Merge pull request #414 from WhiteSevs/fix-gm-api

✨ feat: GM_setValue关联适配 & GM_xmlhttpRequest适配cookiePartition

Author: CodFrm

src/app/service/service_worker/gm_api.ts

@@ -37,7 +37,14 @@ export type RequestResultParams = {
   responseHeader: string;
 };
 
-export const unsafeHeaders: { [key: string]: boolean } = {
+/**
+ * 这里的值如果末尾是-结尾，将会判断使用.startsWith()判断，否则使用.includes()
+ *
+ * @link https://developer.mozilla.org/zh-CN/docs/Glossary/Forbidden_request_header
+ */
+export const unsafeHeaders: {
+  [key: string]: boolean;
+} = {
   // 部分浏览器中并未允许
   "user-agent": true,
   // 这两个是前缀
@@ -66,6 +73,25 @@ export const unsafeHeaders: { [key: string]: boolean } = {
   via: true,
 };
 
+/**
+ * 检测是否存在不安全的请求头（xhr不允许自定义的的请求头）
+ * @returns
+ * + true 存在
+ * + false 不存在
+ */
+export const checkHasUnsafeHeaders = (key: string) => {
+  key = key.toLowerCase();
+  if (unsafeHeaders[key]) {
+    return true;
+  }
+  // ends with "-"
+  let specialHeaderKeys = ["proxy-", "sec-"];
+  if (specialHeaderKeys.some((specialHeaderKey) => key.startsWith(specialHeaderKey))) {
+    return true;
+  }
+  return false;
+};
+
 type NotificationData = {
   uuid: string;
   details: GMTypes.NotificationDetails;
@@ -254,7 +280,7 @@ export default class GMApi {
     return Promise.resolve(true);
   }
 
-  @PermissionVerify.API()
+  @PermissionVerify.API({ link: ["GM_deleteValue", "GM_setValues", "GM_deleteValues"] })
   async GM_setValue(request: Request, sender: GetSender) {
     if (!request.params || request.params.length < 1) {
       throw new Error("param is failed");
@@ -380,7 +406,11 @@ export default class GMApi {
   }
 
