tauri-apps
diff --git a/‎.changes/isolation-pattern.md‎
Lines changed: 7 additions & 0 deletions b/‎.changes/isolation-pattern.md‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.changes/rust-1.57.md‎
Lines changed: 5 additions & 0 deletions b/‎.changes/rust-1.57.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion b/‎Cargo.toml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎core/tauri-build/Cargo.toml‎
Lines changed: 2 additions & 1 deletion b/‎core/tauri-build/Cargo.toml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎core/tauri-build/src/codegen/context.rs‎
Lines changed: 3 additions & 0 deletions b/‎core/tauri-build/src/codegen/context.rs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎core/tauri-build/src/lib.rs‎
Lines changed: 3 additions & 0 deletions b/‎core/tauri-build/src/lib.rs‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎core/tauri-codegen/Cargo.toml‎
Lines changed: 3 additions & 1 deletion b/‎core/tauri-codegen/Cargo.toml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎core/tauri-codegen/src/context.rs‎
Lines changed: 115 additions & 7 deletions b/‎core/tauri-codegen/src/context.rs‎
Lines changed: 115 additions & 7 deletions
@@ -0,0 +1,7 @@
+---
+"tauri": patch
+"tauri-utils": patch
+"tauri-codegen": patch
+---
+
+Added the `isolation` pattern.
@@ -0,0 +1,5 @@
+---
+"tauri": patch
+---
+
+The minimum Rust version is now 1.57.
@@ -14,7 +14,8 @@ exclude = [
   "examples/api/src-tauri",
   "examples/updater/src-tauri",
   "examples/resources/src-tauri",
-  "examples/sidecar/src-tauri"
+  "examples/sidecar/src-tauri",
+  "examples/isolation/src-tauri"
 ]
 
 # default to small, optimized workspace release binaries
 
@@ -8,7 +8,7 @@ homepage = "https://tauri.studio"
 repository = "https://github.com/tauri-apps/tauri/tree/dev/core/tauri-build"
 description = "build time code to pair with https://crates.io/crates/tauri"
 edition = "2021"
-rust-version = "1.56"
+rust-version = "1.57"
 exclude = [ ".license_template", "CHANGELOG.md", "/target" ]
 readme = "README.md"
 
@@ -29,3 +29,4 @@ winres = "0.1"
 
 [features]
 codegen = [ "tauri-codegen", "quote" ]
+isolation = ["tauri-codegen/isolation", "tauri-utils/isolation"]
@@ -42,6 +42,7 @@ impl CodegenContext {
   /// This defaults to a file called `tauri.conf.json` inside of the current working directory of
   /// the package compiling; does not need to be set manually if that config file is in the same
   /// directory as your `Cargo.toml`.
+  #[must_use]
   pub fn config_path(mut self, config_path: impl Into<PathBuf>) -> Self {
     self.config_path = config_path.into();
     self
@@ -58,13 +59,15 @@ impl CodegenContext {
   /// Defaults to `tauri-build-context.rs`.
   ///
   /// [`tauri::include_codegen_context!`]: https://docs.rs/tauri/0.12/tauri/macro.include_codegen_context.html
+  #[must_use]
   pub fn out_file(mut self, filename: PathBuf) -> Self {
     self.out_file = filename;
     self
   }
 
   /// Run the codegen in a `dev` context, meaning that Tauri is using a dev server or local file for development purposes,
   /// usually with the `tauri dev` CLI command.
+  #[must_use]
   pub fn dev(mut self) -> Self {
     self.dev = true;
     self
 
@@ -43,13 +43,15 @@ impl WindowsAttributes {
 
   /// Sets the icon to use on the window. Currently only used on Windows.
   /// It must be in `ico` format. Defaults to `icons/icon.ico`.
+  #[must_use]
   pub fn window_icon_path<P: AsRef<Path>>(mut self, window_icon_path: P) -> Self {
     self.window_icon_path = window_icon_path.as_ref().into();
     self
   }
 
   /// Sets the sdk dir for windows. Currently only used on Windows. This must be a vaild UTF-8
   /// path. Defaults to whatever the `winres` crate determines is best.
+  #[must_use]
   pub fn sdk_dir<P: AsRef<Path>>(mut self, sdk_dir: P) -> Self {
     self.sdk_dir = Some(sdk_dir.as_ref().into());
     self
@@ -70,6 +72,7 @@ impl Attributes {
   }
 
   /// Sets the icon to use on the window. Currently only used on Windows.
+  #[must_use]
   pub fn windows_attributes(mut self, windows_attributes: WindowsAttributes) -> Self {
     self.windows_attributes = windows_attributes;
     self
 
@@ -8,7 +8,7 @@ homepage = "https://tauri.studio"
 repository = "https://github.com/tauri-apps/tauri/tree/dev/core/tauri-codegen"
 description = "code generation meant to be consumed inside of `tauri` through `tauri-build` or `tauri-macros`"
 edition = "2021"
-rust-version = "1.56"
+rust-version = "1.57"
 exclude = [ ".license_template", "CHANGELOG.md", "/target" ]
 readme = "README.md"
 
@@ -25,7 +25,9 @@ thiserror = "1"
 walkdir = "2"
 zstd = { version = "0.9", optional = true }
 regex = "1"
+uuid = { version = "0.8", features = [ "v4" ] }
 
 [features]
 default = [ "compression" ]
 compression = [ "zstd", "tauri-utils/compression" ]
+isolation = ["tauri-utils/isolation"]
@@ -2,11 +2,18 @@
 // SPDX-License-Identifier: Apache-2.0
 // SPDX-License-Identifier: MIT
 
-use crate::embedded_assets::{AssetOptions, EmbeddedAssets, EmbeddedAssetsError};
+use std::ffi::OsStr;
+use std::path::{Path, PathBuf};
+
 use proc_macro2::TokenStream;
 use quote::quote;
-use std::path::{Path, PathBuf};
-use tauri_utils::config::{AppUrl, Config, WindowUrl};
+use sha2::{Digest, Sha256};
+
+use tauri_utils::assets::AssetKey;
+use tauri_utils::config::{AppUrl, Config, PatternKind, WindowUrl};
+use tauri_utils::html::{inject_nonce_token, parse as parse_html, NodeRef, PatternObject};
+
+use crate::embedded_assets::{AssetOptions, CspHashes, EmbeddedAssets, EmbeddedAssetsError};
 
 /// Necessary data needed by [`context_codegen`] to generate code for a Tauri application context.
 pub struct ContextData {
@@ -16,6 +23,81 @@ pub struct ContextData {
   pub root: TokenStream,
 }
 
+fn load_csp(document: &mut NodeRef, key: &AssetKey, csp_hashes: &mut CspHashes) {
+  #[cfg(target_os = "linux")]
+  ::tauri_utils::html::inject_csp_token(document);
+  inject_nonce_token(document);
+  if let Ok(inline_script_elements) = document.select("script:not(empty)") {
+    let mut scripts = Vec::new();
+    for inline_script_el in inline_script_elements {
+      let script = inline_script_el.as_node().text_contents();
+      let mut hasher = Sha256::new();
+      hasher.update(&script);
+      let hash = hasher.finalize();
+      scripts.push(format!("'sha256-{}'", base64::encode(&hash)));
+    }
+    csp_hashes
+      .inline_scripts
+      .entry(key.clone().into())
+      .or_default()
+      .append(&mut scripts);
+  }
+}
+
+fn map_core_assets(
+  options: &AssetOptions,
+) -> impl Fn(&AssetKey, &Path, &mut Vec<u8>, &mut CspHashes) -> Result<(), EmbeddedAssetsError> {
+  #[allow(unused_variables)]
+  let pattern = PatternObject::from(&options.pattern);
+  let csp = options.csp;
+  move |key, path, input, csp_hashes| {
+    if path.extension() == Some(OsStr::new("html")) {
+      let mut document = parse_html(String::from_utf8_lossy(input).into_owned());
+
+      if csp {
+        load_csp(&mut document, key, csp_hashes);
+
+        #[cfg(feature = "isolation")]
+        if let PatternObject::Isolation { .. } = &pattern {
+          // create the csp for the isolation iframe styling now, to make the runtime less complex
+          let mut hasher = Sha256::new();
+          hasher.update(tauri_utils::pattern::isolation::IFRAME_STYLE);
+          let hash = hasher.finalize();
+          csp_hashes
+            .styles
+            .push(format!("'sha256-{}'", base64::encode(&hash)));
+        }
+      }
+
+      *input = document.to_string().as_bytes().to_vec();
+    }
+    Ok(())
+  }
+}
+
+#[cfg(feature = "isolation")]
+fn map_isolation(
+  _options: &AssetOptions,
+  dir: PathBuf,
+) -> impl Fn(&AssetKey, &Path, &mut Vec<u8>, &mut CspHashes) -> Result<(), EmbeddedAssetsError> {
+  move |_key, path, input, _csp_hashes| {
+    if path.extension() == Some(OsStr::new("html")) {
+      let mut isolation_html =
+        tauri_utils::html::parse(String::from_utf8_lossy(input).into_owned());
+
+      // this is appended, so no need to reverse order it
+      tauri_utils::html::inject_codegen_isolation_script(&mut isolation_html);
+
+      // temporary workaround for windows not loading assets
+      tauri_utils::html::inline_isolation(&mut isolation_html, &dir);
+
+      *input = isolation_html.to_string().as_bytes().to_vec()
+    }
+
+    Ok(())
+  }
+}
+
 /// Build a `tauri::Context` for including in application code.
 pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsError> {
   let ContextData {
@@ -25,7 +107,8 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
     root,
   } = data;
 
