I have a tauri application that is reading and writing for example yaml files for the application configurations in the users machine. Initially I moved the implementation from frontend side of the application to the backend.
To get things working I used std::fs::OpenOptionsto do the actual file manipulation and resolved the paths using tauri::api::path.
This works but the problem is that this way the allowList scopes from tauri.config file is not respected, meaning that files could be created or read from any location, so how could I access the allowList scopes to check if path really is allowed there before opening files via OpenOptions?
I tried to see if the tauri::api exposes something for file manipulation on rust side that will respect the allowlist given in the configuration file, but did not find anything useful.
Also found this FsScope structure that seems to have is_allowed method, but not sure how to use it...
example from tauri.config.json
"tauri": {
"allowList": {
"fs": {
"readFile": true,
"writeFile": true,
"readDir": true,
"scope": ["$HOME/some_folder/*"]
}
}
}
so based on the tauri config file above, before accessing files I would like to check that given path to a file or directory is inside $HOME/some_folder and not pointing to anywhere else.
is_allowed is indeed correct. To get access to it you need an instance of App, AppHandle or Window. If you use tauri commands it would look something like this:
use tauri::Manager;
#[tauri::command]
async fn(app_handle: tauri::AppHandle, path: PathBuf) {
if app_handle.fs_scope().is_allowed(&path) {
// Path is allowed.
}
}