Skip to content

Fix windows paths #8449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
myleshorton merged 4 commits into from
Feb 6, 2026
Merged

Fix windows paths #8449

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e53ceb9
Added windows build step
myleshorton Feb 6, 2026
49f1dbb
Added link to dev README
myleshorton Feb 6, 2026
9795ddb
Fixed windows paths
myleshorton Feb 6, 2026
b6493c5
Merge branch 'main' into myles/windows-paths
myleshorton Feb 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 8 additions & 11 deletions lib/core/utils/storage_utils.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,18 +90,15 @@ class AppStorageUtils {
static Future<Directory> getWindowsAppDataDirectory() async {
if (!Platform.isWindows) throw UnsupportedError("Not running on Windows");

final appData =
Platform.environment['APPDATA'] ?? Platform.environment['LOCALAPPDATA'];

if (appData == null || appData.isEmpty) {
final fallback = await getApplicationSupportDirectory();
final dir = Directory(fallback.path);
if (!await dir.exists()) await dir.create(recursive: true);
return dir;
// On Windows, we want to store app data in C:\Users\Public\Lantern to
// ensure that the Windows service can access it without needing to know
//the specific user profile. The Windows service will create a subdirectory
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing space after the comment marker makes this sentence harder to read; please change //the specific user profile to // the specific user profile.

Suggested change
//the specific user profile. The Windows service will create a subdirectory
// the specific user profile. The Windows service will create a subdirectory

Copilot uses AI. Check for mistakes.
// called "data" within this directory to store its own data.
final appDataPath = Platform.environment['PUBLIC'];
final appDir = Directory("$appDataPath/Lantern");
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Platform.environment['PUBLIC'] can be null/empty in some Windows execution contexts. If that happens, this will create/return a relative directory like null/Lantern (or /Lantern), which is not the intended shared app-data location. Add validation and a deterministic fallback (or throw a clear error) before constructing the directory path.

Suggested change
final appDir = Directory("$appDataPath/Lantern");
if (appDataPath == null || appDataPath.trim().isEmpty) {
throw StateError(
'The PUBLIC environment variable is not set or is empty; '
'cannot determine the shared Windows app-data directory for Lantern.',
);
}
final appDir = Directory(p.join(appDataPath, 'Lantern'));

Copilot uses AI. Check for mistakes.
if (!appDir.existsSync()) {
Comment on lines +98 to +99
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This constructs a Windows path using string interpolation and a hard-coded "/" separator even though this file already uses package:path elsewhere. Prefer p.join(appDataPath, 'Lantern') (and similar joins) to avoid subtle path formatting issues and keep path handling consistent.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This async method uses existsSync() (synchronous filesystem I/O) and then awaits create(). For consistency and to avoid blocking the isolate on slow disk/networked profiles, use the async await appDir.exists() pattern like the rest of this file.

Suggested change
if (!appDir.existsSync()) {
if (!await appDir.exists()) {

Copilot uses AI. Check for mistakes.
await appDir.create(recursive: true);
}

final appDir = Directory(p.join(appData, "Lantern"));
if (!await appDir.exists()) await appDir.create(recursive: true);
return appDir;
Comment on lines +97 to 102
Copy link

Copilot AI Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getWindowsAppDataDirectory now points to C:\Users\Public\Lantern, which on typical Windows installations is readable by all local users, and this path is used by getAppDirectory/LocalStorageService to store the ObjectBox DB containing legacyToken, token, oAuthToken, accessToken, and other sensitive user/account data. Any low-privilege local user on the same machine can read the database files under this public directory and hijack accounts or extract PII. Instead, store this data under a per-user app data directory or ensure the shared directory has restricted ACLs so only the service account and the intended user can read it.

Copilot uses AI. Check for mistakes.
}
}
Loading