dirtydishes/islandflow
1
0
Fork 0
Code Issues 2 Pull requests 4 Projects Releases Packages Wiki Activity Actions 1

Add Electron desktop shell workspace

Browse source
This commit is contained in:
dirtydishes 2026-05-13 09:21:06 -04:00
parent b803d10836
commit 5d8e5ea44a
16 changed files with 1652 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

41
apps/desktop/src/security.test.ts Normal file
View file

@ -0,0 +1,41 @@
import { describe, expect, it } from "bun:test";
import {
DESKTOP_PRODUCTION_URL,
isSafeExternalUrl,
isTrustedAppUrl,
resolveDesktopStartUrl
} from "./security.js";
describe("desktop URL policy", () => {
it("allows the hosted production origin", () => {
expect(isTrustedAppUrl("https://flow.deltaisland.io/tape?symbol=SPY")).toBe(true);
});
it("allows local dev origins", () => {
expect(isTrustedAppUrl("http://127.0.0.1:3000/signals")).toBe(true);
expect(isTrustedAppUrl("http://localhost:3000/charts")).toBe(true);
});
it("rejects untrusted origins", () => {
expect(isTrustedAppUrl("https://example.com")).toBe(false);
expect(isTrustedAppUrl("http://127.0.0.1:4000")).toBe(false);
});
it("rejects malformed URLs", () => {
expect(isTrustedAppUrl("not a url")).toBe(false);
expect(isTrustedAppUrl("javascript:alert('xss')")).toBe(false);
});
it("treats third-party http targets as external-only", () => {
expect(isSafeExternalUrl("https://deltaisland.io/about")).toBe(true);
expect(isSafeExternalUrl("mailto:support@deltaisland.io")).toBe(false);
expect(isSafeExternalUrl("https://flow.deltaisland.io/help")).toBe(false);
});
it("falls back to production when the desktop start URL is invalid", () => {
expect(resolveDesktopStartUrl(undefined)).toBe(DESKTOP_PRODUCTION_URL);
expect(resolveDesktopStartUrl("https://example.com")).toBe(DESKTOP_PRODUCTION_URL);
expect(resolveDesktopStartUrl("http://127.0.0.1:3000")).toBe("http://127.0.0.1:3000");
});
});