fix: enable Open Original File using plugin-opener (closes #688)

[Akash1xe]

Fixes #688

❌ Problem

The Open Original File button was non-functional because:

@tauri-apps/plugin-shell only supports URLs, not local file paths

No backend-compatible mechanism existed for opening local files

Legacy tauri::api::shell::open API is removed in Tauri v2

✅ Solution

Migrated file and URL handling to @tauri-apps/plugin-opener, which provides native OS support in Tauri v2.

What this PR does

Introduces @tauri-apps/plugin-opener for native file and URL handling

Opens local images using the system’s default viewer

Reveals image files directly in the system file explorer

Opens location links in the default browser

Adds required Tauri capability permissions

Verification

Open Original File opens the image correctly

Open Folder reveals the file in the OS file manager

External location links open in the browser

Verified on Windows, macOS, and Linux

Impact

Restores expected functionality

Aligns file handling with current Tauri standards

Improves overall reliability and user experience

Related Issue

Closes #688

Summary by CodeRabbit

• New Features

  • Users can now open location information from media files directly in Google Maps.

• Bug Fixes

  • Updated dependencies and refined file/URL opening mechanisms for improved stability.

• Chores

  • Expanded application permissions for opening files and external URLs; updated backend API documentation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR fixes the non-functional "Open Original File" button by updating the frontend MediaInfoPanel component to use Tauri's opener plugin instead of the deprecated shell API. It also includes OpenAPI schema refinements, Tauri dependency version adjustment, and expanded opener capability permissions to support opening both files and URLs.

Changes

Cohort / File(s)	Summary
OpenAPI Schema Updates docs/backend/backend_python/openapi.json	Refactored Face Clusters /face-search endpoint's input_type query parameter from a direct schema reference to an allOf wrapper and added explicit title. Removed additionalProperties: true from ImageInCluster's Metadata field to tighten schema validation.
Tauri Dependency Updates frontend/src-tauri/Cargo.toml	Updated tauri-plugin-opener dependency from version 2.5.2 to 2, narrowing the version specification.
Tauri Capability Configuration frontend/src-tauri/capabilities/migrated.json	Expanded opener plugin permissions to include opener:allow-open-path with broad path allowance (**), opener:allow-open-url for both https://* and http://*, and opener:allow-default-urls.
Frontend Component Logic frontend/src/components/Media/MediaInfoPanel.tsx	Replaced deprecated shell open() function with openPath() for file operations and added new handleLocationClick() to open Google Maps URLs via openUrl().
npm Audit Report frontend/src-tauri/2	Standard npm audit output noting 901 up-to-date packages, 165 seeking funding, and 1 moderate severity vulnerability.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• MediaInfoPanel.tsx: Verify the replacement of shell API calls with opener plugin methods is complete and error handling is robust.
• migrated.json: Confirm that the new opener capability permissions align with the intended use cases and don't overly broaden access.
• Cargo.toml version change: Assess whether pinning to major version 2 (instead of 2.5.2) may introduce unexpected breaking changes in minor/patch updates.
• OpenAPI schema changes: Ensure the allOf wrapper modification and removal of additionalProperties do not affect existing API clients or documentation generation.

Possibly related PRs

• fix: Open Original File Button in Image Details Panel (#536)fix: Open Original File Button in Image Details Panel (#536) #542: Modifies the same MediaInfoPanel.tsx file to update file-opening functionality using Tauri shell APIs; related to this PR's approach for opening original image files.

Suggested labels

bug, frontend

Suggested reviewers

• rahulharpal1603

Poem

🐰 Buttons that once were broken, now shall work,
With opener's aid, no more shall tasks lurk—
Paths and URLs, both open wide,
Maps and files on either side,
The rabbit hops, the fix takes flight! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	❓ Inconclusive	All changes are directly aligned with fixing the Open Original File functionality via plugin-opener migration, though some OpenAPI documentation updates appear tangential to the primary objective.	Verify whether the OpenAPI schema changes in docs/backend/backend_python/openapi.json are related to issue #688 or represent separate unrelated documentation updates.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: enable Open Original File using plugin-opener (closes #688)' clearly and directly describes the main change: enabling the non-functional Open Original File feature by migrating to the plugin-opener solution.
Linked Issues check	✅ Passed	The pull request successfully addresses all coding objectives from #688: migrated to tauri-plugin-opener for file opening, implemented openPath and openUrl handlers, added required Tauri capability permissions, and verified cross-platform functionality.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

frontend/src/components/Media/MediaInfoPanel.tsx (2)

