluation.
  */
 async evaluateJavaScript(script) {
-const res = await this.request("evaluateJS", script);
-return res.result;
+  if (!this.options.allowEvaluateJS) {
+    throw new Error("evaluateJavaScript is disabled by default for security. Set allowEvaluateJS: true in window options to enable it.");
+  }
+  return await this.#evaluateJavaScriptInternal(script);
+}
+
+
+async #evaluateJavaScriptInternal(script) {
+  const res = await this.request("evaluateJS", script);
+  return res.result;
 }
 
 /**
@@ -891,7 +927,7 @@ return res.result;
  * @returns {Promise<string>} The user agent string of the window.
  */
 async getUserAgent() {
-  return await this.evaluateJavaScript("navigator.userAgent");
+  return await this.#evaluateJavaScriptInternal("navigator.userAgent");
 }
 
 /**
@@ -912,7 +948,7 @@ async setStyleOf(selector, style) {
     });
   })();
   `;
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
   this.emit("style-updated", { selector, style });
 }
 
@@ -932,7 +968,7 @@ async setAttributeOf(selector, attribute, value) {
     });
   })();
   `;
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
   this.emit("attribute-updated", { selector, attribute, value });
 }
 
@@ -951,7 +987,7 @@ async removeAttributeOf(selector, attribute) {
       });
     })();
   `;
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
   this.emit("attribute-removed", { selector, attribute });
 }
 
@@ -973,7 +1009,7 @@ async removeStyleOf(selector, styleProperties) {
       });
     })();
   `;
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
   this.emit("style-removed", { selector, styleProperties });
 }
 
@@ -1008,7 +1044,7 @@ async onClick(selector, channel, { replace = true } = {}) {
   })();
   `;
 
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
 }
 
 /**
@@ -1023,7 +1059,7 @@ async removeOnClick(selector) {
       el.onclick = null;
     });
   `;
-  await this.evaluateJavaScript(script);
+  await this.#evaluateJavaScriptInternal(script);
 }
 
 /**
@@ -1033,8 +1069,8 @@ async removeOnClick(selector) {
  */
 async confirm(message) {
   const res = await this.request("confirm", message);
-  this.emit("confirm", message);
-  return res?.confirmed === "true";
+  this.emit("confirm", res?.confirmed);
+  return res?.confirmed == true || res?.confirmed === "true";
 }
 
 /**
@@ -1217,6 +1253,11 @@ userData: {
         "Application Support",
         process.env.POSITRON_APP_NAME
       );
+    } else {
+      // Linux / other POSIX — follow XDG Base Directory spec
+      const xdgDataHome = process.env.XDG_DATA_HOME
+        || path.join(process.env.HOME, ".local", "share");
+      userPath = path.join(xdgDataHome, process.env.POSITRON_APP_NAME);
     }
 
     if(!fs.existsSync(userPath)) {

package/package.json

@@ -5,7 +5,7 @@
     "url": "https://github.com/systemsoftware/positron.js"
   },
   "homepage": "https://positronjs.gitbook.io",
-  "version": "1.0.6",
+  "version": "1.1.0",
   "main": "index.js",
   "scripts": {
     "test": "node --test"
@@ -19,7 +19,8 @@
     "javascript",
     "node",
     "macos",
-    "windows"
+    "windows",
+    "linux"
   ],
   "author": "Bryce",
   "license": "MIT",