feat: initial commit

Author: codebytere

.gitignore

@@ -0,0 +1,3 @@
+node_modules
+*.log
+build

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Shelley Vohr
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,30 @@
+# node-mac-permissions
+
+```js
+$ npm i node-mac-permissions
+```
+
+This native Node.js module allows you to manage an app's access to:
+
+* Contacts
+* Full Disk Access
+* Calendar
+* Photos
+
+## API
+
+## `permissions.getAuthStatus(type)`
+
+* `type` - The type of system component to which you are requesting access. Can be one of `contacts`, `full-disk-access`, `photos`, or `calendar`.
+
+Returns `String` - Can be one of 'Not Determined', 'Denied', 'Authorized', or 'Restricted'.
+
+Checks the authorization status of the application to access `type` on macOS.
+
+Return Value Descriptions: 
+* 'Not Determined' - The user has not yet made a choice regarding whether the application may access `type` data.
+* 'Not Authorized' - The application is not authorized to access `type` data. The user cannot change this application’s status, possibly due to active restrictions such as parental controls being in place.
+* 'Denied' - The user explicitly denied access to `type` data for the application.
+* 'Authorized' - The application is authorized to access `type` data.
+
+**Note:** Access to `contacts` will always return a status of 'Authorized' prior to macOS 10.13 High Sierra, as access to contacts was unilaterally allowed until that version.

binding.gyp

@@ -0,0 +1,25 @@
+{
+  "targets": [{
+    "target_name": "permissions",
+    "sources": [ ],
+    "conditions": [
+      ['OS=="mac"', {
+        "sources": [
+          "permissions.mm"
+        ],
+      }]
+    ],
+    'include_dirs': [
+      "<!@(node -p \"require('node-addon-api').include\")"
+    ],
+    'libraries': [],
+    'dependencies': [
+      "<!(node -p \"require('node-addon-api').gyp\")"
+    ],
+    'defines': [ 'NAPI_DISABLE_CPP_EXCEPTIONS' ],
+    "xcode_settings": {
+      "OTHER_CPLUSPLUSFLAGS": ["-std=c++14", "-stdlib=libc++", "-mmacosx-version-min=10.10"],
+      "OTHER_LDFLAGS": ["-framework CoreFoundation -framework AppKit -framework Contacts -framework EventKit -framework Photos"]
+    }
+  }]
+}

index.js

@@ -0,0 +1,14 @@
+const permissions = require('bindings')('permissions.node')
+
+function getAuthStatus(type) {
+  const validTypes = ['contacts', 'calendar', 'photos', 'full-disk-access']
+  if (!validTypes.includes(type)) {
+    throw new TypeError(`${type} is not a valid type`)
+  }
+
+  return permissions.getAuthStatus.call(this, type)
+} 
+
+module.exports = {
+  getAuthStatus
+}

package-lock.json

@@ -0,0 +1,36 @@
+{
+  "name": "node-mac-permissions",
+  "version": "1.0.0",
+  "description": "A native node module to manage system permissions on macOS",
+  "main": "index.js",
+  "scripts": {
+    "build": "node-gyp rebuild",
+    "clean": "node-gyp clean",
+    "test": "./node_modules/.bin/mocha --reporter spec"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/codebytere/node-mac-permissions.git"
+  },
+  "keywords": [
+    "permissions",
+    "macos",
+    "node",
+    "native"
+  ],
+  "author": "Shelley Vohr <shelley.vohr@gmail.com>",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/codebytere/node-mac-permissions/issues"
+  },
+  "homepage": "https://github.com/codebytere/node-mac-permissions#readme",
+  "dependencies": {
+    "bindings": "^1.5.0",
+    "node-addon-api": "^2.0.0"
+  },
+  "devDependencies": {
+    "chai": "^4.2.0",
+    "mocha": "^6.2.2",
+    "node-gyp": "^6.0.1"
+  }
+}

