feat: Improve wording for Security Whitelist Error Message [INS-1277] (#9076)

* feat: Improve wording for Security Whitelist Error Message [INS-1277]

* refactor: interactive message

* fix: fix process not being defined in worker

Author: xiaodemen

packages/insomnia-smoke-test/tests/smoke/after-response-script-features.test.ts

@@ -93,7 +93,7 @@ test.describe('after-response script features tests', () => {
       __fromAfterScript: 'environment',
       base_url: 'http://localhost:4010',
     });
-    await page.getByRole('button', { name: 'Close' }).click();
+    await page.getByRole('button', { name: 'Close', exact: true }).click();
 
     // globals and baseGlobals can be persisted
     await page.getByTestId('underlay').click();

packages/insomnia/src/common/interactive-messages.ts

@@ -0,0 +1,32 @@
+import { showSettingsModal } from '~/ui/components/modals/settings-modal';
+
+const PREF_SECURITY = 'Insomnia’s Preferences → Security';
+
+const interactives = [{ text: PREF_SECURITY, handler: () => showSettingsModal({ tab: 'general' }) }];
+
+export function buildInteractiveMessage(message: string) {
+  const parts = [];
+  let prev = '';
+  for (let i = 0; i < message.length; i++) {
+    let matched = false;
+    for (const { text, handler } of interactives) {
+      matched = message.startsWith(text, i);
+      if (matched) {
+        if (prev) {
+          parts.push({ text: prev });
+          prev = '';
+        }
+        parts.push({ text, handler });
+        i += text.length - 1;
+        break;
+      }
+    }
+    if (!matched) {
+      prev += message[i];
+    }
+  }
+  if (prev) {
+    parts.push({ text: prev });
+  }
+  return parts;
+}

packages/insomnia/src/common/validators.ts

@@ -1,7 +1,9 @@
-import type { CaCertificate } from "../models/ca-certificate";
-import type { ClientCertificate } from "../models/client-certificate";
-import type { Settings } from "../models/settings";
-import type { RenderedRequest } from "../templating/types";
+import type { CaCertificate } from '../models/ca-certificate';
+import type { ClientCertificate } from '../models/client-certificate';
+import type { Settings } from '../models/settings';
+import type { RenderedRequest } from '../templating/types';
+
+const PREF_SECURITY = 'Insomnia’s Preferences → Security';
 
 export function isFsAccessingAllowed(
   renderedRequest: RenderedRequest,
@@ -14,13 +16,15 @@ export function isFsAccessingAllowed(
     if (fromCli) {
       throw `Insomnia cannot access the file ‘${fileName}’. You can specify paths with one or more "--dataFolders <directory>" or "-f <directory>" to allow accessing.`;
     } else {
-      throw `Insomnia cannot access the file ‘${fileName}’. You can adjust this in Preferences → Security.`;
+      throw `Insomnia cannot access the file ‘${fileName}’. You must specify which directories Insomnia can access in ${PREF_SECURITY}.`;
     }
-  }
+  };
 
   // case1: check request body (set by scripts or request body editor)
   if (renderedRequest.body.fileName !== undefined && renderedRequest.body.fileName !== '') {
-    const allowed = settings?.dataFolders.some(folder => folder !== '' && renderedRequest.body.fileName?.startsWith(folder));
+    const allowed = settings?.dataFolders.some(
+      folder => folder !== '' && renderedRequest.body.fileName?.startsWith(folder),
+    );
     if (!allowed) {
       throwError(renderedRequest.body.fileName);
     }
@@ -29,7 +33,7 @@ export function isFsAccessingAllowed(
   // case2: check the body form data - "file" type params
   if (Array.isArray(renderedRequest.body.params)) {
     renderedRequest.body.params.forEach(param => {
-      if (param.type === "file" && !param.disabled) {
+      if (param.type === 'file' && !param.disabled) {
         const allowed = settings?.dataFolders.some(folder => folder !== '' && param.fileName?.startsWith(folder));
         if (!allowed) {
           throwError(param.fileName || param.value);
@@ -56,7 +60,9 @@ export function isFsAccessingAllowed(
 
