Implement experimental REST API endpoints for plugins (#7279)

* Implement experimental REST API endpoints for plugins

* Updates per feedback and rebase

* Update tests

* Further updates

* Update extraction of plugins

* Use OS temp dir for plugins instead of search path

* Fail extraction on paths that attempt to traverse upward

* Update pluginenv ActivePlugins()

28 files changed, 965 insertions, 76 deletions

diff --git a/api4/api.go b/api4/api.go
index 8ed94c193..3a4f2c412 100644
--- a/api4/api.go
+++ b/api4/api.go
@@ -53,6 +53,9 @@ type Routes struct {
 	Files *mux.Router // 'api/v4/files'
 	File  *mux.Router // 'api/v4/files/{file_id:[A-Za-z0-9]+}'
 
+	Plugins *mux.Router // 'api/v4/plugins'
+	Plugin  *mux.Router // 'api/v4/plugins/{plugin_id:[A-Za-z0-9_-]+}'
+
 	PublicFile *mux.Router // 'files/{file_id:[A-Za-z0-9]+}/public'
 
 	Commands *mux.Router // 'api/v4/commands'
@@ -146,6 +149,9 @@ func InitApi(full bool) {
 	BaseRoutes.File = BaseRoutes.Files.PathPrefix("/{file_id:[A-Za-z0-9]+}").Subrouter()
 	BaseRoutes.PublicFile = BaseRoutes.Root.PathPrefix("/files/{file_id:[A-Za-z0-9]+}/public").Subrouter()
 
+	BaseRoutes.Plugins = BaseRoutes.ApiRoot.PathPrefix("/plugins").Subrouter()
+	BaseRoutes.Plugin = BaseRoutes.Plugins.PathPrefix("/{plugin_id:[A-Za-z0-9\\_\\-]+}").Subrouter()
+
 	BaseRoutes.Commands = BaseRoutes.ApiRoot.PathPrefix("/commands").Subrouter()
 	BaseRoutes.Command = BaseRoutes.Commands.PathPrefix("/{command_id:[A-Za-z0-9]+}").Subrouter()
 
@@ -205,6 +211,7 @@ func InitApi(full bool) {
 	InitReaction()
 	InitWebrtc()
 	InitOpenGraph()
+	InitPlugin()
 
 	app.Srv.Router.Handle("/api/v4/{anything:.*}", http.HandlerFunc(Handle404))
 
diff --git a/api4/context.go b/api4/context.go
index 3ea67b30c..2c0e54ea0 100644
--- a/api4/context.go
+++ b/api4/context.go
@@ -428,6 +428,18 @@ func (c *Context) RequireFileId() *Context {
 	return c
 }
 
+func (c *Context) RequirePluginId() *Context {
+	if c.Err != nil {
+		return c
+	}
+
+	if len(c.Params.PluginId) == 0 {
+		c.SetInvalidUrlParam("plugin_id")
+	}
+
+	return c
+}
+
 func (c *Context) RequireReportId() *Context {
 	if c.Err != nil {
 		return c
diff --git a/api4/params.go b/api4/params.go
index 8b1d0febe..1f0fe8e63 100644
--- a/api4/params.go
+++ b/api4/params.go
@@ -24,6 +24,7 @@ type ApiParams struct {
 	ChannelId      string
 	PostId         string
 	FileId         string
+	PluginId       string
 	CommandId      string
 	HookId         string
 	ReportId       string
@@ -78,6 +79,10 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
 		params.FileId = val
 	}
 
