Automatic Port Selection and Secured Communication

[FlorianRappl]

Follow up for #1021 - should be reviewed / merged after #1037.

Introduces an authentication token to be used in the communication between Node.js (Electron) and .NET. The same token can be used to also guard an ASP.NET Core server - allowing only access from within the boundaries of the running application.

The port is now OS-selected - guaranteeing a free accessible port. No tools to find free ports are necessary.

The owning part (e.g., Node.js for the WebSocket connection to control the Electron application) also owns / opens the port - independent of the used startup mode.

[github-actions]

pr-comment: Run #60

Tests 📝	Passed ✅	Failed ❌	Skipped ⏭️	Pending ⏳	Other ❓	Flaky 🍂	Duration ⏱️
1400	1238	0	0	0	162	0	4m 30s

🎉 All tests passed!

Github Test Reporter by CTRF 💚

🔄 This comment has been updated

[FlorianRappl]

Should we move this forward @softworkz ?

[softworkz]

Sorry, haven't come to this yet.

Why is there a merge conflict?

[FlorianRappl]

Sorry, haven't come to this yet.

Why is there a merge conflict?

There is none. There was initially one as planned due to the splitting.

[softworkz]

[FlorianRappl]

Shows different for me:

Also:

Furthermore:

$> git pull origin develop
From https://github.com/ElectronNET/Electron.NET
 * branch            develop    -> FETCH_HEAD
Already up to date.
$> git push origin feature/socket-enhancements
Everything up-to-date

[softworkz]

I'm very sorry for responding so late!

[softworkz]

If electron errors and doesn't print that line, the task will hang forever.
Whether process will still exit, I'm not sure, but it should keep hanging their either case.

[FlorianRappl]

It should hang there as we can't communicate.

What we can talk about is a barrier here (e.g., 10 seconds) - after that the process would terminate. I would, however, not make it too small. Reason for not including that right now is that I am not sure how viable it is - and choosing a number that is too low might create more problems than solve here.

[softworkz]

Just register the exit event to try-cancel the tcs in addition to a comfortable timeout

[softworkz]

This makes it look like the auth token would be optional, but it isn't
(yet it should be)

[FlorianRappl]

I would not make it optional - its part of the standard flow. There is no reason to have this optional.

[softworkz]

This class is always providing the electronforcedport parameter, in that case it's pointless to monitor the output for a port number.

[FlorianRappl]

I disagree. We should always monitor here. Right now the forcedport is like a recommendation - it can be also "0" / or later on use a different port in case the recommended one was blocked.

I would always follow the same logic here - makes it easier to debug and reason.

[softworkz]

There should be a path completely without reading the process output.
(without auth token)

[FlorianRappl]

I would not do that. It's less secure and just more complicated. Let's keep it to the point.

[softworkz]

I do not want to have that in our application that dotnet is relying on the console output of Electron.

[softworkz]

I have nothing against making the auth token mandatory, but it can be provided by the dotnet side as cli param, so it doesn't need to be read it from the console output. (that's no more and no less secure)