Post by Uncle Buddy on Jun 29, 2021 19:11:49 GMT -8
I have no interest in having Treebard access the internet. I have a browser for that, no? But I can't guarantee that others who work on the project or borrow ideas will feel the same way. It would be too bad if someone got ahold of Treebard and extended it into bloatware that's supposed to do everything including tie your shoes for you, except for proper genealogy database storage and retrieval. Treebard is supposed to become a universally acceptable mode of genealogy data sharing, universal enough to replace GEDCOM in some facets. (Just share the whole program--who needs GEDCOM?)
Electron is going to be the vehicle for Treebard v. 0.0.0. The purpose of Electron is to write standalone desktop applications, not web apps. But these days, you could get tarred and feathered and rode out of town on a rail for suggesting that any application should just ignore the internet. The way I see it, if Treebard becomes popular, someone is going to extend it to interface with remote content. So realistically speaking, it should be set up that way from the start.
Actually, the extra trouble involved with worrying about this sort of thing is what turned me off to writing a web app to begin with. So once again, with Electron, the security issue rears its ugly head. I want to be realistic about it. No one is going to agree with me except other dodderers like me. A lot of techy and nerd types who like genealogy also like to fiddle around with scraping data off of websites etc. I don't consider that to be genealogy research, I consider it to be techy, nerdy, computerish stuff. But I don't mind that someone, someday, will extend Treebard beyond my original vision of outlandish simplicity.
Therefore, I'm going to outline what's needed for Electron apps to work securely with remote online content. I'll put the info right here, and then I'll turn around and write a standalone app like I want to and not deal with the extra coding problems. I love to make GUIs and databases. So that's what I will do with my precious time on this earth. It beats collecting stamps.
Electron has a main process or back-end which communicates with the computer, the file system, the database, etc. This works because of a JavaScript extension called Node.js. Electron also has a renderer process which renders web pages inside of the app which looks like a standalone app, not a browser, but runs on the same software as the Chrome browser. Every window in the app has its own renderer process which works with HTML, CSS and JavaScript, same as any web page. This is the front-end.
The great thing about Electron is that it includes both the front-end and the back-end, gets them to talk to each other, and frees up the developer to be creative instead of having to be a full-stack developer or give part of the project to a back-end developer who understands Node, security, etc. So Electron knows how to talk to itself and we don't worry about establishing a localhost connection etc. This is a big deal for people like me who aren't interested in those inner computerish details. My ideal as a lover of GUI creation is to make an app that is so easy and intuitive and capable that the computer disappears in the process and the user is alone with his creation, for example a family tree. I don't like to think about the actual computer itself.
The old, "wrong", insecure way of getting Electron to talk to itself in 2021:
This isn't wrong at all, so let's call it the standalone desktop app vs. the connecteddesktop app.
It's simple, and this information is easy to find online if I haven't spelled it out well enough. In the main process such as index.js or main.js, the function that creates windows has to change the security defaults built into Electron. This gives the front-end access to all Node methods. Here's the simple, two-line solution to making this work, and this will fix all of the online Electron tutorials that no longer work due to an error such as `require is not defined`.
The two Electron security defaults set to true and false above will allow the front-end to have easy access to Node's back-end methods. In the next post I'll outline the sorts of things that have to be done instead if the defaults are left in place so the app can communicate securely with your own computer's back-end as well as remote (online) data sources.
Electron is going to be the vehicle for Treebard v. 0.0.0. The purpose of Electron is to write standalone desktop applications, not web apps. But these days, you could get tarred and feathered and rode out of town on a rail for suggesting that any application should just ignore the internet. The way I see it, if Treebard becomes popular, someone is going to extend it to interface with remote content. So realistically speaking, it should be set up that way from the start.
Actually, the extra trouble involved with worrying about this sort of thing is what turned me off to writing a web app to begin with. So once again, with Electron, the security issue rears its ugly head. I want to be realistic about it. No one is going to agree with me except other dodderers like me. A lot of techy and nerd types who like genealogy also like to fiddle around with scraping data off of websites etc. I don't consider that to be genealogy research, I consider it to be techy, nerdy, computerish stuff. But I don't mind that someone, someday, will extend Treebard beyond my original vision of outlandish simplicity.
Therefore, I'm going to outline what's needed for Electron apps to work securely with remote online content. I'll put the info right here, and then I'll turn around and write a standalone app like I want to and not deal with the extra coding problems. I love to make GUIs and databases. So that's what I will do with my precious time on this earth. It beats collecting stamps.
Electron has a main process or back-end which communicates with the computer, the file system, the database, etc. This works because of a JavaScript extension called Node.js. Electron also has a renderer process which renders web pages inside of the app which looks like a standalone app, not a browser, but runs on the same software as the Chrome browser. Every window in the app has its own renderer process which works with HTML, CSS and JavaScript, same as any web page. This is the front-end.
The great thing about Electron is that it includes both the front-end and the back-end, gets them to talk to each other, and frees up the developer to be creative instead of having to be a full-stack developer or give part of the project to a back-end developer who understands Node, security, etc. So Electron knows how to talk to itself and we don't worry about establishing a localhost connection etc. This is a big deal for people like me who aren't interested in those inner computerish details. My ideal as a lover of GUI creation is to make an app that is so easy and intuitive and capable that the computer disappears in the process and the user is alone with his creation, for example a family tree. I don't like to think about the actual computer itself.
The old, "wrong", insecure way of getting Electron to talk to itself in 2021:
This isn't wrong at all, so let's call it the standalone desktop app vs. the connecteddesktop app.
It's simple, and this information is easy to find online if I haven't spelled it out well enough. In the main process such as index.js or main.js, the function that creates windows has to change the security defaults built into Electron. This gives the front-end access to all Node methods. Here's the simple, two-line solution to making this work, and this will fix all of the online Electron tutorials that no longer work due to an error such as `require is not defined`.
function createWindow () {
const win = new BrowserWindow({
webPreferences: {
nodeIntegration: true,
contextIsolation: false
}
})
win.loadFile('index.html')
}The two Electron security defaults set to true and false above will allow the front-end to have easy access to Node's back-end methods. In the next post I'll outline the sorts of things that have to be done instead if the defaults are left in place so the app can communicate securely with your own computer's back-end as well as remote (online) data sources.