+	if val, ok := props["plugin_id"]; ok {
+		params.PluginId = val
+	}
+
 	if val, ok := props["command_id"]; ok {
 		params.CommandId = val
 	}
diff --git a/api4/plugin.go b/api4/plugin.go
new file mode 100644
index 000000000..109695174
--- /dev/null
+++ b/api4/plugin.go
@@ -0,0 +1,120 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+// EXPERIMENTAL - SUBJECT TO CHANGE
+
+package api4
+
+import (
+	"net/http"
+
+	l4g "github.com/alecthomas/log4go"
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/utils"
+)
+
+const (
+	MAXIMUM_PLUGIN_FILE_SIZE = 50 * 1024 * 1024
+)
+
+func InitPlugin() {
+	l4g.Debug("EXPERIMENTAL: Initializing plugin api")
+
+	BaseRoutes.Plugins.Handle("", ApiSessionRequired(uploadPlugin)).Methods("POST")
+	BaseRoutes.Plugins.Handle("", ApiSessionRequired(getPlugins)).Methods("GET")
+	BaseRoutes.Plugin.Handle("", ApiSessionRequired(removePlugin)).Methods("DELETE")
+
+}
+
+func uploadPlugin(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !*utils.Cfg.PluginSettings.Enable {
+		c.Err = model.NewAppError("uploadPlugin", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	if err := r.ParseMultipartForm(MAXIMUM_PLUGIN_FILE_SIZE); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	m := r.MultipartForm
+
+	pluginArray, ok := m.File["plugin"]
+	if !ok {
+		c.Err = model.NewAppError("uploadPlugin", "api.plugin.upload.no_file.app_error", nil, "", http.StatusBadRequest)
+		return
+	}
+
+	if len(pluginArray) <= 0 {
+		c.Err = model.NewAppError("uploadPlugin", "api.plugin.upload.array.app_error", nil, "", http.StatusBadRequest)
+		return
+	}
+
+	file, err := pluginArray[0].Open()
+	if err != nil {
+		c.Err = model.NewAppError("uploadPlugin", "api.plugin.upload.file.app_error", nil, "", http.StatusBadRequest)
+		return
+	}
+	defer file.Close()
+
+	manifest, unpackErr := app.UnpackAndActivatePlugin(file)
+
+	if unpackErr != nil {
+		c.Err = unpackErr
+		return
+	}
+
+	w.WriteHeader(http.StatusCreated)
+	w.Write([]byte(manifest.ToJson()))
+}
+
+func getPlugins(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !*utils.Cfg.PluginSettings.Enable {
+		c.Err = model.NewAppError("getPlugins", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	manifests, err := app.GetActivePluginManifests()
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	w.Write([]byte(model.ManifestListToJson(manifests)))
+}
+
+func removePlugin(c *Context, w http.ResponseWriter, r *http.Request) {
+	c.RequirePluginId()
+	if c.Err != nil {
+		return
+	}
+
+	if !*utils.Cfg.PluginSettings.Enable {
+		c.Err = model.NewAppError("getPlugins", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+		return
+	}
+
+	if !app.SessionHasPermissionTo(c.Session, model.PERMISSION_MANAGE_SYSTEM) {
+		c.SetPermissionError(model.PERMISSION_MANAGE_SYSTEM)
+		return
+	}
+
+	err := app.RemovePlugin(c.Params.PluginId)
+	if err != nil {
+		c.Err = err
+		return
+	}
+
+	ReturnStatusOK(w)
+}
diff --git a/api4/plugin_test.go b/api4/plugin_test.go
new file mode 100644
index 000000000..c1d6c987c
--- /dev/null
+++ b/api4/plugin_test.go
@@ -0,0 +1,115 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package api4
+
+import (
+	"bytes"
+	"io/ioutil"
+	"os"
+	"testing"
+
+	"github.com/mattermost/platform/app"
+	"github.com/mattermost/platform/utils"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPlugin(t *testing.T) {
+	pluginDir, err := ioutil.TempDir("", "mm-plugin-test")
+	require.NoError(t, err)
+	defer func() {
+		os.RemoveAll(pluginDir)
+	}()
+	webappDir, err := ioutil.TempDir("", "mm-webapp-test")
+	require.NoError(t, err)
+	defer func() {
+		os.RemoveAll(webappDir)
+	}()
+
+	th := Setup().InitBasic().InitSystemAdmin()
+	defer TearDown()
+
+	app.StartupPlugins(pluginDir, webappDir)
+
+	enablePlugins := *utils.Cfg.PluginSettings.Enable
+	defer func() {
+		*utils.Cfg.PluginSettings.Enable = enablePlugins
+	}()
+	*utils.Cfg.PluginSettings.Enable = true
+
+	path, _ := utils.FindDir("tests")
+	file, err := os.Open(path + "/testplugin.tar.gz")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer file.Close()
+
+	// Successful upload
+	manifest, resp := th.SystemAdminClient.UploadPlugin(file)
+	defer func() {
+		os.RemoveAll("plugins/testplugin")
+	}()
+	CheckNoError(t, resp)
+
+	assert.Equal(t, "testplugin", manifest.Id)
+
+	// Upload error cases
+	_, resp = th.SystemAdminClient.UploadPlugin(bytes.NewReader([]byte("badfile")))
+	CheckBadRequestStatus(t, resp)
+
+	*utils.Cfg.PluginSettings.Enable = false
+	_, resp = th.SystemAdminClient.UploadPlugin(file)
+	CheckNotImplementedStatus(t, resp)
+
+	*utils.Cfg.PluginSettings.Enable = true
+	_, resp = th.Client.UploadPlugin(file)
+	CheckForbiddenStatus(t, resp)
+
+	// Successful get
+	manifests, resp := th.SystemAdminClient.GetPlugins()
+	CheckNoError(t, resp)
+
+	found := false
+	for _, m := range manifests {
+		if m.Id == manifest.Id {
+			found = true
+		}
+	}
+
+	assert.True(t, found)
+
+	// Get error cases
+	*utils.Cfg.PluginSettings.Enable = false
+	_, resp = th.SystemAdminClient.GetPlugins()
+	CheckNotImplementedStatus(t, resp)
+
+	*utils.Cfg.PluginSettings.Enable = true
+	_, resp = th.Client.GetPlugins()
+	CheckForbiddenStatus(t, resp)
+
+	// Successful remove
+	ok, resp := th.SystemAdminClient.RemovePlugin(manifest.Id)
+	CheckNoError(t, resp)
+
+	assert.True(t, ok)
+
+	// Remove error cases
+	ok, resp = th.SystemAdminClient.RemovePlugin(manifest.Id)
+	CheckBadRequestStatus(t, resp)
+
+	assert.False(t, ok)
+
+	*utils.Cfg.PluginSettings.Enable = false
+	_, resp = th.SystemAdminClient.RemovePlugin(manifest.Id)
+	CheckNotImplementedStatus(t, resp)
+
+	*utils.Cfg.PluginSettings.Enable = true
+	_, resp = th.Client.RemovePlugin(manifest.Id)
+	CheckForbiddenStatus(t, resp)
+
+	_, resp = th.SystemAdminClient.RemovePlugin("bad.id")
+	CheckNotFoundStatus(t, resp)
+
+	app.Srv.PluginEnv = nil
+}
diff --git a/api4/system.go b/api4/system.go
index 2ad408e13..8f98afedb 100644
--- a/api4/system.go
+++ b/api4/system.go
@@ -244,6 +244,7 @@ func getClientConfig(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	respCfg["NoAccounts"] = strconv.FormatBool(app.IsFirstUserAccount())
+	respCfg["Plugins"] = app.GetPluginsForClientConfig()
 
 	w.Write([]byte(model.MapToJson(respCfg)))
 }
diff --git a/app/plugins.go b/app/plugins.go
index 82eda067c..51f6414a3 100644
--- a/app/plugins.go
+++ b/app/plugins.go
@@ -5,7 +5,12 @@ package app
 
 import (
 	"encoding/json"
+	"io"
+	"io/ioutil"
 	"net/http"
+	"os"
+	"path/filepath"
+	"strings"
 
 	l4g "github.com/alecthomas/log4go"
 
