Files
readest/apps/readest-app/src-tauri/src/lib.rs
T
Huang Xin 7e78f80e14 feat(sync): Google Drive cloud sync + premium Third-party Cloud Sync section (desktop) (#4821)
* feat(sync): add Google Drive file-sync provider core

Second FileSyncProvider for the merged provider-agnostic file-sync engine,
behind the provider seam. This is the CI-testable core only: no settings UI
and no platform OAuth runners yet (those land in later phases).

- GoogleDriveProvider over the Drive v3 REST API: id-addressed path
  resolution with a per-instance id cache, create-then-name uploads, real
  idempotent ensureDir, files.list pagination, Retry-After-aware 429/5xx
  backoff, per-path folder-creation locks with deterministic duplicate
  collapse, stale-id eviction, and FileSyncError mapping (403 split into
  rate-limit vs permission).
- DI OAuth layer: pkce, parseRedirect (redirect-target + CSRF state),
  reverseDnsRedirect, tokenStore (iOS client, no secret), oauthFlow.
- PersistedDriveAuth with single-flight token refresh; keychain-backed
  token store with no ephemeral fallback for the refresh token; account
  label via about.get.
- providerRegistry (backend kind to provider) and buildGoogleDriveProvider
  assembly.
- Shared transport-agnostic provider semantic contract, run against both
  WebDAV and Drive.
- Keyed secure-KV bridge contract (set/get/clear_secure_item); the native
  keychain implementation lands with the desktop OAuth slice that first
  exercises it.

Adapted from ratatabananana-bit/Readest-google-drive-mod-patcher (AGPL-3.0)
with the author's explicit permission.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): multi-provider file-sync settings + sync-state foundation

PR2 foundation for a second file-sync backend (Google Drive). The
behaviour-sensitive reader-hook and Sync-now form generalization land in
PR3 alongside OAuth, where Drive actually connects and the multi-provider
paths can be exercised and live-verified (and the extracted form gets its
second consumer, avoiding a single-use abstraction).

- GoogleDriveSettings type (mirrors WebDAVSettings minus URL/credentials/
  rootPath, plus accountLabel) wired into SystemSettings, with
  DEFAULT_GOOGLE_DRIVE_SETTINGS in the defaults.
- googleDrive.deviceId + googleDrive.lastSyncedAt added to the backup
  blacklist so device-local sync identity / cursors never restore onto
  another device. Covered by the existing backup-settings test.
- Generalize webdavSyncStore into fileSyncStore: per-backend progress keyed
  by provider kind, plus a global library-sync mutex (beginSync returns
  false when another backend already holds the lock) since every backend's
  syncLibrary mutates the same local library. Migrate WebDAVForm and
  IntegrationsPanel to the keyed API; WebDAV behaviour is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(native-bridge): add keyed secure key-value store commands

A generic, keyed secret store over the same OS keychain backends as the
sync passphrase (set/get/clear_secure_item), so secrets that aren't the
single sync passphrase get the same XSS-free cross-launch persistence
without each needing its own native command. The Google Drive OAuth token
store (PR1's KeychainTokenPersistence) is the first consumer; a future
cloud provider's refresh token reuses it.

- Desktop (macOS/Windows/Linux): keyring-core, keyed by the item key as
  the entry account under the existing "Readest Safe Storage" service.
- Android: EncryptedSharedPreferences (a dedicated readest_secure_items_v1
  file, the item key as the pref key).
- iOS: Security framework Keychain (kSecClassGenericPassword, dedicated
  service, the item key as kSecAttrAccount).

Registered in the plugin invoke handler + build COMMANDS + default
permission set (autogenerated permission files regenerated; the passphrase
entries are preserved). The TS bridge wrappers shipped in PR1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): desktop Google Drive OAuth runner + connect flow

The desktop half of Drive sign-in: open consent in the system browser, capture
the reverse-DNS redirect the OS routes back, and exchange the code for tokens.

