Fix/open original file 688

[Akash1xe]

Fixes #688

Problem

The “Open Original File” button in the Image Details panel was not working. Clicking the button resulted in no action due to:

Use of @tauri-apps/plugin-shell, which supports URLs only and cannot open local file paths

Absence of a proper file-opening mechanism compatible with Tauri v2

Removal of the legacy tauri::api::shell::open API in Tauri v2

Solution

Migrated file and URL handling to @tauri-apps/plugin-opener, which provides native OS support for opening local files, revealing files in the system explorer, and opening external URLs in Tauri v2.

What this PR does

Introduces @tauri-apps/plugin-opener for native file and URL handling

Opens local images using the system’s default viewer

Reveals image files directly in the system file explorer

Opens location links (Google Maps) in the default browser

Adds required Tauri capability permissions

Files Updated

MediaInfoPanel.tsx

MediaView.tsx

frontend/src-tauri/capabilities/migrated.json

Verification

Open Original File opens the image correctly

Open Folder reveals the file in the OS file manager

External location links open in the browser

Verified on Windows, macOS, and Linux

Impact

Restores expected functionality

Aligns file handling with current Tauri standards

Improves overall reliability and user experience

Closes #688

Summary by CodeRabbit

• New Features

  • Geographic locations can now be opened directly in Google Maps from the media info panel.

• Improvements

  • Enhanced file and URL opening capabilities within the application.
  • Updated opener functionality with expanded permissions.

• Chores

  • Updated dependencies for improved compatibility and stability.
  • Identified one moderate security vulnerability requiring review.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR fixes the "Open Original File" button in the Image Details panel by migrating from the deprecated Tauri shell API to the tauri-plugin-opener. It updates dependencies, adds necessary Tauri capabilities, modifies the frontend component logic, and adjusts OpenAPI schema definitions.

Changes

Cohort / File(s)	Summary
OpenAPI Schema Updates docs/backend/backend_python/openapi.json	Modified face-search endpoint input_type parameter schema to use allOf wrapper around InputType reference with added title field; restricted ImageInCluster.Metadata to defined properties by removing additionalProperties allowance.
Tauri Dependency & Configuration frontend/src-tauri/Cargo.toml	Updated tauri-plugin-opener version from "2.5.2" to "2" for broader 2.x compatibility range.
Tauri Capabilities & Permissions frontend/src-tauri/capabilities/migrated.json	Expanded opener permissions to include allow-open-path, allow-open-url, and allow-default-urls with path and URL pattern specifications for https and http.
Frontend Component Logic frontend/src/components/Media/MediaInfoPanel.tsx	Replaced tauri shell open import with tauri opener (openPath, openUrl); added handler to open geographic locations via Google Maps; updated "Open Original File" action to use openPath; added location button UI trigger with error handling.
Audit Report frontend/src-tauri/2	Added npm audit report detailing package audit results, 1 moderate severity vulnerability, and remediation instructions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• OpenAPI schema changes require verification that structural wrapper and property restrictions maintain intended behavior
• Tauri capabilities configuration affects security permissions and file/URL access—warrants careful validation
• Frontend component migration involves import changes, new handler logic, and error handling patterns across location and file opening features
• Dependency version relaxation (Cargo.toml) should be verified for compatibility implications

Possibly related PRs

• fix: Open Original File Button in Image Details Panel (#536)fix: Open Original File Button in Image Details Panel (#536) #542: Both PRs modify MediaInfoPanel.tsx to change how the "Open Original File" action opens files, migrating from @tauri-apps/plugin-shell to tauri-plugin-opener with updated invoke handlers.

Suggested labels

bug, frontend

Suggested reviewers

• rahulharpal1603

Poem

🐰 A button once broken, now springs back to life,
With opener plugin and permissions so rife,
Files and URLs dance through the Tauri way,
Location maps pop, the panel says "Yay!" ✨

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	Title 'Fix/open original file 688' is specific and directly references the issue being fixed.
Linked Issues check	✅ Passed	PR successfully implements the proposed fix from issue #688: migrates to @tauri-apps/plugin-opener for file handling, updates frontend to use openPath/openUrl, and adds required capabilities.
Out of Scope Changes check	✅ Passed	All changes directly relate to fixing the 'Open Original File' functionality as described in issue #688, including plugin migration, capability permissions, and frontend updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d07d817 and 98c6ad3.