@@ -84,3 +89,142 @@ func InitPlugins() {
 		p.OnConfigurationChange()
 	}
 }
+
+func ActivatePlugins() {
+	if Srv.PluginEnv == nil {
+		l4g.Error("plugin env not initialized")
+		return
+	}
+
+	plugins, err := Srv.PluginEnv.Plugins()
+	if err != nil {
+		l4g.Error("failed to start up plugins: " + err.Error())
+		return
+	}
+
+	for _, plugin := range plugins {
+		err := Srv.PluginEnv.ActivatePlugin(plugin.Manifest.Id)
+		if err != nil {
+			l4g.Error(err.Error())
+		}
+		l4g.Info("Activated %v plugin", plugin.Manifest.Id)
+	}
+}
+
+func UnpackAndActivatePlugin(pluginFile io.Reader) (*model.Manifest, *model.AppError) {
+	if Srv.PluginEnv == nil || !*utils.Cfg.PluginSettings.Enable {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	tmpDir, err := ioutil.TempDir("", "plugintmp")
+	if err != nil {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.temp_dir.app_error", nil, err.Error(), http.StatusInternalServerError)
+	}
+	defer func() {
+		os.RemoveAll(tmpDir)
+	}()
+
+	filenames, err := utils.ExtractTarGz(pluginFile, tmpDir)
+	if err != nil {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.extract.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	if len(filenames) == 0 {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.no_files.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	splitPath := strings.Split(filenames[0], string(os.PathSeparator))
+
+	if len(splitPath) == 0 {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.bad_path.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	manifestDir := filepath.Join(tmpDir, splitPath[0])
+
+	manifest, _, err := model.FindManifest(manifestDir)
+	if err != nil {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.manifest.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	os.Rename(manifestDir, filepath.Join(Srv.PluginEnv.SearchPath(), manifest.Id))
+	if err != nil {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.mvdir.app_error", nil, err.Error(), http.StatusInternalServerError)
+	}
+
+	// Should add manifest validation and error handling here
+
+	err = Srv.PluginEnv.ActivatePlugin(manifest.Id)
+	if err != nil {
+		return nil, model.NewAppError("UnpackAndActivatePlugin", "app.plugin.activate.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	return manifest, nil
+}
+
+func GetActivePluginManifests() ([]*model.Manifest, *model.AppError) {
+	if Srv.PluginEnv == nil || !*utils.Cfg.PluginSettings.Enable {
+		return nil, model.NewAppError("GetActivePluginManifests", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	plugins, err := Srv.PluginEnv.ActivePlugins()
+	if err != nil {
+		return nil, model.NewAppError("GetActivePluginManifests", "app.plugin.get_plugins.app_error", nil, err.Error(), http.StatusInternalServerError)
+	}
+
+	manifests := make([]*model.Manifest, len(plugins))
+	for i, plugin := range plugins {
+		manifests[i] = plugin.Manifest
+	}
+
+	return manifests, nil
+}
+
+func RemovePlugin(id string) *model.AppError {
+	if Srv.PluginEnv == nil || !*utils.Cfg.PluginSettings.Enable {
+		return model.NewAppError("RemovePlugin", "app.plugin.disabled.app_error", nil, "", http.StatusNotImplemented)
+	}
+
+	err := Srv.PluginEnv.DeactivatePlugin(id)
+	if err != nil {
+		return model.NewAppError("RemovePlugin", "app.plugin.deactivate.app_error", nil, err.Error(), http.StatusBadRequest)
+	}
+
+	err = os.RemoveAll(filepath.Join(Srv.PluginEnv.SearchPath(), id))
+	if err != nil {
+		return model.NewAppError("RemovePlugin", "app.plugin.remove.app_error", nil, err.Error(), http.StatusInternalServerError)
+	}
+
+	return nil
+}
+
+// Temporary WIP function/type for experimental webapp plugins
+type ClientConfigPlugin struct {
+	Id         string `json:"id"`
+	BundlePath string `json:"bundle_path"`
+}
+
+func GetPluginsForClientConfig() string {
+	if Srv.PluginEnv == nil || !*utils.Cfg.PluginSettings.Enable {
+		return ""
+	}
+
+	plugins, err := Srv.PluginEnv.ActivePlugins()
+	if err != nil {
+		return ""
+	}
+
+	pluginsConfig := []ClientConfigPlugin{}
+	for _, plugin := range plugins {
+		if plugin.Manifest.Webapp == nil {
+			continue
+		}
+		pluginsConfig = append(pluginsConfig, ClientConfigPlugin{Id: plugin.Manifest.Id, BundlePath: plugin.Manifest.Webapp.BundlePath})
+	}
+
+	b, err := json.Marshal(pluginsConfig)
+	if err != nil {
+		return ""
+	}
+
+	return string(b)
+}
diff --git a/app/server.go b/app/server.go
index b83aa9506..c3bcd562d 100644
--- a/app/server.go
+++ b/app/server.go
@@ -7,6 +7,7 @@ import (
 	"crypto/tls"
 	"net"
 	"net/http"
+	"os"
 	"strings"
 	"time"
 
@@ -19,6 +20,7 @@ import (
 	"gopkg.in/throttled/throttled.v2/store/memstore"
 