package.json

@@ -0,0 +1,135 @@
+#include <napi.h>
+
+// Apple APIs
+#import <AppKit/AppKit.h>
+#import <Contacts/Contacts.h>
+#import <EventKit/EventKit.h>
+#import <Foundation/Foundation.h>
+#import <Photos/Photos.h>
+#import <pwd.h>
+
+/***** HELPER FUNCTIONS *****/
+
+NSString* GetUserHomeFolderPath() {
+  NSString* path;
+  BOOL isSandboxed = (nil != NSProcessInfo.processInfo.environment[@"APP_SANDBOX_CONTAINER_ID"]);
+
+  if (isSandboxed) {
+    struct passwd *pw = getpwuid(getuid());
+    assert(pw);
+    path = [NSString stringWithUTF8String:pw->pw_dir];
+  } else {
+    path = NSHomeDirectory();
+  }
+
+  return path;
+}
+
+// Returns a status indicating whether or not the user has authorized Contacts access
+std::string ContactAuthStatus() {
+  std::string auth_status = "Not Determined";
+
+  CNEntityType entityType = CNEntityTypeContacts;
+  CNAuthorizationStatus status = [CNContactStore authorizationStatusForEntityType:entityType];
+
+  if (status == CNAuthorizationStatusAuthorized)
+    auth_status = "Authorized";
+  else if (status == CNAuthorizationStatusDenied)
+    auth_status = "Denied";
+  else if (status == CNAuthorizationStatusRestricted)
+    auth_status = "Restricted";
+
+  return auth_status;
+}
+
+// Returns a status indicating whether or not the user has authorized Calendar access
+std::string CalendarAuthStatus() {
+  std::string auth_status = "Not Determined";
+
+  EKEntityType entityType = EKEntityTypeEvent;
+  EKAuthorizationStatus status = [EKEventStore authorizationStatusForEntityType:entityType];
+
+  if (status == EKAuthorizationStatusAuthorized)
+    auth_status = "Authorized";
+  else if (status == EKAuthorizationStatusDenied)
+    auth_status = "Denied";
+  else if (status == EKAuthorizationStatusRestricted)
+    auth_status = "Restricted";
+
+  return auth_status;
+}
+
+// Returns a status indicating whether or not the user has authorized Photos access
+std::string PhotosAuthStatus() {
+  std::string auth_status = "Not Determined";
+  
+  if (@available(macOS 10.13, *)) {
+    PHAuthorizationStatus status = [PHPhotoLibrary authorizationStatus];
+
+    if (status == PHAuthorizationStatusAuthorized)
+      auth_status = "Authorized";
+    else if (status == PHAuthorizationStatusDenied)
+      auth_status = "Denied";
+    else if (status == PHAuthorizationStatusRestricted)
+      auth_status = "Restricted";
+  } else {
+    auth_status = "Authorized";
+  }
+
+  return auth_status;
+}
+
+std::string FDAAuthStatus() {
+  std::string auth_status = "Not Determined";
+  NSString *path;
+  NSString* home_folder = GetUserHomeFolderPath();
+
+  if (@available(macOS 10.15, *)) {
+    path = [home_folder stringByAppendingPathComponent:@"Library/Safari/CloudTabs.db"];
+  } else {
+    path = [home_folder stringByAppendingPathComponent:@"Library/Safari/Bookmarks.plist"];
+  }
+    
+  NSFileManager* manager = [NSFileManager defaultManager];
+  BOOL file_exists = [manager fileExistsAtPath:path];
+  NSData *data = [NSData dataWithContentsOfFile:path];
+  if (data == nil && file_exists) {
+    auth_status = "Denied";
+  } else if (file_exists) {
+    auth_status = "Authorized";
+  }
+
+  return auth_status;
+}
+
+/***** EXPORTED FUNCTIONS *****/
+
+// Returns the user's access consent status as a string
+Napi::Value GetAuthStatus(const Napi::CallbackInfo &info) {
+  Napi::Env env = info.Env();
+  std::string auth_status;
+
+  const std::string type = info[0].As<Napi::String>().Utf8Value();
+  if (type == "contacts") {
+    auth_status = ContactAuthStatus();
+  } else if (type == "calendar") {
+    auth_status = CalendarAuthStatus();
+  } else if (type == "photos") {
+    auth_status = PhotosAuthStatus();
+  } else if (type == "full-disk-access") {
+    auth_status = FDAAuthStatus();
+  }
+
+  return Napi::Value::From(env, auth_status);
+}
+
+// Initializes all functions exposed to JS
+Napi::Object Init(Napi::Env env, Napi::Object exports) {
+  exports.Set(
+    Napi::String::New(env, "getAuthStatus"), Napi::Function::New(env, GetAuthStatus)
+  );
+
+  return exports;
+}
+
+NODE_API_MODULE(permissions, Init)

permissions.mm

@@ -0,0 +1,23 @@
+const { expect } = require('chai')
+const { 
+  getAuthStatus
+} = require('../index')
+
+describe('node-mac-permissions', () => {
+  describe('getAuthStatus()', () => {
+    it('should throw on invalid types', () => {
+      expect(() => {
+        getAuthStatus('bad-type')
+      }).to.throw(/bad-type is not a valid type/)
+    })
+
+    it('should return a string', () => {
+      const types = ['contacts', 'calendar', 'photos', 'full-disk-access']
+      const statuses = ['Not Determined', 'Denied', 'Authorized', 'Restricted']
+      for (const type of types) {
+        const status = getAuthStatus(type)
+        expect(statuses).to.contain(status)
+      }
+    })
+  })
+})