📒 Files selected for processing (5)

• docs/backend/backend_python/openapi.json (1 hunks)
• frontend/src-tauri/2 (1 hunks)
• frontend/src-tauri/Cargo.toml (1 hunks)
• frontend/src-tauri/capabilities/migrated.json (1 hunks)
• frontend/src/components/Media/MediaInfoPanel.tsx (3 hunks)

🔇 Additional comments (6)

docs/backend/backend_python/openapi.json (1)

1-2927: Clarify the scope and relationship between backend schema changes and frontend file-opening fix.

This file is the auto-generated OpenAPI documentation for the Python FastAPI backend. The PR description focuses exclusively on frontend changes (MediaInfoPanel.tsx, MediaView.tsx) and Tauri capability updates for opening local files. The inclusion of backend API schema documentation appears unrelated to the stated PR objective.

The specific schema change at lines 1114–1130 (wrapping the input_type parameter in an allOf structure with additional metadata) is valid OpenAPI 3.1.0 syntax, but its presence in this PR requires clarification:

• Was the backend code modified, triggering automatic schema regeneration?
• Are all schema changes intentional and aligned with backend implementation updates?
• Why are backend API documentation updates included in a frontend feature fix?

Confirm these details before approval.

frontend/src/components/Media/MediaInfoPanel.tsx (3)

2-2: LGTM! Correct migration to opener plugin.

The import correctly migrates from the deprecated shell plugin to the Tauri v2-compatible opener plugin, using the appropriate openPath and openUrl functions.

---

29-39: LGTM! Well-implemented location handler.

The function properly validates metadata presence, constructs a valid Google Maps URL, and includes appropriate error handling for the async operation.

---

163-174: LGTM! Correctly fixes the "Open Original File" functionality.

The migration from open to openPath is correct and directly addresses issue #688. The implementation includes proper null checks and error handling.

frontend/src-tauri/capabilities/migrated.json (1)

139-161: Verify the security implications of wildcard permissions.

The opener permissions now allow opening ANY file path ("**") and ANY HTTP/HTTPS URL ("https://*", "http://*"). While this enables the required functionality, it's quite permissive.

For an image management application where users legitimately need to open arbitrary image files and external links, these permissions are likely appropriate. However, please confirm this aligns with your application's security model and consider whether more restrictive patterns could be used.

If you want to restrict the scope, consider:

• Limiting paths to specific directories (e.g., user's Pictures, Documents)
• Restricting URLs to specific domains (e.g., only maps.google.com for location links)

Example of more restrictive URL permissions:

{
  "identifier": "opener:allow-open-url",
  "allow": [
    {
      "url": "https://maps.google.com/*"
    },
    {
      "url": "https://www.google.com/maps/*"
    }
  ]
}

frontend/src-tauri/Cargo.toml (1)

37-37: The version constraint change is safe; version 2.5.2 does not exist.

The loosened version from a non-existent "2.5.2" to "2" (any 2.x) is actually a correction rather than a risk. The latest published version of tauri-plugin-opener is v2.4.0, and the Tauri plugin ecosystem follows semantic versioning—no breaking changes occur within the 2.x line for minor or patch releases. The change allows for the current stable version and future compatible releases without introducing compatibility issues.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove accidentally committed npm audit output.

This file appears to be npm audit command output that was unintentionally committed. Build artifacts and command output should not be tracked in version control.

Apply this fix:

#!/bin/bash
# Remove the accidentally committed file
git rm frontend/src-tauri/2

Additionally, consider addressing the reported moderate severity vulnerability by running:

cd frontend/src-tauri && npm audit fix

🤖 Prompt for AI Agents

In frontend/src-tauri/2 around lines 1-12 the file contains npm audit CLI output
that was accidentally committed; remove the file from the repo (use git rm and
commit the deletion), add a rule to .gitignore to prevent committing CLI/build
output in the future, and if you want to address the reported vulnerability run
npm audit fix in frontend/src-tauri, review and commit any updated lockfile
changes.