intent gatekeeper initial

Author: FaFre

apps/weblibre/lib/features/geckoview/features/browser/presentation/widgets/browser_modules/browser_view.dart

@@ -53,6 +53,11 @@ import 'package:weblibre/features/geckoview/features/tabs/data/entities/tab_mode
 import 'package:weblibre/features/geckoview/features/tabs/domain/providers/selected_container.dart';
 import 'package:weblibre/features/geckoview/features/tabs/domain/repositories/container.dart';
 import 'package:weblibre/features/geckoview/features/tabs/domain/repositories/tab.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/entities/intent_source_policy.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/entities/pending_intent_decision.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/services/intent_gatekeeper.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/services/native_gatekeeper_replicator.dart';
+import 'package:weblibre/features/intent_gatekeeper/presentation/widgets/intent_gatekeeper_dialog.dart';
 import 'package:weblibre/features/share_intent/domain/entities/shared_content.dart';
 import 'package:weblibre/features/user/data/models/general_settings.dart';
 import 'package:weblibre/features/user/domain/providers/profile_auth.dart';
@@ -347,6 +352,37 @@ class _BrowserViewState extends ConsumerState<BrowserView>
       }
     });
 
+    ref.listenManual<AsyncValue<PendingIntentDecision>>(
+      intentGatekeeperProvider,
+      (previous, next) async {
+        final request = next.value;
+        if (request == null) {
+          return;
+        }
+
+        final gatekeeper = ref.read(intentGatekeeperProvider.notifier);
+        if (!context.mounted) {
+          await gatekeeper.resolve(
+            id: request.id,
+            decision: IntentSourcePolicy.block,
+          );
+          return;
+        }
+
+        final outcome = await showDialog<DialogOutcome>(
+          context: context,
+          builder: (context) => IntentGatekeeperDialog(request: request),
+        );
+
+        await gatekeeper.resolve(
+          id: request.id,
+          decision: outcome?.decision ?? IntentSourcePolicy.block,
+          persist: outcome?.persist ?? false,
+          packageName: request.packageName,
+        );
+      },
+    );
+
     ref.listenManual(
       engineBoundIntentStreamProvider,
       (previous, next) {
@@ -443,6 +479,19 @@ class _BrowserViewState extends ConsumerState<BrowserView>
       },
     );
 
+    ref.listenManual(
+      fireImmediately: true,
+      nativeIntentGatekeeperReplicatorProvider,
+      (previous, next) {},
+      onError: (error, stackTrace) {
+        logger.e(
+          'Error listening to nativeIntentGatekeeperReplicatorProvider',
+          error: error,
+          stackTrace: stackTrace,
+        );
+      },
+    );
+
     ref.listenManual(
       fireImmediately: true,
       selectionActionServiceProvider,

apps/weblibre/lib/features/intent_gatekeeper/domain/entities/intent_source_policy.dart

@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) 2024-2026 Fabian Freund.
+ *
+ * This file is part of WebLibre
+ * (see https://weblibre.eu).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+enum IntentSourcePolicy { allow, block }

apps/weblibre/lib/features/intent_gatekeeper/domain/entities/pending_intent_decision.dart

@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2024-2026 Fabian Freund.
+ *
+ * This file is part of WebLibre
+ * (see https://weblibre.eu).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+import 'package:fast_equatable/fast_equatable.dart';
+
+class PendingIntentDecision with FastEquatable {
+  final int id;
+  final String packageName;
+  final String? url;
+
+  PendingIntentDecision({
+    required this.id,
+    required this.packageName,
+    required this.url,
+  });
+
+  @override
+  List<Object?> get hashParameters => [id, packageName, url];
+}

apps/weblibre/lib/features/intent_gatekeeper/domain/services/intent_gatekeeper.dart

