From c0241000d0fc54a610990a7706701a5fda378eb8 Mon Sep 17 00:00:00 2001
From: William Oldham <github@binaryoverload.co.uk>
Date: Tue, 23 Jan 2024 19:32:51 +0000
Subject: [PATCH] Add semver extension version checking (#808)

* Add semver extension version checking
---
 package.json                           |  2 +
 pnpm-lock.yaml                         | 65 ++++++++++++++------------
 src/backend/extension/compatibility.ts |  6 ++-
 3 files changed, 40 insertions(+), 33 deletions(-)

diff --git a/package.json b/package.json
index c5dae16f..4468753e 100644
--- a/package.json
+++ b/package.json
@@ -63,6 +63,7 @@
     "react-sticky-el": "^2.1.0",
     "react-turnstile": "^1.1.2",
     "react-use": "^17.4.2",
+    "semver": "^7.5.4",
     "slugify": "^1.6.6",
     "subsrt-ts": "^2.1.2",
     "zustand": "^4.4.7"
@@ -87,6 +88,7 @@
     "@types/react-router-dom": "^5.3.3",
     "@types/react-stickynode": "^4.0.3",
     "@types/react-transition-group": "^4.4.10",
+    "@types/semver": "^7.5.6",
     "@typescript-eslint/eslint-plugin": "^6.15.0",
     "@typescript-eslint/parser": "^6.15.0",
     "@vitejs/plugin-react": "^4.2.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 2fda1a32..a0e60397 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -123,6 +123,9 @@ dependencies:
   react-use:
     specifier: ^17.4.2
     version: 17.4.2(react-dom@18.2.0)(react@18.2.0)
+  semver:
+    specifier: ^7.5.4
+    version: 7.5.4
   slugify:
     specifier: ^1.6.6
     version: 1.6.6
@@ -191,6 +194,9 @@ devDependencies:
   '@types/react-transition-group':
     specifier: ^4.4.10
     version: 4.4.10
+  '@types/semver':
+    specifier: ^7.5.6
+    version: 7.5.6
   '@typescript-eslint/eslint-plugin':
     specifier: ^6.15.0
     version: 6.15.0(@typescript-eslint/parser@6.15.0)(eslint@8.56.0)(typescript@5.3.3)
@@ -259,7 +265,7 @@ devDependencies:
     version: 0.5.9(prettier@3.1.1)
   rollup-plugin-visualizer:
     specifier: ^5.11.0
-    version: 5.11.0(@rollup/wasm-node@4.9.5)
+    version: 5.11.0(@rollup/wasm-node@4.9.6)
   tailwind-scrollbar:
     specifier: ^3.0.5
     version: 3.0.5(tailwindcss@3.4.0)
@@ -2048,7 +2054,7 @@ packages:
     engines: {node: '>=14.0.0'}
     dev: false
 
-  /@rollup/plugin-babel@5.3.1(@babel/core@7.23.6)(@rollup/wasm-node@4.9.5):
+  /@rollup/plugin-babel@5.3.1(@babel/core@7.23.6)(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-WFfdLWU/xVWKeRQnKmIAQULUI7Il0gZnBIH/ZFO069wYIfPu+8zrfp/KMW0atmELoRDq8FbiP3VCss9MhCut7Q==}
     engines: {node: '>= 10.0.0'}
     peerDependencies:
@@ -2061,36 +2067,36 @@ packages:
     dependencies:
       '@babel/core': 7.23.6
       '@babel/helper-module-imports': 7.22.15
-      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.5)
-      rollup: /@rollup/wasm-node@4.9.5
+      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.6)
+      rollup: /@rollup/wasm-node@4.9.6
     dev: true
 
-  /@rollup/plugin-node-resolve@11.2.1(@rollup/wasm-node@4.9.5):
+  /@rollup/plugin-node-resolve@11.2.1(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-yc2n43jcqVyGE2sqV5/YCmocy9ArjVAP/BeXyTtADTBBX6V0e5UMqwO8CdQ0kzjb6zu5P1qMzsScCMRvE9OlVg==}
     engines: {node: '>= 10.0.0'}
     peerDependencies:
       rollup: npm:@rollup/wasm-node
     dependencies:
-      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.5)
+      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.6)
       '@types/resolve': 1.17.1
       builtin-modules: 3.3.0
       deepmerge: 4.3.1
       is-module: 1.0.0
       resolve: 1.22.4
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
     dev: true
 
