Merge pull request #29 from movie-web/dev

Version 1.1.4 - Fix permission request page styling

.github/SECURITY.md

@@ -2,13 +2,9 @@
 
 ## Supported Versions
 
-The movie-web maintainers only support the latest version of movie-web published at https://movie-web.app.
+The latest version of movie-web is the only version that is supported, as it is the only version that is being actively developed.
-This published version is equivalent to the master branch.
-
-Support is not provided for any forks or mirrors of movie-web.
 
 ## Reporting a Vulnerability
 
-There are two ways you can contact the movie-web maintainers to report a vulnerability:
+You can contact the movie-web maintainers to report a vulnerability:
- - Email [security@movie-web.app](mailto:security@movie-web.app)
+ - Report the vulnerability in the [movie-web Discord server](https://movie-web.github.io/links/discord)
- - Report the vulnerability in the [movie-web Discord server](https://discord.movie-web.app)

.github/workflows/deploying.yml

@@ -94,8 +94,8 @@ jobs:
       with:
         upload_url: ${{ steps.create_release.outputs.upload_url }}
         asset_path: ./chrome/chrome-mv3-prod.zip
-        asset_name: extension-mw.chrome.crx
+        asset_name: extension-mw.chrome.zip
-        asset_content_type: application/x-chrome-extension
+        asset_content_type: application/zip
 
     - name: Upload Firefox release
       uses: actions/upload-release-asset@v1

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@movie-web/extension",
   "displayName": "movie-web extension",
-  "version": "1.1.0",
+  "version": "1.1.4",
   "description": "Enhance your movie-web experience with just one click",
   "author": "movie-web",
   "scripts": {
@@ -53,7 +53,21 @@
     "browser_specific_settings": {
       "gecko": {
         "id": "{3fd86354-c73f-4395-9e26-2c5c984579bf}"
+      },
+      "gecko_android": {
+        "id": "{3fd86354-c73f-4395-9e26-2c5c984579bf}"
       }
-    }
+    },
+    "web_accessible_resources": [
+      {
+        "resources": [
+          "assets/active.png",
+          "assets/inactive.png"
+        ],
+        "matches": [
+          "<all_urls>"
+        ]
+      }
+    ]
   }
 }

src/background/messages/hello.ts

@@ -14,6 +14,8 @@ type Response = BaseResponse<{
 
 const handler: PlasmoMessaging.MessageHandler<BaseRequest, Response> = async (req, res) => {
   try {
+    if (!req.sender?.tab?.url) throw new Error('No tab URL found in the request.');
+
     const version = getVersion();
     res.send({
       success: true,
@@ -24,7 +26,7 @@ const handler: PlasmoMessaging.MessageHandler<BaseRequest, Response> = async (re
   } catch (err) {
     res.send({
       success: false,
-      error: err.message,
+      error: err instanceof Error ? err.message : String(err),
     });
   }
 };

src/background/messages/makeRequest.ts

@@ -3,6 +3,7 @@ import type { PlasmoMessaging } from '@plasmohq/messaging';
 import type { BaseRequest } from '~types/request';
 import type { BaseResponse } from '~types/response';
 import { removeDynamicRules, setDynamicRules } from '~utils/declarativeNetRequest';
+import { isFirefox } from '~utils/extension';
 import { makeFullUrl } from '~utils/fetcher';
 import { assertDomainWhitelist } from '~utils/storage';
 
@@ -31,7 +32,7 @@ type Response<T> = BaseResponse<{
 const mapBodyToFetchBody = (body: Request['body'], bodyType: Request['bodyType']): BodyInit => {
   if (bodyType === 'FormData') {
     const formData = new FormData();
-    body.forEach(([key, value]) => {
+    body.forEach(([key, value]: [any, any]) => {
       formData.append(key, value.toString());
     });
   }
@@ -49,16 +50,17 @@ const mapBodyToFetchBody = (body: Request['body'], bodyType: Request['bodyType']
 
 const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (req, res) => {
   try {
+    if (!req.sender?.tab?.url) throw new Error('No tab URL found in the request.');
+    if (!req.body) throw new Error('No request body found in the request.');
+
     const url = makeFullUrl(req.body.url, req.body);
     await assertDomainWhitelist(req.sender.tab.url);
 
