Merge pull request Expensify#70833 from ShridharGoel/desktopLocation

Fetch macOS native location permission to improve user experience

Author: carlosmiceli

.github/workflows/deploy.yml

@@ -298,6 +298,15 @@ jobs:
         with:
           IS_DESKTOP_BUILD: true
 
+      - name: Setup Python for node-gyp
+        id: setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Ensure setuptools for node-gyp
+        run: python -m pip install --upgrade pip setuptools
+
       - name: Load Desktop credentials from 1Password
         id: load-credentials
         # v2
@@ -321,6 +330,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           GCP_GEOLOCATION_API_KEY: ${{ secrets.GCP_GEOLOCATION_API_KEY_PRODUCTION }}
           S3_BUCKET: ${{ github.ref == 'refs/heads/production' && vars.PRODUCTION_S3_BUCKET || vars.STAGING_S3_BUCKET }}
+          PYTHON: ${{ steps.setup-python.outputs.python-path }}
 
       - name: Upload desktop sourcemaps artifact
         # v4

.github/workflows/testBuild.yml

@@ -185,6 +185,15 @@ jobs:
         with:
           IS_DESKTOP_BUILD: true
 
+      - name: Setup python for node-gyp
+        id: setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Ensure setuptools for node-gyp
+        run: python -m pip install --upgrade pip setuptools
+
       - name: Load Desktop credentials from 1Password
         id: load-credentials
         # v2
@@ -215,6 +224,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           GCP_GEOLOCATION_API_KEY: ${{ secrets.GCP_GEOLOCATION_API_KEY_STAGING }}
+          PYTHON: ${{ steps.setup-python.outputs.python-path }}
 
   web:
     name: Build and deploy Web

config/electronBuilder.config.js

@@ -47,6 +47,7 @@ module.exports = {
     extraMetadata: {
         version,
     },
+    asarUnpack: ['**/node-mac-permissions/bin/**'],
     mac: {
         category: 'public.app-category.finance',
         icon: macIcon[process.env.ELECTRON_ENV],
@@ -60,8 +61,11 @@ module.exports = {
                 arch: ['universal'],
             },
         ],
+        x64ArchFiles: '**/node_modules/node-mac-permissions/bin/**',
         extendInfo: {
             CFBundleIconName: getMacBundleIconName(),
+            NSLocationWhenInUseUsageDescription: 'This app uses location to help you track distance expenses.',
+            NSLocationUsageDescription: 'This app uses location to help you track distance expenses.',
         },
     },
     dmg: {

config/webpack/webpack.desktop.ts

@@ -2,7 +2,7 @@ import path from 'path';
 import type {Configuration} from 'webpack';
 import webpack from 'webpack';
 // eslint-disable-next-line @dword-design/import-alias/prefer-alias, import/no-relative-packages -- alias imports don't work for webpack
-import {dependencies as desktopDependencies} from '../../desktop/package.json';
+import {dependencies as desktopDependencies, optionalDependencies as desktopOptionalDependencies} from '../../desktop/package.json';
 import type Environment from './types';
 import getCommonConfiguration from './webpack.common';
 
@@ -38,7 +38,7 @@ const getConfiguration = (environment: Environment): Configuration[] => {
         },
         resolve: rendererConfig.resolve,
         plugins: [definePlugin],
-        externals: [...Object.keys(desktopDependencies), 'fsevents'],
+        externals: [...Object.keys(desktopDependencies), ...Object.keys(desktopOptionalDependencies), 'fsevents'],
         node: {
             /**
              * Disables webpack processing of __dirname and __filename, so it works like in node

desktop/ELECTRON_EVENTS.ts

@@ -15,6 +15,7 @@ const ELECTRON_EVENTS = {
     DOWNLOAD_CANCELED: 'download-canceled',
     SILENT_UPDATE: 'silent-update',
     OPEN_LOCATION_SETTING: 'open-location-setting',
+    CHECK_LOCATION_PERMISSION: 'check-location-permission',
 } as const;
 
 export default ELECTRON_EVENTS;

desktop/contextBridge.ts

@@ -19,6 +19,7 @@ const WHITELIST_CHANNELS_RENDERER_TO_MAIN = [
     ELECTRON_EVENTS.DOWNLOAD,
     ELECTRON_EVENTS.SILENT_UPDATE,
     ELECTRON_EVENTS.OPEN_LOCATION_SETTING,
+    ELECTRON_EVENTS.CHECK_LOCATION_PERMISSION,
 ] as const;
 
