As documented in #1153, for Widevine support to work properly, we need to listen for the Widevine ready event, and as well for certain sites the app must be signed.
This PR adds the events, and as well adds better documentation on the signing limitation.
This may also help resolve #1147
This PR adds an optional, customizable menu of predefined bookmarks. In addition to containing a list of bookmarks, this file customizes the name of the menu and (optionally) allows assigning keyboard shortcuts to bookmarks. It adds a new command-line flag, `--bookmarks-menu <string>`, which can be set as the path to a JSON file containing configuration for the bookmarks menu.
Example of such a JSON file:
```json
{
"menuLabel": "Music",
"bookmarks": [
{
"title": "lofi.cafe",
"url": "https://lofi.cafe/",
"type": "link",
"shortcut": "Cmd+1"
},
{
"title": "beats to relax/study to",
"url": "https://www.youtube.com/watch?v=5qap5aO4i9A",
"type": "link",
"shortcut": "Cmd+2"
},
{
"type": "separator"
},
{
"title": "RÜFÜS DU SOL Live from Joshua Tree",
"type": "link",
"url": "https://www.youtube.com/watch?v=Zy4KtD98S2c"
}
]
}
```
## Checks
- [x] `npm run ci` passes
## Notes
Compared to the fork linked in #1065, this PR:
- adds no dependencies
- doesn't currently support submenus (this should be easy enough to add, but I didn't need it)
## Screenshot
<img width="853" alt="screenshot" src="https://user-images.githubusercontent.com/102904/115882015-5493a800-a41a-11eb-85ef-a190f3dbfe76.png">
I have 2FA (FIDO/Yubikey) set up for GitHub, and the session login was redirecting to my browser. Looking at the redirect path, it appears that github.com/session is involved, so adding that to internal login details.
With this patched, I'm able to login in to https://octobox.io/ in nativefier.
As discussed in #283 this PR will allow injected JS to do SOME interaction with the Electron session.
There is a full explanation of what this feature can, and cannot do, with examples in the api.md documentation.
This will provide a path for resolving many of our issues where users may "self-service" the solution by injecting JS that performs the task needed to meet their objectives.
Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>
See discussion at https://github.com/nativefier/nativefier/pull/1124#issuecomment-794751514 :
> @TheCleric I was about to merge this, then reconsidered one little thing (yes I wrote "little", I'm not reconsidering this whole thing 😅).
>
> I'm re-considering having the extra flag. I'm not so sure this will harm a lot of use cases. I'd like to 1. merge this PR, 2. immediately follow up with a small commit removing the flag & adjusting api.md, 3. release with the change well-documented / asking for feedback if this is problematic to anyone. (I'm not asking you any extra work, and like leaving an in-tree commit trace of considering the flag). If people complain with a valid reason, we'll restore the flag with a quick revert, else we're happy with one less flag and a reasonably-handled breaking change.
>
> Thoughts / objections?
Answered by:
> That seems reasonable to me.
>
> [discussion on an extra structured way to pass flags]
In 6b266b7815, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
This one may be problematic, as it used to do TLD stuff:
https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
So, the new WHATWG-URL-based implementation will consider
`asana.com` to be "external" to `app.asana.com`, contrarily to before.
Given the nature of Nativefier, I think it's actually what to expect,
that in this case your "out of the app", and in e.g. asana landing's page,
which you'd expect to see in your browser.
Let's see if users disagree with that.
Thinking about it again, the user-friendlier `a.x` syntax has one disadvantage
over `^a.b.c`: it doesn't force deps upgrades when they upgrade Nativefier.
`a.x` is fine on initial install, but a user with an insecure dep
(e.g. axios 0.19.0) will _not_ get fixed axios 0.21.1 on upgrading Nativefier.
-> Come back to `a.x` everywhere.
Still not introducing package locks, they're too confusing to new devs.
See https://github.com/nativefier/nativefier/pull/1099#issuecomment-761250232
1. Fix (broken since 2016): Notifications broken by lambda constructor
2. Fix: `--processEnvs` broken by additional processEnvs object, the result was:
`processEnvs: {processEnvs: {...}}` which caused the conversion of the inner object into string `[object Object]`, no nesting allowed there probably. Compatibility introduced.
3. Fix: package.json missing `prepare` (or even prepublish), which breaks using as git dependency.
As documented in https://github.com/jiahaog/nativefier/issues/923#issuecomment-599300317 ,
- #923 is caused by installing placeholder app deps at nativefier
*install* time, with yarn (8.0.2) or npm (8.0.3). This is new in
Nativefier 8.x, for the motivations behind it, see
https://github.com/jiahaog/nativefier/pull/898#issuecomment-583865045
- During testing, I did test global installs, but never to a
system / non-user-writable path (my `$npm_config_prefix` is set to
`"$HOME/.node_modules"`)
- But without such a config and when installing globally to a
non-user-writable/system path with `sudo npm i -g nativefier`,
- Installation of nativefier core works...
