refactor(core): use `regex` only for the shell scope API (#46)

Co-authored-by: chip <chip@chip.sh>

core/tauri-codegen/src/context.rs

@@ -7,11 +7,10 @@ use std::path::{Path, PathBuf};
 
 use proc_macro2::TokenStream;
 use quote::quote;
-use regex::Regex;
 use sha2::{Digest, Sha256};
 
 use tauri_utils::assets::AssetKey;
-use tauri_utils::config::{AppUrl, Config, PatternKind, ShellAllowlistOpen, WindowUrl};
+use tauri_utils::config::{AppUrl, Config, PatternKind, WindowUrl};
 use tauri_utils::html::{inject_nonce_token, parse as parse_html, NodeRef};
 
 #[cfg(feature = "shell-scope")]
@@ -293,33 +292,38 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
   };
 
   #[cfg(feature = "shell-scope")]
-  let shell_scopes = get_allowed_clis(&root, &config.tauri.allowlist.shell.scope);
+  let shell_scope_config = {
+    use regex::Regex;
+    use tauri_utils::config::ShellAllowlistOpen;
 
-  #[cfg(not(feature = "shell-scope"))]
-  let shell_scopes = quote!(::std::collections::HashMap::new());
+    let shell_scopes = get_allowed_clis(&root, &config.tauri.allowlist.shell.scope);
 
-  let shell_scope_open = match &config.tauri.allowlist.shell.open {
-    ShellAllowlistOpen::Flag(false) => quote!(::std::option::Option::None),
-    ShellAllowlistOpen::Flag(true) => {
-      quote!(::std::option::Option::Some(#root::regex::Regex::new("^https?://").unwrap()))
-    }
-    ShellAllowlistOpen::Validate(regex) => match Regex::new(regex) {
-      Ok(_) => quote!(::std::option::Option::Some(#root::regex::Regex::new(#regex).unwrap())),
-      Err(error) => {
-        let error = error.to_string();
-        quote!({
-          compile_error!(#error);
-          ::std::option::Option::Some(#root::regex::Regex::new(#regex).unwrap())
-        })
+    let shell_scope_open = match &config.tauri.allowlist.shell.open {
+      ShellAllowlistOpen::Flag(false) => quote!(::std::option::Option::None),
+      ShellAllowlistOpen::Flag(true) => {
+        quote!(::std::option::Option::Some(#root::regex::Regex::new("^https?://").unwrap()))
       }
-    },
-    _ => panic!("unknown shell open format, unable to prepare"),
+      ShellAllowlistOpen::Validate(regex) => match Regex::new(regex) {
+        Ok(_) => quote!(::std::option::Option::Some(#root::regex::Regex::new(#regex).unwrap())),
+        Err(error) => {
+          let error = error.to_string();
+          quote!({
+            compile_error!(#error);
+            ::std::option::Option::Some(#root::regex::Regex::new(#regex).unwrap())
+          })
+        }
+      },
+      _ => panic!("unknown shell open format, unable to prepare"),
+    };
+
+    quote!(#root::ShellScopeConfig {
+      open: #shell_scope_open,
+      scopes: #shell_scopes
+    })
   };
 
-  let shell_scope_config = quote!(#root::ShellScopeConfig {
-    open: #shell_scope_open,
-    scopes: #shell_scopes
-  });
+  #[cfg(not(feature = "shell-scope"))]
+  let shell_scope_config = quote!();
 
   Ok(quote!(#root::Context::new(
     #config,

core/tauri/Cargo.toml

@@ -74,7 +74,7 @@ minisign-verify = { version = "0.2", optional = true }
 os_info = { version = "3.0.9", optional = true }
 futures-lite = "1.12"
 epi = { git = "https://github.com/wusyong/egui", branch = "tao", optional = true }
-regex = "1.5"
+regex = { version = "1.5", optional = true }
 glob = "0.3"
 data-url = { version = "0.1", optional = true }
 serialize-to-javascript = { git = "https://github.com/chippers/serialize-to-javascript" }
@@ -177,9 +177,9 @@ process-relaunch-dangerous-allow-symlink-macos = ["tauri-utils/process-relaunch-
 protocol-all = ["protocol-asset"]
 protocol-asset = []
 shell-all = ["shell-execute", "shell-sidecar", "shell-open"]
-shell-execute = ["command", "clap", "tauri-macros/shell-scope"]
-shell-sidecar = ["command"]
-shell-open = ["open"]
+shell-execute = ["command", "regex", "tauri-macros/shell-scope"]
+shell-sidecar = ["command", "regex", "tauri-macros/shell-scope"]
+shell-open = ["open", "regex", "tauri-macros/shell-scope"]
 window-all = [
   "window-create",
   "window-center",