-    if (Object.keys(req.body.headers).length > 0) {
+    await setDynamicRules({
-      await setDynamicRules({
+      ruleId: MAKE_REQUEST_DYNAMIC_RULE,
-        ruleId: MAKE_REQUEST_DYNAMIC_RULE,
+      targetDomains: [new URL(url).hostname],
-        targetDomains: [new URL(url).hostname],
+      requestHeaders: req.body.headers,
-        requestHeaders: req.body.headers,
+    });
-      });
-    }
 
     const response = await fetch(url, {
       method: req.body.method,
@@ -71,6 +73,9 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
 
     const cookies = await (chrome || browser).cookies.getAll({
       url: response.url,
+      ...(isFirefox() && {
+        firstPartyDomain: new URL(response.url).hostname,
+      }),
     });
 
     res.send({
@@ -89,7 +94,7 @@ const handler: PlasmoMessaging.MessageHandler<Request, Response<any>> = async (r
     console.error('failed request', err);
     res.send({
       success: false,
-      error: err.message,
+      error: err instanceof Error ? err.message : String(err),
     });
   }
 };

src/background/messages/openPage.ts

@@ -11,6 +11,9 @@ type Request = BaseRequest & {
 
 const handler: PlasmoMessaging.MessageHandler<Request, BaseResponse> = async (req, res) => {
   try {
+    if (!req.sender?.tab?.id) throw new Error('No tab ID found in the request.');
+    if (!req.body) throw new Error('No body found in the request.');
+
     const searchParams = new URLSearchParams();
     searchParams.set('redirectUrl', req.body.redirectUrl);
     const url = (chrome || browser).runtime.getURL(`/tabs/${req.body.page}.html?${searchParams.toString()}`);
@@ -29,7 +32,7 @@ const handler: PlasmoMessaging.MessageHandler<Request, BaseResponse> = async (re
   } catch (err) {
     res.send({
       success: false,
-      error: err.message,
+      error: err instanceof Error ? err.message : String(err),
     });
   }
 };

src/background/messages/prepareStream.ts

@@ -15,6 +15,9 @@ interface Request extends BaseRequest {
 
 const handler: PlasmoMessaging.MessageHandler<Request, BaseResponse> = async (req, res) => {
   try {
+    if (!req.sender?.tab?.url) throw new Error('No tab URL found in the request.');
+    if (!req.body) throw new Error('No request body found in the request.');
+
     await assertDomainWhitelist(req.sender.tab.url);
     await setDynamicRules(req.body);
     res.send({
@@ -23,7 +26,7 @@ const handler: PlasmoMessaging.MessageHandler<Request, BaseResponse> = async (re
   } catch (err) {
     res.send({
       success: false,
-      error: err.message,
+      error: err instanceof Error ? err.message : String(err),
     });
   }
 };

src/components/SetupScreen.tsx

@@ -9,6 +9,7 @@ export function SetupScreen() {
   const open = useCallback(() => {
     const url = (chrome || browser).runtime.getURL(`/tabs/PermissionRequest.html`);
     (chrome || browser).tabs.create({ url });
+    window.close();
   }, []);
 
   return (

src/components/ToggleButton.tsx

@@ -36,7 +36,7 @@ export function ToggleButton(props: ToggleButtonProps) {
         </button>
       </div>
       <p>
-        Extension {props.active ? 'enabled' : 'disabled'} <br /> on <strong>{props.domain}</strong>
+        Extension <strong>{props.active ? 'enabled' : 'disabled'}</strong> <br /> on <strong>{props.domain}</strong>
       </p>
     </div>
   );

src/hooks/useDomain.ts

@@ -15,5 +15,5 @@ export function useDomain(): null | string {
     };
   }, []);
 
-  return makeUrlIntoDomain(domain);
+  return domain ? makeUrlIntoDomain(domain) : null;
 }

src/hooks/useDomainWhitelist.ts

@@ -8,12 +8,12 @@ export function useDomainWhitelist() {
 
   const removeDomain = useCallback((domain: string | null) => {
     if (!domain) return;
-    setDomainWhitelist((s) => [...s.filter((v) => v !== domain)]);
+    setDomainWhitelist((s) => [...(s ?? []).filter((v) => v !== domain)]);
   }, []);
 
   const addDomain = useCallback((domain: string | null) => {
     if (!domain) return;
-    setDomainWhitelist((s) => [...s.filter((v) => v !== domain), domain]);
+    setDomainWhitelist((s) => [...(s ?? []).filter((v) => v !== domain), domain]);
   }, []);
 
   return {
@@ -23,10 +23,15 @@ export function useDomainWhitelist() {
   };
 }
 
-export function useToggleWhitelistDomain(domain: string) {
+export function useToggleWhitelistDomain(domain: string | null) {
   const { domainWhitelist, addDomain, removeDomain } = useDomainWhitelist();
-  const isWhitelisted = domainWhitelist.includes(domain);
+  const isWhitelisted = domainWhitelist.includes(domain ?? '');
   const { grantPermission } = usePermission();
+  const iconPath = (chrome || browser).runtime.getURL(isWhitelisted ? 'assets/active.png' : 'assets/inactive.png');
+
+  (chrome || browser).action.setIcon({
+    path: iconPath,
+  });
 
   const toggle = useCallback(() => {
     if (!isWhitelisted) {

src/popup.tsx

@@ -28,7 +28,7 @@ function IndexPopup() {
   ) : (
     <Frame>
       <div className="popup">
-        {page === 'toggle' ? <ToggleButton active={isWhitelisted} onClick={toggle} domain={domain} /> : null}
+        {page === 'toggle' && domain ? <ToggleButton active={isWhitelisted} onClick={toggle} domain={domain} /> : null}
         {page === 'disabled' ? <DisabledScreen /> : null}
         <BottomLabel />
       </div>

