Embedded applications api

Actual Behavior

The app allows you to embed applications such as games with the lbry-package format, but they are just isolated static websites and can’t take advantage of the lbry-sdk.

Expected Behavior

I don’t exactly sure what should be the expected behavior, that’s why I’m opening this issue to discuss this feature…

If you have some ideas or thoughts on this feel free to leave a comment.

Suggested Solutions

Create an api that works like a bridge between the lbry-desktop app and the lbry-package app:

• This will allow developers to access to certain info and request some events such as sending transactions in a “secure way” directly inside the application itself.

• Users should have control of which apps can communicate to this API and what permissions and features can access.

This is possible to achieve with a preload script attached to the webview:

When disabling Node.js integration, you can still expose APIs to your website that do consume Node.js modules or features. Preload scripts continue to have access to require and other Node.js features, allowing developers to expose a custom API to remotely loaded content.

https://github.com/electron/electron/blob/master/docs/tutorial/security.md#2-do-not-enable-nodejs-integration-for-remote-content

Example

MyApp.lbry-package/index.html

<script>
    // Accessible from window.LBRY_BRIDGE ( no need to install or do any magic tricks ) 
    button.onClick = () => LBRY_BRIDGE.doSomething("Purchase a claim or send a transaction!");
</script>

Simple app handler

onDoSomething(e) => {
  // Request for permission
  const granted = requestAccess();
  if (granted) {
     // Continue and notify success...
    success();
  } else {
    // User blocked the request...
    cancel();
  }
}