-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Auto Generation of ACL Schema File for Documentation (#9903)
* Add auto generated acl schema files for docs * update CI --------- Co-authored-by: Lucas Nogueira <118899497+lucasfernog-crabnebula@users.noreply.github.com> Co-authored-by: Lucas Nogueira <lucas@crabnebula.dev>
- Loading branch information
1 parent
594e3e2
commit 4942d80
Showing
12 changed files
with
603 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[package] | ||
name = "tauri-acl-schema" | ||
version = "0.0.0" | ||
edition = "2021" | ||
publish = false | ||
|
||
[build-dependencies] | ||
tauri-utils = { features = [ "schema" ], path = "../tauri-utils" } | ||
schemars = { version = "0.8", features = ["url", "preserve_order"] } | ||
serde = { version = "1.0", features = ["derive"] } | ||
serde_json = "1.0" | ||
url = { version = "2.3", features = ["serde"] } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
// Copyright 2019-2024 Tauri Programme within The Commons Conservancy | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// SPDX-License-Identifier: MIT | ||
|
||
use std::{ | ||
error::Error, | ||
fs::File, | ||
io::{BufWriter, Write}, | ||
path::PathBuf, | ||
}; | ||
|
||
use schemars::schema::RootSchema; | ||
|
||
pub fn main() -> Result<(), Box<dyn Error>> { | ||
let cap_schema = schemars::schema_for!(tauri_utils::acl::capability::Capability); | ||
let perm_schema = schemars::schema_for!(tauri_utils::acl::Permission); | ||
let scope_schema = schemars::schema_for!(tauri_utils::acl::Scopes); | ||
|
||
let crate_dir = PathBuf::from(std::env::var("CARGO_MANIFEST_DIR")?); | ||
|
||
write_schema_file(cap_schema, crate_dir.join("capability-schema.json"))?; | ||
write_schema_file(perm_schema, crate_dir.join("permission-schema.json"))?; | ||
write_schema_file(scope_schema, crate_dir.join("scope-schema.json"))?; | ||
|
||
Ok(()) | ||
} | ||
|
||
fn write_schema_file(schema: RootSchema, outpath: PathBuf) -> Result<(), Box<dyn Error>> { | ||
let schema_str = serde_json::to_string_pretty(&schema).unwrap(); | ||
let mut schema_file = BufWriter::new(File::create(outpath)?); | ||
write!(schema_file, "{schema_str}")?; | ||
|
||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,233 @@ | ||
{ | ||
"$schema": "http://json-schema.org/draft-07/schema#", | ||
"title": "Capability", | ||
"description": "A grouping and boundary mechanism developers can use to separate windows or plugins functionality from each other at runtime.\n\nIf a window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create trust groups and reduce impact of vulnerabilities in certain plugins or windows. Windows can be added to a capability by exact name or glob patterns like *, admin-* or main-window.", | ||
"type": "object", | ||
"required": [ | ||
"identifier", | ||
"permissions" | ||
], | ||
"properties": { | ||
"identifier": { | ||
"description": "Identifier of the capability.", | ||
"type": "string" | ||
}, | ||
"description": { | ||
"description": "Description of the capability.", | ||
"default": "", | ||
"type": "string" | ||
}, | ||
"remote": { | ||
"description": "Configure remote URLs that can use the capability permissions.", | ||
"anyOf": [ | ||
{ | ||
"$ref": "#/definitions/CapabilityRemote" | ||
}, | ||
{ | ||
"type": "null" | ||
} | ||
] | ||
}, | ||
"local": { | ||
"description": "Whether this capability is enabled for local app URLs or not. Defaults to `true`.", | ||
"default": true, | ||
"type": "boolean" | ||
}, | ||
"windows": { | ||
"description": "List of windows that uses this capability. Can be a glob pattern.\n\nOn multiwebview windows, prefer [`Self::webviews`] for a fine grained access control.", | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
} | ||
}, | ||
"webviews": { | ||
"description": "List of webviews that uses this capability. Can be a glob pattern.\n\nThis is only required when using on multiwebview contexts, by default all child webviews of a window that matches [`Self::windows`] are linked.", | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