- oauthDesktop.ts: runDesktopDeepLinkOAuth wires the DI OAuth flow to the
  desktop mechanics (open default browser, capture via single-instance /
  onOpenUrl, cold-browser fallback after a grace period, hard deadline). Fully
  headless-unit-tested via injected deps.
- spawn_fresh_browser.rs (+ registration, Windows-only winreg dep): the cold
  browser the runner falls back to when the user's already-running browser
  snapshotted protocol associations before the scheme was registered (a
  Windows-specific failure). Resolves the default browser from the registry and
  spawns it cold with an isolated --user-data-dir; a no-op on macOS/Linux where
  the default-browser open already routes the redirect. Pure helpers unit-tested.
- connectGoogleDrive.ts: run the platform OAuth runner, persist the token
  (fail-loud — Drive is not reported connected if the refresh token does not
  save), and resolve the account label via about.get (best-effort).

OAuth runner adapted from ratatabananana-bit/Readest-google-drive-mod-patcher
(AGPL-3.0) with the author's permission. Scheme registration + the ingress
redirect filter + the Drive connect UI land in the following commits; live
desktop verification follows once the official Google client id is provisioned.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): filter Google OAuth redirects out of the deep-link ingress

The reverse-DNS OAuth redirect (com.googleusercontent.apps.<id>:/oauthredirect)
is delivered through the same single-instance / onOpenUrl channels as book-file
deep links. Without a filter the book-import consumer would treat the redirect
URL as a file path to open. Drop it at the ingress source (useAppUrlIngress)
before the app-incoming-url broadcast, so no consumer ever sees it; the Drive
sign-in runner still captures it via its own listeners.

isGoogleOAuthRedirectUrl matches the scheme prefix (not a specific client id),
so it stays correct regardless of which client is baked into the build.

Note: registering the scheme in tauri.conf.json (so the OS routes it back to the
app) needs the official Google client id, which is a provisioning prerequisite.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): bake the official Google Drive OAuth client id + redirect scheme

Provisioned the Readest Google Cloud OAuth client (iOS application type, no
secret, drive.file scope). Bake the client id as the default in
getGoogleClientId (overridable via NEXT_PUBLIC_GOOGLE_CLIENT_ID for forkers,
who must also regenerate the manifest schemes) and register the derived
reverse-DNS redirect scheme com.googleusercontent.apps.<id> in tauri.conf.json
(desktop + mobile deep-link) so the OS routes the OAuth redirect back to the
app. The client id is a public client identifier, not a secret.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): Google Drive connect UI + shared FileSyncForm

Make Drive usable from Settings, and extract the now-two-consumer sync controls.

- FileSyncForm: the provider-agnostic sync controls (sub-toggles, conflict
  strategy, manual "Sync now" with progress + result toast), parameterised by
  backend kind and building the provider through the registry. Extracted from
  WebDAVForm now that a second consumer exists. WebDAVForm keeps its
  URL/credentials connect panel + browse pane and renders FileSyncForm for the
  sync section; behaviour is unchanged (WebDAV "Sync now" goes through the same
  provider via the registry).
- GoogleDriveForm: an OAuth connect panel (Connect -> runGoogleDriveConnect ->
  store token in keychain -> "Connected as <email>"; Disconnect) + FileSyncForm.
- googleDriveConnect.ts: assemble the env client id + keychain + desktop runner
  into connectGoogleDrive/disconnectGoogleDrive for the UI.
- IntegrationsPanel: a "Google Drive" row + sub-page, shown only on desktop
  (mobile OAuth runners land in later phases).

Reader-side auto-sync (generalizing useWebDAVSync) is a follow-up; manual
"Sync now" already exercises the full Drive stack. Full suite 6412 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(settings): unified Third-party Cloud Sync section (exclusive provider)

Group WebDAV + Google Drive into a new "Third-party Cloud Sync" section and make
them mutually exclusive — only one cloud provider syncs the library at a time.

- New unified "Cloud Sync" sub-page (CloudSyncForm): a provider picker (radio,
  the AIPanel mutually-exclusive pattern) on top, the shared FileSyncForm sync
  options below for whichever provider is active. Google Drive is offered only on
  desktop; on mobile the page is WebDAV only and the picker is hidden.
- withActiveCloudProvider helper: enabling one provider disables the other in one
  save. Both panels' connect/activate paths use it. Unit-tested.
- WebDAVForm / GoogleDriveForm refactored into embeddable panels (the unified
  page owns the header). Drive gains a "configured but inactive" state so
  switching back re-activates it without a fresh sign-in; explicit Disconnect
  clears the keychain token.
- IntegrationsPanel: remove the two separate WebDAV / Google Drive rows from
  "Reading Sync" (now KOReader Sync / Readwise / Hardcover only); add the
  Third-party Cloud Sync section with one Cloud Sync row (status = active
  provider). Old webdav/gdrive deep-links route to the unified page.

