marcoallegretti/WEFT_OS
marcoallegretti/WEFT_OS
1
0
Fork 0
mirror of https://github.com/marcoallegretti/WEFT_OS.git synced 2026-03-27 01:13:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
141 commits 1 branch 0 tags 472 KiB
Commit graph

5 commits

Author SHA1 Message Date
Marco Allegretti
4d0089a107 feat: appd IPC relay, WIT interfaces, UI kit, gesture routing, and CI hardening 
- weft-appd: per-session IPC socket paths; bidirectional Wasm-HTML JSON relay
  via spawn_ipc_relay; SO_PEERCRED UID check on Unix socket connections;
  PanelGesture request and NavigationGesture broadcast for compositor gestures
- weft-runtime: weft:app/ipc, weft:app/fetch, weft:app/notifications WIT
  interfaces; IpcState non-blocking Unix socket host functions; ureq-backed
  net:fetch host function (net-fetch feature); notify-send notifications host
- weft-file-portal: spawn a thread per accepted connection for concurrent access
- weft-app-shell: weft-system:// URL translation; WEFT UI Kit UserScript
  injection; resolve_weft_system_url helper
- weft-servo-shell: forward compositor navigation gestures to weft-appd
  WebSocket as PanelGesture; WEFT UI Kit UserScript injection
- infra/shell: weft-ui-kit.js with 11 custom elements (weft-button, weft-card,
  weft-dialog, weft-icon, weft-list, weft-list-item, weft-menu, weft-menu-item,
  weft-progress, weft-input, weft-label); system-ui.html handles
  NAVIGATION_GESTURE messages and dispatches weft:navigation-gesture CustomEvent
- infra/systemd: add missing env vars to weft-appd.service; correct
  servo-shell.service binary path and system-ui.html argument
- .github/workflows/ci.yml: exclude weft-servo-shell and weft-app-shell from
  cross-platform job; add them to linux-only job with libsystemd-dev dependency
 2026-03-12 12:49:45 +01:00
Marco Allegretti
8eace960c2 fix(file-portal): block dotdot path-traversal in is_allowed 
Path::starts_with is component-aware but does not resolve .., so
/allowed/../etc/passwd would pass the check. Add normalize_path() that
lexically resolves . and .. components without touching the filesystem
so the check works on non-existent paths too. Add regression test.
 2026-03-11 18:54:25 +01:00
Marco Allegretti
a18f5c7604 fix(file-portal): create parent directories on write 
std::fs::write fails when the destination parent does not exist.
Add create_dir_all before the write so apps can store files in
nested paths (e.g. config/sub/settings.json) without pre-creating
directories. Add regression test for the nested-path case.
 2026-03-11 18:52:54 +01:00
Marco Allegretti
b4824aa8d4 feat(servo-shell): input forwarding, weft-app URL resolution, weftIpc JS bridge (servo-embed only) 2026-03-11 17:52:37 +01:00
Marco Allegretti
1b93f1c825 feat: weft-file-portal -- sandboxed file access broker 
New crate. Per-session file proxy that gates filesystem access to an
explicit allowlist of paths passed at startup.

Usage: weft-file-portal <socket_path> [--allow <path>]...

Listens on a Unix domain socket. Each connection receives newline-
delimited JSON requests and returns newline-delimited JSON responses.
File content is base64-encoded. Operations: read, write, list.
Empty allowlist rejects all requests; paths checked with starts_with.

7 unit tests covering access control, read/write roundtrip, and list.
 2026-03-11 15:52:33 +01:00