New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plugins #2216

Open
MarshallOfSound opened this Issue Feb 8, 2017 · 15 comments

Comments

Projects
None yet
7 participants
@MarshallOfSound
Copy link
Owner

MarshallOfSound commented Feb 8, 2017

Generic todo for implementing a plugin mechanism

Initial concept is plugins must be a single js file, this JS file can require node.js built-ins but not any relative paths. Plugins must be whitelisted to be installed into GPMDP, we will maintain this whitelist in a separate repository and it will be automatically deployed to some url https://plugins.gpmdp.xyz or similar every time it is changed. This plugin whitelist will then be downloaded lazily during startup of GPMDP. This minimizes the risk of allowing plugins onto our users machines.

  • Install plugins from remote URL
    • Whitelist of plugins maintained by us
    • SHA hashes of plugins in the whitelist used to validate plugins
    • Plugin downloaded to AppData / Config directories cross platform
  • Running plugins
    • Fully sandboxed environment, no access to GPM or personal data
      • Full Node.JS access
      • No Electron API access
      • No access to unsafe globals like process and global
      • Can't require relative paths
    • Plugins can be restarted / stopped / installed / uninstalled from a control panel during runtime without restart
    • Errors / crashes go to gpmdp.log to be included in error reports
  • Plugin API
    • Settings Storage API
    • GMusic.JS API
    • GMusic.JS Events
    • Plugin Settings API (used to render a settings UI somewhere)

WIP

Potential Plugins (I am not saying these will be made, they are here for ideas / documentation purposes)

  • Share current song as youtube video #2215
  • Modify current title of window #2206
  • Automatically skip disliked songs #2211
  • Pause / Unpause on screen lock / screensaver #2579
@sirkuttin

This comment has been minimized.

Copy link

sirkuttin commented Feb 13, 2017

Will this include VST or winamp plugins?

@jostrander

This comment has been minimized.

Copy link
Collaborator

jostrander commented Feb 13, 2017

Probably not, unfortunately they are a different type of plugin.

@EBH602

This comment has been minimized.

Copy link

EBH602 commented Feb 14, 2017

@jostrander through this "plugin" method will the visualizer be able to come to fruition or not yet at this stage?

@jostrander

This comment has been minimized.

Copy link
Collaborator

jostrander commented Feb 14, 2017

It's very possible that's something that could be done, yes. You still have to deal with the original issue somehow though.

@ghost

This comment has been minimized.

Copy link

ghost commented Feb 27, 2017

I assume it will be possible for plugins to be developed & loaded locally without bothering with the whitelist?

@MarshallOfSound

This comment has been minimized.

Copy link
Owner

MarshallOfSound commented Feb 27, 2017

@r04r Yes, when launched in the top secret dev mode you will be able to install plugins locally for development purposes. The whitelist is just to protect normal users 👍

@udnaan

This comment has been minimized.

Copy link

udnaan commented Mar 8, 2017

While you are at it, it would be great to have the ability to create a custom window and to register a global hotkey by a plugin.

For instance, song jump list with a CMD+J or such similar to winamp.

@MarshallOfSound

This comment has been minimized.

Copy link
Owner

MarshallOfSound commented Mar 9, 2017

@udnaan There's a limit to the API's I am willing to provide in the interest of user safety, opening windows would be a big risk, though mitigated by the white list for plugins.

Will have to think about it when I get back to this implementation 👍

@udnaan

This comment has been minimized.

Copy link

udnaan commented Mar 9, 2017

I don't see any direct security risk associated with a window.

But ofc, it's your project, your rules.

Cheers

@MarshallOfSound

This comment has been minimized.

Copy link
Owner

MarshallOfSound commented Mar 9, 2017

@udnaan The scenario I was imaging was a user opening a BrowserWindow pointing to a fake google login site 👍 (Or other such nasty trick). Just thinking of user safety

@udnaan

This comment has been minimized.

Copy link

udnaan commented Mar 9, 2017

Ah. That makes sense. Perhaps if an opened window always has a yellow bar with the disclaimer that it's not a login window if it is opened by a plugin.

I wouldn't care too much about appearance if such a disclaimer was displayed.
My use case is that I want the ability to press a global hotkey and type a song name + enter. It has to be without using mouse or having to shift attention by using multiple keys + track focus on controls.

@ghost

This comment has been minimized.

Copy link

ghost commented Mar 10, 2017

I don't really see problems with unsafe plugins in an installed application. The sandbox will likely not be perfect (no value judgement, it's just that sandboxes generally never are) so the security is not absolute anyway. Useful plugins written by trusted developers seem more valuable to me than obsessing over exploits in plugins.

Realistically speaking if I can get a user to install a plugin for this, I can also get them to download an .exe guised as the plugin installer.

@thisispiers

This comment has been minimized.

Copy link

thisispiers commented Apr 21, 2017

I would love a plugin (or feature) that allowed for offline caching just like the official mobile app versions.

@MarshallOfSound

This comment has been minimized.

Copy link
Owner

MarshallOfSound commented Apr 21, 2017

@thisispiers That's simply not possible, either technically or legally :)

(Afaik)

@dragonshardz

This comment has been minimized.

Copy link

dragonshardz commented Jul 9, 2017

Since this is kind of a broad plugin wishlist, maybe a Rainmeter plugin? While the JSON output works well enough with the LUA script-based Rainmeter skin floating around on the internet, I've noticed recently that it isn't reliably grabbing the current time of a song anymore.

Specifically, this would be a plugin for Rainmeter that is able to directly communicate with GMPDP to get artist, track, album, song length, current position, and album art for use in Rainmeter skins alongside the existing foobar2k, winamp, spotify, etc. plugins.

E: I suppose the last.fm scrobbling support and/or websocket work just as well, though I'm not sure how well or even if Rainmeter can read from a websocket. Probably a question for r/rainmeter, to be honest.

E2: Looks like a full-featured plugin already exists: https://github.com/tjhrulz/GPMDP-Plugin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment