From a02d5ad81588600d8dec9736f3e9dbd5ff771b3d Mon Sep 17 00:00:00 2001
From: Sparkswap <dev@sparkswap.com>
Date: Wed, 15 Jan 2020 21:29:38 +0000
Subject: [PATCH] Publishing client to sparkswap-desktop: v0.3.8

---
 package-lock.json                        | 2 +-
 package.json                             | 2 +-
 scripts/electron-wait-react.js           | 3 ++-
 src/node/electron-security.ts            | 8 +++++---
 src/node/router.ts                       | 4 ++--
 src/web/ui/onboarding/deposit-dialog.tsx | 2 +-
 6 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e8b5328..e333c6d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "sparkswap-desktop",
-  "version": "0.3.7",
+  "version": "0.3.8",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 983f37c..376aa07 100644
--- a/package.json
+++ b/package.json
@@ -3,7 +3,7 @@
   "author": "Sparkswap <dev@sparkswap.com> (https://github.com/sparkswap)",
   "description": "Sparkswap Desktop: the only way to buy Bitcoin instantly",
   "productName": "Sparkswap",
-  "version": "0.3.7",
+  "version": "0.3.8",
   "license": "MIT",
   "private": true,
   "main": "./build/electron.js",
diff --git a/scripts/electron-wait-react.js b/scripts/electron-wait-react.js
index 4ccf185..a5ddb3f 100644
--- a/scripts/electron-wait-react.js
+++ b/scripts/electron-wait-react.js
@@ -12,7 +12,8 @@ const tryConnection = () => client.connect({port: ELECTRON_DEV_PORT}, () => {
 
     if(!electron) {
       console.info('Starting electron...')
-      electron = spawn('npm', ['run', 'electron'])
+      const cmd = /^win/.test(process.platform) ? 'npm.cmd' : 'npm'
+      electron = spawn(cmd, ['run', 'electron'])
       electron.stdout.on('data', data => console.log(data.toString()))
       electron.stderr.on('data', data => console.error(data.toString()))
       electron.on('close', code => console.info(`electron exited with code ${code}`))
diff --git a/src/node/electron-security.ts b/src/node/electron-security.ts
index c7ad9e9..bc9e151 100644
--- a/src/node/electron-security.ts
+++ b/src/node/electron-security.ts
@@ -5,7 +5,7 @@ import { App } from 'electron'
 import { injectContentSecurityPolicies } from './content-security-policies'
 import { IS_PRODUCTION } from '../common/config'
 
-const WEBVIEW_PRELOAD = `file://${path.join(__dirname, 'webview-preload.js')}`
+export const WEBVIEW_PRELOAD_PATH = url.pathToFileURL(path.join(__dirname, 'webview-preload.js')).toString()
 
 const WEBVIEW_URL_WHITELIST = IS_PRODUCTION
   ? ['https://portal.anchorusd.com']
@@ -45,10 +45,12 @@ function secureApp (app: App): void {
       // Best practices for webviews (see: https://electronjs.org/docs/tutorial/security#11-verify-webview-options-before-creation)
 
       // Strip away preload scripts if not our explicit preload script
-      if (webPreferences.preload !== WEBVIEW_PRELOAD) {
+      if (webPreferences.preload !== WEBVIEW_PRELOAD_PATH) {
+        logger.warn(`Removing unauthorized webview preload: ${webPreferences.preload}`)
         delete webPreferences.preload
       }
-      if (webPreferences.preloadURL !== WEBVIEW_PRELOAD) {
+      if (webPreferences.preloadURL !== WEBVIEW_PRELOAD_PATH) {
+        logger.warn(`Removing unauthorized webview preload: ${webPreferences.preloadURL}`)
         delete webPreferences.preloadURL
       }
 
diff --git a/src/node/router.ts b/src/node/router.ts
index 99b1cb8..daf269d 100644
--- a/src/node/router.ts
+++ b/src/node/router.ts
@@ -1,4 +1,3 @@
-import * as path from 'path'
 import { App } from 'electron'
 import logger from '../global-shared/logger'
 import { listen, listenSync, close as closeListeners } from './main-listener'
@@ -18,6 +17,7 @@ import { openLink, showNotification } from './util'
 import { delay } from '../global-shared/util'
 import { getNetworkTime } from './data/ntp'
 import { payInvoice } from '../global-shared/lnd-engine'
+import { WEBVIEW_PRELOAD_PATH } from './electron-security'
 
 const RETRY_TRADE_DELAY = 10000
 
@@ -136,7 +136,7 @@ export class Router {
     listen('trade:getTrade', ({ id }: { id: number }) => store.getTrade(this.db, id))
     listen('auth:getAuth', () => getAuth())
     listen('anchor:startDeposit', () => this.anchorClient.startDeposit())
-    listenSync('getWebviewPreloadPath', () => path.join(__dirname, 'webview-preload.js'))
+    listenSync('getWebviewPreloadPath', () => WEBVIEW_PRELOAD_PATH)
     listen('ntp:getTime', () => getNetworkTime())
     listen('pok:hasShown', () => store.hasShownProofOfKeys(this.db))
     listen('pok:markShown', () => store.markProofOfKeysShown(this.db))
diff --git a/src/web/ui/onboarding/deposit-dialog.tsx b/src/web/ui/onboarding/deposit-dialog.tsx
index c47fcf0..3ef90b8 100644
--- a/src/web/ui/onboarding/deposit-dialog.tsx
+++ b/src/web/ui/onboarding/deposit-dialog.tsx
@@ -494,7 +494,7 @@ export class DepositDialog extends React.Component<DepositDialogProps, DepositDi
             ref={this.webviewRef}
             partition={ANCHOR_PARTITION}
             src={urlWithPostMessage}
-            preload={`file://${WEBVIEW_PRELOAD_PATH}`}
+            preload={WEBVIEW_PRELOAD_PATH}
           />
         </div>
         {this.state.isDone