feat: restrict the Windows Hello-related libraries from running in child processes.

[huhuanming]

Summary by CodeRabbit

• 新功能
  • 集成了Windows Hello安全功能，支持用户验证和可用性检查。
  • 增加了新的服务和事件类型，改善了与Windows安全凭证的交互。
• 改进
  • 优化了错误处理和日志记录，提升了用户体验和代码可维护性。

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[coderabbitai]

Walkthrough

此次更改主要涉及Electron应用程序的构建配置和Windows Hello服务的集成。build.js文件中新增了service/windowsHello.ts作为入口点。app.ts文件更新了对Windows安全凭据的处理逻辑，引入了新的异步函数。enum.ts文件新增了一个枚举类型EWindowHelloEventType，而index.ts文件则定义了管理Windows Hello服务的多个函数。最后，windowsHello.ts文件实现了与Windows Hello相关的功能，包括可用性检查和用户验证请求。

Changes

文件路径	更改摘要
apps/desktop/scripts/build.js	更新entryPoints数组，新增service/windowsHello.ts。
apps/desktop/src-electron/app.ts	更新导入，重构Windows Touch ID处理逻辑，改用异步函数，增强错误处理，更新ipcMain事件处理程序。
apps/desktop/src-electron/service/enum.ts	新增枚举EWindowHelloEventType，包含CheckAvailabilityAsync和RequestVerificationAsync。
apps/desktop/src-electron/service/index.ts	新增index.ts文件，定义startServices、checkAvailabilityAsync和requestVerificationAsync函数。
apps/desktop/src-electron/service/windowsHello.ts	新增windowsHello.ts文件，实现Windows Hello功能，包括可用性检查和用户验证请求。

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary or Summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 12

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE

📥 Commits

Reviewing files that changed from the base of the PR and between 77ff7ae and 1f2a780.

📒 Files selected for processing (5)

• apps/desktop/scripts/build.js (1 hunks)
• apps/desktop/src-electron/app.ts (4 hunks)
• apps/desktop/src-electron/service/enum.ts (1 hunks)
• apps/desktop/src-electron/service/index.ts (1 hunks)
• apps/desktop/src-electron/service/windowsHello.ts (1 hunks)

🧰 Additional context used

🪛 Biome

apps/desktop/src-electron/service/index.ts

[error] 1-1: A Node.js builtin module should be imported with the node: protocol.

Using the node: protocol is more explicit and signals that the imported module belongs to Node.js.
Unsafe fix: Add the node: protocol.

(lint/style/useNodejsImportProtocol)

🔇 Additional comments (5)

apps/desktop/scripts/build.js (2)

Line range hint 15-41: 建议确认 Windows Hello 服务的依赖项配置

请确保：

1. Windows Hello 相关的依赖已正确列在 package.json 中
2. 所需的 Windows API 模块已被正确处理为外部依赖

让我们检查相关配置：

#!/bin/bash
# 检查 package.json 中的 Windows Hello 相关依赖
rg -l "windows.security" "apps/desktop/package.json"

# 检查 Windows Hello 服务中的导入语句
ast-grep --pattern 'import { $$$ } from "windows.security.$$$"'

---

15-17: 将 Windows Hello 服务作为独立入口点是个不错的选择！

这种架构设计可以更好地隔离 Windows Hello 相关的代码，有助于限制其在子进程中的运行。

让我们验证一下构建输出：

✅ Verification successful

Let me analyze the build configuration and Windows Hello integration more thoroughly with these commands.

---

让我检查一下 Windows Hello 服务的具体实现和其使用情况，以确保构建配置的合理性。

---

Windows Hello 服务构建配置验证通过！

构建配置完全符合预期：

• ✓ windowsHello.ts 已正确实现为子进程服务
• ✓ 使用了正确的依赖包 electron-windows-security
• ✓ 构建入口点配置合理，确保了代码隔离

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# 检查构建输出目录中是否正确生成了 windowsHello 相关文件
fd -t f "windowsHello" "apps/desktop/dist"

Length of output: 142

---

Script:

#!/bin/bash
# Check if windowsHello.ts exists and its content
fd -t f "windowsHello.ts" "apps/desktop"

# Check build configuration for Windows Hello
cat apps/desktop/scripts/build.js

# Check package.json for Windows Hello related dependencies
cat apps/desktop/package.json | jq '.dependencies + .devDependencies'

Length of output: 2464

---

Script:

#!/bin/bash
# Check windowsHello.ts content to verify its implementation
cat apps/desktop/src-electron/service/windowsHello.ts

# Check if there are any other files importing windowsHello
rg -l "windowsHello" apps/desktop/src-electron/

Length of output: 1963

apps/desktop/src-electron/app.ts (3)

47-51: 引入新的服务函数，代码看起来不错。

---

543-553: Windows 平台 TOUCH_ID_CAN_PROMPT 处理正确。

实现了 Windows 的可用性检查，错误处理得当，代码清晰。

---

916-916: 关于代码结构的讨论已在之前的评论中提及。