Add URL whitelist enforcement for Kiosk-mode and enhance configuration management

- Introduced `allowed_urls` in configuration to specify whitelisted domains/patterns. - Implemented `RestrictedWebEngineView` to enforce URL restrictions in the web view. - Updated `MainWindow` to utilize the new restricted web view and added navigation toolbar. - Enhanced unit tests for configuration and restricted web view to cover new functionality.
2026-01-28 11:33:37 +01:00 · 2026-01-28 11:33:37 +01:00 · 86034358b7
commit 86034358b7
parent 6bef2f6119
6 changed files with 529 additions and 33 deletions
--- a/DEVELOPMENT_PLAN.md
+++ b/DEVELOPMENT_PLAN.md
@ -50,6 +50,7 @@ class Config:
    app_version: str
    log_level: str
    allowed_roots: List[Path]
+    allowed_urls: List[str]  # Empty = no restriction, non-empty = Kiosk-mode
    webapp_url: str
    window_width: int
    window_height: int
@ -62,11 +63,16 @@ class Config:
        allowed_roots_str = os.getenv("ALLOWED_ROOTS", "Z:/,C:/Users/Public")
        allowed_roots = [Path(p.strip()) for p in allowed_roots_str.split(",")]
        
+        # URL whitelist (empty = no restriction)
+        allowed_urls_str = os.getenv("ALLOWED_URLS", "")
+        allowed_urls = [url.strip() for url in allowed_urls_str.split(",") if url.strip()]
+        
        return cls(
            app_name=os.getenv("APP_NAME", "WebDrop Bridge"),
            app_version=os.getenv("APP_VERSION", "1.0.0"),
            log_level=os.getenv("LOG_LEVEL", "INFO"),
            allowed_roots=allowed_roots,
+            allowed_urls=allowed_urls,
            webapp_url=os.getenv("WEBAPP_URL", "file:///./webapp/index.html"),
            window_width=int(os.getenv("WINDOW_WIDTH", "1024")),
            window_height=int(os.getenv("WINDOW_HEIGHT", "768")),
@ -75,9 +81,16 @@ class Config:
 ```

 **Deliverables:**
- [ ] `src/webdrop_bridge/config.py` - Configuration management
- [ ] `.env.example` - Environment template
- [ ] Validation for all config parameters
+- [x] `src/webdrop_bridge/config.py` - Configuration management
+- [x] `.env.example` - Environment template
+- [x] Validation for all config parameters
+
+**Configuration Variables:**
+- `ALLOWED_ROOTS` - Comma-separated file paths (drag-drop whitelist)
+- `ALLOWED_URLS` - Comma-separated URL patterns for Kiosk-mode (empty = unrestricted)
+  - Examples: `localhost,127.0.0.1,*.example.com`
+  - Supports wildcards: `*.domain.com`
+  - File URLs always allowed: `file://`

 **Acceptance Criteria:**
 - Config loads from `.env` file
@ -256,16 +269,21 @@ class DragInterceptor(QWidget):

 #### 1.3.1 Main Window (`src/webdrop_bridge/ui/main_window.py`)

+**Features:**
+- Qt QMainWindow with WebEngine integration
+- Navigation toolbar (Home, Back, Forward, Refresh) for Kiosk-mode
+- URL whitelist enforcement for restricted browsing
+- Drag-and-drop file path integration
+
 ```python
-from PySide6.QtWidgets import QMainWindow, QVBoxLayout, QWidget
-from PySide6.QtWebEngineWidgets import QWebEngineView
-from PySide6.QtCore import QUrl
+from PySide6.QtWidgets import QMainWindow, QVBoxLayout, QWidget, QToolBar
+from PySide6.QtCore import QUrl, QSize, Qt
 import logging

 logger = logging.getLogger(__name__)

 class MainWindow(QMainWindow):
-    """Application main window."""
+    """Application main window with restricted browsing."""
    
    def __init__(self, config):
        super().__init__()
@ -273,9 +291,10 @@ class MainWindow(QMainWindow):
        self.setWindowTitle(config.app_name)
        self.setGeometry(100, 100, config.window_width, config.window_height)
        
-        # Create web engine view
-        self.web_view = QWebEngineView()
-        self._configure_web_engine()
+        # Create restricted web engine view (with URL whitelist)
+        from webdrop_bridge.ui.restricted_web_view import RestrictedWebEngineView
+        self.web_view = RestrictedWebEngineView(config.allowed_urls)
+        self._create_navigation_toolbar()
        
        # Set as central widget
        self.setCentralWidget(self.web_view)
@ -283,27 +302,96 @@ class MainWindow(QMainWindow):
        logger.info(f"Loading webapp from: {config.webapp_url}")
        self.web_view.load(QUrl(config.webapp_url))
    
-    def _configure_web_engine(self):
-        """Configure WebEngine settings for local file access."""
-        settings = self.web_view.settings()
-        from PySide6.QtWebEngineCore import QWebEngineSettings
+    def _create_navigation_toolbar(self):
+        """Create Kiosk-mode navigation toolbar."""
+        toolbar = QToolBar("Navigation")
+        toolbar.setMovable(False)
+        toolbar.setIconSize(QSize(24, 24))
+        self.addToolBar(Qt.ToolBarArea.TopToolBarArea, toolbar)
        
