search

playcanvas / editor

Issue tracker for the PlayCanvas Editor
https://playcanvas.com/
155 stars 28 forks source link

Editor extensions that can exist and run in the project #786

Open yaustar opened 2 years ago

yaustar commented 2 years ago

With the Editor API available, we would like to run scripts directly from the Editor rather than using something like Violent Monkey.

One of the concerns is about security as running extensions in the Editor environment can expose the private data such as tokens. This would mean that if a user is at risk when they open a public project that has extensions where they steal private data.

I was thinking we could have a popup option similar to Word and Excel where if a doc has macros, it would warn the user and give them a choice on whether to run them or not.

ellthompson commented 2 years ago

I agree that extensions / plugins that are run in a project should be opted into by each user. I imagine these selections shouldn't be permanent either. Perhaps if the script is modified in any way after a user has opted into them, their permissions are removed until the user has reconfirmed. There could be some sort of extensions / plugin panel or a section in the editor settings panel which lists the available extensions in a project, with details of when they were last modified and by who etc. Each extension could then be individually switched on by the user.

Maksims commented 2 years ago

The Editor should be in their own sub-domain space, with their own session. Proper setup of cross-domain requests should be implemented, to prevent REST calls to API or other sub-domains under playcanvas.com from editor.playcanvas.com. Currently, the token is re-used for multiple projects. When the project is open, it should allocate a unique token for just that tuple of the user-project, which is then used for checking permissions when doing edits to a project. That way token has very limited scope, and malicious plugins won't be able to mess up with other user data, only with that specific project.

Also, the whole ecosystem of plugins, will really take off when other developers will be able to make good plugins and be able to share them (store.playcanvas.com ?). But it needs a verification/moderation process. That way there would be verified plugins, that will run automatically, and non-verified, ones that the developer would be able to enable by actual action (go to plugin file, and enable it).

Plugins - as assets, would be the most convenient way to author, edit and distribute plugins.