core/tauri/build.rs

@@ -55,6 +55,8 @@ fn main() {
     shell_execute: { any(shell_all, feature = "shell-execute") },
     shell_sidecar: { any(shell_all, feature = "shell-sidecar") },
     shell_open: { any(shell_all, feature = "shell-open") },
+    // helper for the shell scope functionality
+    shell_scope: { any(shell_execute, shell_open, shell_sidecar) },
 
     // dialog
     dialog_all: { any(api_all, feature = "dialog-all") },

core/tauri/src/app.rs

@@ -26,6 +26,7 @@ use crate::{
   Context, Invoke, InvokeError, InvokeResponse, Manager, Scopes, StateManager, Window,
 };
 
+#[cfg(shell_scope)]
 use crate::scope::ShellScope;
 
 use tauri_macros::default_runtime;
@@ -461,6 +462,7 @@ macro_rules! shared_app_impl {
       }
 
       /// Gets the scope for the shell execute APIs.
+      #[cfg(shell_scope)]
       pub fn shell_scope(&self) -> ShellScope {
         self.state::<Scopes>().inner().shell.clone()
       }
@@ -977,6 +979,7 @@ impl<R: Runtime> Builder<R> {
       .map(|t| t.icon_as_template)
       .unwrap_or_default();
 
+    #[cfg(shell_scope)]
     let shell_scope = context.shell_scope.clone();
 
     let manager = WindowManager::with_handlers(
@@ -1048,6 +1051,7 @@ impl<R: Runtime> Builder<R> {
       ),
       #[cfg(http_request)]
       http: crate::scope::HttpScope::for_http_api(&app.config().tauri.allowlist.http.scope),
+      #[cfg(shell_scope)]
       shell: ShellScope::new(shell_scope),
     });
     app.manage(env);

core/tauri/src/endpoints/dialog.rs

@@ -208,6 +208,7 @@ mod tests {
         multiple: bool::arbitrary(g),
         directory: bool::arbitrary(g),
         default_path: Option::arbitrary(g),
+        title: Option::arbitrary(g),
       }
     }
   }
@@ -217,6 +218,7 @@ mod tests {
       Self {
         filters: Vec::new(),
         default_path: Option::arbitrary(g),
+        title: Option::arbitrary(g),
       }
     }
   }

core/tauri/src/endpoints/shell.rs

@@ -3,12 +3,17 @@
 // SPDX-License-Identifier: MIT
 
 use super::InvokeContext;
-use crate::{api::ipc::CallbackFn, ExecuteArgs, Runtime};
+use crate::{api::ipc::CallbackFn, Runtime};
 #[cfg(shell_execute)]
 use crate::{Manager, Scopes};
 use serde::Deserialize;
 use tauri_macros::{module_command_handler, CommandModule};
 
+#[cfg(shell_scope)]
+use crate::ExecuteArgs;
+#[cfg(not(shell_scope))]
+type ExecuteArgs = ();
+
 #[cfg(shell_execute)]
 use std::sync::{Arc, Mutex};
 use std::{collections::HashMap, path::PathBuf};
@@ -232,8 +237,8 @@ impl Cmd {
 
