1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108


content / browser / media / capture / sub_capture_target_id_web_contents_helper.h [blame]

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_MEDIA_CAPTURE_SUB_CAPTURE_TARGET_ID_WEB_CONTENTS_HELPER_H_
#define CONTENT_BROWSER_MEDIA_CAPTURE_SUB_CAPTURE_TARGET_ID_WEB_CONTENTS_HELPER_H_

#include <string>
#include <vector>

#include "base/functional/callback.h"
#include "base/token.h"
#include "base/uuid.h"
#include "build/build_config.h"
#include "content/browser/renderer_host/render_frame_host_impl.h"
#include "content/common/content_export.h"
#include "content/public/browser/global_routing_id.h"
#include "content/public/browser/navigation_handle.h"
#include "content/public/browser/web_contents.h"
#include "content/public/browser/web_contents_observer.h"
#include "content/public/browser/web_contents_user_data.h"
#include "media/capture/mojom/video_capture_types.mojom.h"

#if BUILDFLAG(IS_ANDROID)
#error Region Capture not supported on Android.
#endif

namespace content {

class NavigationHandle;

class CONTENT_EXPORT SubCaptureTargetIdWebContentsHelper final
    : public WebContentsObserver,
      public WebContentsUserData<SubCaptureTargetIdWebContentsHelper> {
 public:
  using Type = media::mojom::SubCaptureTargetType;

  // Limits the number of SubCaptureTargetIds a given Web-application can
  // produce of a given type, so as to limit the potential for abuse.
  // Known and accepted issue - embedded iframes can be intentionally disruptive
  // by producing too many IDs. It's up to the Web-application to not
  // embed such iframes.
  constexpr static size_t kMaxIdsPerWebContents = 100;

  // Returns the WebContents associated with a given GlobalRenderFrameHostId.
  //
  // This would normally be the WebContents for that very RFH.
  // But if the relevant setting is set in ContentBrowserClient,
  // this function returns the WebContents for the *outermost* main frame
  // or embedder, traversing the parent tree across <iframe> and <webview>
  // boundaries.
  //
  // If no such WebContents is found, nullptr is returned.
  static WebContents* GetRelevantWebContents(GlobalRenderFrameHostId rfh_id);

  explicit SubCaptureTargetIdWebContentsHelper(WebContents* web_contents);
  SubCaptureTargetIdWebContentsHelper(
      const SubCaptureTargetIdWebContentsHelper&) = delete;
  SubCaptureTargetIdWebContentsHelper& operator=(
      const SubCaptureTargetIdWebContentsHelper&) = delete;
  ~SubCaptureTargetIdWebContentsHelper() final;

  // Produces a new SubCaptureTargetId, records its association with
  // this WebContents and returns it.
  // This method can soft-fail if invoked more than |kMaxIdsPerWebContents|
  // times for a given WebContents.
  // Failure is signaled by returning an empty string.
  std::string ProduceId(Type type);

  // Checks whether this WebContents is associated with a SubCaptureTargetId.
  // This allows us to check whether a call to cropTo() or restrictTo()
  // by the Web-application is permitted.
  bool IsAssociatedWith(const base::Token& id, Type type) const;

 protected:
  // TODO(crbug.com/40203554): Remove this local copy of GUIDToToken().
  // It is copy of a function that is not currently visible from the browser
  // process. It should be made visible to the browser process and reused
  // rather than redefined. It is defined as protected so that unit tests
  // can use it, too.
  static base::Token GUIDToToken(const base::Uuid& guid);

 private:
  friend class WebContentsUserData<SubCaptureTargetIdWebContentsHelper>;
  friend class SubCaptureTargetIdWebContentsHelperTest;

  // WebContentsObserver implementation.
  // Cross-document navigation of the top-level document discards all
  // SubCaptureTargetIds associated with the top-level WebContents.
  // TODO(crbug.com/40203554): Record per RFH and treat its navigation.
  void ReadyToCommitNavigation(NavigationHandle* navigation_handle) final;

  // Forgets all associations of SubCaptureTargetIds to this WebContents.
  // TODO(crbug.com/40203554): Clear per-RFH or throughout.
  void ClearIds();

  // Records which SubCaptureTargetIds are associated with this WebContents.
  // At most |kMaxIdsPerWebContents| of each type, as discussed where
  // |kMaxIdsPerWebContents| is defined.
  std::vector<base::Token> crop_ids_;
  std::vector<base::Token> restriction_ids_;

  WEB_CONTENTS_USER_DATA_KEY_DECL();
};

}  // namespace content

#endif  // CONTENT_BROWSER_MEDIA_CAPTURE_SUB_CAPTURE_TARGET_ID_WEB_CONTENTS_HELPER_H_