lnreader icon indicating copy to clipboard operation
lnreader copied to clipboard
verified publisher icon LNReader

Added database for plugins

Open Rider21 opened this issue 1 year ago • 13 comments

Added database, ~~cookie manager~~ for plugins Added copying from webview localStorage, sessionStorage

Rider21 avatar Mar 04 '24 17:03 Rider21

isnt cookie managed by React Native Network?

nyagami avatar Mar 05 '24 02:03 nyagami

Yes, they are managed, but you can't interact with them, I made a wrapper under react-native-cookies/cookies, so from the plugin you can add, modify, check, delete site cookies

Rider21 avatar Mar 05 '24 03:03 Rider21

Yes, they are managed, but you can't interact with them, I made a wrapper under react-native-cookies/cookies, so from the plugin you can add, modify, check, delete site cookies

But is cookie management that important. Instead of remove/edit one cookie, users can just open webview, old cookies will be overrided.

nyagami avatar Mar 17 '24 16:03 nyagami

I don't know, but this process can be automated with these functions.

Rider21 avatar Mar 17 '24 18:03 Rider21

By the way, do you think I need to redo copying from webview of localStorage, sessionStorage objects via java (directly). Right now it is implemented through injecting js code

Rider21 avatar Mar 17 '24 18:03 Rider21

I don't know, but this process can be automated with these functions.

Cookies have been already autmatically added by React Native. So I think cookies management isnt neccessary at all.

nyagami avatar Mar 18 '24 02:03 nyagami

I think it would be handy to have that option. example What if source has 2 APIs

  1. with authorization only
  2. without authorization

How to know if the user is authorized on the site?

Or another example, what if the site for some reason will store in cookies what is needed for queries?

Rider21 avatar Mar 18 '24 05:03 Rider21

  • for the authorization issue, I think you just force users to login via webview like how people are using Novel Updates.
  • there's no way a website would decode cookie in client site. security risks

nyagami avatar Mar 18 '24 07:03 nyagami

  • there's no way a website would decode cookie in client site. security risks

If I'm not mistaken, there is a document. cookie. Only it stores the cookie for the current page name=value; . So the client has access to at least read the cookie.

Rider21 avatar Mar 18 '24 08:03 Rider21

There're some vulnerabilities,I can set/get/delete stored values in plugin A from plugin B code right? Since we had plugin repositories feature, users could be nuked by some trollers

nyagami avatar May 08 '24 03:05 nyagami

Yes, it's true, it can be fixed. But I don't see the point of fixing it. The running plugin has too many permissions. They could just write something like.

import { MMKV } from 'react-native-mmkv';

const store = new MMKV({ id: 'plugin_db' });
store.clearAll();

Rider21 avatar May 08 '24 04:05 Rider21

Yes, it's true, it can be fixed. But I don't see the point of fixing it. The running plugin has too many permissions. They could just write something like.

import { MMKV } from 'react-native-mmkv';

const store = new MMKV({ id: 'plugin_db' });
store.clearAll();

No, plugin does not have that privilege. They are literally standalone scripts and dont have module accesses. The import keyword in plugin code is just a hack. import would be converted into declared require function which is refer to https://github.com/LNReader/lnreader/blob/e2d22a5b05a47b57e1f46ccfb6d8dd3ebb05bcc8/src/plugins/pluginManager.ts#L23C1-L38C3

nyagami avatar May 08 '24 05:05 nyagami

LGTM, Im going to test in devices

nyagami avatar May 11 '24 17:05 nyagami

You need to resolve Typescript errors. My editor is screaming

nyagami avatar May 22 '24 05:05 nyagami