 	"github.com/mattermost/platform/model"
+	"github.com/mattermost/platform/plugin/pluginenv"
 	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 )
@@ -28,6 +30,7 @@ type Server struct {
 	WebSocketRouter *WebSocketRouter
 	Router          *mux.Router
 	GracefulServer  *graceful.Server
+	PluginEnv       *pluginenv.Environment
 }
 
 var allowedMethods []string = []string{
@@ -186,6 +189,10 @@ func StartServer() {
 		}()
 	}
 
+	if *utils.Cfg.PluginSettings.Enable {
+		StartupPlugins("plugins", "webapp/dist")
+	}
+
 	go func() {
 		var err error
 		if *utils.Cfg.ServiceSettings.ConnectionSecurity == model.CONN_SECURITY_TLS {
@@ -223,3 +230,28 @@ func StopServer() {
 
 	l4g.Info(utils.T("api.server.stop_server.stopped.info"))
 }
+
+func StartupPlugins(pluginPath, webappPath string) {
+	l4g.Info("Starting up plugins")
+
+	err := os.Mkdir(pluginPath, 0744)
+	if err != nil {
+		if os.IsExist(err) {
+			err = nil
+		} else {
+			l4g.Error("failed to start up plugins: " + err.Error())
+			return
+		}
+	}
+
+	Srv.PluginEnv, err = pluginenv.New(
+		pluginenv.SearchPath(pluginPath),
+		pluginenv.WebappPath(webappPath),
+	)
+
+	if err != nil {
+		l4g.Error("failed to start up plugins: " + err.Error())
+	}
+
+	ActivatePlugins()
+}
diff --git a/config/default.json b/config/default.json
index e0d3ec53c..1c772c4ff 100644
--- a/config/default.json
+++ b/config/default.json
@@ -314,6 +314,7 @@
         "RunScheduler": true
     },
     "PluginSettings": {
+        "Enable": false,
         "Plugins": {}
     }
 }
diff --git a/i18n/en.json b/i18n/en.json
index af93ef775..794424aff 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -404,6 +404,62 @@
     "translation": "Invalid permissions to delete command"
   },
   {
+    "id": "app.plugin.disabled.app_error",
+    "translation": "Plugins have been disabled by the system admin or the server has not been restarted since they were enabled."
+  },
+  {
+    "id": "app.plugin.disabled.app_error",
+    "translation": ""
+  },
+  {
+    "id": "app.plugin.extract.app_error",
+    "translation": "Encountered error extracting plugin"
+  },
+  {
+    "id": "app.plugin.no_files.app_error",
+    "translation": "No files found in the compressed folder"
+  },
+  {
+    "id": "app.plugin.bad_path.app_error",
+    "translation": "Bad file path in extracted files"
+  },
+  {
+    "id": "app.plugin.manifest.app_error",
+    "translation": "Unable to find manifest for extracted plugin"
+  },
+  {
+    "id": "app.plugin.mvdir.app_error",
+    "translation": "Unable to move plugin from temporary directory to final destination"
+  },
+  {
+    "id": "app.plugin.activate.app_error",
+    "translation": "Unable to activate extracted plugin. Plugin may already exist and be activated."
+  },
+  {
+    "id": "app.plugin.get_plugins.app_error",
+    "translation": "Unable to get active plugins"
+  },
+  {
+    "id": "app.plugin.deactivate.app_error",
+    "translation": "Unable to deactivate plugin"
+  },
+  {
+    "id": "app.plugin.remove.app_error",
+    "translation": "Unable to delete plugin"
+  },
+  {
+    "id": "api.plugin.upload.no_file.app_error",
+    "translation": "Missing file in multipart/form request"
+  },
+  {
+    "id": "api.plugin.upload.array.app_error",
+    "translation": "File array is empty in multipart/form request"
+  },
+  {
+    "id": "api.plugin.upload.file.app_error",
+    "translation": "Unable to open file in multipart/form request"
+  },
+  {
     "id": "api.command.disabled.app_error",
     "translation": "Commands have been disabled by the system admin."
   },
@@ -4188,6 +4244,10 @@
     "translation": "Invalid user id"
   },
   {
+    "id": "model.client.writer.app_error",
+    "translation": "Unable to build multipart request"
+  },
+  {
     "id": "model.client.connecting.app_error",
     "translation": "We encountered an error while connecting to the server"
   },
diff --git a/plugin/bundle_info.go b/model/bundle_info.go
index 9dc47ceea..67b5dd0ed 100644
--- a/plugin/bundle_info.go
+++ b/model/bundle_info.go
@@ -1,4 +1,4 @@
-package plugin
+package model
 
 type BundleInfo struct {
 	Path string
diff --git a/plugin/bundle_info_test.go b/model/bundle_info_test.go
index 94a0c624f..e94a5cb64 100644
--- a/plugin/bundle_info_test.go
+++ b/model/bundle_info_test.go
@@ -1,4 +1,4 @@
-package plugin
+package model
 
 import (
 	"io/ioutil"
diff --git a/model/client4.go b/model/client4.go
index 26ea6ee03..badb60a2a 100644
--- a/model/client4.go
+++ b/model/client4.go
@@ -178,6 +178,14 @@ func (c *Client4) GetFileRoute(fileId string) string {
 	return fmt.Sprintf(c.GetFilesRoute()+"/%v", fileId)
 }
 