   // 根据header生成dnr规则
-  async buildDNRRule(reqeustId: number, params: GMSend.XHRDetails): Promise<{ [key: string]: string }> {
+  async buildDNRRule(
+    reqeustId: number,
+    params: GMSend.XHRDetails,
+    sender: GetSender
+  ): Promise<{ [key: string]: string }> {
     // 检查是否有unsafe header,有则生成dnr规则
     const headers = params.headers;
     if (!headers) {
@@ -392,27 +422,6 @@ export default class GMApi {
         operation: chrome.declarativeNetRequest.HeaderOperation.REMOVE,
       },
     ] as chrome.declarativeNetRequest.ModifyHeaderInfo[];
-    Object.keys(headers).forEach((key) => {
-      const lowKey = key.toLowerCase();
-      if (headers[key]) {
-        if (unsafeHeaders[lowKey] || lowKey.startsWith("sec-") || lowKey.startsWith("proxy-")) {
-          if (headers[key]) {
-            requestHeaders.push({
-              header: key,
-              operation: chrome.declarativeNetRequest.HeaderOperation.SET,
-              value: headers[key],
-            });
-          }
-          delete headers[key];
-        }
-      } else {
-        requestHeaders.push({
-          header: key,
-          operation: chrome.declarativeNetRequest.HeaderOperation.REMOVE,
-        });
-        delete headers[key];
-      }
-    });
     // 判断是否是anonymous
     if (params.anonymous) {
       // 如果是anonymous，并且有cookie，则设置为自定义的cookie
@@ -429,10 +438,76 @@ export default class GMApi {
           operation: chrome.declarativeNetRequest.HeaderOperation.REMOVE,
         });
       }
-    } else if (params.cookie) {
-      // 否则正常携带cookie header
-      headers["cookie"] = params.cookie;
+    } else {
+      if (params.cookie) {
+        // 否则正常携带cookie header
+        headers["cookie"] = params.cookie;
+      }
+
+      // 追加该网站本身存储的cookie
+      let tabId = sender.getExtMessageSender().tabId;
+      let storeId: string | undefined;
+      if (tabId !== -1) {
+        const stores = await chrome.cookies.getAllCookieStores();
+        const store = stores.find((val) => val.tabIds.includes(tabId));
+        if (store) {
+          storeId = store.id;
+        }
+      }
+
+      let cookies = await chrome.cookies.getAll({
+        domain: undefined,
+        name: undefined,
+        path: undefined,
+        secure: undefined,
+        session: undefined,
+        url: params.url,
+        storeId: storeId,
+        partitionKey: params.cookiePartition,
+      });
+      // 追加cookie
+      if (cookies.length) {
+        const cookieStr = cookies.map((c) => `${c.name}=${c.value}`).join("; ");
+        if (!("cookie" in headers)) {
+          headers.cookie = "";
+        }
+        headers["cookie"] = headers["cookie"].trim();
+        if (headers["cookie"] === "") {
+          // 空的
+          headers["cookie"] = cookieStr;
+        } else {
+          // 非空
+          if (!headers["cookie"].endsWith(";")) {
+            headers["cookie"] = headers["cookie"] + "; ";
+          }
+          headers["cookie"] = headers["cookie"] + cookieStr;
+        }
+      }
     }
+
+    Object.keys(headers).forEach((key) => {
+      /** 请求的header的值 */
+      const headerValue = headers[key];
+      let deleteHeader = false;
+      if (headerValue) {
+        if (checkHasUnsafeHeaders(key)) {
+          requestHeaders.push({
+            header: key,
+            operation: chrome.declarativeNetRequest.HeaderOperation.SET,
+            value: headerValue,
+          });
+          deleteHeader = true;
+        }
+      } else {
+        requestHeaders.push({
+          header: key,
+          operation: chrome.declarativeNetRequest.HeaderOperation.REMOVE,
+        });
+        deleteHeader = true;
+      }
+      deleteHeader && delete headers[key];
+    });
+
     const ruleId = reqeustId;
     const rule = {} as chrome.declarativeNetRequest.Rule;
     rule.id = ruleId;
@@ -609,8 +684,18 @@ export default class GMApi {
     if (!params.headers) {
       params.headers = {};
     }
+
+    // 处理cookiePartition
+    if (typeof params.cookiePartition !== "object" || params.cookiePartition == null) {
+      params.cookiePartition = {};
+    }
+    if (typeof params.cookiePartition.topLevelSite !== "string") {
+      // string | undefined
+      params.cookiePartition.topLevelSite = undefined;
+    }
+
     params.headers["X-Scriptcat-GM-XHR-Request-Id"] = requestId.toString();
-    params.headers = await this.buildDNRRule(requestId, request.params[0]);
+    params.headers = await this.buildDNRRule(requestId, request.params[0], sender);
     let resultParam: RequestResultParams = {
       requestId,
       statusCode: 0,

src/app/service/service_worker/permission_verify.ts

@@ -42,7 +42,7 @@ export interface ApiParam {
   // 别名
   alias?: string[];
   // 关联
-  link?: string;
+  link?: string | string[];
 }
 
 export interface ApiValue {
@@ -118,13 +118,16 @@ export default class PermissionVerify {
       return Promise.reject(new Error("grant is undefined"));
     }
     for (let i = 0; i < grant.length; i += 1) {
+      let grantName = grant[i];
       if (
         // 名称相等
-        grant[i] === request.api ||
+        grantName === request.api ||
         // 别名相等
-        (api.param.alias && api.param.alias.includes(grant[i])) ||
+        (api.param.alias && api.param.alias.includes(grantName)) ||
         // 有关联的
-        grant[i] === api.param.link
+        (typeof api.param.link === "string" && grantName === api.param.link) ||
+        // 关联包含
+        (Array.isArray(api.param.link) && api.param.link.includes(grantName))
       ) {
         // 需要用户确认
         if (api.param.confirm) {

src/types/main.d.ts

@@ -19,6 +19,13 @@ declare namespace GMSend {
     headers?: { [key: string]: string };
     data?: string | Array<XHRFormData>;
     cookie?: string;
+    /**
+     *
+     * @link https://developer.mozilla.org/zh-CN/docs/Mozilla/Add-ons/WebExtensions/API/cookies#storage_partitioning
+     */
+    cookiePartition?: {
+      topLevelSite?: string;
+    };
     binary?: boolean;
     timeout?: number;
     context?: CONTEXT_TYPE;