过程模型
Tauri 采用了类似于 Electron 或许多现代网页浏览器的多进程架构。本指南探讨了这一设计选择背后的原因以及为何它对于编写安全应用至关重要。
🌐 Tauri employs a multi-process architecture similar to Electron or many modern web browsers. This guide explores the reasons behind the design choice and why it is key to writing secure applications.
🌐 Why Multiple Processes?
在图形用户界面应用的早期阶段,通常使用单个进程来执行计算、绘制界面并响应用户输入。正如你可能猜到的那样,这意味着长时间运行且消耗资源的计算会导致用户界面无响应,或者更糟的是,应用某个组件的故障会导致整个应用崩溃。
🌐 In the early days of GUI applications, it was common to use a single process to perform computation, draw the interface and react to user input. As you can probably guess, this meant that a long-running, expensive computation would leave the user interface unresponsive, or worse, a failure in one app component would bring the whole app crashing down.
显然需要一个更具弹性的架构,应用开始在不同的进程中运行不同的组件。这更好地利用了现代多核CPU,并创建了更安全的应用。一个组件崩溃不再影响整个系统,因为组件被隔离在不同的进程中。如果一个进程进入无效状态,我们可以轻松地重新启动它。
🌐 It became clear that a more resilient architecture was needed, and applications began running different components in different processes. This makes much better use of modern multi-core CPUs and creates far safer applications. A crash in one component doesn’t affect the whole system anymore, as components are isolated on different processes. If a process gets into an invalid state, we can easily restart it.
我们还可以通过只分配每个进程所需的最低权限,从而限制潜在漏洞的影响范围,仅保证它们能够完成自己的工作。这种模式被称为[最小权限原则],你在现实生活中经常会看到。如果有一个园丁来修剪你的篱笆,你会把花园的密钥给他。你不会把房子的密钥给他;他为什么需要进入房子呢?同样的概念也适用于计算机程序。我们给予的访问权限越少,如果它们被攻破,造成的损害就越小。
🌐 We can also limit the blast radius of potential exploits by handing out only the minimum amount of permissions to each process, just enough so they can get their job done. This pattern is known as the Principle of Least Privilege, and you see it in the real world all the time. If you have a gardener coming over to trim your hedge, you give them the key to your garden. You would not give them the keys to your house; why would they need access to that? The same concept applies to computer programs. The less access we give them, the less harm they can do if they get compromised.
🌐 The Core Process
每个 Tauri 应用都有一个核心进程,它充当应用的入口点,并且是唯一具有对操作系统的完全访问权限的组件。
🌐 Each Tauri application has a core process, which acts as the application’s entry point and which is the only component with full access to the operating system.
核心的主要职责是利用该访问权限来创建和协调应用窗口、系统托盘菜单或通知。Tauri 实现了必要的跨平台抽象以简化这一过程。它还将所有[进程间通信]通过核心进程路由,使你能够在一个中心位置拦截、过滤和操作 IPC 消息。
🌐 The Core’s primary responsibility is to use that access to create and orchestrate application windows, system-tray menus, or notifications. Tauri implements the necessary cross-platform abstractions to make this easy. It also routes all Inter-Process Communication through the Core process, allowing you to intercept, filter, and manipulate IPC messages in one central place.
核心进程还应负责管理全局状态,例如设置或数据库连接。这使你可以轻松地在窗口之间同步状态,并保护你的业务敏感数据免受前端窥探。
🌐 The Core process should also be responsible for managing global state, such as settings or database connections. This allows you to easily synchronize state between windows and protect your business-sensitive data from prying eyes in the Frontend.
我们选择 Rust 来实现 Tauri,因为它的 [所有权] 概念在保证内存安全的同时保持出色的性能。
🌐 We chose Rust to implement Tauri because of its concept of Ownership guarantees memory safety while retaining excellent performance.
🌐 The WebView Process
核心进程本身并不渲染实际的用户界面(UI);它会启动 WebView 进程,这些进程使用操作系统提供的 WebView 库。WebView 是一个类似浏览器的环境,用于执行你的 HTML、CSS 和 JavaScript。
🌐 The Core process doesn’t render the actual user interface (UI) itself; it spins up WebView processes that leverage WebView libraries provided by the operating system. A WebView is a browser-like environment that executes your HTML, CSS, and JavaScript.
这意味着你在传统网页开发中使用的大多数技术和工具都可以用来创建 Tauri 应用。例如,许多 Tauri 示例都是使用 Svelte 前端框架和 Vite 打包工具编写的。
🌐 This means that most of your techniques and tools used in traditional web development can be used to create Tauri applications. For example, many Tauri examples are written using the Svelte frontend framework and the Vite bundler.
安全最佳实践也同样适用;例如,你必须始终清理用户输入,绝不要在前端处理机密信息,并且理想情况下应尽可能将业务逻辑延迟到核心进程,以保持你的攻击面尽可能小。
🌐 Security best practices apply as well; for example, you must always sanitize user input, never handle secrets in the Frontend, and ideally defer as much business logic as possible to the Core process to keep your attack surface small.
与其他类似的解决方案不同,WebView 库不会包含在你的最终可执行文件中,而是在运行时动态链接[^1]。这使你的应用_显著_更小,但这也意味着你需要考虑平台差异,就像传统的网页开发一样。
🌐 Unlike other similar solutions, the WebView libraries are not included in your final executable but dynamically linked at runtime[^1]. This makes your application significantly smaller, but it also means that you need to keep platform differences in mind, just like traditional web development.
[^1]: 目前,Tauri 在 Windows 上使用 Microsoft Edge WebView2,在 macOS 上使用 WKWebView,在 Linux 上使用 webkitgtk。
Tauri 中文网 - 粤ICP备13048890号
Nodejs.cn 旗下网站