+func (c *Client4) GetPluginsRoute() string {
+	return fmt.Sprintf("/plugins")
+}
+
+func (c *Client4) GetPluginRoute(pluginId string) string {
+	return fmt.Sprintf(c.GetPluginsRoute()+"/%v", pluginId)
+}
+
 func (c *Client4) GetSystemRoute() string {
 	return fmt.Sprintf("/system")
 }
@@ -3019,3 +3027,64 @@ func (c *Client4) CancelJob(jobId string) (bool, *Response) {
 		return CheckStatusOK(r), BuildResponse(r)
 	}
 }
+
+// Plugin Section
+
+// UploadPlugin takes an io.Reader stream pointing to the contents of a .tar.gz plugin.
+// WARNING: PLUGINS ARE STILL EXPERIMENTAL. THIS FUNCTION IS SUBJECT TO CHANGE.
+func (c *Client4) UploadPlugin(file io.Reader) (*Manifest, *Response) {
+	body := new(bytes.Buffer)
+	writer := multipart.NewWriter(body)
+
+	if part, err := writer.CreateFormFile("plugin", "plugin.tar.gz"); err != nil {
+		return nil, &Response{Error: NewAppError("UploadPlugin", "model.client.writer.app_error", nil, err.Error(), 0)}
+	} else if _, err = io.Copy(part, file); err != nil {
+		return nil, &Response{Error: NewAppError("UploadPlugin", "model.client.writer.app_error", nil, err.Error(), 0)}
+	}
+
+	if err := writer.Close(); err != nil {
+		return nil, &Response{Error: NewAppError("UploadPlugin", "model.client.writer.app_error", nil, err.Error(), 0)}
+	}
+
+	rq, _ := http.NewRequest("POST", c.ApiUrl+c.GetPluginsRoute(), body)
+	rq.Header.Set("Content-Type", writer.FormDataContentType())
+	rq.Close = true
+
+	if len(c.AuthToken) > 0 {
+		rq.Header.Set(HEADER_AUTH, c.AuthType+" "+c.AuthToken)
+	}
+
+	if rp, err := c.HttpClient.Do(rq); err != nil || rp == nil {
+		return nil, BuildErrorResponse(rp, NewAppError("UploadPlugin", "model.client.connecting.app_error", nil, err.Error(), 0))
+	} else {
+		defer closeBody(rp)
+
+		if rp.StatusCode >= 300 {
+			return nil, BuildErrorResponse(rp, AppErrorFromJson(rp.Body))
+		} else {
+			return ManifestFromJson(rp.Body), BuildResponse(rp)
+		}
+	}
+}
+
+// GetPlugins will return a list of plugin manifests for currently active plugins.
+// WARNING: PLUGINS ARE STILL EXPERIMENTAL. THIS FUNCTION IS SUBJECT TO CHANGE.
+func (c *Client4) GetPlugins() ([]*Manifest, *Response) {
+	if r, err := c.DoApiGet(c.GetPluginsRoute(), ""); err != nil {
+		return nil, BuildErrorResponse(r, err)
+	} else {
+		defer closeBody(r)
+		return ManifestListFromJson(r.Body), BuildResponse(r)
+	}
+}
+
+// RemovePlugin will deactivate and delete a plugin.
+// WARNING: PLUGINS ARE STILL EXPERIMENTAL. THIS FUNCTION IS SUBJECT TO CHANGE.
+func (c *Client4) RemovePlugin(id string) (bool, *Response) {
+	if r, err := c.DoApiDelete(c.GetPluginRoute(id)); err != nil {
+		return false, BuildErrorResponse(r, err)
+	} else {
+		defer closeBody(r)
+		return CheckStatusOK(r), BuildResponse(r)
+	}
+}
diff --git a/model/config.go b/model/config.go
index 050110512..65608c9a5 100644
--- a/model/config.go
+++ b/model/config.go
@@ -477,6 +477,7 @@ type JobSettings struct {
 }
 
 type PluginSettings struct {
+	Enable  *bool
 	Plugins map[string]interface{}
 }
 
@@ -1522,6 +1523,11 @@ func (o *Config) SetDefaults() {
 		*o.JobSettings.RunScheduler = true
 	}
 
+	if o.PluginSettings.Enable == nil {
+		o.PluginSettings.Enable = new(bool)
+		*o.PluginSettings.Enable = false
+	}
+
 	if o.PluginSettings.Plugins == nil {
 		o.PluginSettings.Plugins = make(map[string]interface{})
 	}
diff --git a/plugin/manifest.go b/model/manifest.go
index 15b7f0555..e61ccc8ad 100644
--- a/plugin/manifest.go
+++ b/model/manifest.go
@@ -1,7 +1,8 @@
-package plugin
+package model
 
 import (
 	"encoding/json"
+	"io"
 	"io/ioutil"
 	"os"
 	"path/filepath"
@@ -10,14 +11,61 @@ import (
 )
 
 type Manifest struct {
-	Id      string           `json:"id" yaml:"id"`
-	Backend *ManifestBackend `json:"backend,omitempty" yaml:"backend,omitempty"`
+	Id          string           `json:"id" yaml:"id"`
+	Name        string           `json:"name" yaml:"name"`
+	Description string           `json:"description" yaml:"description"`
+	Backend     *ManifestBackend `json:"backend,omitempty" yaml:"backend,omitempty"`
+	Webapp      *ManifestWebapp  `json:"webapp,omitempty" yaml:"webapp,omitempty"`
 }
 
 type ManifestBackend struct {
 	Executable string `json:"executable" yaml:"executable"`
 }
 