 const WHITELIST_CHANNELS_MAIN_TO_RENDERER = [

desktop/entitlements.mac.plist

@@ -6,5 +6,7 @@
     <true/>
     <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
     <true/>
+    <key>com.apple.security.location</key>
+    <true/>
   </dict>
 </plist>

desktop/main.ts

@@ -1,10 +1,11 @@
 import {exec} from 'child_process';
-import {app, BrowserWindow, clipboard, dialog, ipcMain, Menu, shell} from 'electron';
 import type {BaseWindow, BrowserView, MenuItem, MenuItemConstructorOptions, WebContents, WebviewTag} from 'electron';
+import {app, BrowserWindow, clipboard, dialog, ipcMain, Menu, shell} from 'electron';
 import contextMenu from 'electron-context-menu';
-import log from 'electron-log';
 import type {ElectronLog} from 'electron-log';
+import log from 'electron-log';
 import {autoUpdater} from 'electron-updater';
+import type {AuthType, PermissionType} from 'node-mac-permissions';
 import {machineId} from 'node-machine-id';
 import checkForUpdates from '@libs/checkForUpdates';
 import {translate} from '@libs/Localize';
@@ -24,6 +25,19 @@ const createDownloadQueue = require<CreateDownloadQueueModule>('./createDownload
 const port = process.env.PORT ?? 8082;
 const {DESKTOP_SHORTCUT_ACCELERATOR} = CONST;
 
+const MAC_PERMISSION_STATUSES = {
+    AUTHORIZED: 'authorized',
+    DENIED: 'denied',
+    RESTRICTED: 'restricted',
+    NOT_DETERMINED: 'not determined',
+} as const;
+
+const LOCATION_PERMISSION_STATES = {
+    GRANTED: 'granted',
+    DENIED: 'denied',
+    PROMPT: 'prompt',
+} as const;
+
 // Setup google api key in process environment, we are setting it this way intentionally. It is required by the
 // geolocation api (window.navigator.geolocation.getCurrentPosition) to work on desktop.
 // Source: https://github.com/electron/electron/blob/98cd16d336f512406eee3565be1cead86514db7b/docs/api/environment-variables.md#google_api_key
@@ -374,6 +388,39 @@ const mainWindow = (): Promise<void> => {
                         });
                     });
                 });
+
+                ipcMain.handle(ELECTRON_EVENTS.CHECK_LOCATION_PERMISSION, async () => {
+                    try {
+                        type MacPermissionsModule = {
+                            getAuthStatus?: (authType: AuthType) => PermissionType | 'not determined';
+                        };
+                        const macPermissionsModule = (await import('node-mac-permissions')) as MacPermissionsModule | {default: MacPermissionsModule};
+                        const macPermissions: MacPermissionsModule = ('default' in macPermissionsModule ? macPermissionsModule.default : macPermissionsModule) ?? {};
+                        const {getAuthStatus} = macPermissions;
+
+                        if (!getAuthStatus || typeof getAuthStatus !== 'function') {
+                            log.warn('node-mac-permissions not available or invalid, defaulting to denied');
+                            return LOCATION_PERMISSION_STATES.DENIED;
+                        }
+
+                        const status = getAuthStatus('location');
+
+                        switch (status) {
+                            case MAC_PERMISSION_STATUSES.AUTHORIZED:
+                                return LOCATION_PERMISSION_STATES.GRANTED;
+                            case MAC_PERMISSION_STATUSES.DENIED:
+                            case MAC_PERMISSION_STATUSES.RESTRICTED:
+                                return LOCATION_PERMISSION_STATES.DENIED;
+                            case MAC_PERMISSION_STATUSES.NOT_DETERMINED:
+                                return LOCATION_PERMISSION_STATES.PROMPT;
+                            default:
+                                return LOCATION_PERMISSION_STATES.DENIED;
+                        }
+                    } catch (error) {
+                        log.warn('node-mac-permissions not available, defaulting to denied:', (error as Error)?.message);
+                        return LOCATION_PERMISSION_STATES.DENIED;
+                    }
+                });
                 /*
                  * The default origin of our Electron app is app://- instead of https://new.expensify.com or https://staging.new.expensify.com
                  * This causes CORS errors because the referer and origin headers are wrong and the API responds with an Access-Control-Allow-Origin that doesn't match app://-