forked from akai/readest
712d564e9d
* feat(sync): encrypt opds_catalog credentials end-to-end (TS path) Wires encrypted-credential sync for opds_catalog via the CryptoSession shipped in PR 4a (#4084) plus a new publish/pull crypto middleware. TS-only — native still uses ephemeral storage (re-enter passphrase per launch); PR 4d wires the OS keychain. - ReplicaAdapter gains optional `encryptedFields: readonly string[]`. Adapters stay sync; the middleware handles the crypto round trip. - replicaCryptoMiddleware.ts: encryptPackedFields drops the named fields from the push when the session is locked (no plaintext leak); decryptRowFields drops them on pull failure (local plaintext preserved by the store merge). - replicaPublish / replicaPullAndApply invoke the middleware. - OPDS adapter declares encryptedFields = [username, password] and now pack/unpack them as plaintext. - passphraseGate.ts: ensurePassphraseUnlocked coalesces concurrent calls, prompts via the registered prompter with kind=setup|unlock, throws NO_PASSPHRASE on cancel. - PassphrasePromptModal mounted at the Providers root; registers itself as the gate prompter. - CryptoSession.forget() wipes server-side envelopes + salts. - Migration 010 + replica_keys_forget RPC; DELETE /api/sync/replica-keys + client wrapper. - SyncPassphraseSection on the user page: status / Set / Unlock / Lock / Forgot. - CatalogManager pre-save: ensurePassphraseUnlocked when credentials are present; user cancel saves locally without sync. Plan updated: PR 4 split documented as 4a/4b/4c/4d. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * feat(sync): persist sync passphrase via OS keychain (Tauri) Replaces the EphemeralPassphraseStore stub on native with real OS-keychain storage so users don't re-enter their sync passphrase every launch. Web stays on the in-memory ephemeral store by design. Native bridge plugin gains 4 commands wired across all platforms: - Rust desktop (`keyring` crate): macOS Keychain on apple-native, Windows Credential Manager on windows-native, Linux libsecret/ Secret Service on sync-secret-service. Per-target features so each platform compiles only the backend it needs. - iOS Swift: Security framework Keychain (kSecClassGenericPassword, SecItemAdd / Copy / Delete). - Android Kotlin: androidx.security EncryptedSharedPreferences (AndroidKeystore-derived AES-GCM master key, AES256_SIV / AES256_GCM key/value encryption). TS layer: - TauriPassphraseStore wraps the bridge calls. set is fail-loud (surfaces keychain rejection); get is fail-soft (returns null on any error so the gate prompts). - createPassphraseStore returns ephemeral synchronously; upgradeToKeychainIfAvailable swaps the singleton to TauriPassphraseStore on Tauri after probing the bridge. CryptoSession resolves the store via createPassphraseStore() each touch so the swap is transparent. - CryptoSession.tryRestoreFromStore: silent unlock at boot. Stale- entry recovery clears the store when the account has no salt server-side. unlock/setup persist; forget also clears the store. - Providers boot effect: upgrade keychain → silent restore. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(sync): make encrypted-credential pull actually decrypt + UX polish PR 4c shipped the encrypt path but the pull side silently dropped ciphers when locked, the modal was busy with double-rings, and web re-prompted on every page refresh. This rolls up the post-test fixes + UX polish: Pull-side decrypt: - decryptRowFields takes an `onLocked` callback the orchestrator wires to the passphrase gate; encountering a cipher field with a locked session now triggers the lazy-prompt path instead of dropping the field. - replicaPullAndApply re-applies the unpacked row for metadata-only kinds even when a local copy exists, so the now-decrypted creds reach the store (the binary-kind skip-if-local optimization doesn't apply). - Cipher fingerprint comparison: capture the row's `cipher.c` for each encrypted field, compare against the local record's lastSeenCipher. Same → skip prompt + decrypt entirely. Different (rotation / value change on another device) → prompt to re-decrypt. Fingerprint persists via OPDSCatalog.lastSeenCipher. Web persistence: - SessionStoragePassphraseStore: passphrase survives page refresh within the same tab, dies on tab close. Replaces EphemeralPassphraseStore as the default on web. Avoids localStorage / IndexedDB to keep the tab-scoped trust boundary. UI: - Renamed PassphrasePromptModal → PassphrasePrompt; modernized: filled input style with single subtle focus border, btn-primary + btn-ghost replaced with leaner custom buttons. eink-bordered + btn-primary classes give the dialog correct e-paper rendering. - globals.css: suppress redundant outline/box-shadow on focused text inputs / textareas (the element's own border is the focus indicator). - AGENTS.md: documents the e-ink convention (`eink-bordered`, `btn-primary` for inverted CTAs, etc.) so future widgets ship with e-paper support. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
738 lines
32 KiB
JSON
738 lines
32 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"title": "PermissionFile",
|
|
"description": "Permission file that can define a default permission, a set of permissions or a list of inlined permissions.",
|
|
"type": "object",
|
|
"properties": {
|
|
"default": {
|
|
"description": "The default permission set for the plugin",
|
|
"anyOf": [
|
|
{
|
|
"$ref": "#/definitions/DefaultPermission"
|
|
},
|
|
{
|
|
"type": "null"
|
|
}
|
|
]
|
|
},
|
|
"set": {
|
|
"description": "A list of permissions sets defined",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/definitions/PermissionSet"
|
|
}
|
|
},
|
|
"permission": {
|
|
"description": "A list of inlined permissions",
|
|
"default": [],
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/definitions/Permission"
|
|
}
|
|
}
|
|
},
|
|
"definitions": {
|
|
"DefaultPermission": {
|
|
"description": "The default permission set of the plugin.\n\nWorks similarly to a permission with the \"default\" identifier.",