src/tabs/PermissionGrant.css

@@ -13,7 +13,7 @@ body {
 #__plasmo {
   display: flex;
   flex-direction: column;
-  min-height: 100%;
+  height: 100%;
   background-color: #0A0A10;
 }
 

src/tabs/PermissionGrant.tsx

@@ -8,11 +8,27 @@ export default function PermissionGrant() {
   const { grantPermission } = usePermission();
 
   const queryParams = new URLSearchParams(window.location.search);
-  const redirectUrl = queryParams.get('redirectUrl') ?? 'https://movie-web.app';
+  const redirectUrl = queryParams.get('redirectUrl') ?? undefined;
-  const domain = makeUrlIntoDomain(redirectUrl);
+  const domain = redirectUrl ? makeUrlIntoDomain(redirectUrl) : undefined;
+
+  if (!domain) {
+    return (
+      <div className="permission-grant container">
+        <div className="inner-container">
+          <div className="permission-card">
+            <h1 className="color-white">Permission</h1>
+            <p className="text-color" style={{ textAlign: 'center' }}>
+              No domain found to grant permission to.
+            </p>
+          </div>
+        </div>
+      </div>
+    );
+  }
 
   const redirectBack = () => {
     chrome.tabs.getCurrent((tab) => {
+      if (!tab?.id) return;
       chrome.tabs.update(tab.id, { url: redirectUrl });
     });
   };

src/tabs/PermissionRequest.css

@@ -10,6 +10,10 @@ body {
   padding-bottom: 50px;
 }
 
+#__plasmo {
+  height: unset;
+}
+
 .permission-request.container {
   width: 90%;
   margin: 100px auto;

src/utils/declarativeNetRequest.ts

@@ -123,5 +123,6 @@ export const removeDynamicRules = async (ruleIds: number[]) => {
   await (chrome || browser).declarativeNetRequest.updateDynamicRules({
     removeRuleIds: ruleIds,
   });
-  if ((chrome || browser).runtime.lastError?.message) throw new Error((chrome || browser).runtime.lastError.message);
+  if ((chrome || browser).runtime.lastError?.message)
+    throw new Error((chrome || browser).runtime.lastError?.message ?? 'Unknown error');
 };

src/utils/extension.ts

@@ -1,3 +1,11 @@
 export const isChrome = () => {
   return chrome.runtime.getURL('').startsWith('chrome-extension://');
 };
+
+export const isFirefox = () => {
+  try {
+    return browser.runtime.getURL('').startsWith('moz-extension://');
+  } catch {
+    return false;
+  }
+};

src/utils/storage.ts

@@ -3,7 +3,14 @@ import { useStorage } from '@plasmohq/storage/hook';
 
 import { makeUrlIntoDomain } from '~utils/domains';
 
-export const DEFAULT_DOMAIN_WHITELIST = ['movie-web.app', 'dev.movie-web.app'];
+export const DEFAULT_DOMAIN_WHITELIST = [
+  'mw.lonelil.ru',
+  'watch.qtchaos.de',
+  'bmov.vercel.app',
+  'stream.thehairy.me',
+  'scootydooter.vercel.app',
+  'movie-web-me.vercel.app',
+];
 
 export const storage = new Storage();
 
@@ -31,5 +38,9 @@ export const isDomainWhitelisted = async (url: string | undefined) => {
 
 export const assertDomainWhitelist = async (url: string) => {
   const isWhiteListed = await isDomainWhitelisted(url);
-  if (!isWhiteListed) throw new Error('Domain is not whitelisted');
+  const currentDomain = makeUrlIntoDomain(url);
+  if (!isWhiteListed)
+    throw new Error(
+      `${currentDomain} is not whitelisted. Open the extension and click on the power button to whitelist the site.`,
+    );
 };

src/utils/tabs.ts

@@ -1,7 +1,7 @@
 import { isChrome } from './extension';
 
 export function queryCurrentDomain(cb: (domain: string | null) => void) {
-  const handle = (tabUrl: string | null) => {
+  const handle = (tabUrl: string | undefined) => {
     if (!tabUrl) cb(null);
     else cb(tabUrl);
   };

tsconfig.json

@@ -1,18 +1,13 @@
 {
   "extends": "plasmo/templates/tsconfig.base",
-  "exclude": [
+  "exclude": ["node_modules"],
-    "node_modules"
+  "include": [".plasmo/index.d.ts", "./**/*.ts", "./**/*.tsx"],
-  ],
+
-  "include": [
-    ".plasmo/index.d.ts",
-    "./**/*.ts",
-    "./**/*.tsx"
-  ],
   "compilerOptions": {
+    "jsx": "react-jsx",
+    "strict": true,
     "paths": {
-      "~*": [
+      "~*": ["./src/*"]
-        "./src/*"
-      ]
     },
     "baseUrl": "."
   }