-  let mut options = AssetOptions::new();
+  let mut options = AssetOptions::new(config.tauri.pattern.clone())
+    .freeze_prototype(config.tauri.security.freeze_prototype);
   let csp = if dev {
     config
       .tauri
@@ -64,7 +147,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
             path
           )
         }
-        EmbeddedAssets::new(assets_path, options)?
+        EmbeddedAssets::new(assets_path, map_core_assets(&options))?
       }
       _ => unimplemented!(),
     },
@@ -73,7 +156,7 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
         .iter()
         .map(|p| config_parent.join(p))
         .collect::<Vec<_>>(),
-      options,
+      map_core_assets(&options),
     )?,
     _ => unimplemented!(),
   };
@@ -180,14 +263,39 @@ pub fn context_codegen(data: ContextData) -> Result<TokenStream, EmbeddedAssetsE
   #[cfg(not(target_os = "macos"))]
   let info_plist = quote!(());
 
-  // double braces are purposeful to force the code into a block expression
+  let pattern = match &options.pattern {
+    PatternKind::Brownfield => quote!(#root::Pattern::Brownfield(std::marker::PhantomData)),
+    #[cfg(feature = "isolation")]
+    PatternKind::Isolation { dir } => {
+      let dir = config_parent.join(dir);
+      if !dir.exists() {
+        panic!(
+          "The isolation dir configuration is set to `{:?}` but this path doesn't exist",
+          dir
+        )
+      }
+
+      let key = uuid::Uuid::new_v4().to_string();
+      let assets = EmbeddedAssets::new(dir.clone(), map_isolation(&options, dir))?;
+      let schema = options.isolation_schema;
+
+      quote!(#root::Pattern::Isolation {
+        assets: ::std::sync::Arc::new(#assets),
+        schema: #schema.into(),
+        key: #key.into(),
+        crypto_keys: std::boxed::Box::new(::tauri::utils::pattern::isolation::Keys::new().expect("unable to generate cryptographically secure keys for Tauri \"Isolation\" Pattern")),
+      })
+    }
+  };
+
   Ok(quote!(#root::Context::new(
     #config,
     ::std::sync::Arc::new(#assets),
     #default_window_icon,
     #system_tray_icon,
     #package_info,
     #info_plist,
+    #pattern
   )))
 }
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"tauri": patch
 +---
++
 +The minimum Rust version is now 1.57.
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,8 @@ exclude = [`
`14`	`14`	`"examples/api/src-tauri",`
`15`	`15`	`"examples/updater/src-tauri",`
`16`	`16`	`"examples/resources/src-tauri",`
`17`		`- "examples/sidecar/src-tauri"`
	`17`	`+ "examples/sidecar/src-tauri",`
	`18`	`+ "examples/isolation/src-tauri"`
`18`	`19`	`]`
`19`	`20`
`20`	`21`	`# default to small, optimized workspace release binaries`