Add plugin permissions and IO API

docs/plugin-info.schema.json

@@ -44,6 +44,19 @@
       "description": "A small description of your license.",
       "examples": ["MIT", "GPL-2.0-or-later"]
     },
+    "permissions": {
+        "type": "array",
+        "description": "The permissions the plugin needs to work.",
+        "items": {
+            "type": "object",
+            "properties": {
+                "type": {
+                    "type": "string",
+                    "examples": ["FilesystemRead", "FilesystemWrite"]
+                }
+            }
+        }
+    },
     "$schema": { "type": "string" }
   },
   "required": ["name", "description", "authors", "version", "license"]

src/CMakeLists.txt

@@ -223,8 +223,12 @@ set(SOURCE_FILES
 
         controllers/plugins/api/ChannelRef.cpp
         controllers/plugins/api/ChannelRef.hpp
+        controllers/plugins/api/IOWrapper.cpp
+        controllers/plugins/api/IOWrapper.hpp
         controllers/plugins/LuaAPI.cpp
         controllers/plugins/LuaAPI.hpp
+        controllers/plugins/PluginPermission.cpp
+        controllers/plugins/PluginPermission.hpp
         controllers/plugins/Plugin.cpp
         controllers/plugins/Plugin.hpp
         controllers/plugins/PluginController.hpp

src/controllers/plugins/LuaUtilities.hpp

@@ -291,14 +291,11 @@ bool pop(lua_State *L, T *out, StackIdx idx = -1)
 {
     StackGuard guard(L, -1);
     auto ok = peek(L, out, idx);
-    if (ok)
+    if (idx < 0)
     {
-        if (idx < 0)
-        {
-            idx = lua_gettop(L) + idx + 1;
-        }
-        lua_remove(L, idx);
+        idx = lua_gettop(L) + idx + 1;
     }
+    lua_remove(L, idx);
     return ok;
 }
 

src/controllers/plugins/Plugin.cpp

@@ -9,6 +9,7 @@
 #    include <QJsonArray>
 #    include <QJsonObject>
 
+#    include <algorithm>
 #    include <unordered_map>
 #    include <unordered_set>
 
@@ -111,6 +112,45 @@ PluginMeta::PluginMeta(const QJsonObject &obj)
             QString("version is not a string (its type is %1)").arg(type));
         this->version = semver::version(0, 0, 0);
     }
+    auto permsObj = obj.value("permissions");
+    if (!permsObj.isUndefined())
+    {
+        if (!permsObj.isArray())
+        {
+            QString type = magic_enum::enum_name(permsObj.type()).data();
+            this->errors.emplace_back(
+                QString("permissions is not an array (its type is %1)")
+                    .arg(type));
+            return;
+        }
+
+        auto permsArr = permsObj.toArray();
+        for (int i = 0; i < permsArr.size(); i++)
+        {
+            const auto &t = permsArr.at(i);
+            if (!t.isObject())
+            {
+                QString type = magic_enum::enum_name(t.type()).data();
+                this->errors.push_back(QString("permissions element #%1 is not "
+                                               "an object (its type is %2)")
+                                           .arg(i)
+                                           .arg(type));
+                return;
+            }
+            auto parsed = PluginPermission(t.toObject());
+            for (const auto &err : parsed.errors)
+            {
+                this->errors.push_back(
+                    QString("permissions element #%1: %2").arg(i).arg(err));
+            }
+            if (parsed.errors.empty())
+            {
+                // ensure no invalid permissions slip through this
+                this->permissions.push_back(parsed);
+            }
+        }
+    }
+
     auto tagsObj = obj.value("tags");
     if (!tagsObj.isUndefined())
     {
@@ -201,5 +241,22 @@ void Plugin::removeTimeout(QTimer *timer)
     }
 }
 