Also removes the temporary Drive concurrency probe (the upload already runs at
the intended concurrency 4; the probe confirmed it).

Full suite 6416 green; lint + format clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(reader): auto-sync the active cloud provider while reading

Generalize the reader sync hook from useWebDAVSync to useFileSync so the active
third-party cloud provider (WebDAV OR Google Drive) syncs per-book while reading
— pull-on-open, debounced push on progress/booknote changes, cover/file upload —
not just via the manual "Sync now" in settings.

Since the providers are mutually exclusive, the hook drives exactly the one
enabled backend, built through the provider registry. The build is async (the
Google Drive provider probes the OS keychain), so the engine lives in state and
the pull-on-open waits for it; switching providers mid-session resets the
per-book locks. The engine is keyed on connection-relevant settings so a
lastSyncedAt write doesn't re-probe the keychain. deviceId / lastSyncedAt now
write the active provider's settings slice; the auth-failed toast is
provider-neutral; the per-book events are renamed *-file-sync.

WebDAV reader-sync behaviour is unchanged. Full suite 6416 green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(settings): surface cloud providers in the section with inline switch

Show WebDAV + Google Drive as separate rows in the Third-party Cloud Sync
section (instead of one "Cloud Sync" row), so both providers are visible and the
active one can be switched right there.

- CloudProviderRow: a trailing radio makes a provider the single active sync
  target inline (enabled only when it's already configured — WebDAV creds / a
  Drive token); the row body / chevron opens its config sub-page (connect, sync
  options, disconnect). Status reads Active / Configured / Not connected, with a
  Syncing… indicator.
- Each provider drills into its own sub-page again (WebDAV / Google Drive),
  rendering the embeddable panel under a SubPageHeader; the brief unified
  CloudSyncForm picker page is removed (its old deep-link maps to Google Drive).
- Switching stays exclusive via withActiveCloudProvider; an inline switch trusts
  the stored credentials/token (no re-validate / re-OAuth).

Full suite 6416 green; lint + format clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat(sync): gate third-party cloud sync behind a premium plan

WebDAV + Google Drive sync is now a premium feature: available on any paid plan
(Plus, Pro, or Lifetime), not on free.

- isCloudSyncInPlan(plan) helper (mirrors isEmailInPlan; plus/pro/purchase).
- IntegrationsPanel: free users see the Third-party Cloud Sync section with an
  upgrade row ("Available on Plus, Pro, or Lifetime") that opens the plans page
  instead of the provider rows; the cloud-sync deep-links are gated too (waiting
  for the plan to load before deciding).
- useFileSync: the reader's auto-sync only runs on a paid plan, so a downgraded
  user's sync stops even if a provider's enabled flag lingers.

Full suite 6418 green; lint + format clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fix(sync): escape backslashes in Drive query literals (CodeQL)

escapeDriveLiteral escaped single quotes but not the backslash escape
character, so a file name containing a backslash (or ending in one) could
break out of the single-quoted Drive `files.list` query literal and malform
the query. Escape backslashes first, then single quotes, so the backslashes
added for the quotes are not doubled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-27 10:28:08 +02:00

