(event: Electron.IpcMainInvokeEvent)
| 334 | |
| 335 | // Auth IPC handlers |
| 336 | const validateSender = (event: Electron.IpcMainInvokeEvent): boolean => { |
| 337 | const senderUrl = event.sender.getURL() |
| 338 | try { |
| 339 | const parsed = new URL(senderUrl) |
| 340 | if (parsed.protocol === "file:") return true |
| 341 | const hostname = parsed.hostname.toLowerCase() |
| 342 | const trusted = ["21st.dev", "localhost", "127.0.0.1"] |
| 343 | return trusted.some((h) => hostname === h || hostname.endsWith(`.${h}`)) |
| 344 | } catch { |
| 345 | return false |
| 346 | } |
| 347 | } |
| 348 | |
| 349 | ipcMain.handle("auth:get-user", (event) => { |
| 350 | if (!validateSender(event)) return null |
no outgoing calls
no test coverage detected