2-40: Fix lat/lon falsy checks (0.0 is valid) and encode the maps URL.
Both handleLocationClick and the render branch use truthiness checks, which will incorrectly hide/open failure for coordinates like 0 (equator/prime meridian). Use != null checks and encode the query.

 import React from 'react';
 import { openPath, openUrl } from '@tauri-apps/plugin-opener';
@@
   const handleLocationClick = async () => {
-    if (currentImage?.metadata?.latitude && currentImage?.metadata?.longitude) {
+    const lat = currentImage?.metadata?.latitude;
+    const lon = currentImage?.metadata?.longitude;
+    if (lat != null && lon != null) {
-      const { latitude, longitude } = currentImage.metadata;
-      const url = `https://maps.google.com/?q=${latitude},${longitude}`;
+      const url = `https://maps.google.com/?q=${encodeURIComponent(`${lat},${lon}`)}`;
       try {
         await openUrl(url);
       } catch (error) {
         console.error('Failed to open map URL:', error);
       }
     }
   };

---

108-121: Match the UI condition with the fixed null-check logic.
Same falsy issue in the JSX conditional.

-            {currentImage?.metadata?.latitude &&
-            currentImage?.metadata?.longitude ? (
+            {currentImage?.metadata?.latitude != null &&
+            currentImage?.metadata?.longitude != null ? (

🧹 Nitpick comments (1)

frontend/src/components/Media/MediaInfoPanel.tsx (1)

163-176: Opener migration for “Open Original File” looks correct—consider surfacing errors to users.
openPath(currentImage.path) is the right direction for Tauri v2; currently failures only go to console (might be OK, but UX could be improved with a toast/snackbar).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d07d817 and f4ba012.

📒 Files selected for processing (5)

• docs/backend/backend_python/openapi.json (1 hunks)
• frontend/src-tauri/2 (1 hunks)
• frontend/src-tauri/Cargo.toml (1 hunks)
• frontend/src-tauri/capabilities/migrated.json (1 hunks)
• frontend/src/components/Media/MediaInfoPanel.tsx (3 hunks)

🔇 Additional comments (2)

docs/backend/backend_python/openapi.json (1)

1119-1128: OpenAPI 3.1-friendly $ref decoration via allOf looks good—verify client generators.
This pattern is typically used to attach title/default/description around a $ref; just ensure any downstream tooling (client generation, validators) used by the project accepts it.

frontend/src-tauri/Cargo.toml (1)

31-38: No action needed—Rust and JS opener plugin versions already match. The tauri-plugin-opener = "2" in Cargo.toml pairs with @tauri-apps/plugin-opener@^2.5.2 in package.json, both at major version 2 and compatible.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Remove/relocate this accidental audit artifact file.
A file named frontend/src-tauri/2 with plain npm-audit output looks unintentional and doesn’t belong in src-tauri. Consider deleting it or moving it to a clearly named docs location if you want to track audit status.

🤖 Prompt for AI Agents

In frontend/src-tauri/2 (lines 1-12): this file contains accidental npm-audit
output and should not live in src-tauri; remove the file from the repository
(git rm) or move it to a proper docs or assets location with a clear name (e.g.,
docs/audit-output/npm-audit-YYYYMMDD.txt), update any references, and commit the
change; if you want to preserve audit logs going forward, add a process or
.gitignore entry so transient audit outputs aren’t accidentally committed.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the migrated.json file structure
echo "=== Migrated.json opener permissions ===" 
rg -n "opener:" frontend/src-tauri/capabilities/migrated.json -A1 -B1

echo ""
echo "=== Search for opener plugin imports ===" 
rg -r '@tauri-apps/plugin-opener' frontend/src --type ts --type tsx --type js

echo ""
echo "=== Search for openUrl calls ===" 
rg -n 'openUrl\s*\(' frontend/src --type ts --type tsx --type js -A2 -B2 || echo "No openUrl calls found"

echo ""
echo "=== Search for openPath calls ===" 
rg -n 'openPath\s*\(' frontend/src --type ts --type tsx --type js -A2 -B2 || echo "No openPath calls found"

echo ""
echo "=== Search for http:// URL patterns in frontend ===" 
rg 'http://' frontend/src --type ts --type tsx --type js | head -20

echo ""
echo "=== Search for getVersion or URL scheme patterns ===" 
rg 'allow-default-urls' frontend/src-tauri/capabilities/ -B5 -A5 || echo "No default-urls context"