       [cert.key, cert.cert, cert.pfx].forEach(targetPath => {
         if (targetPath) {
-          const allowed = settings?.dataFolders.some(folder => folder !== '' && targetPath !== "" && targetPath?.startsWith(folder));
+          const allowed = settings?.dataFolders.some(
+            folder => folder !== '' && targetPath !== '' && targetPath?.startsWith(folder),
+          );
           if (!allowed) {
             throwError(targetPath);
           }

packages/insomnia/src/templating/base-extension-worker.ts

@@ -8,6 +8,9 @@ import type { NodeCurlRequestOptions } from '../plugins/context/network';
 import type { Plugin } from '../plugins/index';
 import type { BaseRenderContext, PluginTemplateTag, PluginTemplateTagContext, PluginToMainAPIPaths } from './types';
 import * as templating from './worker';
+
+const PREF_SECURITY = 'Insomnia’s Preferences → Security';
+
 export function decodeEncoding<T>(value: T) {
   if (typeof value !== 'string') {
     return value;
@@ -188,7 +191,7 @@ export default class BaseExtension {
             ?.getSettings()
             .dataFolders.some((folder: string) => folder !== '' && path.startsWith(folder));
           if (!allowed) {
-            throw `Insomnia cannot access the file ‘${path}’. You can adjust this in Preferences → Security.`;
+            throw `Insomnia cannot access the file ‘${path}’. You must specify which directories Insomnia can access in ${PREF_SECURITY}.`;
           }
           return fetchFromTemplateWorkerDatabase('readFile', { path, encoding });
         },

packages/insomnia/src/templating/base-extension.ts

@@ -19,6 +19,7 @@ import type { BaseRenderContext, PluginTemplateTag, PluginTemplateTagContext } f
 import { decodeEncoding } from './utils';
 
 const EMPTY_ARG = '__EMPTY_NUNJUCKS_ARG__';
+const PREF_SECURITY = 'Insomnia’s Preferences → Security';
 
 export default class BaseExtension {
   _ext: PluginTemplateTag | null = null;
@@ -124,7 +125,7 @@ export default class BaseExtension {
             ?.getSettings()
             .dataFolders.some((folder: string) => folder !== '' && path.startsWith(folder));
           if (!allowed) {
-            throw `Insomnia cannot access the file ‘${path}’. You can adjust this in Preferences → Security.`;
+            throw `Insomnia cannot access the file ‘${path}’. You must specify which directories Insomnia can access in ${PREF_SECURITY}.`;
           }
 
           const content = await fs.promises.readFile(path);

packages/insomnia/src/ui/components/modals/index.ts

@@ -34,6 +34,7 @@ export function showModal<
   TModalProps extends ModalProps &
     React.RefAttributes<{
       show: (options: any) => void;
+      hide: () => void;
     }>,
 >(modalComponent: ModalComponent<TModalProps>, config?: ModalHandleShowOptions<GetRefHandleFromProps<TModalProps>>) {
   const name = modalComponent.name || modalComponent.displayName;
@@ -42,12 +43,18 @@ export function showModal<
 
   const modalHandle = getModalComponentHandle(name) as unknown as GetRefHandleFromProps<TModalProps>;
 
-  return modalHandle.show(config);
+  modalHandle.show(config);
+  return () => {
+    const modalHandle = getModalComponentHandle(name) as unknown as GetRefHandleFromProps<TModalProps>;
+    if (modalHandle) {
+      modalHandle.hide();
+    }
+  };
 }
 
 export function showError(config: ErrorModalOptions) {
   try {
-    return showModal(ErrorModal, config);
+    showModal(ErrorModal, config);
   } catch (err) {
     console.log('[modal] Cannot show modal', err, config);
   }

packages/insomnia/src/ui/components/modals/nunjucks-modal.tsx

@@ -75,6 +75,7 @@ export const NunjucksModal = forwardRef<NunjucksModalHandle, ModalProps & Props>
         defaultValue={template}
         workspace={workspace}
         editorId={state.editorId}
+        close={() => modalRef.current?.hide()}
       />
     );
   } else {