 #[cfg(test)]
 mod tests {
-  use super::{Buffer, ChildId, CommandOptions};
-  use crate::{api::ipc::CallbackFn, ExecuteArgs};
+  use super::{Buffer, ChildId, CommandOptions, ExecuteArgs};
+  use crate::api::ipc::CallbackFn;
   use quickcheck::{Arbitrary, Gen};
 
   impl Arbitrary for CommandOptions {
@@ -252,6 +257,7 @@ mod tests {
     }
   }
 
+  #[cfg(shell_scope)]
   impl Arbitrary for ExecuteArgs {
     fn arbitrary(_: &mut Gen) -> Self {
       ExecuteArgs::None

core/tauri/src/error.rs

@@ -94,6 +94,7 @@ pub enum Error {
   #[error("sidecar not configured under `tauri.conf.json > tauri > bundle > externalBin`: {0}")]
   SidecarNotAllowed(PathBuf),
   /// Sidecar was not found by the configuration.
+  #[cfg(shell_scope)]
   #[error("sidecar configuration found, but unable to create a path to it: {0}")]
   SidecarNotFound(#[from] Box<crate::ShellScopeError>),
   /// Program not allowed by the scope.

core/tauri/src/lib.rs

@@ -129,9 +129,6 @@
 #![warn(missing_docs, rust_2018_idioms)]
 #![cfg_attr(doc_cfg, feature(doc_cfg))]
 
-#[cfg(feature = "shell-execute")]
-#[doc(hidden)]
-pub use clap;
 #[cfg(target_os = "macos")]
 #[doc(hidden)]
 pub use embed_plist;
@@ -280,19 +277,21 @@ pub struct Context<A: Assets> {
   pub(crate) package_info: PackageInfo,
   pub(crate) _info_plist: (),
   pub(crate) pattern: Pattern,
-  pub(crate) shell_scope: ShellScopeConfig,
+  #[cfg(shell_scope)]
+  pub(crate) shell_scope: scope::ShellScopeConfig,
 }
 
 impl<A: Assets> fmt::Debug for Context<A> {
   fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-    f.debug_struct("Context")
-      .field("config", &self.config)
+    let mut d = f.debug_struct("Context");
+    d.field("config", &self.config)
       .field("default_window_icon", &self.default_window_icon)
       .field("system_tray_icon", &self.system_tray_icon)
       .field("package_info", &self.package_info)
-      .field("pattern", &self.pattern)
-      .field("shell_scope", &self.shell_scope)
-      .finish()
+      .field("pattern", &self.pattern);
+    #[cfg(shell_scope)]
+    d.field("shell_scope", &self.shell_scope);
+    d.finish()
   }
 }
 
@@ -364,8 +363,9 @@ impl<A: Assets> Context<A> {
   }
 
   /// The scoped shell commands, where the `HashMap` key is the name each configuration.
+  #[cfg(shell_scope)]
   #[inline(always)]
-  pub fn allowed_commands(&self) -> &ShellScopeConfig {
+  pub fn allowed_commands(&self) -> &scope::ShellScopeConfig {
     &self.shell_scope
   }
 
@@ -380,7 +380,7 @@ impl<A: Assets> Context<A> {
     package_info: PackageInfo,
     info_plist: (),
     pattern: Pattern,
-    shell_scope: ShellScopeConfig,
+    #[cfg(shell_scope)] shell_scope: scope::ShellScopeConfig,
   ) -> Self {
     Self {
       config,
@@ -390,6 +390,7 @@ impl<A: Assets> Context<A> {
       package_info,
       _info_plist: info_plist,
       pattern,
+      #[cfg(shell_scope)]
       shell_scope,
     }
   }

core/tauri/src/manager.rs

@@ -10,7 +10,6 @@ use std::{
   sync::{Arc, Mutex, MutexGuard},
 };
 
-use regex::{Captures, Regex};
 use serde::Serialize;
 use serde_json::Value as JsonValue;
 use serialize_to_javascript::{default_template, DefaultTemplate, Template};
@@ -139,6 +138,23 @@ fn set_csp<R: Runtime>(
   csp
 }
 