627 lines
25 KiB
Rust

#[cfg(target_os = "macos")]
#[macro_use]
extern crate cocoa;
#[cfg(target_os = "macos")]
#[macro_use]
extern crate objc;
#[cfg(target_os = "windows")]
mod windows;
#[cfg(target_os = "android")]
mod android;
use tauri::utils::config::BackgroundThrottlingPolicy;
#[cfg(target_os = "macos")]
use tauri::TitleBarStyle;
use std::path::PathBuf;
use tauri::{AppHandle, Manager};
use tauri_plugin_fs::FsExt;
#[cfg(desktop)]
use tauri::{Listener, Url};
mod clip_url;
mod dir_scanner;
#[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]
mod discord_rpc;
mod epub_parser;
#[cfg(target_os = "macos")]
mod macos;
mod mobi_parser;
mod nightly_update;
mod parser_common;
mod range_file;
#[cfg(desktop)]
mod spawn_fresh_browser;
mod transfer_file;
#[cfg(desktop)]
mod window_state;
#[cfg(target_os = "windows")]
use tauri::webview::ScrollBarStyle;
use tauri::{command, Emitter, WebviewUrl, WebviewWindowBuilder, Window};
#[cfg(target_os = "android")]
use tauri_plugin_native_bridge::register_select_directory_callback;
#[cfg(target_os = "android")]
use tauri_plugin_native_bridge::{NativeBridgeExt, OpenExternalUrlRequest};
use tauri_plugin_oauth::start;
#[cfg(not(target_os = "android"))]
use tauri_plugin_opener::OpenerExt;
use transfer_file::{download_file, upload_file};
#[cfg(any(desktop, target_os = "ios"))]
fn allow_file_in_scopes(app: &AppHandle, files: Vec<PathBuf>) {
let fs_scope = app.fs_scope();
let asset_protocol_scope = app.asset_protocol_scope();
for file in &files {
if let Err(e) = fs_scope.allow_file(file) {
log::error!("Failed to allow file in fs_scope: {e}");
} else {
log::debug!("Allowed file in fs_scope: {file:?}");
}
if let Err(e) = asset_protocol_scope.allow_file(file) {
log::error!("Failed to allow file in asset_protocol_scope: {e}");
} else {
log::debug!("Allowed file in asset_protocol_scope: {file:?}");
}
}
}
fn allow_dir_in_scopes(app: &AppHandle, dir: &PathBuf) {
let fs_scope = app.fs_scope();
let asset_protocol_scope = app.asset_protocol_scope();
if let Err(e) = fs_scope.allow_directory(dir, true) {
log::error!("Failed to allow directory in fs_scope: {e}");
} else {
log::info!("Allowed directory in fs_scope: {dir:?}");
}
if let Err(e) = asset_protocol_scope.allow_directory(dir, true) {
log::error!("Failed to allow directory in asset_protocol_scope: {e}");
} else {
log::info!("Allowed directory in asset_protocol_scope: {dir:?}");
}
}
/// Frontend-callable shim around [`allow_file_in_scopes`] /
/// [`allow_dir_in_scopes`]. Used after dialog-based file/folder pickers
/// because the Tauri `dialog` plugin only auto-grants `fs_scope`, not
/// `asset_protocol_scope` — and our importer relies on the asset
/// protocol (`RemoteFile`) to read user-selected files. Without this,
/// importing a book from e.g. `~/Downloads/...` fails with
/// "asset protocol not configured to allow the path".
///
/// Granted scopes are persisted across app restarts thanks to
/// `tauri_plugin_persisted_scope`, so re-picking the same file isn't
/// required after the first allow call.
///
/// Security:
///
/// - On desktop, this command refuses to extend `asset_protocol_scope`
/// for any path that is not already allowed in `fs_scope`. The
/// `fs_scope` there is populated only by the Tauri `dialog` plugin
/// (when the user picks through the OS picker) or by
/// `tauri_plugin_persisted_scope` (which restores prior dialog
/// grants on startup). That gate constrains the command to
/// user-selected paths only — otherwise any frontend code
/// (including a future XSS via book content, OPDS HTML, dictionary
/// lookups, or a compromised dependency) could invoke it with an
/// arbitrary path like `/` or `~/.ssh` and gain persistent read
/// access to the entire user home directory via the asset
/// protocol.
///
/// - On iOS, the `fs_scope` gate is intentionally skipped: the iOS
