| blob | 97f786318f99931f0b061f375e570837dc059cc4 |
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 /*
6 * Manifest.sys.mjs is the top level api for managing installed web applications
7 * https://www.w3.org/TR/appmanifest/
8 *
9 * It is used to trigger the installation of a web application via .install()
10 * and to access the manifest data (including icons).
11 *
12 * TODO:
13 * - Trigger appropriate app installed events
14 */
16 import { ManifestObtainer } from "resource://gre/modules/ManifestObtainer.sys.mjs";
18 import { ManifestIcons } from "resource://gre/modules/ManifestIcons.sys.mjs";
20 const lazy = {};
22 ChromeUtils.defineESModuleGetters(lazy, {
23 JSONFile: "resource://gre/modules/JSONFile.sys.mjs",
24 });
26 /**
27 * Generates an hash for the given string.
28 *
29 * @note The generated hash is returned in base64 form. Mind the fact base64
30 * is case-sensitive if you are going to reuse this code.
31 */
32 function generateHash(aString, hashAlg) {
33 const cryptoHash = Cc["@mozilla.org/security/hash;1"].createInstance(
34 Ci.nsICryptoHash
35 );
36 cryptoHash.init(hashAlg);
37 const stringStream = Cc[
38 "@mozilla.org/io/string-input-stream;1"
39 ].createInstance(Ci.nsIStringInputStream);
40 stringStream.data = aString;
41 cryptoHash.updateFromStream(stringStream, -1);
42 // base64 allows the '/' char, but we can't use it for filenames.
43 return cryptoHash.finish(true).replace(/\//g, "-");
44 }
46 /**
47 * Trims the query parameters from a url
48 */
49 function stripQuery(url) {
50 return url.split("?")[0];
51 }
53 // Folder in which we store the manifest files
54 const MANIFESTS_DIR = PathUtils.join(PathUtils.profileDir, "manifests");
56 // We maintain a list of scopes for installed webmanifests so we can determine
57 // whether a given url is within the scope of a previously installed manifest
58 const MANIFESTS_FILE = "manifest-scopes.json";
60 /**
61 * Manifest object
62 */
64 class Manifest {
65 constructor(browser, manifestUrl) {
66 this._manifestUrl = manifestUrl;
67 // The key for this is the manifests URL that is required to be unique.
68 // However arbitrary urls are not safe file paths so lets hash it.
69 const filename =
70 generateHash(manifestUrl, Ci.nsICryptoHash.SHA256) + ".json";
71 this._path = PathUtils.join(MANIFESTS_DIR, filename);
72 this.browser = browser;
73 }
75 /**
76 * See Bug 1871109
77 * This function is called at the beginning of initialize() to check if a given
78 * manifest has MD5 based filename, if so we remove it and migrate the content to
79 * a new file with SHA256 based name.
80 * This is done due to security concern, as MD5 is an outdated hashing algorithm and
81 * shouldn't be used anymore
82 */
83 async removeMD5BasedFilename() {
84 const filenameMD5 =
85 generateHash(this._manifestUrl, Ci.nsICryptoHash.MD5) + ".json";
86 const MD5Path = PathUtils.join(MANIFESTS_DIR, filenameMD5);
87 try {
88 await IOUtils.copy(MD5Path, this._path, { noOverwrite: true });
89 } catch (error) {
90 // we are ignoring the failures returned from copy as it should not stop us from
91 // installing a new manifest
92 }
94 // Remove the old MD5 based file unconditionally to ensure it's no longer used
95 try {
96 await IOUtils.remove(MD5Path);
97 } catch {
98 // ignore the error in case MD5 based file does not exist
99 }
100 }
102 get browser() {
103 return this._browser;
104 }
106 set browser(aBrowser) {
107 this._browser = aBrowser;
108 }
110 async initialize() {
111 await this.removeMD5BasedFilename();
112 this._store = new lazy.JSONFile({ path: this._path, saveDelayMs: 100 });
113 await this._store.load();
114 }
116 async prefetch(browser) {
117 const manifestData = await ManifestObtainer.browserObtainManifest(browser);
118 const icon = await ManifestIcons.browserFetchIcon(
119 browser,
120 manifestData,
121 192
122 );
123 const data = {
124 installed: false,
125 manifest: manifestData,
126 cached_icon: icon,
127 };
128 return data;
129 }
131 async install() {