+// inspired by https://github.com/rust-lang/rust/blob/1be5c8f90912c446ecbdc405cbc4a89f9acd20fd/library/alloc/src/str.rs#L260-L297
+fn replace_with_callback<F: FnMut() -> String>(
+  original: &str,
+  pattern: &str,
+  mut replacement: F,
+) -> String {
+  let mut result = String::new();
+  let mut last_end = 0;
+  for (start, part) in original.match_indices(pattern) {
+    result.push_str(unsafe { original.get_unchecked(last_end..start) });
+    result.push_str(&replacement());
+    last_end = start + part.len();
+  }
+  result.push_str(unsafe { original.get_unchecked(last_end..original.len()) });
+  result
+}
+
 fn replace_csp_nonce(
   asset: &mut String,
   token: &str,
@@ -146,15 +162,12 @@ fn replace_csp_nonce(
   csp_attr: &str,
   hashes: String,
 ) {
-  let regex = Regex::new(token).unwrap();
   let mut nonces = Vec::new();
-  *asset = regex
-    .replace_all(asset, |_: &Captures<'_>| {
-      let nonce = rand::random::<usize>();
-      nonces.push(nonce);
-      nonce.to_string()
-    })
-    .to_string();
+  *asset = replace_with_callback(asset, token, || {
+    let nonce = rand::random::<usize>();
+    nonces.push(nonce);
+    nonce.to_string()
+  });
 
   if !(nonces.is_empty() && hashes.is_empty()) {
     let attr = format!(
@@ -1220,3 +1233,24 @@ fn request_to_path(request: &tauri_runtime::http::Request, replace: &str) -> Str
     path.chars().skip(1).collect()
   }
 }
+
+#[cfg(test)]
+mod tests {
+  use super::replace_with_callback;
+
+  #[test]
+  fn string_replace_with_callback() {
+    let mut tauri_index = 0;
+    for (src, pattern, replacement, result) in [(
+      "tauri is awesome, tauri is amazing",
+      "tauri",
+      || {
+        tauri_index = tauri_index + 1;
+        tauri_index.to_string()
+      },
+      "1 is awesome, 2 is amazing",
+    )] {
+      assert_eq!(replace_with_callback(src, pattern, replacement), result);
+    }
+  }
+}

core/tauri/src/scope/mod.rs

@@ -4,120 +4,17 @@
 
 mod fs;
 mod http;
+#[cfg(shell_scope)]
 mod shell;
 
 pub use self::http::Scope as HttpScope;
 pub use fs::Scope as FsScope;
-use regex::Regex;
-pub use shell::{Scope as ShellScope, ScopeError as ShellScopeError};
-
-use std::collections::HashMap;
-
-/// Allowed representation of `Execute` command arguments.
-#[derive(Debug, Clone, serde::Deserialize)]
-#[serde(untagged, deny_unknown_fields)]
-#[non_exhaustive]
-pub enum ExecuteArgs {
-  /// No arguments
-  None,
-
-  /// A single string argument
-  Single(String),
-
-  /// Multiple string arguments
-  List(Vec<String>),
-
-  /// Multiple string arguments in a key-value fashion
-  Map(HashMap<String, String>),
-}
-
-impl ExecuteArgs {
-  /// Whether the argument list is empty or not.
-  pub fn is_empty(&self) -> bool {
-    match self {
-      Self::None => true,
-      Self::Single(s) if s.is_empty() => true,
-      Self::List(l) => l.is_empty(),
-      Self::Map(m) => m.is_empty(),
-      _ => false,
-    }
-  }
-}
-
-impl From<()> for ExecuteArgs {
-  fn from(_: ()) -> Self {
-    Self::None
-  }
-}
-
-impl From<String> for ExecuteArgs {
-  fn from(string: String) -> Self {
-    Self::Single(string)
-  }
-}
-
-impl From<Vec<String>> for ExecuteArgs {
-  fn from(vec: Vec<String>) -> Self {
-    Self::List(vec)
-  }
-}
-
-impl From<HashMap<String, String>> for ExecuteArgs {
-  fn from(map: HashMap<String, String>) -> Self {
-    Self::Map(map)
-  }
-}
-
-/// Shell scope configuration.
-#[derive(Debug, Clone)]
-pub struct ShellScopeConfig {
-  /// The validation regex that `shell > open` paths must match against.
-  pub open: Option<Regex>,
-
-  /// All allowed commands, using their unique command name as the keys.
-  pub scopes: HashMap<String, ShellScopeAllowedCommand>,
-}
-
-/// A configured scoped shell command.
-#[derive(Debug, Clone)]
-pub struct ShellScopeAllowedCommand {
-  /// The shell command to be called.
-  pub command: std::path::PathBuf,
-
-  /// The arguments the command is allowed to be called with.
-  pub args: Option<Vec<ShellScopeAllowedArg>>,
-
-  /// If this command is a sidecar command.
-  pub sidecar: bool,
-}
-
-/// A configured argument to a scoped shell command.
-#[derive(Debug, Clone)]
-pub enum ShellScopeAllowedArg {
-  /// A non-configurable argument.
-  Fixed(String),
-
-  /// An argument with a value to be evaluated at runtime, optionally must pass a regex validation.
-  Var {
-    /// The key name of the argument variable
-    name: String,
-
-    /// The validation, if set, that the variable value must pass in order to be called.
-    validate: Option<regex::Regex>,
-  },
-}
-
-impl ShellScopeAllowedArg {
-  /// If the argument is fixed.
-  pub fn is_fixed(&self) -> bool {
-    matches!(self, Self::Fixed(_))
-  }
-
-  /// If the argument is a variable value.
-  pub fn is_var(&self) -> bool {
-    matches!(self, Self::Var { .. })
-  }
-}
+#[cfg(shell_scope)]
+pub use shell::{
+  ExecuteArgs, Scope as ShellScope, ScopeAllowedArg as ShellScopeAllowedArg,
+  ScopeAllowedCommand as ShellScopeAllowedCommand, ScopeConfig as ShellScopeConfig,
+  ScopeError as ShellScopeError,
+};
 
 pub(crate) struct Scopes {
   pub fs: FsScope,
@@ -125,5 +22,6 @@ pub(crate) struct Scopes {
   pub asset_protocol: FsScope,
   #[cfg(http_request)]
   pub http: HttpScope,
+  #[cfg(shell_scope)]
   pub shell: ShellScope,
 }

core/tauri/src/scope/shell.rs

@@ -2,15 +2,124 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
+#[cfg(any(shell_execute, shell_sidecar))]
+use crate::api::process::Command;
 #[cfg(shell_open)]
 use crate::api::shell::Program;
-use crate::ShellScopeConfig;
-#[cfg(any(shell_execute, shell_sidecar))]
-use crate::{api::process::Command, ExecuteArgs, ShellScopeAllowedArg};
+
+use regex::Regex;
+
+use std::collections::HashMap;
+
+/// Allowed representation of `Execute` command arguments.
+#[derive(Debug, Clone, serde::Deserialize)]
+#[serde(untagged, deny_unknown_fields)]
+#[non_exhaustive]
+pub enum ExecuteArgs {
+  /// No arguments
+  None,
+
+  /// A single string argument
+  Single(String),
+
+  /// Multiple string arguments
+  List(Vec<String>),
+
+  /// Multiple string arguments in a key-value fashion
+  Map(HashMap<String, String>),
+}
+
+impl ExecuteArgs {
+  /// Whether the argument list is empty or not.
+  pub fn is_empty(&self) -> bool {
+    match self {
+      Self::None => true,
+      Self::Single(s) if s.is_empty() => true,
+      Self::List(l) => l.is_empty(),
+      Self::Map(m) => m.is_empty(),
+      _ => false,
+    }
+  }
+}
+
+impl From<()> for ExecuteArgs {
+  fn from(_: ()) -> Self {
+    Self::None
+  }
+}
+
+impl From<String> for ExecuteArgs {
+  fn from(string: String) -> Self {
+    Self::Single(string)
+  }
+}
+
+impl From<Vec<String>> for ExecuteArgs {
+  fn from(vec: Vec<String>) -> Self {
+    Self::List(vec)
+  }
+}
+
+impl From<HashMap<String, String>> for ExecuteArgs {
+  fn from(map: HashMap<String, String>) -> Self {
+    Self::Map(map)
+  }
+}
+
+/// Shell scope configuration.
+#[derive(Debug, Clone)]
+pub struct ScopeConfig {
+  /// The validation regex that `shell > open` paths must match against.
+  pub open: Option<Regex>,
+
+  /// All allowed commands, using their unique command name as the keys.
+  pub scopes: HashMap<String, ScopeAllowedCommand>,
+}
+
+/// A configured scoped shell command.
+#[derive(Debug, Clone)]
+pub struct ScopeAllowedCommand {
+  /// The shell command to be called.
+  pub command: std::path::PathBuf,
+
+  /// The arguments the command is allowed to be called with.
+  pub args: Option<Vec<ScopeAllowedArg>>,
+
+  /// If this command is a sidecar command.
+  pub sidecar: bool,
+}
+
+/// A configured argument to a scoped shell command.
+#[derive(Debug, Clone)]
+pub enum ScopeAllowedArg {
+  /// A non-configurable argument.
+  Fixed(String),
+
+  /// An argument with a value to be evaluated at runtime, optionally must pass a regex validation.
+  Var {
+    /// The key name of the argument variable
+    name: String,
+
+    /// The validation, if set, that the variable value must pass in order to be called.
+    validate: Option<Regex>,
+  },
+}
+
+impl ScopeAllowedArg {
+  /// If the argument is fixed.
+  pub fn is_fixed(&self) -> bool {
+    matches!(self, Self::Fixed(_))
+  }
+
+  /// If the argument is a variable value.
+  pub fn is_var(&self) -> bool {
+    matches!(self, Self::Var { .. })
+  }
+}
 
