npm package diff
Package: @forge/manifest
Versions: 8.2.0-next.0 - 8.2.0-next.1
File: package/out/validators/permissions-validator.js
Index: package/out/validators/permissions-validator.js
===================================================================
--- package/out/validators/permissions-validator.js
+++ package/out/validators/permissions-validator.js
@@ -57,8 +57,38 @@
const invalidPerms = perms?.filter((key) => !this.isValidURL(key));
if (invalidPerms?.length) {
this.addValidationErrors(result, extPermType, invalidPerms, manifest);
}
+ const globalUrl = perms?.find((key) => key === egress_types_1.GLOBAL_URL);
+ if (globalUrl) {
+ result.push({
+ message: text_1.errors.permissions.globalUrlNotRecommended(extPermType),
+ reference: text_1.References.Permissions,
+ level: 'warning',
+ ...(0, utils_1.findPosition)(extPermType.split('.')[1], manifest.yamlContentByLine)
+ });
+ }
+ if (['external.styles', 'external.fonts'].includes(extPermType) && perms?.length) {
+ result.push({
+ message: text_1.errors.permissions.fontAndStylesNotRecommended(extPermType),
+ reference: text_1.References.Permissions,
+ level: 'warning',
+ ...(0, utils_1.findPosition)(extPermType.split('.')[1], manifest.yamlContentByLine)
+ });
+ }
+ if (extPermType === 'external.images') {
+ const invalidImageUrls = perms?.filter((key) => egress_types_1.AVATAR_URLS.includes(key));
+ if (invalidImageUrls?.length) {
+ invalidImageUrls.forEach((imageUrl) => {
+ result.push({
+ message: text_1.errors.permissions.imageUrlNotRecommended(extPermType, imageUrl),
+ reference: text_1.References.Permissions,
+ level: 'warning',
+ ...(0, utils_1.findPosition)(extPermType.split('.')[1], manifest.yamlContentByLine)
+ });
+ });
+ }
+ }
}
async validate(manifest) {
if (!manifest || !manifest.typedContent || !manifest.typedContent.permissions) {
return {
@@ -75,12 +105,47 @@
const invalidScripts = manifest.typedContent.permissions.content?.scripts?.filter((key) => !egress_types_1.EGRESS_TYPES.ALLOWED_CSP_TYPES.includes(key) && !this.isValidHash(key));
if (invalidScripts?.length) {
this.addValidationErrors(errors, 'content.scripts', invalidScripts, manifest);
}
- const invalidBackendStrings = manifest.typedContent.permissions.external?.fetch?.backend?.filter((item) => typeof item === 'string' && !this.isValidURL(item));
- if (invalidBackendStrings?.length) {
- this.addValidationErrors(errors, 'external.fetch.backend', invalidBackendStrings, manifest);
- }
+ const mapping = [
+ {
+ element: 'external.fetch.backend',
+ perms: manifest.typedContent.permissions.external?.fetch?.backend?.filter((key) => typeof key === 'string')
+ },
+ {
+ element: 'external.fetch.client',
+ perms: manifest.typedContent.permissions.external?.fetch?.client?.filter((key) => typeof key === 'string')
+ },
+ {
+ element: 'external.navigation',
+ perms: manifest.typedContent.permissions.external?.navigation
+ },
+ {
+ element: 'external.styles',
+ perms: manifest.typedContent.permissions.external?.styles
+ },
+ {
+ element: 'external.frames',
+ perms: manifest.typedContent.permissions.external?.frames
+ },
+ {
+ element: 'external.fonts',
+ perms: manifest.typedContent.permissions.external?.fonts
+ },
+ {
+ element: 'external.images',
+ perms: manifest.typedContent.permissions.external?.images
+ },
+ {
+ element: 'external.media',
+ perms: manifest.typedContent.permissions.external?.media
+ },
+ {
+ element: 'external.scripts',
+ perms: manifest.typedContent.permissions.external?.scripts
+ }
+ ];
+ mapping.forEach((item) => this.validateExternalPermissionURLs(errors, item.element, item.perms, manifest));
const remoteMap = manifest.typedContent.remotes?.reduce((prev, item) => {
const baseUrl = typeof item.baseUrl === 'string' ? item.baseUrl : item.baseUrl.default;
return prev.set(item.key, baseUrl);
}, new Map());
@@ -90,26 +155,15 @@
.map((item) => item.remote);
if (invalidBackendRemotes?.length) {
this.addValidationErrors(errors, 'external.fetch.backend', invalidBackendRemotes, manifest);
}
- const invalidClientStrings = manifest.typedContent.permissions.external?.fetch?.client?.filter((item) => typeof item === 'string' && !this.isValidURL(item));
- if (invalidClientStrings) {
- this.addValidationErrors(errors, 'external.fetch.client', invalidClientStrings, manifest);
- }
- const invalidClients = manifest.typedContent.permissions.external?.fetch?.client
+ const invalidClientRemotes = manifest.typedContent.permissions.external?.fetch?.client
?.filter((item) => typeof item === 'object' &&
(!remoteMap || !remoteMap.has(item.remote) || !this.isValidURL(remoteMap.get(item.remote))))
.map((item) => item.remote);
- if (invalidClients) {
- this.addValidationErrors(errors, 'external.fetch.client', invalidClients, manifest);
+ if (invalidClientRemotes?.length) {
+ this.addValidationErrors(errors, 'external.fetch.client', invalidClientRemotes, manifest);
}
- this.validateExternalPermissionURLs(errors, 'external.navigation', manifest.typedContent.permissions.external?.navigation, manifest);
- this.validateExternalPermissionURLs(errors, 'external.images', manifest.typedContent.permissions.external?.images, manifest);
- this.validateExternalPermissionURLs(errors, 'external.frames', manifest.typedContent.permissions.external?.frames, manifest);
- this.validateExternalPermissionURLs(errors, 'external.scripts', manifest.typedContent.permissions.external?.scripts, manifest);
- this.validateExternalPermissionURLs(errors, 'external.styles', manifest.typedContent.permissions.external?.styles, manifest);
- this.validateExternalPermissionURLs(errors, 'external.media', manifest.typedContent.permissions.external?.media, manifest);
- this.validateExternalPermissionURLs(errors, 'external.fonts', manifest.typedContent.permissions.external?.fonts, manifest);
return {
success: errors.length === 0,
errors
};