|
|
"type": "object",
|
|
"required": [
|
|
"permissions"
|
|
],
|
|
"properties": {
|
|
"version": {
|
|
"description": "The version of the permission.",
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
],
|
|
"format": "uint64",
|
|
"minimum": 1.0
|
|
},
|
|
"description": {
|
|
"description": "Human-readable description of what the permission does. Tauri convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"permissions": {
|
|
"description": "All permissions this set contains.",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"PermissionSet": {
|
|
"description": "A set of direct permissions grouped together under a new name.",
|
|
"type": "object",
|
|
"required": [
|
|
"description",
|
|
"identifier",
|
|
"permissions"
|
|
],
|
|
"properties": {
|
|
"identifier": {
|
|
"description": "A unique identifier for the permission.",
|
|
"type": "string"
|
|
},
|
|
"description": {
|
|
"description": "Human-readable description of what the permission does.",
|
|
"type": "string"
|
|
},
|
|
"permissions": {
|
|
"description": "All permissions this set contains.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/definitions/PermissionKind"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"Permission": {
|
|
"description": "Descriptions of explicit privileges of commands.\n\nIt can enable commands to be accessible in the frontend of the application.\n\nIf the scope is defined it can be used to fine grain control the access of individual or multiple commands.",
|
|
"type": "object",
|
|
"required": [
|
|
"identifier"
|
|
],
|
|
"properties": {
|
|
"version": {
|
|
"description": "The version of the permission.",
|
|
"type": [
|
|
"integer",
|
|
"null"
|
|
],
|
|
"format": "uint64",
|
|
"minimum": 1.0
|
|
},
|
|
"identifier": {
|
|
"description": "A unique identifier for the permission.",
|
|
"type": "string"
|
|
},
|
|
"description": {
|
|
"description": "Human-readable description of what the permission does. Tauri internal convention is to use `<h4>` headings in markdown content for Tauri documentation generation purposes.",
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
]
|
|
},
|
|
"commands": {
|
|
"description": "Allowed or denied commands when using this permission.",
|
|
"default": {
|
|
"allow": [],
|
|
"deny": []
|
|
},
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/Commands"
|
|
}
|
|
]
|
|
},
|
|
"scope": {
|
|
"description": "Allowed or denied scoped when using this permission.",
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/Scopes"
|
|
}
|
|
]
|
|
},
|
|
"platforms": {
|
|
"description": "Target platforms this permission applies. By default all platforms are affected by this permission.",
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
],
|
|
"items": {
|
|
"$ref": "#/definitions/Target"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"Commands": {
|
|
"description": "Allowed and denied commands inside a permission.\n\nIf two commands clash inside of `allow` and `deny`, it should be denied by default.",
|
|
"type": "object",
|
|
"properties": {
|
|
"allow": {
|
|
"description": "Allowed command.",
|
|
"default": [],
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"deny": {
|
|
"description": "Denied command, which takes priority.",
|
|
"default": [],
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"Scopes": {
|
|
"description": "An argument for fine grained behavior control of Tauri commands.\n\nIt can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.\n\n## Example\n\n```json { \"allow\": [{ \"path\": \"$HOME/**\" }], \"deny\": [{ \"path\": \"$HOME/secret.txt\" }] } ```",
|
|
"type": "object",
|
|
"properties": {
|
|
"allow": {
|
|
"description": "Data that defines what is allowed by the scope.",
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
],
|
|
"items": {
|
|
"$ref": "#/definitions/Value"
|
|
}
|
|
},
|
|
"deny": {
|
|
"description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.",
|
|
"type": [
|
|
"array",
|
|
"null"
|
|
],
|
|
"items": {
|
|
"$ref": "#/definitions/Value"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"Value": {
|
|
"description": "All supported ACL values.",
|
|
"anyOf": [
|
|
{
|
|
"description": "Represents a null JSON value.",
|
|
"type": "null"
|
|
},
|
|
{
|
|
"description": "Represents a [`bool`].",
|
|
"type": "boolean"
|
|
},
|
|
{
|
|
"description": "Represents a valid ACL [`Number`].",
|
|
"allOf": [
|
|
{
|
|
"$ref": "#/definitions/Number"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"description": "Represents a [`String`].",
|
|
"type": "string"
|
|
},
|
|
{
|
|
"description": "Represents a list of other [`Value`]s.",
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/definitions/Value"
|
|
}
|
|
},
|
|
{
|
|
"description": "Represents a map of [`String`] keys to [`Value`]s.",
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"$ref": "#/definitions/Value"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"Number": {
|
|
"description": "A valid ACL number.",
|
|
"anyOf": [
|
|
{
|
|
"description": "Represents an [`i64`].",
|
|
"type": "integer",
|
|
"format": "int64"
|
|
},
|
|
{
|
|
"description": "Represents a [`f64`].",
|
|
"type": "number",
|
|
"format": "double"
|
|
}
|
|
]
|
|
},
|
|
"Target": {
|
|
"description": "Platform target.",
|
|
"oneOf": [
|
|
{
|
|
"description": "MacOS.",
|
|
"type": "string",
|
|
"enum": [
|
|
"macOS"
|
|
]
|
|
},
|
|
{
|
|
"description": "Windows.",
|
|
"type": "string",
|
|
"enum": [
|
|
"windows"
|
|
]
|
|
},
|
|
{
|
|
"description": "Linux.",
|
|
"type": "string",
|
|
"enum": [
|
|
"linux"
|
|
]
|
|
},
|
|
{
|
|
"description": "Android.",
|
|
"type": "string",
|
|
"enum": [
|
|
"android"
|
|
]
|
|
},
|
|
{
|
|
"description": "iOS.",
|
|
"type": "string",
|
|
"enum": [
|
|
"iOS"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"PermissionKind": {
|
|
"type": "string",
|
|
"oneOf": [
|
|
{
|
|
"description": "Enables the auth_with_custom_tab command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-auth-with-custom-tab",