@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2024-2026 Fabian Freund.
+ *
+ * This file is part of WebLibre
+ * (see https://weblibre.eu).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+import 'dart:async';
+
+import 'package:riverpod_annotation/riverpod_annotation.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/entities/intent_source_policy.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/entities/pending_intent_decision.dart';
+import 'package:weblibre/features/settings/presentation/controllers/save_settings.dart';
+import 'package:weblibre/features/user/data/models/general_settings.dart';
+import 'package:weblibre/features/user/domain/repositories/general_settings.dart';
+
+part 'intent_gatekeeper.g.dart';
+
+const _ownPackageName = 'eu.weblibre.gecko';
+
+@Riverpod(keepAlive: true)
+class IntentGatekeeper extends _$IntentGatekeeper {
+  late StreamController<PendingIntentDecision> _decisionRequests;
+  final _pending = <int, Completer<bool>>{};
+  int _nextId = 0;
+
+  @override
+  Stream<PendingIntentDecision> build() {
+    _decisionRequests = StreamController<PendingIntentDecision>.broadcast();
+
+    ref.onDispose(() async {
+      for (final completer in _pending.values) {
+        if (!completer.isCompleted) {
+          completer.complete(false);
+        }
+      }
+
+      _pending.clear();
+
+      await _decisionRequests.close();
+    });
+
+    return _decisionRequests.stream;
+  }
+
+  /// Resolves whether an intent coming from [fromPackageName] targeting [url]
+  /// should be allowed through. If the user has to decide, this waits for
+  /// [resolve] to be called with the matching decision id.
+  Future<bool> shouldAllow({
+    required String? fromPackageName,
+    required String? url,
+  }) async {
+    final settings = ref.read(generalSettingsWithDefaultsProvider);
+
+    if (!settings.blockExternalAppsEnabled) {
+      return true;
+    }
+
+    // Internal / unknown callers: no package to gate on — let through.
+    if (fromPackageName == null || fromPackageName == _ownPackageName) {
+      return true;
+    }
+
+    final existing = settings.externalAppIntentPolicies[fromPackageName];
+    if (existing == IntentSourcePolicy.allow) {
+      return true;
+    }
+    if (existing == IntentSourcePolicy.block) {
+      return false;
+    }
+
+    final id = _nextId++;
+    final completer = Completer<bool>();
+    _pending[id] = completer;
+
+    _decisionRequests.add(
+      PendingIntentDecision(id: id, packageName: fromPackageName, url: url),
+    );
+
+    return completer.future;
+  }
+
+  Future<void> resolve({
+    required int id,
+    required IntentSourcePolicy decision,
+    bool persist = false,
+    String? packageName,
+  }) async {
+    final completer = _pending.remove(id);
+    completer?.complete(decision == IntentSourcePolicy.allow);
+
+    if (persist && packageName != null) {
+      await ref
+          .read(saveGeneralSettingsControllerProvider.notifier)
+          .save(
+            (current) => current.copyWith.externalAppIntentPolicies({
+              ...current.externalAppIntentPolicies,
+              packageName: decision,
+            }),
+          );
+    }
+  }
+}

apps/weblibre/lib/features/intent_gatekeeper/domain/services/intent_gatekeeper.g.dart

@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2024-2026 Fabian Freund.
+ *
+ * This file is part of WebLibre
+ * (see https://weblibre.eu).
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+import 'dart:async';
+
+import 'package:collection/collection.dart';
+import 'package:fast_equatable/fast_equatable.dart';
+import 'package:hooks_riverpod/hooks_riverpod.dart';
+import 'package:riverpod_annotation/riverpod_annotation.dart';
+import 'package:simple_intent_receiver/simple_intent_receiver.dart';
+import 'package:weblibre/core/logger.dart';
+import 'package:weblibre/features/intent_gatekeeper/domain/entities/intent_source_policy.dart';
+import 'package:weblibre/features/user/domain/repositories/general_settings.dart';
+
+part 'native_gatekeeper_replicator.g.dart';
+
+/// Mirrors the Flutter-side block list to the native side so the
+/// `IntentReceiverActivity` can reject intents without launching Flutter.
+/// Only blocked packages are replicated — allow/unknown still fall through to
+/// the Flutter gatekeeper dialog.
+@Riverpod(keepAlive: true)
+class NativeIntentGatekeeperReplicator
+    extends _$NativeIntentGatekeeperReplicator {
+  final _api = IntentGatekeeperHostApi();
+
+  Future<void> _push(
+    ({bool enabled, Map<String, IntentSourcePolicy> policies}) config,
+  ) async {
+    final blocked = config.policies.entries
+        .where((entry) => entry.value == IntentSourcePolicy.block)
+        .map((entry) => entry.key)
+        .toList();
+
+    try {
+      await _api.setConfig(config.enabled, blocked);
+    } catch (error, stackTrace) {
+      logger.e(
+        'Failed to replicate intent gatekeeper config to native',
+        error: error,
+        stackTrace: stackTrace,
+      );
+    }
+  }
+
+  @override
+  void build() {
+    ref.listen(
+      generalSettingsWithDefaultsProvider.select(
+        (settings) => EquatableValue((
+          enabled: settings.blockExternalAppsEnabled,
+          policies: settings.externalAppIntentPolicies,
+        )),
+      ),
+      fireImmediately: true,
+      (p, n) {
+        final previous = p?.value;
+        final next = n.value;
+
+        if (previous != null &&
+            previous.enabled == next.enabled &&
+            const DeepCollectionEquality.unordered().equals(
+              previous.policies,
+              next.policies,
+            )) {
+          return;
+        }
+        unawaited(_push(next));
+      },
+    );
+  }
+}