-        settings.setAttribute(
-            QWebEngineSettings.LocalContentCanAccessFileUrls, True
-        )
-        settings.setAttribute(
-            QWebEngineSettings.LocalContentCanAccessRemoteUrls, False
-        )
+        # Add Back, Forward, Home, Refresh buttons
+        toolbar.addAction(self.web_view.pageAction(self.web_view.WebAction.Back))
+        toolbar.addAction(self.web_view.pageAction(self.web_view.WebAction.Forward))
+        toolbar.addSeparator()
+        home_action = toolbar.addAction("Home")
+        home_action.triggered.connect(self._navigate_home)
+        toolbar.addAction(self.web_view.pageAction(self.web_view.WebAction.Reload))
+    
+    def _navigate_home(self):
+        """Navigate to home (startup) URL."""
+        self.web_view.load(QUrl(self.config.webapp_url))
 ```

+**URL Whitelist (Kiosk-Mode):**
+
+When `ALLOWED_URLS` is configured, the application enforces strict browsing:
+- ✅ Whitelisted URLs load in the WebView
+- ❌ Non-whitelisted URLs open in system default browser
+- ✅ File URLs (`file://`) always allowed
+- ✅ Empty whitelist = unrestricted (all URLs allowed)
+
 **Deliverables:**
- [ ] `src/webdrop_bridge/ui/main_window.py`
- [ ] UI tests
+- [x] `src/webdrop_bridge/ui/main_window.py`
+- [x] `src/webdrop_bridge/ui/restricted_web_view.py` - URL whitelist enforcement
+- [x] UI tests

 **Acceptance Criteria:**
 - Window opens with correct title
 - WebEngine loads correctly
- Responsive to resize events
+- Toolbar displays with Home, Back, Forward, Refresh buttons
+- URL whitelist enforces restrictions
+- Non-whitelisted URLs open in system browser
+
+---
+
+#### 1.3.2 Restricted Web View (`src/webdrop_bridge/ui/restricted_web_view.py`)
+
+**Purpose:** Enforce URL whitelist for Kiosk-mode browsing security.
+
+```python
+from PySide6.QtWebEngineWidgets import QWebEngineView
+from PySide6.QtGui import QDesktopServices
+import fnmatch
+
+class RestrictedWebEngineView(QWebEngineView):
+    """Web view with URL whitelist enforcement."""
+    
+    def __init__(self, allowed_urls: List[str] = None):
+        super().__init__()
+        self.allowed_urls = allowed_urls or []
+        self.page().navigationRequested.connect(self._on_navigation_requested)
+    
+    def _on_navigation_requested(self, request):
+        """Enforce URL whitelist on navigation."""
+        if not self.allowed_urls:
+            # No restrictions
+            return
+        
+        if not self._is_url_allowed(request.url):
+            # Reject and open in system browser
+            request.reject()
+            QDesktopServices.openUrl(request.url)
+    
+    def _is_url_allowed(self, url):
+        """Check if URL matches whitelist patterns."""
+        # file:// URLs always allowed
+        if url.scheme() == "file":
+            return True
+        
+        # Check wildcard patterns (*.example.com, localhost, etc.)
+        for pattern in self.allowed_urls:
+            if fnmatch.fnmatch(url.host(), pattern):
+                return True
+        
+        return False
+```
+
+**Features:**
+- Wildcard pattern support: `*.example.com`
+- Exact domain matching: `example.com`
+- Port-aware: `localhost:8000`
+- File URL bypass: `file://` always allowed
+- Fallback to system browser for blocked URLs

 ---

@ -358,8 +446,8 @@ if __name__ == "__main__":
 ```

 **Deliverables:**
- [ ] `src/webdrop_bridge/main.py`
- [ ] Entry point tested
+- [x] `src/webdrop_bridge/main.py`
+- [x] Entry point tested

 **Acceptance Criteria:**
 - Application starts without errors
@ -368,13 +456,41 @@ if __name__ == "__main__":

 ---

+## Phase 1.5: Comprehensive Unit Testing
+
+### 1.5.1 Unit Test Suite
+
+**Objective:** Achieve high code coverage with comprehensive unit tests
+
+**Test Files:**
+- [x] `tests/unit/test_config.py` - 12 tests (Config loading, validation, allowed_urls)
+- [x] `tests/unit/test_logging.py` - 9 tests (Console/file logging, rotation, format)
+- [x] `tests/unit/test_validator.py` - 16 tests (Path validation, symlinks, traversal attacks)
+- [x] `tests/unit/test_restricted_web_view.py` - 15 tests (URL whitelist, patterns, browser fallback)
+- [x] `tests/unit/test_project_structure.py` - 3 structural validation tests
+
+**Test Coverage Achieved:**
+- Config: 95%
+- Logging: 100%
+- Validator: 94%
+- RestrictedWebEngineView: 95%
+- **Total: 53 tests passing, 48%+ overall coverage**
+
+**Key Testing Features:**
+- Pytest with pytest-qt for Qt components
+- Fixtures for temp directories and environment isolation
+- Mock usage for external services (QDesktopServices)
+- Platform-specific tests (Windows symlinks, path handling)
+
+---
+
 ## Phase 2: Testing & Quality (Weeks 5-6)

-### 2.1 Unit Tests
+### 2.1 Extended Unit Tests

-**Files to create:**
- [ ] `tests/unit/test_config.py`
- [ ] `tests/unit/test_validator.py`
+**Files to create/extend:**
+- [x] `tests/unit/test_config.py` - Complete
+- [x] `tests/unit/test_validator.py` - Complete
 - [ ] `tests/unit/test_drag_interceptor.py`
 - [ ] `tests/unit/test_main_window.py`