-  /@rollup/plugin-replace@2.4.2(@rollup/wasm-node@4.9.5):
+  /@rollup/plugin-replace@2.4.2(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-IGcu+cydlUMZ5En85jxHH4qj2hta/11BHq95iHEyb2sbgiN0eCdzvUcHw5gt9pBL5lTi4JDYJ1acCoMGpTvEZg==}
     peerDependencies:
       rollup: npm:@rollup/wasm-node
     dependencies:
-      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.5)
+      '@rollup/pluginutils': 3.1.0(@rollup/wasm-node@4.9.6)
       magic-string: 0.25.9
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
     dev: true
 
-  /@rollup/pluginutils@3.1.0(@rollup/wasm-node@4.9.5):
+  /@rollup/pluginutils@3.1.0(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-GksZ6pr6TpIjHm8h9lSQ8pi8BE9VeubNT0OMJ3B5uZJ8pz73NPiqOtCog/x2/QzM1ENChPKxMDhiQuRHsqc+lg==}
     engines: {node: '>= 8.0.0'}
     peerDependencies:
@@ -2099,7 +2105,7 @@ packages:
       '@types/estree': 0.0.39
       estree-walker: 1.0.1
       picomatch: 2.3.1
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
     dev: true
 
   /@rollup/wasm-node@4.9.4:
@@ -2112,8 +2118,8 @@ packages:
       fsevents: 2.3.3
     dev: true
 
-  /@rollup/wasm-node@4.9.5:
-    resolution: {integrity: sha512-Xhabb9BwobkC3NFnI9spB+AvHt+iXruRAtBZRlrCDaBnkT7hWUcSF+J+T/nW/qqqGKtYJ/1RzBRv6vCCxEIgpg==}
+  /@rollup/wasm-node@4.9.6:
+    resolution: {integrity: sha512-B3FpAkroTE6q+MRHzv8XLBgPbxdjJiy5UnduZNQ/4lxeF1JT2O/OAr0JPpXeRG/7zpKm/kdqU/4m6AULhmnSqw==}
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
     hasBin: true
     dependencies:
@@ -2334,8 +2340,8 @@ packages:
   /@types/scheduler@0.16.3:
     resolution: {integrity: sha512-5cJ8CB4yAx7BH1oMvdU0Jh9lrEXyPkar6F9G/ERswkCuvP4KQZfZkSjcMbAICCpQTN4OuZn8tz0HiKv9TGZgrQ==}
 
-  /@types/semver@7.5.1:
-    resolution: {integrity: sha512-cJRQXpObxfNKkFAZbJl2yjWtJCqELQIdShsogr1d2MilP8dKD9TE/nEKHkJgUNHdGKCQaf9HbIynuV2csLGVLg==}
+  /@types/semver@7.5.6:
+    resolution: {integrity: sha512-dn1l8LaMea/IjDoHNd9J52uBbInB796CDffS6VdIxvqYCPSG0V0DzHp76GpaWnlhg88uYyPbXCDIowa86ybd5A==}
     dev: true
 
   /@types/trusted-types@2.0.3:
@@ -2454,7 +2460,7 @@ packages:
     dependencies:
       '@eslint-community/eslint-utils': 4.4.0(eslint@8.56.0)
       '@types/json-schema': 7.0.12
-      '@types/semver': 7.5.1
+      '@types/semver': 7.5.6
       '@typescript-eslint/scope-manager': 6.15.0
       '@typescript-eslint/types': 6.15.0
       '@typescript-eslint/typescript-estree': 6.15.0(typescript@5.3.3)
@@ -5033,7 +5039,6 @@ packages:
     engines: {node: '>=10'}
     dependencies:
       yallist: 4.0.0
-    dev: true
 
   /magic-string@0.25.9:
     resolution: {integrity: sha512-RmF0AsMzgt25qzqqLc1+MbHmhdx0ojF2Fvs4XnOqz2ZOBXzzkEwc/dJQZCYHAn7v1jbVOjAZfK8msRn4BxO4VQ==}
@@ -5079,7 +5084,7 @@ packages:
       '@babel/plugin-syntax-typescript': 7.23.3(@babel/core@7.23.6)
       '@babel/types': 7.23.6
       kleur: 4.1.5
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
       unplugin: 1.5.1
     transitivePeerDependencies:
       - supports-color
@@ -6007,7 +6012,7 @@ packages:
       glob: 7.2.3
     dev: true
 
