堆栈内存溢出
  简体   繁体   English

Rust端的tauri.config allowList在读写文件前如何检查路径是否允许?

[英]How can I check if a path is allowed in tauri.config allowList on Rust side before reads and writes of files?

 原文  2022-12-01 05:12:25       rust/ tauri

问题描述

I have a tauri application that is reading and writing for example yaml files for the application configurations in the users machine.我有一个 tauri 应用程序,它正在为用户机器中的应用程序配置读写例如 yaml 文件。 Initially I moved the implementation from frontend side of the application to the backend.最初我将实现从应用程序的前端移到了后端。

To get things working I used std::fs::OpenOptions to do the actual file manipulation and resolved the paths using tauri::api::path .为了让事情正常进行,我使用std::fs::OpenOptions进行实际的文件操作,并使用tauri::api::path解析路径。

This works but the problem is that this way the allowList scopes from tauri.config file is not respected, meaning that files could be created or read from any location, so how could I access the allowList scopes to check if path really is allowed there before opening files via OpenOptions ?这行得通,但问题是这样 tauri.config 文件中的allowList范围不受尊重,这意味着可以从任何位置创建或读取文件,所以我如何访问allowList范围以检查之前是否真的允许路径通过OpenOptions打开文件?

I tried to see if the tauri::api exposes something for file manipulation on rust side that will respect the allowlist given in the configuration file, but did not find anything useful.我试图查看tauri::api是否在 rust 端公开了一些用于文件操作的内容,这些内容将遵守配置文件中给出的allowlist ,但没有发现任何有用的东西。

Also found this FsScope structure that seems to have is_allowed method, but not sure how to use it...还发现这个FsScope结构似乎有is_allowed方法,但不确定如何使用它......

example from tauri.config.json来自 tauri.config.json 的示例

"tauri": {
  "allowList": {
    "fs": {
       "readFile": true,
       "writeFile": true,
       "readDir": true,
       "scope": ["$HOME/some_folder/*"]
    }
  }
}

so based on the tauri config file above, before accessing files I would like to check that given path to a file or directory is inside $HOME/some_folder and not pointing to anywhere else.因此,基于上面的 tauri 配置文件,在访问文件之前,我想检查文件或目录的给定路径是否在$HOME/some_folder内,而不是指向其他任何地方。

1 个解决方案

解决方案1
 0 已采纳  2022-12-01 10:06:16

is_allowed is indeed correct. is_allowed确实是正确的。 To get access to it you need an instance of App , AppHandle or Window .要访问它,您需要AppAppHandleWindow的实例。 If you use tauri commands it would look something like this:如果你使用 tauri 命令,它看起来像这样:

use tauri::Manager;

#[tauri::command]
async fn(app_handle: tauri::AppHandle, path: PathBuf) {
    if app_handle.fs_scope().is_allowed(&path) {
        // Path is allowed.
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 rust借位检查看起来很聪明,它可以检查和平面读写循环。 但我怎样才能绕过它? - rust borrow check looks very smart , it can check and flat reads and writes of loop. but how can I bypass it? 如何在 Rust 中列出目录的文件? - How can I list files of a directory in Rust? 如何处理TcpStream上的并行读写? - How do I handle parallel reads and writes on a TcpStream? 如何使用Rust编译/检查目录中的所有文件? - How do I compile/check all files in a directory with Rust? 如何检查Rust 1.1中是否存在路径? - How to check the existence of a path in Rust 1.1? 如何找到生锈的保险丝? - How can I find the path in rust-fuse? 安装 rust 后,如何从我的 PATH 中删除 rust 货物 - How can I remove rust cargo from my PATH after installing rust 我可以手动下载 Tauri 构建依赖项吗? - Can I manually download Tauri buiding dependencies? 如何删除目录中的所有文件,而不是 Rust 中的目录本身? - How can I delete all the files in a directory but not the directory itself in Rust? 如何从 Rust 过程宏生成文件? - How can I generate files from Rust procedural macros?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM