Mirrors/super-productivity

Fork 0

mirror of https://github.com/johannesjo/super-productivity.git synced 2026-01-24 03:06:16 +00:00

Commit graph

Author	SHA1	Message	Date
Johannes Millan	5b05192e2e	refactor(plugin): improve type safety by removing 'as any' castings - Create window-ea.d.ts to properly type window.ea (ElectronAPI) - Replace all 'as any' castings with proper types - Update all any[] to unknown[] for better type safety - Import proper types (PluginManifest) in electron files - Update plugin-api types to use unknown instead of any - Fix app.getPath type casting with proper parameter types - Rebuild plugin-api dist files with updated types	2025-06-19 14:25:43 +02:00
Johannes Millan	83ba3450fc	feat(plugin): improve Node.js execution security and error handling - Enhanced sandboxing with frozen prototypes and constructor removal - Added comprehensive input validation for script requests - Improved error handling with line/column information - Added resource usage tracking (memory monitoring) - Added cleanup method for plugin resources - Better path traversal protection with ID sanitization - Enhanced dangerous globals removal (fs, crypto, etc.) - Added structured error types with error codes - Built and updated plugin-api dist files	2025-06-19 14:25:43 +02:00
Johannes Millan	dfec172788	feat(plugin): add Node.js script execution API for plugins - Implement secure Node.js script executor in Electron main process - Add sandboxed execution environment with memory/timeout limits - Create two-stage consent dialog for nodeExecution permission - Add plugin registration/unregistration with main process - Integrate executeNodeScript method into plugin API - Add IPC handlers for plugin-to-main communication - Ensure consent is checked when enabling plugins - Add proper cleanup on plugin unload Security features: - Dangerous globals removed from execution context - Plugin-specific working directories - Configurable memory and timeout limits - Persistent consent storage - Only available in Electron environment	2025-06-19 14:25:43 +02:00

Author

SHA1

Message

Date

Johannes Millan

5b05192e2e

refactor(plugin): improve type safety by removing 'as any' castings

- Create window-ea.d.ts to properly type window.ea (ElectronAPI)
- Replace all 'as any' castings with proper types
- Update all any[] to unknown[] for better type safety
- Import proper types (PluginManifest) in electron files
- Update plugin-api types to use unknown instead of any
- Fix app.getPath type casting with proper parameter types
- Rebuild plugin-api dist files with updated types

2025-06-19 14:25:43 +02:00

Johannes Millan

83ba3450fc

feat(plugin): improve Node.js execution security and error handling

- Enhanced sandboxing with frozen prototypes and constructor removal
- Added comprehensive input validation for script requests
- Improved error handling with line/column information
- Added resource usage tracking (memory monitoring)
- Added cleanup method for plugin resources
- Better path traversal protection with ID sanitization
- Enhanced dangerous globals removal (fs, crypto, etc.)
- Added structured error types with error codes
- Built and updated plugin-api dist files

2025-06-19 14:25:43 +02:00

Johannes Millan

dfec172788

feat(plugin): add Node.js script execution API for plugins

- Implement secure Node.js script executor in Electron main process
- Add sandboxed execution environment with memory/timeout limits
- Create two-stage consent dialog for nodeExecution permission
- Add plugin registration/unregistration with main process
- Integrate executeNodeScript method into plugin API
- Add IPC handlers for plugin-to-main communication
- Ensure consent is checked when enabling plugins
- Add proper cleanup on plugin unload

Security features:
- Dangerous globals removed from execution context
- Plugin-specific working directories
- Configurable memory and timeout limits
- Persistent consent storage
- Only available in Electron environment

2025-06-19 14:25:43 +02:00

3 commits