+bool Plugin::hasFSPermissionFor(bool write, const QString &path)
+{
+    auto canon = QUrl(this->loadDirectory().absolutePath() + "/");
+    if (!canon.isParentOf(path))
+    {
+        return false;
+    }
+
+    using PType = PluginPermission::Type;
+    auto typ = write ? PType::FilesystemWrite : PType::FilesystemRead;
+
+    return std::ranges::any_of(this->meta.permissions,
+                               [typ](const auto &p) -> bool {
+                                   return p.type == typ;
+                               });
+}
+
 }  // namespace chatterino
 #endif

src/controllers/plugins/Plugin.hpp

@@ -4,6 +4,7 @@
 #    include "Application.hpp"
 #    include "controllers/plugins/LuaAPI.hpp"
 #    include "controllers/plugins/LuaUtilities.hpp"
+#    include "controllers/plugins/PluginPermission.hpp"
 
 #    include <QDir>
 #    include <QString>
@@ -42,6 +43,8 @@ struct PluginMeta {
     // optionally tags that might help in searching for the plugin
     std::vector<QString> tags;
 
+    std::vector<PluginPermission> permissions;
+
     // errors that occurred while parsing info.json
     std::vector<QString> errors;
 
@@ -88,6 +91,11 @@ class Plugin
         return this->loadDirectory_;
     }
 
+    QDir dataDirectory() const
+    {
+        return this->loadDirectory_.absoluteFilePath("data");
+    }
+
     // Note: The CallbackFunction object's destructor will remove the function from the lua stack
     using LuaCompletionCallback =
         lua::CallbackFunction<lua::api::CompletionList, QString, QString, int,
@@ -130,6 +138,8 @@ class Plugin
     int addTimeout(QTimer *timer);
     void removeTimeout(QTimer *timer);
 
+    bool hasFSPermissionFor(bool write, const QString &path);
+
 private:
     QDir loadDirectory_;
     lua_State *state_;

src/controllers/plugins/PluginController.cpp

@@ -7,6 +7,7 @@
 #    include "controllers/commands/CommandContext.hpp"
 #    include "controllers/commands/CommandController.hpp"
 #    include "controllers/plugins/api/ChannelRef.hpp"
+#    include "controllers/plugins/api/IOWrapper.hpp"
 #    include "controllers/plugins/LuaAPI.hpp"
 #    include "controllers/plugins/LuaUtilities.hpp"
 #    include "messages/MessageBuilder.hpp"
@@ -140,6 +141,8 @@ void PluginController::openLibrariesFor(lua_State *L, const PluginMeta &meta,
         luaL_requiref(L, reg.name, reg.func, int(true));
         lua_pop(L, 1);
     }
+    luaL_requiref(L, LUA_IOLIBNAME, luaopen_io, int(false));
+    lua_setfield(L, LUA_REGISTRYINDEX, lua::api::REG_REAL_IO_NAME);
 
     // NOLINTNEXTLINE(*-avoid-c-arrays)
     static const luaL_Reg c2Lib[] = {
@@ -234,8 +237,51 @@ void PluginController::openLibrariesFor(lua_State *L, const PluginMeta &meta,
     lua::push(L, QString(pluginDir.absolutePath()));
     lua_pushcclosure(L, lua::api::searcherAbsolute, 1);
     lua_seti(L, -2, 3);
+    lua_pop(L, 2);  // remove package, package.searchers
 