/// directory/file picker (`UIDocumentPickerViewController`) does
/// not flow through Tauri's dialog plugin, and we keep the only
/// persistent record of user-authorised paths inside the
/// native-bridge plugin's security-scoped bookmark store
/// (`FolderBookmarkStore` in NativeBridgePlugin.swift). The
/// OS sandbox itself is the access-control boundary: the process
/// can only read paths for which it holds a security-scoped
/// resource (granted by the system picker, persisted via
/// bookmark). Widening Tauri's `fs_scope`/`asset_protocol_scope`
/// to those same paths cannot escalate access beyond what the OS
/// already grants — it just lets the fs / dir-scanner layers
/// route reads through the path the WebView gave them. The
/// frontend layer also keeps the list of folder roots in
/// `settings.externalLibraryFolders` and re-issues this call on
/// every launch, so the in-memory scope set stays in sync with
/// the user's persisted intent.
#[command]
fn allow_paths_in_scopes(_app: AppHandle, _paths: Vec<String>, _is_directory: bool) {
#[cfg(desktop)]
{
let fs_scope = _app.fs_scope();
for raw in _paths {
if raw.is_empty() {
continue;
}
let path = PathBuf::from(&raw);
if !fs_scope.is_allowed(&path) {
log::warn!("allow_paths_in_scopes refused (path not in fs_scope): {path:?}");
continue;
}
if _is_directory {
allow_dir_in_scopes(&_app, &path);
} else {
allow_file_in_scopes(&_app, vec![path]);
}
}
}
#[cfg(target_os = "ios")]
{
// The iOS picker hands us a security-scoped URL whose POSIX
// path lives outside any of our static fs_scope globs (e.g.
// File Provider Storage, iCloud Drive, third-party providers).
// Without explicitly widening fs_scope/asset_protocol_scope
// here, both `dir_scanner::read_dir` and the fs plugin's
// `readDir` would reject the path even though the OS sandbox
// already grants us access via the held security-scoped
// resource. See the security comment above.
for raw in _paths {
if raw.is_empty() {
continue;
}
let path = PathBuf::from(&raw);
if _is_directory {
allow_dir_in_scopes(&_app, &path);
} else {
allow_file_in_scopes(&_app, vec![path]);
}
}
}
#[cfg(target_os = "android")]
{
// Android picker already routes through register_select_directory_callback
// for directories; files go through SAF / content-URIs and don't use
// asset_protocol_scope. Nothing to do here.
}
}
#[cfg(desktop)]
fn get_files_from_argv(argv: Vec<String>) -> Vec<PathBuf> {
let mut files = Vec::new();
// NOTICE: `args` may include URL protocol (`your-app-protocol://`)
// or arguments (`--`) if your app supports them.
// files may also be passed as `file://path/to/file`
for (_, maybe_file) in argv.iter().enumerate().skip(1) {
// skip flags like -f or --flag
if maybe_file.starts_with("-") {
continue;
}
// handle `file://` path urls and skip other urls
if let Ok(url) = Url::parse(maybe_file) {
if let Ok(path) = url.to_file_path() {
files.push(path);
} else {
files.push(PathBuf::from(maybe_file))
}
} else {
files.push(PathBuf::from(maybe_file))
}
}
files
}
#[cfg(desktop)]
fn set_window_open_with_files(app: &AppHandle, files: Vec<PathBuf>) {
let files = files
.into_iter()
.map(|f| {
let file = f
.to_string_lossy()
.replace("\\", "\\\\")
.replace("\"", "\\\"");
format!("\"{file}\"",)
})
.collect::<Vec<_>>()
.join(",");
let window = app.get_webview_window("main").unwrap();
let script = format!("window.OPEN_WITH_FILES = [{files}];");
if let Err(e) = window.eval(&script) {
eprintln!("Failed to set open files variable: {e}");
}
}
#[command]
async fn start_server(window: Window) -> Result<u16, String> {
start(move |url| {
// Because of the unprotected localhost port, you must verify the URL here.
// Preferebly send back only the token, or nothing at all if you can handle everything else in Rust.