132 const manifestData = await ManifestObtainer.browserObtainManifest(
133 this._browser
134 );
135 this._store.data = {
136 installed: true,
137 manifest: manifestData,
138 };
139 Manifests.manifestInstalled(this);
140 this._store.saveSoon();
141 }
143 async icon(expectedSize) {
144 if ("cached_icon" in this._store.data) {
145 return this._store.data.cached_icon;
146 }
147 const icon = await ManifestIcons.browserFetchIcon(
148 this._browser,
149 this._store.data.manifest,
150 expectedSize
151 );
152 // Cache the icon so future requests do not go over the network
153 this._store.data.cached_icon = icon;
154 this._store.saveSoon();
155 return icon;
156 }
158 get scope() {
159 const scope =
160 this._store.data.manifest.scope || this._store.data.manifest.start_url;
161 return stripQuery(scope);
162 }
164 get name() {
165 return (
166 this._store.data.manifest.short_name ||
167 this._store.data.manifest.name ||
168 this._store.data.manifest.short_url
169 );
170 }
172 get url() {
173 return this._manifestUrl;
174 }
176 get installed() {
177 return (this._store.data && this._store.data.installed) || false;
178 }
180 get start_url() {
181 return this._store.data.manifest.start_url;
182 }
184 get path() {
185 return this._path;
186 }
187 }
189 /*
190 * Manifests maintains the list of installed manifests
191 */
192 export var Manifests = {
193 async _initialize() {
194 if (this._readyPromise) {
195 return this._readyPromise;
196 }
198 // Prevent multiple initializations
199 this._readyPromise = (async () => {
200 // Make sure the manifests have the folder needed to save into
201 await IOUtils.makeDirectory(MANIFESTS_DIR, { ignoreExisting: true });
203 // Ensure any existing scope data we have about manifests is loaded
204 this._path = PathUtils.join(PathUtils.profileDir, MANIFESTS_FILE);
205 this._store = new lazy.JSONFile({ path: this._path });
206 await this._store.load();
208 // If we don't have any existing data, initialize empty
209 if (!this._store.data.hasOwnProperty("scopes")) {
210 this._store.data.scopes = new Map();
211 }
212 })();
214 // Cache the Manifest objects creates as they are references to files
215 // and we do not want multiple file handles
216 this.manifestObjs = new Map();
217 return this._readyPromise;
218 },
220 // When a manifest is installed, we save its scope so we can determine if
221 // future visits fall within this manifests scope
222 manifestInstalled(manifest) {
223 this._store.data.scopes[manifest.scope] = manifest.url;
224 this._store.saveSoon();
225 },
227 // Given a url, find if it is within an installed manifests scope and if so
228 // return that manifests url
229 findManifestUrl(url) {
230 for (let scope in this._store.data.scopes) {
231 if (url.startsWith(scope)) {
232 return this._store.data.scopes[scope];
233 }
234 }
235 return null;
236 },
238 // Get the manifest given a url, or if not look for a manifest that is
239 // tied to the current page
240 async getManifest(browser, manifestUrl) {
241 // Ensure we have all started up
242 if (!this._readyPromise) {
243 await this._initialize();
244 }
246 // If the client does not already know its manifestUrl, we take the
247 // url of the client and see if it matches the scope of any installed
248 // manifests
249 if (!manifestUrl) {
250 const url = stripQuery(browser.currentURI.spec);
251 manifestUrl = this.findManifestUrl(url);
252 }
254 // No matches so no manifest
255 if (manifestUrl === null) {
256 return null;
257 }
259 // If we have already created this manifest return cached
260 if (this.manifestObjs.has(manifestUrl)) {
261 const manifest = this.manifestObjs.get(manifestUrl);
262 if (manifest.browser !== browser) {
263 manifest.browser = browser;
264 }
265 return manifest;
266 }
268 // Otherwise create a new manifest object
269 const manifest = new Manifest(browser, manifestUrl);
270 this.manifestObjs.set(manifestUrl, manifest);
271 await manifest.initialize();
272 return manifest;
273 },
274 };