|
|
"markdownDescription": "Enables the auth_with_custom_tab command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the auth_with_custom_tab command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-auth-with-custom-tab",
|
|
"markdownDescription": "Denies the auth_with_custom_tab command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the auth_with_safari command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-auth-with-safari",
|
|
"markdownDescription": "Enables the auth_with_safari command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the auth_with_safari command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-auth-with-safari",
|
|
"markdownDescription": "Denies the auth_with_safari command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the check-permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-check-permissions",
|
|
"markdownDescription": "Enables the check-permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the check-permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-check-permissions",
|
|
"markdownDescription": "Denies the check-permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the checkPermissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-checkPermissions",
|
|
"markdownDescription": "Enables the checkPermissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the checkPermissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-checkPermissions",
|
|
"markdownDescription": "Denies the checkPermissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the check_permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-check-permissions",
|
|
"markdownDescription": "Enables the check_permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the check_permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-check-permissions",
|
|
"markdownDescription": "Denies the check_permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the clear_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-clear-sync-passphrase",
|
|
"markdownDescription": "Enables the clear_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the clear_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-clear-sync-passphrase",
|
|
"markdownDescription": "Denies the clear_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the copy_uri_to_path command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-copy-uri-to-path",
|
|
"markdownDescription": "Enables the copy_uri_to_path command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the copy_uri_to_path command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-copy-uri-to-path",
|
|
"markdownDescription": "Denies the copy_uri_to_path command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_external_sdcard_path command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-external-sdcard-path",
|
|
"markdownDescription": "Enables the get_external_sdcard_path command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_external_sdcard_path command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-external-sdcard-path",
|
|
"markdownDescription": "Denies the get_external_sdcard_path command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_safe_area_insets command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-safe-area-insets",
|
|
"markdownDescription": "Enables the get_safe_area_insets command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_safe_area_insets command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-safe-area-insets",
|
|
"markdownDescription": "Denies the get_safe_area_insets command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_screen_brightness command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-screen-brightness",
|
|
"markdownDescription": "Enables the get_screen_brightness command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_screen_brightness command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-screen-brightness",
|
|
"markdownDescription": "Denies the get_screen_brightness command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_status_bar_height command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-status-bar-height",
|
|
"markdownDescription": "Enables the get_status_bar_height command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_status_bar_height command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-status-bar-height",
|
|
"markdownDescription": "Denies the get_status_bar_height command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_storefront_region_code command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-storefront-region-code",
|
|
"markdownDescription": "Enables the get_storefront_region_code command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_storefront_region_code command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-storefront-region-code",
|
|
"markdownDescription": "Denies the get_storefront_region_code command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-sync-passphrase",
|
|
"markdownDescription": "Enables the get_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-sync-passphrase",
|
|
"markdownDescription": "Denies the get_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_sys_fonts_list command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-sys-fonts-list",
|
|
"markdownDescription": "Enables the get_sys_fonts_list command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_sys_fonts_list command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-sys-fonts-list",
|
|
"markdownDescription": "Denies the get_sys_fonts_list command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the get_system_color_scheme command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-get-system-color-scheme",
|
|
"markdownDescription": "Enables the get_system_color_scheme command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the get_system_color_scheme command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-get-system-color-scheme",