let _ = window.emit("redirect_uri", url);
})
.map_err(|err| err.to_string())
}
#[tauri::command]
fn get_environment_variable(name: &str) -> String {
std::env::var(String::from(name)).unwrap_or(String::from(""))
}
#[tauri::command]
fn get_executable_dir() -> String {
std::env::current_exe()
.ok()
.and_then(|path| path.parent().map(|p| p.to_path_buf()))
.map(|p| p.to_string_lossy().to_string())
.unwrap_or_default()
}
#[derive(Clone, serde::Serialize)]
#[allow(dead_code)]
struct SingleInstancePayload {
args: Vec<String>,
cwd: String,
}
#[cfg_attr(mobile, tauri::mobile_entry_point)]
pub fn run() {
let builder = tauri::Builder::default()
.plugin(
tauri_plugin_log::Builder::new()
.level(log::LevelFilter::Info)
.level_for("tracing", log::LevelFilter::Warn)
.level_for("tantivy", log::LevelFilter::Warn)
.build(),
)
.plugin(tauri_plugin_websocket::init())
.plugin(tauri_plugin_process::init())
.plugin(tauri_plugin_oauth::init())
.invoke_handler(tauri::generate_handler![
start_server,
download_file,
upload_file,
get_environment_variable,
get_executable_dir,
allow_paths_in_scopes,
dir_scanner::read_dir,
epub_parser::parse_epub_metadata,
epub_parser::extract_epub_cover_full,
epub_parser::parse_epub_full,
mobi_parser::parse_mobi_metadata,
mobi_parser::extract_mobi_cover_full,
#[cfg(target_os = "macos")]
macos::safari_auth::auth_with_safari,
#[cfg(target_os = "macos")]
macos::apple_auth::start_apple_sign_in,
#[cfg(target_os = "macos")]
macos::traffic_light::set_traffic_lights,
#[cfg(target_os = "macos")]
macos::system_dictionary::show_lookup_popover,
#[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]
discord_rpc::update_book_presence,
#[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]
discord_rpc::clear_book_presence,
clip_url::clip_url,
#[cfg(desktop)]
spawn_fresh_browser::spawn_fresh_browser,
nightly_update::verify_update_signature,
#[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]
nightly_update::install_nightly_update,
])
.plugin(tauri_plugin_fs::init())
.plugin(tauri_plugin_persisted_scope::init())
.plugin(tauri_plugin_shell::init())
.plugin(tauri_plugin_opener::init())
.plugin(tauri_plugin_http::init())
.plugin(tauri_plugin_os::init())
.plugin(tauri_plugin_dialog::init())
.plugin(tauri_plugin_sharekit::init())
.plugin(tauri_plugin_clipboard_manager::init())
.plugin(tauri_plugin_device_info::init())
.plugin(tauri_plugin_turso::init())
.plugin(tauri_plugin_native_bridge::init())
.plugin(tauri_plugin_native_tts::init())
.plugin(tauri_plugin_webview_upgrade::init())
// Serves local file byte-ranges to `RemoteFile` via `?path=&start=&end=`
// (range-in-URL, not a `Range` header) so Android's WebView doesn't
// re-apply the offset. Scope-gated by `asset_protocol_scope`.
.register_asynchronous_uri_scheme_protocol(range_file::SCHEME, range_file::handle);
#[cfg(desktop)]
let builder = builder.plugin(
tauri_plugin_single_instance::Builder::new()
.callback(move |app, argv, cwd| {
if let Some(window) = app.get_webview_window("main") {
let _ = window.set_focus();
}
let files = get_files_from_argv(argv.clone());
if !files.is_empty() {
allow_file_in_scopes(app, files.clone());
}
app.emit("single-instance", SingleInstancePayload { args: argv, cwd })
.unwrap();
})
.dbus_id("com.bilingify.readest".to_owned())
.build(),
);
let builder = builder.plugin(tauri_plugin_deep_link::init());
#[cfg(desktop)]
let builder = builder.plugin(tauri_plugin_updater::Builder::new().build());
// Strip invalid geometry from the saved window state before the
// window-state plugin loads it, so a bad `.window-state.json` (e.g. the
// Windows minimized `-32000` sentinel) can't crash WebView2 on launch.
// See https://github.com/readest/readest/issues/4398.
#[cfg(desktop)]
let builder = builder.plugin(window_state::init());
#[cfg(desktop)]
let builder = builder.plugin(tauri_plugin_window_state::Builder::default().build());