} | ||
}, | ||
"permissions": { | ||
"description": "List of permissions attached to this capability. Must include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`.", | ||
"type": "array", | ||
"items": { | ||
"$ref": "#/definitions/PermissionEntry" | ||
} | ||
}, | ||
"platforms": { | ||
"description": "Target platforms this capability applies. By default all platforms are affected by this capability.", | ||
"type": [ | ||
"array", | ||
"null" | ||
], | ||
"items": { | ||
"$ref": "#/definitions/Target" | ||
} | ||
} | ||
}, | ||
"definitions": { | ||
"CapabilityRemote": { | ||
"description": "Configuration for remote URLs that are associated with the capability.", | ||
"type": "object", | ||
"required": [ | ||
"urls" | ||
], | ||
"properties": { | ||
"urls": { | ||
"description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n# Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api", | ||
"type": "array", | ||
"items": { | ||
"type": "string" | ||
} | ||
} | ||
} | ||
}, | ||
"PermissionEntry": { | ||
"description": "An entry for a permission value in a [`Capability`] can be either a raw permission [`Identifier`] or an object that references a permission and extends its scope.", | ||
"anyOf": [ | ||
{ | ||
"description": "Reference a permission or permission set by identifier.", | ||
"allOf": [ | ||
{ | ||
"$ref": "#/definitions/Identifier" | ||
} | ||
] | ||
}, | ||
{ | ||
"description": "Reference a permission or permission set by identifier and extends its scope.", | ||
"type": "object", | ||
"required": [ | ||
"identifier" | ||
], | ||
"properties": { | ||
"identifier": { | ||
"description": "Identifier of the permission or permission set.", | ||
"allOf": [ | ||
{ | ||
"$ref": "#/definitions/Identifier" | ||
} | ||
] | ||
}, | ||
"allow": { | ||
"description": "Data that defines what is allowed by the scope.", | ||
"type": [ | ||
"array", | ||
"null" | ||
], | ||
"items": { | ||
"$ref": "#/definitions/Value" | ||
} | ||
}, | ||
"deny": { | ||
"description": "Data that defines what is denied by the scope.", | ||
"type": [ | ||
"array", | ||
"null" | ||
], | ||
"items": { | ||
"$ref": "#/definitions/Value" | ||
} | ||
} | ||
} | ||
} | ||
] | ||
}, | ||
"Identifier": { | ||
"type": "string" | ||
}, | ||
"Value": { | ||
"description": "All supported ACL values.", | ||
"anyOf": [ | ||
{ | ||
"description": "Represents a null JSON value.", | ||
"type": "null" | ||
}, | ||
{ | ||
"description": "Represents a [`bool`].", | ||
"type": "boolean" | ||
}, | ||
{ | ||
"description": "Represents a valid ACL [`Number`].", | ||
"allOf": [ | ||
{ | ||
"$ref": "#/definitions/Number" | ||
} | ||
] | ||
}, | ||
{ | ||
"description": "Represents a [`String`].", | ||
"type": "string" | ||
}, | ||
{ | ||
"description": "Represents a list of other [`Value`]s.", | ||
"type": "array", | ||
"items": { | ||
"$ref": "#/definitions/Value" | ||
} | ||
}, | ||
{ | ||
"description": "Represents a map of [`String`] keys to [`Value`]s.", | ||
"type": "object", | ||
"additionalProperties": { | ||
"$ref": "#/definitions/Value" | ||
} | ||
} | ||
] | ||
}, | ||
"Number": { | ||
"description": "A valid ACL number.", | ||
"anyOf": [ | ||
{ | ||
"description": "Represents an [`i64`].", | ||
"type": "integer", | ||
"format": "int64" | ||
}, | ||
{ | ||
"description": "Represents a [`f64`].", | ||
"type": "number", | ||
"format": "double" | ||
} | ||
] | ||
}, | ||
"Target": { | ||
"description": "Platform target.", | ||
"oneOf": [ | ||
{ | ||
"description": "MacOS.", | ||
"type": "string", | ||
"enum": [ | ||
"macOS" | ||
] | ||
}, | ||
{ | ||
"description": "Windows.", | ||
"type": "string", | ||
"enum": [ | ||
"windows" | ||
] | ||
}, | ||
{ | ||
"description": "Linux.", | ||
"type": "string", | ||
"enum": [ | ||
"linux" | ||
] | ||
}, | ||
{ | ||
"description": "Android.", | ||
"type": "string", | ||
"enum": [ | ||
"android" | ||
] | ||
}, | ||
{ | ||
"description": "iOS.", | ||
"type": "string", | ||
"enum": [ | ||
"iOS" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
Oops, something went wrong.