-    lua_pop(L, 3);  // remove gtable, package, package.searchers
+    // NOLINTNEXTLINE(*-avoid-c-arrays)
+    static const luaL_Reg ioLib[] = {
+        {"close", lua::api::io_close},
+        {"flush", lua::api::io_flush},
+        {"input", lua::api::io_input},
+        {"lines", lua::api::io_lines},
+        {"open", lua::api::io_open},
+        {"output", lua::api::io_output},
+        {"read", lua::api::io_read},
+        {"write", lua::api::io_write},
+        // type = realio.type
+        {nullptr, nullptr},
+    };
+    // TODO: io.popen stub
+    auto iolibIdx = lua::pushEmptyTable(L, 1);
+    luaL_setfuncs(L, ioLib, 0);
+
+    // set ourio.type = realio.type
+    lua_pushvalue(L, iolibIdx);
+    lua_getfield(L, LUA_REGISTRYINDEX, lua::api::REG_REAL_IO_NAME);
+    lua_getfield(L, -1, "type");
+    lua_remove(L, -2);  // remove realio
+    lua_setfield(L, iolibIdx, "type");
+    lua_pop(L, 1);  // still have iolib on top of stack
+
+    lua_pushvalue(L, iolibIdx);
+    lua_setfield(L, gtable, "io");
+
+    lua_pushvalue(L, iolibIdx);
+    lua_setfield(L, LUA_REGISTRYINDEX, lua::api::REG_C2_IO_NAME);
+
+    luaL_getsubtable(L, LUA_REGISTRYINDEX, LUA_LOADED_TABLE);
+    lua_pushvalue(L, iolibIdx);
+    lua_setfield(L, -2, "io");
+
+    lua_pop(L, 3);  // remove gtable, iolib, LOADED
+
+    // Don't give plugins the option to shit into our stdio
+    lua_pushnil(L);
+    lua_setfield(L, LUA_REGISTRYINDEX, "_IO_input");
+
+    lua_pushnil(L);
+    lua_setfield(L, LUA_REGISTRYINDEX, "_IO_output");
 }
 
 void PluginController::load(const QFileInfo &index, const QDir &pluginDir,
@@ -263,6 +309,8 @@ void PluginController::load(const QFileInfo &index, const QDir &pluginDir,
                                << meta.name << ") because it is disabled";
         return;
     }
+    temp->dataDirectory().mkpath(".");
+
     qCDebug(chatterinoLua) << "Running lua file:" << index;
     int err = luaL_dofile(l, index.absoluteFilePath().toStdString().c_str());
     if (err != 0)

src/controllers/plugins/PluginPermission.cpp

@@ -0,0 +1,45 @@
+#ifdef CHATTERINO_HAVE_PLUGINS
+#    include "controllers/plugins/PluginPermission.hpp"
+
+#    include <magic_enum/magic_enum.hpp>
+#    include <QJsonObject>
+
+namespace chatterino {
+
+PluginPermission::PluginPermission(const QJsonObject &obj)
+{
+    auto jsontype = obj.value("type");
+    if (!jsontype.isString())
+    {
+        QString tn = magic_enum::enum_name(jsontype.type()).data();
+        this->errors.emplace_back(QString("permission type is defined but is "
+                                          "not a string (its type is %1)")
+                                      .arg(tn));
+    }
+    auto strtype = jsontype.toString().toStdString();
+    auto opt = magic_enum::enum_cast<PluginPermission::Type>(
+        strtype, magic_enum::case_insensitive);
+    if (!opt.has_value())
+    {
+        this->errors.emplace_back(QString("permission type is an unknown (%1)")
+                                      .arg(jsontype.toString()));
+        return;  // There is no more data to get, we don't know what to do
+    }
+    this->type = opt.value();
+}
+
+QString PluginPermission::toHtmlEscaped() const
+{
+    switch (this->type)
+    {
+        case PluginPermission::Type::FilesystemRead:
+            return "In its data directory.";
+        case PluginPermission::Type::FilesystemWrite:
+            return "Write to or create files in its data directory";
+        default:
+            assert(false && "invalid PluginPermission type in toString()");
+    }
+}
+
+}  // namespace chatterino
+#endif

src/controllers/plugins/PluginPermission.hpp

@@ -0,0 +1,27 @@
+#pragma once
+#ifdef CHATTERINO_HAVE_PLUGINS
+
+#    include <vector>
+
+namespace chatterino {
+
+struct PluginPermission {
+    enum class Type {
+        FilesystemRead,
+        FilesystemWrite,
+    };
+    Type type;
+
+    std::vector<QString> errors;
+
+    bool isValid() const
+    {
+        return this->errors.empty();
+    }
+    QString toHtmlEscaped() const;
+
+    explicit PluginPermission(const QJsonObject &obj);
+};
+
+}  // namespace chatterino
+#endif