|
|
"markdownDescription": "Denies the get_system_color_scheme command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the iap_fetch_products command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-iap-fetch-products",
|
|
"markdownDescription": "Enables the iap_fetch_products command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the iap_fetch_products command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-iap-fetch-products",
|
|
"markdownDescription": "Denies the iap_fetch_products command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the iap_initialize command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-iap-initialize",
|
|
"markdownDescription": "Enables the iap_initialize command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the iap_initialize command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-iap-initialize",
|
|
"markdownDescription": "Denies the iap_initialize command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the iap_is_available command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-iap-is-available",
|
|
"markdownDescription": "Enables the iap_is_available command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the iap_is_available command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-iap-is-available",
|
|
"markdownDescription": "Denies the iap_is_available command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the iap_purchase_product command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-iap-purchase-product",
|
|
"markdownDescription": "Enables the iap_purchase_product command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the iap_purchase_product command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-iap-purchase-product",
|
|
"markdownDescription": "Denies the iap_purchase_product command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the iap_restore_purchases command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-iap-restore-purchases",
|
|
"markdownDescription": "Enables the iap_restore_purchases command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the iap_restore_purchases command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-iap-restore-purchases",
|
|
"markdownDescription": "Denies the iap_restore_purchases command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the install_package command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-install-package",
|
|
"markdownDescription": "Enables the install_package command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the install_package command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-install-package",
|
|
"markdownDescription": "Denies the install_package command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the intercept_keys command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-intercept-keys",
|
|
"markdownDescription": "Enables the intercept_keys command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the intercept_keys command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-intercept-keys",
|
|
"markdownDescription": "Denies the intercept_keys command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the is_sync_keychain_available command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-is-sync-keychain-available",
|
|
"markdownDescription": "Enables the is_sync_keychain_available command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the is_sync_keychain_available command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-is-sync-keychain-available",
|
|
"markdownDescription": "Denies the is_sync_keychain_available command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the lock_screen_orientation command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-lock-screen-orientation",
|
|
"markdownDescription": "Enables the lock_screen_orientation command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the lock_screen_orientation command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-lock-screen-orientation",
|
|
"markdownDescription": "Denies the lock_screen_orientation command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the open_external_url command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-open-external-url",
|
|
"markdownDescription": "Enables the open_external_url command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the open_external_url command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-open-external-url",
|
|
"markdownDescription": "Denies the open_external_url command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the register_listener command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-register-listener",
|
|
"markdownDescription": "Enables the register_listener command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the register_listener command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-register-listener",
|
|
"markdownDescription": "Denies the register_listener command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the remove_listener command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-remove-listener",
|
|
"markdownDescription": "Enables the remove_listener command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the remove_listener command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-remove-listener",
|
|
"markdownDescription": "Denies the remove_listener command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the request-permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-request-permissions",
|
|
"markdownDescription": "Enables the request-permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the request-permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-request-permissions",
|
|
"markdownDescription": "Denies the request-permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the requestPermissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-requestPermissions",
|