-  /rollup-plugin-terser@7.0.2(@rollup/wasm-node@4.9.5):
+  /rollup-plugin-terser@7.0.2(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-w3iIaU4OxcF52UUXiZNsNeuXIMDvFrr+ZXK6bFZ0Q60qyVfq4uLptoS4bbq3paG3x216eQllFZX7zt6TIImguQ==}
     deprecated: This package has been deprecated and is no longer maintained. Please use @rollup/plugin-terser
     peerDependencies:
@@ -6015,12 +6020,12 @@ packages:
     dependencies:
       '@babel/code-frame': 7.23.5
       jest-worker: 26.6.2
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
       serialize-javascript: 4.0.0
       terser: 5.19.3
     dev: true
 
-  /rollup-plugin-visualizer@5.11.0(@rollup/wasm-node@4.9.5):
+  /rollup-plugin-visualizer@5.11.0(@rollup/wasm-node@4.9.6):
     resolution: {integrity: sha512-exM0Ms2SN3AgTzMeW7y46neZQcyLY7eKwWAop1ZoRTCZwyrIRdMMJ6JjToAJbML77X/9N8ZEpmXG4Z/Clb9k8g==}
     engines: {node: '>=14'}
     hasBin: true
@@ -6032,7 +6037,7 @@ packages:
     dependencies:
       open: 8.4.2
       picomatch: 2.3.1
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
       source-map: 0.7.4
       yargs: 17.7.2
     dev: true
@@ -6146,7 +6151,6 @@ packages:
     hasBin: true
     dependencies:
       lru-cache: 6.0.0
-    dev: true
 
   /serialize-javascript@4.0.0:
     resolution: {integrity: sha512-GaNA54380uFefWghODBWEGisLZFj00nS5ACs6yHa9nLqlLpVLO8ChDGeKRjZnV4Nh4n0Qi7nhYZD/9fCPzEqkw==}
@@ -7015,7 +7019,7 @@ packages:
       '@types/node': 20.10.5
       esbuild: 0.19.10
       postcss: 8.4.32
-      rollup: /@rollup/wasm-node@4.9.5
+      rollup: /@rollup/wasm-node@4.9.6
     optionalDependencies:
       fsevents: 2.3.3
     dev: true
@@ -7277,9 +7281,9 @@ packages:
       '@babel/core': 7.23.6
       '@babel/preset-env': 7.23.6(@babel/core@7.23.6)
       '@babel/runtime': 7.23.6
-      '@rollup/plugin-babel': 5.3.1(@babel/core@7.23.6)(@rollup/wasm-node@4.9.5)
-      '@rollup/plugin-node-resolve': 11.2.1(@rollup/wasm-node@4.9.5)
-      '@rollup/plugin-replace': 2.4.2(@rollup/wasm-node@4.9.5)
+      '@rollup/plugin-babel': 5.3.1(@babel/core@7.23.6)(@rollup/wasm-node@4.9.6)
+      '@rollup/plugin-node-resolve': 11.2.1(@rollup/wasm-node@4.9.6)
+      '@rollup/plugin-replace': 2.4.2(@rollup/wasm-node@4.9.6)
       '@surma/rollup-plugin-off-main-thread': 2.2.3
       ajv: 8.12.0
       common-tags: 1.8.2
@@ -7288,8 +7292,8 @@ packages:
       glob: 7.2.3
       lodash: 4.17.21
       pretty-bytes: 5.6.0
-      rollup: /@rollup/wasm-node@4.9.5
-      rollup-plugin-terser: 7.0.2(@rollup/wasm-node@4.9.5)
+      rollup: /@rollup/wasm-node@4.9.6
+      rollup-plugin-terser: 7.0.2(@rollup/wasm-node@4.9.6)
       source-map: 0.8.0-beta.0
       stringify-object: 3.3.0
       strip-comments: 2.0.1
@@ -7456,7 +7460,6 @@ packages:
 
   /yallist@4.0.0:
     resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==}
-    dev: true
 
   /yaml@2.3.2:
     resolution: {integrity: sha512-N/lyzTPaJasoDmfV7YTrYCI0G/3ivm/9wdG0aHuheKowWQwGTsK0Eoiw6utmzAnI6pkJa0DUVygvp3spqqEKXg==}
diff --git a/src/backend/extension/compatibility.ts b/src/backend/extension/compatibility.ts
index 31471d26..53ffd7a1 100644
--- a/src/backend/extension/compatibility.ts
+++ b/src/backend/extension/compatibility.ts
@@ -1,5 +1,7 @@
-const allowedExtensionVersion = ["0.0.1"];
+import { satisfies } from "semver";
+
+const allowedExtensionRange = "~1.0.0";
 
 export function isAllowedExtensionVersion(version: string): boolean {
-  return allowedExtensionVersion.includes(version);
+  return satisfies(version, allowedExtensionRange);
 }