+type ManifestWebapp struct {
+	BundlePath string `json:"bundle_path" yaml:"bundle_path"`
+}
+
+func (m *Manifest) ToJson() string {
+	b, err := json.Marshal(m)
+	if err != nil {
+		return ""
+	} else {
+		return string(b)
+	}
+}
+
+func ManifestListToJson(m []*Manifest) string {
+	b, err := json.Marshal(m)
+	if err != nil {
+		return ""
+	} else {
+		return string(b)
+	}
+}
+
+func ManifestFromJson(data io.Reader) *Manifest {
+	decoder := json.NewDecoder(data)
+	var m Manifest
+	err := decoder.Decode(&m)
+	if err == nil {
+		return &m
+	} else {
+		return nil
+	}
+}
+
+func ManifestListFromJson(data io.Reader) []*Manifest {
+	decoder := json.NewDecoder(data)
+	var manifests []*Manifest
+	err := decoder.Decode(&manifests)
+	if err == nil {
+		return manifests
+	} else {
+		return nil
+	}
+}
+
 // FindManifest will find and parse the manifest in a given directory.
 //
 // In all cases other than a does-not-exist error, path is set to the path of the manifest file that was
diff --git a/plugin/manifest_test.go b/model/manifest_test.go
index 5dae4fbaa..237640564 100644
--- a/plugin/manifest_test.go
+++ b/model/manifest_test.go
@@ -1,4 +1,4 @@
-package plugin
+package model
 
 import (
 	"encoding/json"
@@ -6,6 +6,7 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -59,6 +60,9 @@ func TestManifestUnmarshal(t *testing.T) {
 		Backend: &ManifestBackend{
 			Executable: "theexecutable",
 		},
+		Webapp: &ManifestWebapp{
+			BundlePath: "thebundlepath",
+		},
 	}
 
 	var yamlResult Manifest
@@ -66,6 +70,8 @@ func TestManifestUnmarshal(t *testing.T) {
 id: theid
 backend:
     executable: theexecutable
+webapp:
+    bundle_path: thebundlepath
 `), &yamlResult))
 	assert.Equal(t, expected, yamlResult)
 
@@ -74,6 +80,9 @@ backend:
 	"id": "theid",
 	"backend": {
 		"executable": "theexecutable"
+	},
+	"webapp": {
+		"bundle_path": "thebundlepath"
 	}
 	}`), &jsonResult))
 	assert.Equal(t, expected, jsonResult)
@@ -95,3 +104,27 @@ func TestFindManifest_FileErrors(t *testing.T) {
 		assert.False(t, os.IsNotExist(err), tc)
 	}
 }
+
+func TestManifestJson(t *testing.T) {
+	manifest := &Manifest{
+		Id: "theid",
+		Backend: &ManifestBackend{
+			Executable: "theexecutable",
+		},
+		Webapp: &ManifestWebapp{
+			BundlePath: "thebundlepath",
+		},
+	}
+
+	json := manifest.ToJson()
+	newManifest := ManifestFromJson(strings.NewReader(json))
+	assert.Equal(t, newManifest, manifest)
+	assert.Equal(t, newManifest.ToJson(), json)
+	assert.Equal(t, ManifestFromJson(strings.NewReader("junk")), (*Manifest)(nil))
+
+	manifestList := []*Manifest{manifest}
+	json = ManifestListToJson(manifestList)
+	newManifestList := ManifestListFromJson(strings.NewReader(json))
+	assert.Equal(t, newManifestList, manifestList)
+	assert.Equal(t, ManifestListToJson(newManifestList), json)
+}
diff --git a/plugin/pluginenv/environment.go b/plugin/pluginenv/environment.go
index 36a8c6e76..ebda0e0db 100644
--- a/plugin/pluginenv/environment.go
+++ b/plugin/pluginenv/environment.go
@@ -3,21 +3,31 @@ package pluginenv
 
 import (
 	"fmt"
+	"io/ioutil"
+	"sync"
 
 	"github.com/pkg/errors"
 
+	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/plugin"
 )
 
-type APIProviderFunc func(*plugin.Manifest) (plugin.API, error)
-type SupervisorProviderFunc func(*plugin.BundleInfo) (plugin.Supervisor, error)
+type APIProviderFunc func(*model.Manifest) (plugin.API, error)
+type SupervisorProviderFunc func(*model.BundleInfo) (plugin.Supervisor, error)
+
+type ActivePlugin struct {
+	BundleInfo *model.BundleInfo
+	Supervisor plugin.Supervisor
+}
 
 // Environment represents an environment that plugins are discovered and launched in.
 type Environment struct {
 	searchPath         string
+	webappPath         string
 	apiProvider        APIProviderFunc
 	supervisorProvider SupervisorProviderFunc
-	activePlugins      map[string]plugin.Supervisor
+	activePlugins      map[string]ActivePlugin
+	mutex              sync.Mutex
 }
 
 type Option func(*Environment)
@@ -25,7 +35,7 @@ type Option func(*Environment)
 // Creates a new environment. At a minimum, the APIProvider and SearchPath options are required.
 func New(options ...Option) (*Environment, error) {
 	env := &Environment{
-		activePlugins: make(map[string]plugin.Supervisor),
+		activePlugins: make(map[string]ActivePlugin),
 	}
 	for _, opt := range options {
 		opt(env)
@@ -35,19 +45,45 @@ func New(options ...Option) (*Environment, error) {
 	}
 	if env.searchPath == "" {
 		return nil, fmt.Errorf("a search path must be provided")
-	} else if env.apiProvider == nil {
-		return nil, fmt.Errorf("an api provider must be provided")
 	}
 	return env, nil
 }
 