 /// Scope for filesystem access.
 #[derive(Clone)]
-pub struct Scope(ShellScopeConfig);
+pub struct Scope(ScopeConfig);
 
 /// All errors that can happen while validating a scoped command.
 #[derive(Debug, thiserror::Error)]
@@ -95,7 +204,7 @@ pub enum ScopeError {
 
 impl Scope {
   /// Creates a new shell scope.
-  pub fn new(scope: ShellScopeConfig) -> Self {
+  pub fn new(scope: ScopeConfig) -> Self {
     Self(scope)
   }
 
@@ -124,8 +233,8 @@ impl Scope {
       (Some(list), ExecuteArgs::Map(args)) => list
         .iter()
         .map(|arg| match arg {
-          ShellScopeAllowedArg::Fixed(fixed) => Ok(fixed.to_string()),
-          ShellScopeAllowedArg::Var { name, validate } => {
+          ScopeAllowedArg::Fixed(fixed) => Ok(fixed.to_string()),
+          ScopeAllowedArg::Var { name, validate } => {
             let value = args
               .get(name)
               .ok_or_else(|| ScopeError::MissingVar(name.into()))?
@@ -146,15 +255,13 @@ impl Scope {
           }
         })
         .collect(),
-      (Some(list), arg) if arg.is_empty() && list.iter().all(ShellScopeAllowedArg::is_fixed) => {
-        list
-          .iter()
-          .map(|arg| match arg {
-            ShellScopeAllowedArg::Fixed(fixed) => Ok(fixed.to_string()),
-            _ => unreachable!(),
-          })
-          .collect()
-      }
+      (Some(list), arg) if arg.is_empty() && list.iter().all(ScopeAllowedArg::is_fixed) => list
+        .iter()
+        .map(|arg| match arg {
+          ScopeAllowedArg::Fixed(fixed) => Ok(fixed.to_string()),
+          _ => unreachable!(),
+        })
+        .collect(),
       (Some(list), _) if list.is_empty() => Err(ScopeError::InvalidInput(command_name.into())),
       (Some(_), _) => Err(ScopeError::InvalidInput(command_name.into())),
     }?;

core/tauri/src/test/mod.rs

@@ -7,10 +7,13 @@
 mod mock_runtime;
 pub use mock_runtime::*;
 
+#[cfg(shell_scope)]
 use std::collections::HashMap;
 use std::{borrow::Cow, sync::Arc};
 
-use crate::{Manager, Pattern, ShellScopeConfig};
+#[cfg(shell_scope)]
+use crate::ShellScopeConfig;
+use crate::{Manager, Pattern};
 use tauri_utils::{
   assets::{AssetKey, Assets, CspHash},
   config::{CliConfig, Config, PatternKind, TauriConfig},
@@ -72,6 +75,7 @@ pub fn mock_context<A: Assets>(assets: A) -> crate::Context<A> {
     },
     _info_plist: (),
     pattern: Pattern::Brownfield(std::marker::PhantomData),
+    #[cfg(shell_scope)]
     shell_scope: ShellScopeConfig {
       open: None,
       scopes: HashMap::new(),