aljaz/goose
1
0
Fork 0
mirror of https://github.com/aljazceru/goose.git synced 2026-01-09 01:14:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

add toasts for errors trying to install extensions from deep links (#782)

Browse Source
This commit is contained in:
lily-de
2025-01-25 23:22:36 -05:00
committed by GitHub
parent 4404eaf3ed
commit cb0049f163
1 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
ui/desktop/src/extensions.ts
View File

@@ -248,35 +248,54 @@ function envVarsRequired(config: ExtensionConfig) {
return config.env_keys?.length > 0;
}
function handleError(message: string, shouldThrow = false): void {
toast.error(message);
console.error(message);
if (shouldThrow) {
throw new Error(message);
}
}
export async function addExtensionFromDeepLink(url: string, navigate: NavigateFunction) {
if (!url.startsWith('goose://extension')) {
console.log('Invalid URL: URL must use the goose://extension scheme');
handleError(
'Failed to install extension: Invalid URL: URL must use the goose://extension scheme'
);
return;
}
const parsedUrl = new URL(url);
if (parsedUrl.protocol !== 'goose:') {
throw new Error('Invalid protocol: URL must use the goose:// scheme');
handleError(
'Failed to install extension: Invalid protocol: URL must use the goose:// scheme',
true
);
}
const cmd = parsedUrl.searchParams.get('cmd');
if (!cmd) {
throw new Error("Missing required 'cmd' parameter in the URL");
handleError("Failed to install extension: Missing required 'cmd' parameter in the URL", true);
}
// Validate that the command is one of the allowed commands
const allowedCommands = ['npx', 'uvx', 'goosed'];
if (!allowedCommands.includes(cmd)) {
throw new Error(`Invalid command: ${cmd}. Only ${allowedCommands.join(', ')} are allowed.`);
handleError(
`Failed to install extension: Invalid command: ${cmd}. Only ${allowedCommands.join(', ')} are allowed.`,
true
);
}
// Check for security risk with npx -c command
const args = parsedUrl.searchParams.getAll('arg');
if (cmd === 'npx' && args.includes('-c')) {
throw new Error('Error: npx with -c argument can lead to code injection');
handleError(
'Failed to install extension: npx with -c argument can lead to code injection',
true
);
}
const envList = parsedUrl.searchParams.getAll('env');
const id = parsedUrl.searchParams.get('id');
const name = parsedUrl.searchParams.get('name');