Skip to content

Add tauri:// as a supported origin scheme#11589

Merged
stnguyen90 merged 2 commits into1.8.xfrom
copilot/update-origin-test-cases-tauri
Mar 19, 2026
Merged

Add tauri:// as a supported origin scheme#11589
stnguyen90 merged 2 commits into1.8.xfrom
copilot/update-origin-test-cases-tauri

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 19, 2026
edited
Loading

Tauri apps use tauri://localhost as their origin, which was rejected by Appwrite's origin validator since tauri was not a recognized scheme.

Changes

  • Platform.php: Added SCHEME_TAURI = 'tauri' constant and registered it in the names map as 'Web (Tauri)'
  • Origin.php: Added Platform::SCHEME_TAURI to the $webPlatforms array — tauri:// origins now go through hostname validation, consistent with http://, https://, and browser extension schemes
  • OriginTest.php: Added test cases covering tauri://localhost (valid) and tauri://example.com (invalid with descriptive error)

With these changes, tauri://localhost is accepted when localhost is registered as an allowed hostname on the project, and unregistered hosts produce the standard error message:

Invalid Origin. Register your new client (example.com) as a new Web (Tauri) platform on your project console dashboard

💬 Send tasks to Copilot coding agent from Slack and Teams to turn conversations into code. Copilot posts an update in your thread when it's finished.

Copilot AI changed the title [WIP] Update origin test cases to allow tauri://localhost Add tauri:// as a supported origin scheme Mar 19, 2026
Copilot AI requested a review from stnguyen90 March 19, 2026 20:14
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 19, 2026

Security Scan Results for PR

Docker Image Scan Results

Package Version Vulnerability Severity
libexpat 2.7.4-r0 CVE-2026-32767 CRITICAL
zlib 1.3.1-r2 CVE-2026-22184 HIGH
zlib-dev 1.3.1-r2 CVE-2026-22184 HIGH

Source Code Scan Results

🎉 No vulnerabilities found!

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 19, 2026

🔄 PHP-Retry Summary

Flaky tests detected across commits:

Commit b791325 - 2 flaky tests
Test Retries Total Time Details
UsageTest::testFunctionsStats 1 10.09s Logs
UsageTest::testPrepareSitesStats 1 6ms Logs

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 19, 2026

✨ Benchmark results

  • Requests per second: 2,284
  • Requests with 200 status code: 411,187
  • P99 latency: 0.078706556

⚡ Benchmark Comparison

Metric This PR Latest version
RPS 2,284 1,457
200 411,187 262,353
P99 0.078706556 0.151813523

@stnguyen90 stnguyen90 marked this pull request as ready for review March 19, 2026 21:26
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Mar 19, 2026

Greptile Summary

This PR adds tauri:// as a recognised origin scheme so that Tauri desktop apps can authenticate with Appwrite using their standard tauri://localhost origin. The change is small and surgical: a new SCHEME_TAURI constant is added to Platform.php, the scheme is registered in the human-readable names map, it is appended to the $webPlatforms list in Origin.php so that hostname-based validation is applied (exactly as it is for http://, https://, and all four browser-extension schemes), and two new test cases cover the valid and invalid hostname paths.

Key observations:

  • The implementation correctly mirrors the existing browser-extension pattern — no new validation logic was required.
  • There is no TYPE_TAURI platform type and no corresponding branch in Platform::getHostnames() or Platform::getSchemes(). This means a dedicated "Web (Tauri)" platform entry registered through the console would not contribute any hostnames to the allow-list; users must rely on a pre-existing TYPE_WEB registration for the same hostname (e.g. localhost). The same gap exists for browser-extension types today, so this may be intentional, but the error message that directs users to "register a new Web (Tauri) platform" could be misleading if no such console platform type is exposed.
  • Test coverage follows the established pattern but lacks a port-variant case (tauri://localhost:1420) that the HTTP tests include.

Confidence Score: 3/5

  • Safe to merge for the validation logic itself, but the missing platform-type registration path means the feature may not be fully usable end-to-end without a companion console change.
  • The code change is correct and consistent with existing patterns. The P1 concern — no TYPE_TAURI / getHostnames() handling — means that if the console exposes a "Web (Tauri)" platform registration UI (which the new name map entry implies), the registered hostname will be silently ignored. This is not a runtime crash but a functional gap that would confuse users following the error-message instructions. Resolving or explicitly documenting the intended registration flow would raise confidence to 4-5.
  • src/Appwrite/Network/Platform.php — needs a TYPE_TAURI constant and getHostnames() handling if a dedicated Tauri platform type is to be supported in the console.

