tauri icon indicating copy to clipboard operation
tauri copied to clipboard

Published 20 hours ago verified publisher icon tauri-apps

[bug] Unhandled Promise Rejection for $TEMP: path not allowed on the configured scope

Open gormlabenz opened this issue 2 years ago • 7 comments

Describe the bug

The problem occurs when opening a file from the BaseDirectory.Temp . Other directories work. I tried different configurations, the only one that works is a wildcard.

   "fs": {
        "readFile": true,
        "scope": [
          "$TEMP/test.txt",
          "$TEMP/*/**",
          "$TEMP/**",
          "$TEMP/*",
          "$TEMP/",
          "$TEMP",
          "**", // <- wildcard is the only one that works
      }

 readBinaryFile(fileNameInputEl.value, { dir: BaseDirectory.Temp }).then(
      (data) => {
        console.log(data)
      }
    )

image

Reproduction

I created a repository for reproduction: https://github.com/gormlabenz/tauri-temp-bug

  1. Add "$TEMP/**" to scope
 "fs": {
        "readFile": true,
        "scope": [
          "$TEMP/**",
        ]
      }
  1. Open file from 'BaseDirectory.Temp'
    readBinaryFile(filename, { dir: BaseDirectory.Temp }).then(
      (data) => {
        console.log(data)
      }
    )

Expected behavior

Shouldn't fail when opening file from BaseDirectory.Temp

Platform and versions

Environment › OS: Mac OS 13.1.0 X64 › Node.js: 16.15.0 › npm: 9.3.1 › pnpm: 7.27.0 › yarn: 1.22.19 › rustup: 1.25.1 › rustc: 1.63.0 › cargo: 1.63.0 › Rust toolchain: stable-x86_64-apple-darwin

Packages › @tauri-apps/cli [NPM]: 1.2.3

Stack trace

[Error] Unhandled Promise Rejection: path not allowed on the configured scope: /var/folders/8s/xvw_7jh940d8n4cmn3wj5n8w0000gn/T/test.txt
	promiseEmptyOnRejected
	promiseReactionJob

Additional context

No response

gormlabenz avatar Feb 13 '23 11:02 gormlabenz

I have the same problem

scope:

{
    "$TEMP/AMCL",
    "$TEMP/AMCL/**"
}

code:

const tempDir = await resolve(await tempdir(), 'AMCL')
if (!(await exists(tempDir))) await createDir(tempDir)

error:

Uncaught (in promise) path not allowed on the configured scope: C:\Users\zhenxin\AppData\Local\Temp\AMCL

tauri info:

Environment
  › OS: Windows 10.0.22621 X64
  › Webview2: 110.0.1587.56
  › MSVC: 
      - Visual Studio ���ɹ��� 2022
  › Node.js: 18.13.0
  › npm: Not installed!
  › pnpm: 7.27.1
  › yarn: Not installed!
  › rustup: 1.25.2
  › rustc: 1.67.1
  › cargo: 1.67.1
  › Rust toolchain: stable-x86_64-pc-windows-msvc 

Packages
  › @tauri-apps/cli [NPM]: 1.2.3
  › @tauri-apps/api [NPM]: tauri-apps
  › tauri [RUST]: 1.2.4,
  › tauri-build [RUST]: 1.2.1,
  › tao [RUST]: 0.15.8,
  › wry [RUST]: 0.23.4,

App
  › framework: Vue.js
  › bundler: Vite

App directory structure
  ├─ .git
  ├─ .github
  ├─ .vscode
  ├─ dist
  ├─ node_modules
  ├─ public
  ├─ scripts
  ├─ src
  └─ src-tauri

RealHeart avatar Feb 28 '23 03:02 RealHeart

I'm sure the problem happens because on MacO std::env::temp_dir() returns path starting with /var, but /var is a symbolic link to /private/var. I took a look at the source code and I don't see any canonicalization of paths parsed from config. But we canonicalize paths received from API. The tokenizer then compares /var/... to /private/var/.., which of course is not a match. Can someone confirm whether the /var is always a symlink? If so, should it canonicalize every path parsed from the configuration, or just TEMP? I was facing the same issue so I can try to fix this bug, if someone confirms the /var symlink.

korneliuszw avatar Mar 31 '23 20:03 korneliuszw

I have the same issue on windows.

None of the following work only wildcard does.

      "fs": {
        "readFile": true,
        "writeFile": true,
        "createDir": true,
        "exists": true,
        "scope": [
          "$TEMP/**/*",
          "$TEMP/**"
        ]
      }
// example code that throws error
    import { tempdir } from '@tauri-apps/api/os';
    import { getName } from '@tauri-apps/api/app';
    import { createDir } from "@tauri-apps/api/fs";
    const tmpDir:string = await tempdir();
    const appName:string = await getName();
    const tmpDirPath:string = await join(tmpDir, appName);
    await createDir(tmpDirPath);
     
     path not allowed on the configured scope: C:\Users\my_user\AppData\Local\Temp\appName

Is there atleast a workournd for this other than using wildcard and exposing the whole filesystem?

MagicMajky avatar Sep 20 '23 15:09 MagicMajky

I am using macOS as well, and the same issue is troubling me.

A-afflatus avatar Mar 08 '24 08:03 A-afflatus

Also ran into this trying to write a temp file:

await fs.writeBinaryFile(name, contents, {
  dir: fs.BaseDirectory.Temp,
});

Gives

[2024-04-18][06:16:23][ERROR][log@http://localhost:1420/node_modules/.cache/.vite/deps/tauri-plugin-log.js:18:20] [ChatInput] Failed to write file path not allowed on the configured scope: /var/folders/y1/960q4z0x7h992hvtm995pk9w0000gn/T/Screenshot 2024-04-12 at 20.17.34.png

Any idea if this can be patched?

ospfranco avatar Apr 18 '24 06:04 ospfranco

Confirmed on mac OS 14.3.1, /var is linked to private/var.

image

0x-jerry avatar Apr 25 '24 06:04 0x-jerry

Take a look at the source code

https://github.com/tauri-apps/tauri/blob/caddd5bdd877e587e6d1a2787cba96d435549ad3/core/tauri/src/scope/fs.rs#L68-L85

When adding a permission pattern, it will try to canonicalize the path only on Windows.

https://github.com/tauri-apps/tauri/blob/caddd5bdd877e587e6d1a2787cba96d435549ad3/core/tauri/src/scope/fs.rs#L229-L236

When checking permissions, the first time called writeFile will work, because the file does not exist, it will check the path directly, but when calling writeFile again with the same path, because the file exists, it will canonicalize the path then checking the canonicalized path, which doesn't work.

0x-jerry avatar Apr 25 '24 08:04 0x-jerry