Add URL whitelist enforcement for Kiosk-mode and enhance configuration management

- Introduced `allowed_urls` in configuration to specify whitelisted domains/patterns. - Implemented `RestrictedWebEngineView` to enforce URL restrictions in the web view. - Updated `MainWindow` to utilize the new restricted web view and added navigation toolbar. - Enhanced unit tests for configuration and restricted web view to cover new functionality.
2026-01-28 11:33:37 +01:00 · 2026-01-28 11:33:37 +01:00 · 86034358b7
commit 86034358b7
parent 6bef2f6119
6 changed files with 529 additions and 33 deletions
--- a/src/webdrop_bridge/config.py
+++ b/src/webdrop_bridge/config.py
@ -27,6 +27,7 @@ class Config:
        log_level: Logging level (DEBUG, INFO, WARNING, ERROR)
        log_file: Optional log file path
        allowed_roots: List of whitelisted root directories for file access
+        allowed_urls: List of whitelisted URL domains/patterns (empty = no restriction)
        webapp_url: URL to load in embedded web application
        window_width: Initial window width in pixels
        window_height: Initial window height in pixels
@ -41,6 +42,7 @@ class Config:
    log_level: str
    log_file: Path | None
    allowed_roots: List[Path]
+    allowed_urls: List[str]
    webapp_url: str
    window_width: int
    window_height: int
@ -71,6 +73,7 @@ class Config:
        log_level = os.getenv("LOG_LEVEL", "INFO").upper()
        log_file_str = os.getenv("LOG_FILE", "logs/webdrop_bridge.log")
        allowed_roots_str = os.getenv("ALLOWED_ROOTS", "Z:/,C:/Users/Public")
+        allowed_urls_str = os.getenv("ALLOWED_URLS", "")
        webapp_url = os.getenv("WEBAPP_URL", "file:///./webapp/index.html")
        window_width = int(os.getenv("WINDOW_WIDTH", "1024"))
        window_height = int(os.getenv("WINDOW_HEIGHT", "768"))
@ -121,12 +124,19 @@ class Config:
        if not webapp_url:
            raise ConfigurationError("WEBAPP_URL cannot be empty")

+        # Parse allowed URLs (empty string = no restriction)
+        allowed_urls = [
+            url.strip() for url in allowed_urls_str.split(",")
+            if url.strip()
+        ] if allowed_urls_str else []
+
        return cls(
            app_name=app_name,
            app_version=app_version,
            log_level=log_level,
            log_file=log_file,
            allowed_roots=allowed_roots,
+            allowed_urls=allowed_urls,
            webapp_url=webapp_url,
            window_width=window_width,
            window_height=window_height,