+// Returns the configured webapp path.
+func (env *Environment) WebappPath() string {
+	return env.webappPath
+}
+
+// Returns the configured search path.
+func (env *Environment) SearchPath() string {
+	return env.searchPath
+}
+
 // Returns a list of all plugins found within the environment.
-func (env *Environment) Plugins() ([]*plugin.BundleInfo, error) {
+func (env *Environment) Plugins() ([]*model.BundleInfo, error) {
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
 	return ScanSearchPath(env.searchPath)
 }
 
+// Returns a list of all currently active plugins within the environment.
+func (env *Environment) ActivePlugins() ([]*model.BundleInfo, error) {
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
+
+	activePlugins := []*model.BundleInfo{}
+	for _, p := range env.activePlugins {
+		activePlugins = append(activePlugins, p.BundleInfo)
+	}
+
+	return activePlugins, nil
+}
+
 // Returns the ids of the currently active plugins.
 func (env *Environment) ActivePluginIds() (ids []string) {
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
+
 	for id := range env.activePlugins {
 		ids = append(ids, id)
 	}
@@ -56,6 +92,9 @@ func (env *Environment) ActivePluginIds() (ids []string) {
 
 // Activates the plugin with the given id.
 func (env *Environment) ActivatePlugin(id string) error {
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
+
 	if _, ok := env.activePlugins[id]; ok {
 		return fmt.Errorf("plugin already active: %v", id)
 	}
@@ -63,46 +102,91 @@ func (env *Environment) ActivatePlugin(id string) error {
 	if err != nil {
 		return err
 	}
-	var plugin *plugin.BundleInfo
+	var bundle *model.BundleInfo
 	for _, p := range plugins {
 		if p.Manifest != nil && p.Manifest.Id == id {
-			if plugin != nil {
+			if bundle != nil {
 				return fmt.Errorf("multiple plugins found: %v", id)
 			}
-			plugin = p
+			bundle = p
 		}
 	}
-	if plugin == nil {
+	if bundle == nil {
 		return fmt.Errorf("plugin not found: %v", id)
 	}
-	supervisor, err := env.supervisorProvider(plugin)
-	if err != nil {
-		return errors.Wrapf(err, "unable to create supervisor for plugin: %v", id)
-	}
-	api, err := env.apiProvider(plugin.Manifest)
-	if err != nil {
-		return errors.Wrapf(err, "unable to get api for plugin: %v", id)
-	}
-	if err := supervisor.Start(); err != nil {
-		return errors.Wrapf(err, "unable to start plugin: %v", id)
+
+	activePlugin := ActivePlugin{BundleInfo: bundle}
+
+	var supervisor plugin.Supervisor
+
+	if bundle.Manifest.Backend != nil {
+		if env.apiProvider == nil {
+			return fmt.Errorf("env missing api provider, cannot activate plugin: %v", id)
+		}
+
+		supervisor, err = env.supervisorProvider(bundle)
+		if err != nil {
+			return errors.Wrapf(err, "unable to create supervisor for plugin: %v", id)
+		}
+		api, err := env.apiProvider(bundle.Manifest)
+		if err != nil {
+			return errors.Wrapf(err, "unable to get api for plugin: %v", id)
+		}
+		if err := supervisor.Start(); err != nil {
+			return errors.Wrapf(err, "unable to start plugin: %v", id)
+		}
+		if err := supervisor.Hooks().OnActivate(api); err != nil {
+			supervisor.Stop()
+			return errors.Wrapf(err, "unable to activate plugin: %v", id)
+		}
+
+		activePlugin.Supervisor = supervisor
 	}
-	if err := supervisor.Hooks().OnActivate(api); err != nil {
-		supervisor.Stop()
-		return errors.Wrapf(err, "unable to activate plugin: %v", id)
+
+	if bundle.Manifest.Webapp != nil {
+		if env.webappPath == "" {
+			if supervisor != nil {
+				supervisor.Stop()
+			}
+			return fmt.Errorf("env missing webapp path, cannot activate plugin: %v", id)
+		}
+
+		webappBundle, err := ioutil.ReadFile(fmt.Sprintf("%s/%s/webapp/%s_bundle.js", env.searchPath, id, id))
+		if err != nil {
+			if supervisor != nil {
+				supervisor.Stop()
+			}
+			return errors.Wrapf(err, "unable to read webapp bundle: %v", id)
+		}
+
+		err = ioutil.WriteFile(fmt.Sprintf("%s/%s_bundle.js", env.webappPath, id), webappBundle, 0644)
+		if err != nil {
+			if supervisor != nil {
+				supervisor.Stop()
+			}
+			return errors.Wrapf(err, "unable to write webapp bundle: %v", id)
+		}
 	}
-	env.activePlugins[id] = supervisor
+
+	env.activePlugins[id] = activePlugin
 	return nil
 }
 
 // Deactivates the plugin with the given id.
 func (env *Environment) DeactivatePlugin(id string) error {
-	if supervisor, ok := env.activePlugins[id]; !ok {
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
+
+	if activePlugin, ok := env.activePlugins[id]; !ok {
 		return fmt.Errorf("plugin not active: %v", id)
 	} else {
 		delete(env.activePlugins, id)
-		err := supervisor.Hooks().OnDeactivate()
-		if serr := supervisor.Stop(); err == nil {
-			err = serr
+		var err error
+		if activePlugin.Supervisor != nil {
+			err = activePlugin.Supervisor.Hooks().OnDeactivate()
+			if serr := activePlugin.Supervisor.Stop(); err == nil {
+				err = serr
+			}
 		}
 		return err
 	}
@@ -110,14 +194,19 @@ func (env *Environment) DeactivatePlugin(id string) error {
 