#[cfg(target_os = "macos")]
let builder = builder.plugin(macos::traffic_light::init());
#[cfg(target_os = "macos")]
let builder = builder.plugin(macos::safari_auth::init());
#[cfg(target_os = "ios")]
let builder = builder.plugin(tauri_plugin_sign_in_with_apple::init());
#[cfg(any(target_os = "ios", target_os = "android"))]
let builder = builder.plugin(tauri_plugin_haptics::init());
#[cfg(any(target_os = "ios", target_os = "android"))]
let builder = builder.plugin(tauri_plugin_biometric::init());
#[cfg(feature = "webdriver")]
let builder = builder.plugin(tauri_plugin_webdriver::init());
builder
.setup(|#[allow(unused_variables)] app| {
// When running with the webdriver feature (E2E/integration tests),
// grant all default permissions to remote URLs (http://127.0.0.1:*)
// so that Vitest browser-mode tests can call plugin commands.
#[cfg(feature = "webdriver")]
{
use tauri::Manager;
app.add_capability(include_str!("../capabilities-extra/webdriver.json"))?;
}
#[cfg(any(target_os = "macos", target_os = "windows", target_os = "linux"))]
{
use std::sync::{Arc, Mutex};
let discord_client = Arc::new(Mutex::new(discord_rpc::DiscordRpcClient::new()));
app.manage(discord_client);
}
#[cfg(desktop)]
{
let files = get_files_from_argv(std::env::args().collect());
if !files.is_empty() {
let app_handle = app.handle().clone();
allow_file_in_scopes(&app_handle, files.clone());
app.listen("window-ready", move |_| {
println!("Window is ready, proceeding to handle files.");
set_window_open_with_files(&app_handle, files.clone());
});
}
}
#[cfg(desktop)]
{
allow_dir_in_scopes(app.handle(), &PathBuf::from(get_executable_dir()));
}
#[cfg(target_os = "android")]
register_select_directory_callback(app.handle(), move |app, path| {
allow_dir_in_scopes(app, path);
});
#[cfg(any(target_os = "windows", target_os = "linux"))]
{
use tauri_plugin_deep_link::DeepLinkExt;
let _ = app.deep_link().register_all();
}
#[cfg(desktop)]
{
app.handle().plugin(tauri_plugin_cli::init())?;
}
// Check for e-ink device on Android before building the window
#[cfg(target_os = "android")]
let is_eink = android::is_eink_device();
#[cfg(not(target_os = "android"))]
let is_eink = false;
#[cfg(desktop)]
let cli_access = true;
#[cfg(not(desktop))]
let cli_access = false;
#[cfg(target_os = "linux")]
let is_appimage = std::env::var("APPIMAGE").is_ok()
|| std::env::current_exe()
.map(|path| path.to_string_lossy().contains("/tmp/.mount_"))
.unwrap_or(false);
#[cfg(not(target_os = "linux"))]
let is_appimage = false;
// Flatpak mounts the app directory read-only, so the bundled updater can
// download but never apply an update. Disable it and leave updates to the
// Flatpak runtime. Detect via FLATPAK_ID or the /.flatpak-info sandbox file.
#[cfg(desktop)]
let updater_disabled = {
#[cfg(target_os = "linux")]
let is_flatpak = std::env::var("FLATPAK_ID").is_ok()
|| std::path::Path::new("/.flatpak-info").exists();
#[cfg(not(target_os = "linux"))]
let is_flatpak = false;
std::env::var("READEST_DISABLE_UPDATER").is_ok() || is_flatpak
};
#[cfg(not(desktop))]
let updater_disabled = false;
let init_script = format!(
r#"
if ({is_eink}) window.__READEST_IS_EINK = true;
if ({cli_access}) window.__READEST_CLI_ACCESS = true;
if ({is_appimage}) window.__READEST_IS_APPIMAGE = true;
if ({updater_disabled}) window.__READEST_UPDATER_DISABLED = true;
window.addEventListener('DOMContentLoaded', function() {{
document.documentElement.classList.add('edge-to-edge');
const isTauriLocal = window.location.protocol === 'tauri:' ||
window.location.protocol === 'about:' ||
window.location.hostname === 'tauri.localhost';
const needsSafeArea = !isTauriLocal;
if (needsSafeArea && !document.getElementById('safe-area-style')) {{
const style = document.createElement('style');
style.id = 'safe-area-style';