Repository: AOSSIE-Org/PictoPy

Length of output: 1614

---

🏁 Script executed:

#!/bin/bash
echo "=== Search src-tauri Rust files for opener usage ===" 
find frontend/src-tauri -name "*.rs" -type f | head -20

echo ""
echo "=== Search for opener in Rust code ===" 
rg -n 'opener' frontend/src-tauri --type rust -i -A3 -B3 2>/dev/null || echo "No opener matches in Rust"

echo ""
echo "=== Search for openPath or openUrl in Rust ===" 
rg -n 'open_path|openPath|open_url|openUrl' frontend/src-tauri -i -A3 -B3 2>/dev/null || echo "No openPath/openUrl matches"

echo ""
echo "=== Check file structure in src-tauri ===" 
ls -la frontend/src-tauri/ | head -30

echo ""
echo "=== Check for any references to http in config ===" 
rg 'http://' frontend/src-tauri/capabilities/ -B2 -A2

Repository: AOSSIE-Org/PictoPy

Length of output: 2282

---

🏁 Script executed:

#!/bin/bash
echo "=== Search for Tauri command handlers or invoke patterns ===" 
rg -n '#\[command\]|#\[tauri::command\]' frontend/src-tauri/src -A5 2>/dev/null | head -40

echo ""
echo "=== Search for any async invoke or command patterns ===" 
rg -n 'invoke\s*\(|Command|command' frontend/src-tauri/src --type rust -i -A2 | head -40

echo ""
echo "=== Check what lib.rs exports ===" 
cat -n frontend/src-tauri/src/lib.rs

echo ""
echo "=== Check README or docs for opener context ===" 
find . -name "README*" -o -name "*.md" | xargs grep -l 'opener\|open.*file\|open.*url' 2>/dev/null | head -5

echo ""
echo "=== Look at git history for migrated.json changes ===" 
git log --oneline frontend/src-tauri/capabilities/migrated.json 2>/dev/null | head -10

echo ""
echo "=== Check app purpose - look at tauri.conf ===" 
cat frontend/src-tauri/tauri.conf.json

Repository: AOSSIE-Org/PictoPy

Length of output: 3068

---

🏁 Script executed:

#!/bin/bash
echo "=== Search for invocations through Tauri API calls ===" 
rg -n 'invoke.*opener|window\.__TAURI__' frontend/src --type js -A3 -B1 2>/dev/null | head -50

echo ""
echo "=== Search for references to issue 688 ===" 
rg -rn '688|Open Original File|reveal.*item' frontend/src-tauri frontend/src --type js --type rust 2>/dev/null | head -20

echo ""
echo "=== Check frontend structure ===" 
find frontend -name "*.ts" -o -name "*.tsx" | grep -v node_modules | head -20

echo ""
echo "=== Search main frontend files for any opener/url/path opens ===" 
find frontend/src -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" \) ! -path "*/node_modules/*" | head -10 | xargs cat 2>/dev/null | grep -i 'open\|url\|path' | head -30

Repository: AOSSIE-Org/PictoPy

Length of output: 1351

---

Tighten opener permissions: open-path with "**" and http://* are overly permissive for a photo management app.

The feature enables "Open Original File" (#688) but the allowlists are unnecessarily broad:

• path: "**" allows opening any file on the system; restrict to user home directory, Pictures folder, or user-selected library roots.
• http://* creates a MITM risk and is likely unnecessary (photo apps need only local file access or HTTPS for remote images).
• allow-default-urls should be removed unless explicitly required.

If the webview is exposed to XSS (the app's CSP asset scope is already broad with scope: ["**"]), these permissions increase impact. Tighten to minimum viable access.

[github-actions]

⚠️ This PR has merge conflicts.

Please resolve the merge conflicts before review.

Your PR will only be reviewed by a maintainer after all conflicts have been resolved.

📺 Watch this video to understand why conflicts occur and how to resolve them:
https://www.youtube.com/watch?v=Sqsz1-o7nXk