packages/insomnia/src/ui/components/rendered-query-string.tsx

@@ -1,5 +1,8 @@
 import classNames from 'classnames';
 import React, { type FC, useCallback, useEffect, useState } from 'react';
+import { Link } from 'react-aria-components';
+
+import { buildInteractiveMessage } from '~/common/interactive-messages';
 
 import { database as db } from '../../common/database';
 import * as models from '../../models';
@@ -74,6 +77,7 @@ export const RenderedQueryString: FC<Props> = ({ request }) => {
         });
 
         if (!result) {
+          setTooLong(false);
           return;
         }
 
@@ -137,10 +141,29 @@ export const RenderedQueryString: FC<Props> = ({ request }) => {
   }, [tooLong]);
 
   const className = previewString === defaultPreview ? 'super-duper-faint' : 'selectable force-wrap';
+  // naive way to detect the access file error
+  const messages = previewString.includes('Insomnia cannot access')
+    ? buildInteractiveMessage(previewString)
+    : [{ text: previewString }];
 
   return (
     <div className="relative flex h-full w-full justify-between gap-[var(--padding-sm)] overflow-auto">
-      <span className={classNames('my-auto', className)}>{previewString}</span>
+      <span className={classNames('my-auto', className)}>
+        {messages.map(({ text, handler }, index) =>
+          handler ? (
+            <Link
+              className="cursor-pointer text-[--color-surprise]"
+              // eslint-disable-next-line react/no-array-index-key
+              key={index}
+              onPress={handler}
+            >
+              {text}
+            </Link>
+          ) : (
+            text
+          ),
+        )}
+      </span>
 
       <CopyButton
         size="small"

packages/insomnia/src/ui/components/request-url-bar.tsx

@@ -1,8 +1,9 @@
 import React, { forwardRef, useCallback, useEffect, useImperativeHandle, useRef, useState } from 'react';
-import { Button } from 'react-aria-components';
+import { Button, Link } from 'react-aria-components';
 import { useParams, useSearchParams } from 'react-router';
 import * as reactUse from 'react-use';
 
+import { buildInteractiveMessage } from '~/common/interactive-messages';
 import { useRootLoaderData } from '~/root';
 import {
   type ConnectActionParams,
@@ -71,13 +72,35 @@ export const RequestUrlBar = forwardRef<RequestUrlBarHandle, Props>(
         setUndefinedEnvironmentVariables(searchParams.get('undefinedEnvironmentVariables')!);
       } else {
         // only for request render error
-        showModal(AlertModal, {
+        const errorMessage = searchParams.get('error') || '';
+        const messages = errorMessage.includes('Insomnia cannot access')
+          ? buildInteractiveMessage(errorMessage)
+          : [{ text: errorMessage }];
+        const close = showModal(AlertModal, {
           title: 'Unexpected Request Failure',
           message: (
             <div>
               <p>The request failed due to an unhandled error:</p>
               <code className="wide selectable">
-                <pre className="w-full overflow-y-auto text-wrap" >{searchParams.get('error')}</pre>
+                <div className="w-full overflow-y-auto text-wrap">
+                  {messages.map(({ text, handler }, index) =>
+                    handler ? (
+                      <Link
+                        className="cursor-pointer text-[--color-surprise]"
+                        // eslint-disable-next-line react/no-array-index-key
+                        key={index}
+                        onPress={() => {
+                          close();
+                          handler();
+                        }}
+                      >
+                        {text}
+                      </Link>
+                    ) : (
+                      text
+                    ),
+                  )}
+                </div>
               </code>
             </div>
           ),

packages/insomnia/src/ui/components/settings/general.tsx

@@ -225,10 +225,7 @@ export const General: FC = () => {
           help="If checked, clears the OAuth session every time Insomnia is relaunched."
         />
         <button
-          className="pointer h-[--line-height-xs] rounded-[--radius-md] border border-solid border-[--hl-lg] px-[--padding-md] hover:bg-[--hl-xs]"
-          style={{
-            padding: 0,
-          }}
+          className="pointer h-[--line-height-xs] rounded-[--radius-md] border border-solid border-[--hl-lg] px-[--padding-sm] hover:bg-[--hl-xs]"
           onClick={initNewOAuthSession}
         >
           Clear OAuth 2 session