style.textContent = `
body {{
padding-top: env(safe-area-inset-top) !important;
padding-bottom: env(safe-area-inset-bottom) !important;
padding-left: env(safe-area-inset-left) !important;
padding-right: env(safe-area-inset-right) !important;
}}
`;
document.head.appendChild(style);
}}
}});
"#,
is_eink = is_eink,
cli_access = cli_access,
is_appimage = is_appimage,
updater_disabled = updater_disabled
);
let app_handle = app.handle().clone();
let win_builder = WebviewWindowBuilder::new(app, "main", WebviewUrl::default())
.background_throttling(BackgroundThrottlingPolicy::Disabled)
.background_color(if is_eink {
tauri::window::Color(255, 255, 255, 255)
} else {
tauri::window::Color(50, 49, 48, 255)
})
.initialization_script(&init_script)
.on_navigation(move |url| {
if url.scheme() == "alipays" || url.scheme() == "alipay" {
let url_str = url.as_str().to_string();
#[cfg(target_os = "android")]
{
let handle = app_handle.clone();
tauri::async_runtime::spawn(async move {
match handle
.native_bridge()
.open_external_url(OpenExternalUrlRequest { url: url_str })
{
Ok(result) => println!("Result: {:?}", result),
Err(e) => eprintln!("Error: {:?}", e),
}
});
}
#[cfg(not(target_os = "android"))]
{
let _ = app_handle.opener().open_url(url_str, None::<&str>);
}
return false;
}
true
});
#[cfg(target_os = "macos")]
let win_builder = win_builder.inner_size(1280.0, 800.0).resizable(true);
#[cfg(all(not(target_os = "macos"), desktop))]
let win_builder = win_builder.inner_size(800.0, 600.0).resizable(true);
#[cfg(target_os = "macos")]
let win_builder = win_builder
.decorations(true)
.title_bar_style(TitleBarStyle::Overlay)
.title("");
#[cfg(all(not(target_os = "macos"), desktop))]
let win_builder = {
let mut builder = win_builder
.decorations(false)
.visible(false)
.shadow(true)
.title("Readest");
#[cfg(target_os = "windows")]
{
builder = builder
.transparent(false)
.scroll_bar_style(ScrollBarStyle::FluentOverlay);
}
#[cfg(target_os = "linux")]
{
builder = builder
.transparent(true)
.background_color(tauri::window::Color(0, 0, 0, 0));
}
builder
};
#[cfg(not(target_os = "macos"))]
{
win_builder.build().unwrap();
}
// let win = win_builder.build().unwrap();
// win.open_devtools();
#[cfg(target_os = "macos")]
{
let window = win_builder.build().unwrap();
// On macOS, closing a window (via Cmd+W or the red traffic light) should
// not quit the app — only Cmd+Q should. Hide the window instead so the
// app keeps running in the dock, and restore it when the user reopens
// the app from the dock.
let window_for_close = window.clone();
window.on_window_event(move |event| {
if let tauri::WindowEvent::CloseRequested { api, .. } = event {
api.prevent_close();
let _ = window_for_close.hide();
}
});
}
#[cfg(target_os = "macos")]
macos::menu::setup_macos_menu(app.handle())?;
app.handle().emit("window-ready", ()).unwrap();
Ok(())
})
.build(tauri::generate_context!())
.expect("error while running tauri application")
.run(
#[allow(unused_variables)]
|app_handle, event| {
#[cfg(target_os = "macos")]
match event {
tauri::RunEvent::Opened { urls } => {
let files = urls
.into_iter()
.filter_map(|url| url.to_file_path().ok())
.collect::<Vec<_>>();
let app_handler_clone = app_handle.clone();
allow_file_in_scopes(app_handle, files.clone());
app_handle.listen("window-ready", move |_| {
println!("Window is ready, proceeding to handle files.");
set_window_open_with_files(&app_handler_clone, files.clone());
});
}
// When the user reopens the app from the dock after closing all
// windows, re-show the main window instead of leaving the dock
// icon inert.
tauri::RunEvent::Reopen {
has_visible_windows: false,
..
} => {
if let Some(window) = app_handle.get_webview_window("main") {
let _ = window.show();
let _ = window.set_focus();
let _ = window.unminimize();
}
}
_ => {}
}
},
);
}