- ... but then `postinstall` tries to do its job of installing
app deps, and fails in various OS-dependent ways, but all about
access rights.
I suspect that, although main nativefier install runs as `su` with
access rights to system paths, `postinstall` scripts are run *out*
of `su`.
That would make sense for security reasons: out of hook scripts,
npm knows exactly what will be touched in your filesystem: it's the
static contents of the published tarball; a postinstall script with
sudo rights could do nasty dynamic stuff. So, although I don't see
any mention of that in
[npm-scripts docs / hooks](https://docs.npmjs.com/misc/scripts#hook-scripts)
and I haven't dug npm/cli's code, I can understand it.
So, reverting back to `webpack`ing the placeholder app, as done pre-8.0.
## Breaking changes
- Require **Node >= 8.10.0 and npm 5.6.0**
- Move to **Electron 8.1.1**.
- That's it. Lots of care went into breaking CLI & programmatic behavior
as little as possible. **Please report regressions**.
- Known issue: build may fail behind a proxy. Get in touch if you use one:
https://github.com/jiahaog/nativefier/issues/907#issuecomment-596144768
## Changes summary
Nativefier didn't get much love recently, to the point that it's
becoming hard to run on recent Node, due to old dependencies.
Also, some past practices now seem weird, as better expressible
by modern JS/TS, discouraging contributions including mine.
Addressing this, and one thing leading to another, came a
bigger-than-expected revamp, aiming at making Nativefier more
**lean, stable, future-proof, user-friendly and dev-friendly**,
while **not changing the CLI/programmatic interfaces**. Highlights:
- **Require Node>=8**, as imposed by many of our dependencies. Node 8
is twice LTS, and easily available even in conservative Linux distros.
No reason not to demand it.
- **Default to Electron 8**.
- **Bump** all dependencies to latest version, including electron-packager.
- **Move to TS**. TS is great. As of today, I see no reason not to use it,
and fight interface bugs at runtime rather than at compile time.
With that, get rid of everything Babel/Webpack.
- **Move away from Gulp**. Gulp's selling point is perf via streaming,
but for small builds like Nativefier, npm tasks are plenty good
and less dependency bloat. Gulp was the driver for this PR: broken
on Node 12, and I didn't feel like just upgrading and keeping it.
- Add tons of **verbose logs** everywhere it makes sense, to have a
fine & clear trace of the program flow. This will be helpful to
debug user-reported issues, and already helped me fix a few bugs.
- With better simple logging, get rid of the quirky and buggy
progress bar based on package `progress`. Nice logging (minimal
by default, the verbose logging mentioned above is only used
when passing `--verbose`) is better and one less dependency.
- **Dump `async` package**, a relic from old callback-hell early Node.
Also dump a few other micro-packages unnecessary now.
- A first pass of code **cleanup** thanks to modern JS/TS features:
fixes, simplifications, jsdoc type annotations to types, etc.
- **Remove GitHub integrations Hound & CodeClimate**, which are more
exotic than good'ol'linters, and whose signal-to-noise ratio is too low.
- Quality: **Add tests** and add **Windows + macOS CI builds**.
Also, add a **manual test script**, helping to quickly verify the
hard-to-programatically-test stuff before releases, and limit regressions.
- **Fix a very small number of existing bugs**. The goal of this PR was
*not* to fix bugs, but to get Nativefier in better shape to do so.
Bugfixes will come later. Still, these got addressed:
- Add common `Alt`+`Left`/`Right` for previous/next navigation.
- Improve #379: fix zoom with `Ctrl` + numpad `+`/`-`
- Fix pinch-to-zoom (see https://github.com/jiahaog/nativefier/issues/379#issuecomment-598612128 )
The API `tray.setHighlightMode(mode)` has been be removed in electron v7.0
without replacement.
This causes the display of an error dialog every time an app is
shown/hidden if the parameter `--tray` is used when nativefying. This is
completely independent form the website you are nativefying and it
happens with all the version of electron after 6.x.
Source: https://www.electronjs.org/docs/api/breaking-changes#tray
**Resolves #855**
**Example result upon Terminal launch:**
`WARNING: Ignored nativefier.json rewrital (Error: EACCES: permission denied, open '/usr/lib/jupyter-remote-client/resources/app/nativefier.json')`
**Behaviour:**
+ Instead of crashing, the application properly opens and is always maximized.
+ When permissions are R/W, the application is maximized on first launch and the closing states are remembered by the OS throughout launches.
nodeIntegration is required if eg. Javascript code makes use of the
`require` expression to import classes into the current scope. login.js
uses an electron import - without it, the callback mechanism does not
work, and thus the whole login functionality.
Electron seems to have changed the default value for a windows `nodeIntegration` to `false` since version 5 (see https://stackoverflow.com/questions/55093700/electron-5-0-0-uncaught-referenceerror-require-is-not-defined)
Without the integration, the login component's functionality is broken, though. This PR enables the nodeIntegration feature for the login window and makes it properly propagate the given credentials.
Tested with Electron 6.0.0 on Linux.