Important Files Changed

Filename Overview
src/Appwrite/Network/Platform.php Adds SCHEME_TAURI constant and 'Web (Tauri)' name mapping; consistent with existing browser-extension scheme additions.
src/Appwrite/Network/Validator/Origin.php Platform::SCHEME_TAURI added to $webPlatforms; tauri:// origins now validated via hostname check, matching browser-extension behaviour. One edge-case gap noted (see comment).
tests/unit/Network/Validators/OriginTest.php Happy-path (tauri://localhost) and error-path (tauri://example.com) tests added; mirrors the existing browser-extension test pattern.

Last reviewed commit: "feat: add support fo..."

greptile-apps[bot]
greptile-apps bot reviewed Mar 19, 2026
View reviewed changes
src/Appwrite/Network/Platform.php
self::SCHEME_FIREFOX_EXTENSION => 'Web (Firefox Extension)',
self::SCHEME_SAFARI_EXTENSION => 'Web (Safari Extension)',
self::SCHEME_EDGE_EXTENSION => 'Web (Edge Extension)',
self::SCHEME_TAURI => 'Web (Tauri)',
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 No platform type or getHostnames() / getSchemes() handling for Tauri

Platform::getNameByScheme() now maps tauri'Web (Tauri)', so the validation error message will correctly tell users to "Register … as a new Web (Tauri) platform". However, getHostnames() only adds hostnames for TYPE_WEB and TYPE_FLUTTER_WEB, and getSchemes() has no branch for a Tauri platform type. There is also no TYPE_TAURI constant.

This creates a gap: if the console allows a user to register a "Web (Tauri)" platform entry, the hostname they supply will never appear in $allowedHostnames because getHostnames() won't process it. As a result, tauri://localhost works today only because localhost is already registered under a TYPE_WEB platform — not because a dedicated Tauri entry was registered.

Browser-extension schemes (chrome-extension, moz-extension, etc.) face the same situation, so if that's intentional design and users are expected to register extension IDs / Tauri hostnames as plain TYPE_WEB hostnames, that should be documented. Otherwise, a TYPE_TAURI constant and a matching case in getHostnames() (and potentially getSchemes()) are needed:

// Platform.php
public const TYPE_TAURI = 'tauri';

// In getHostnames():
case self::TYPE_TAURI:
    if (!empty($hostname)) {
        $hostnames[] = $hostname;
    }
    break;

tests/unit/Network/Validators/OriginTest.php
Comment on lines +76 to +78
$this->assertEquals(true, $validator->isValid('tauri://localhost'));
$this->assertEquals(false, $validator->isValid('tauri://example.com'));
$this->assertEquals('Invalid Origin. Register your new client (example.com) as a new Web (Tauri) platform on your project console dashboard', $validator->getDescription());
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Missing port-based test case for Tauri

The HTTP/HTTPS tests include a port variant (http://localhost:80) to verify that Hostname validation still passes when a port is present. There is no equivalent for the tauri:// scheme. Adding one would confirm that parse_url strips the port correctly before hostname comparison, and guard against regressions.

Suggested change
$this->assertEquals(true, $validator->isValid('tauri://localhost'));
$this->assertEquals(false, $validator->isValid('tauri://example.com'));
$this->assertEquals('Invalid Origin. Register your new client (example.com) as a new Web (Tauri) platform on your project console dashboard', $validator->getDescription());
$this->assertEquals(true, $validator->isValid('tauri://localhost'));
$this->assertEquals(true, $validator->isValid('tauri://localhost:1420'));
$this->assertEquals(false, $validator->isValid('tauri://example.com'));
$this->assertEquals('Invalid Origin. Register your new client (example.com) as a new Web (Tauri) platform on your project console dashboard', $validator->getDescription());

@stnguyen90 stnguyen90 merged commit c537d09 into 1.8.x Mar 19, 2026
82 of 83 checks passed
@stnguyen90 stnguyen90 deleted the copilot/update-origin-test-cases-tauri branch March 19, 2026 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@loks0n loks0n loks0n approved these changes

+1 more reviewer

@stnguyen90 stnguyen90 stnguyen90 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@stnguyen90 stnguyen90

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stnguyen90 @loks0n