tauri-docs
tauri-docs copied to clipboard
"core layer" is unclear
In https://tauri.app/v1/api/js/modules/fs#security, we are only told "if you need access to arbitrary filesystem paths, you must write such logic on the core layer instead" but what does "core layer" entail? Would we have to use Rust ourselves? Why make life difficult for us? This is such a nuisance in the name of security.
The FS APIs expect a path relative to one of the base directories. To bypass that you need to write your own Rust command, like:
#[tauri::command]
async fn read_file(path: std::path::PathBuf) -> Vec<u8> {
std::fs::read(path).unwrap()
}
For security reasons we won't allow arbitrary paths.
Security aside, I'm asking to improve the docs to use more explicit terms than "core layer"
welp, we introduced core and core layer to make the docs clearer, guess that didn't work out 😅
Do you have suggestions? Just calling it "rust", "rust layer" or "the rust side"?
p.s. for what it's worth we explain the concept of the core side in the architecture section
Rust layer will probably be clearer for everyone (not everyone will read the architecture section).
Rust side. Core layer communicates internal aspects whereas core process is clear. I thought we might have to edit the library ourselves but then I just assumed the rust side would work. I asked for clarification since the wording acted like there are many restrictions rather than just the front-end one.
And I started using tauri in January. I'm creating a tutorial series for people.
Tauri & ReactJS - Modern Desktop App Tutorial: https://www.youtube.com/playlist?list=PLmWYh0f8jKSjt9VC5sq2T3mFETasG2p2L
Is the change implemented? Because I saw core layer right now, and i was also confused.
Nope, that's why this issue is still open :)
Is "core layer", as a term, defined somewhere on a dedicated paragraph/page? Because the line quoted in the original post of this thread could be completely solved with a link to the definition of "core layer".
Further, the reason it's confusing is because those docs tend to be wall to wall with connective links, which is great. However this specific sounding term is unlinked and does not appear in search results of the docs.
https://tauri.app/v1/api/js/fs/#security A link on this paragraph would fix this issue.
- The
fspage refers to "core layer" - An early post in this thread refers to"core side"
- The page refers to "core ecosystem"
Yes, I was just now confused by this issue.
I understand how completely walling off the entire filesystem is attractive from a security standpoint. I'm not a fan of it (for my own selfish reasons), but I totally understand it. It's hard for people to break in to your house if you don't have doors or windows in the first place.
Thanks for that feedback, really valuable to us! And to answer for the v1 docs, i think there's only this https://tauri.app/v1/references/architecture/process-model#the-core-process which is at least something we could've linked to...
if you just want access any path files, and don't care whatever "security", refer this what provide by chatgpt.
set scope all in src-tauri/tauri.conf.json:
{
"tauri": {
"allowlist": {
"fs": {
"scope": ["**"],
"all": true,
}
},
}
}
add some rust code in src-tauri/src/main.rs:
fn main() {
tauri::Builder::default()
// add next line
.invoke_handler(tauri::generate_handler![read_file, read_dir])
.run(tauri::generate_context!())
.expect("error while running tauri application");
}
#[tauri::command]
async fn read_file(path: std::path::PathBuf) -> Result<Vec<u8>, String> {
match std::fs::read(path) {
Ok(data) => Ok(data),
Err(err) => Err(format!("Failed to read file: {}", err)),
}
}
#[tauri::command]
async fn read_dir(path: std::path::PathBuf) -> Result<Vec<std::path::PathBuf>, String> {
match std::fs::read_dir(&path) {
Ok(entries) => {
let paths: Vec<std::path::PathBuf> = entries
.filter_map(|entry| {
entry.ok().map(|dir_entry| dir_entry.path())
})
.collect();
Ok(paths)
}
Err(err) => Err(format!("Failed to read directory: {}", err)),
}
}
then you can in js call it like:
async function read_file() {
await invoke('read_file', { path: 'E:\\Download\\test.txt' })
.then((response) => {
const content = new TextDecoder().decode(new Uint8Array(response));
console.log(content);
}).catch((err) => {
console.error(err);
});
}
async function read_dir() {
await invoke('read_dir', { path: 'E:\\Download' })
.then((response) => {
console.log(response);
}).catch((err) => {
console.error(err);
});
}
i tested, this can correct run you want.
set scope all in
src-tauri/tauri.conf.json:{ "tauri": { "allowlist": { "fs": { "scope": ["**"], "all": true, } }, } }
Just this one step is enough.