|
"markdownDescription": "Enables the requestPermissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the requestPermissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-requestPermissions",
|
|
"markdownDescription": "Denies the requestPermissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the request_manage_storage_permission command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-request-manage-storage-permission",
|
|
"markdownDescription": "Enables the request_manage_storage_permission command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the request_manage_storage_permission command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-request-manage-storage-permission",
|
|
"markdownDescription": "Denies the request_manage_storage_permission command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the request_permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-request-permissions",
|
|
"markdownDescription": "Enables the request_permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the request_permissions command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-request-permissions",
|
|
"markdownDescription": "Denies the request_permissions command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the select_directory command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-select-directory",
|
|
"markdownDescription": "Enables the select_directory command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the select_directory command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-select-directory",
|
|
"markdownDescription": "Denies the select_directory command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the set_screen_brightness command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-set-screen-brightness",
|
|
"markdownDescription": "Enables the set_screen_brightness command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the set_screen_brightness command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-set-screen-brightness",
|
|
"markdownDescription": "Denies the set_screen_brightness command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the set_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-set-sync-passphrase",
|
|
"markdownDescription": "Enables the set_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the set_sync_passphrase command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-set-sync-passphrase",
|
|
"markdownDescription": "Denies the set_sync_passphrase command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the set_system_ui_visibility command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-set-system-ui-visibility",
|
|
"markdownDescription": "Enables the set_system_ui_visibility command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the set_system_ui_visibility command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-set-system-ui-visibility",
|
|
"markdownDescription": "Denies the set_system_ui_visibility command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Enables the use_background_audio command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "allow-use-background-audio",
|
|
"markdownDescription": "Enables the use_background_audio command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Denies the use_background_audio command without any pre-configured scope.",
|
|
"type": "string",
|
|
"const": "deny-use-background-audio",
|
|
"markdownDescription": "Denies the use_background_audio command without any pre-configured scope."
|
|
},
|
|
{
|
|
"description": "Default permissions for the plugin\n#### This default permission set includes:\n\n- `allow-auth-with-safari`\n- `allow-auth-with-custom-tab`\n- `allow-copy-uri-to-path`\n- `allow-use-background-audio`\n- `allow-install-package`\n- `allow-set-system-ui-visibility`\n- `allow-get-status-bar-height`\n- `allow-get-sys-fonts-list`\n- `allow-intercept-keys`\n- `allow-lock-screen-orientation`\n- `allow-iap-is-available`\n- `allow-iap-initialize`\n- `allow-iap-fetch-products`\n- `allow-iap-purchase-product`\n- `allow-iap-restore-purchases`\n- `allow-get-system-color-scheme`\n- `allow-get-safe-area-insets`\n- `allow-get-screen-brightness`\n- `allow-set-screen-brightness`\n- `allow-get-external-sdcard-path`\n- `allow-open-external-url`\n- `allow-select-directory`\n- `allow-get-storefront-region-code`\n- `allow-request-manage-storage-permission`\n- `allow-register-listener`\n- `allow-remove-listener`\n- `allow-check-permissions`\n- `allow-request-permissions`\n- `allow-checkPermissions`\n- `allow-requestPermissions`\n- `allow-set-sync-passphrase`\n- `allow-get-sync-passphrase`\n- `allow-clear-sync-passphrase`\n- `allow-is-sync-keychain-available`",
|
|
"type": "string",
|
|
"const": "default",
|
|
"markdownDescription": "Default permissions for the plugin\n#### This default permission set includes:\n\n- `allow-auth-with-safari`\n- `allow-auth-with-custom-tab`\n- `allow-copy-uri-to-path`\n- `allow-use-background-audio`\n- `allow-install-package`\n- `allow-set-system-ui-visibility`\n- `allow-get-status-bar-height`\n- `allow-get-sys-fonts-list`\n- `allow-intercept-keys`\n- `allow-lock-screen-orientation`\n- `allow-iap-is-available`\n- `allow-iap-initialize`\n- `allow-iap-fetch-products`\n- `allow-iap-purchase-product`\n- `allow-iap-restore-purchases`\n- `allow-get-system-color-scheme`\n- `allow-get-safe-area-insets`\n- `allow-get-screen-brightness`\n- `allow-set-screen-brightness`\n- `allow-get-external-sdcard-path`\n- `allow-open-external-url`\n- `allow-select-directory`\n- `allow-get-storefront-region-code`\n- `allow-request-manage-storage-permission`\n- `allow-register-listener`\n- `allow-remove-listener`\n- `allow-check-permissions`\n- `allow-request-permissions`\n- `allow-checkPermissions`\n- `allow-requestPermissions`\n- `allow-set-sync-passphrase`\n- `allow-get-sync-passphrase`\n- `allow-clear-sync-passphrase`\n- `allow-is-sync-keychain-available`"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
} |