 // Deactivates all plugins and gracefully shuts down the environment.
 func (env *Environment) Shutdown() (errs []error) {
-	for _, supervisor := range env.activePlugins {
-		if err := supervisor.Hooks().OnDeactivate(); err != nil {
-			errs = append(errs, err)
-		}
-		if err := supervisor.Stop(); err != nil {
-			errs = append(errs, err)
+	env.mutex.Lock()
+	defer env.mutex.Unlock()
+
+	for _, activePlugin := range env.activePlugins {
+		if activePlugin.Supervisor != nil {
+			if err := activePlugin.Supervisor.Hooks().OnDeactivate(); err != nil {
+				errs = append(errs, err)
+			}
+			if err := activePlugin.Supervisor.Stop(); err != nil {
+				errs = append(errs, err)
+			}
 		}
 	}
-	env.activePlugins = make(map[string]plugin.Supervisor)
+	env.activePlugins = make(map[string]ActivePlugin)
 	return
 }
diff --git a/plugin/pluginenv/environment_test.go b/plugin/pluginenv/environment_test.go
index d933c8696..82086b9b6 100644
--- a/plugin/pluginenv/environment_test.go
+++ b/plugin/pluginenv/environment_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 
+	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/plugin"
 	"github.com/mattermost/platform/plugin/plugintest"
 )
@@ -19,7 +20,7 @@ type MockProvider struct {
 	mock.Mock
 }
 
-func (m *MockProvider) API(manifest *plugin.Manifest) (plugin.API, error) {
+func (m *MockProvider) API(manifest *model.Manifest) (plugin.API, error) {
 	ret := m.Called()
 	if ret.Get(0) == nil {
 		return nil, ret.Error(1)
@@ -27,7 +28,7 @@ func (m *MockProvider) API(manifest *plugin.Manifest) (plugin.API, error) {
 	return ret.Get(0).(plugin.API), ret.Error(1)
 }
 
-func (m *MockProvider) Supervisor(bundle *plugin.BundleInfo) (plugin.Supervisor, error) {
+func (m *MockProvider) Supervisor(bundle *model.BundleInfo) (plugin.Supervisor, error) {
 	ret := m.Called()
 	if ret.Get(0) == nil {
 		return nil, ret.Error(1)
@@ -90,19 +91,13 @@ func TestNew_MissingOptions(t *testing.T) {
 	)
 	assert.Nil(t, env)
 	assert.Error(t, err)
-
-	env, err = New(
-		SearchPath(dir),
-	)
-	assert.Nil(t, env)
-	assert.Error(t, err)
 }
 
 func TestEnvironment(t *testing.T) {
 	dir := initTmpDir(t, map[string]string{
 		".foo/plugin.json": `{"id": "foo"}`,
 		"foo/bar":          "asdf",
-		"foo/plugin.json":  `{"id": "foo"}`,
+		"foo/plugin.json":  `{"id": "foo", "backend": {}}`,
 		"bar/zxc":          "qwer",
 		"baz/plugin.yaml":  "id: baz",
 		"bad/plugin.json":  "asd",
@@ -110,11 +105,14 @@ func TestEnvironment(t *testing.T) {
 	})
 	defer os.RemoveAll(dir)
 
+	webappDir := "notarealdirectory"
+
 	var provider MockProvider
 	defer provider.AssertExpectations(t)
 
 	env, err := New(
 		SearchPath(dir),
+		WebappPath(webappDir),
 		APIProvider(provider.API),
 		SupervisorProvider(provider.Supervisor),
 	)
@@ -125,6 +123,10 @@ func TestEnvironment(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Len(t, plugins, 3)
 
+	activePlugins, err := env.ActivePlugins()
+	assert.NoError(t, err)
+	assert.Len(t, activePlugins, 0)
+
 	assert.Error(t, env.ActivatePlugin("x"))
 
 	var api struct{ plugin.API }
@@ -144,6 +146,9 @@ func TestEnvironment(t *testing.T) {
 
 	assert.NoError(t, env.ActivatePlugin("foo"))
 	assert.Equal(t, env.ActivePluginIds(), []string{"foo"})
+	activePlugins, err = env.ActivePlugins()
+	assert.NoError(t, err)
+	assert.Len(t, activePlugins, 1)
 	assert.Error(t, env.ActivatePlugin("foo"))
 
 	hooks.On("OnDeactivate").Return(nil)
@@ -152,6 +157,10 @@ func TestEnvironment(t *testing.T) {
 
 	assert.NoError(t, env.ActivatePlugin("foo"))
 	assert.Equal(t, env.ActivePluginIds(), []string{"foo"})
+
+	assert.Equal(t, env.SearchPath(), dir)
+	assert.Equal(t, env.WebappPath(), webappDir)
+
 	assert.Empty(t, env.Shutdown())
 }
 
@@ -195,7 +204,7 @@ func TestEnvironment_BadSearchPathError(t *testing.T) {
 
 func TestEnvironment_ActivatePluginErrors(t *testing.T) {
 	dir := initTmpDir(t, map[string]string{
-		"foo/plugin.json": `{"id": "foo"}`,
+		"foo/plugin.json": `{"id": "foo", "backend": {}}`,
 	})
 	defer os.RemoveAll(dir)
 
@@ -254,7 +263,7 @@ func TestEnvironment_ActivatePluginErrors(t *testing.T) {
 
 func TestEnvironment_ShutdownError(t *testing.T) {
 	dir := initTmpDir(t, map[string]string{
-		"foo/plugin.json": `{"id": "foo"}`,
+		"foo/plugin.json": `{"id": "foo", "backend": {}}`,
 	})
 	defer os.RemoveAll(dir)
 
diff --git a/plugin/pluginenv/options.go b/plugin/pluginenv/options.go
index 3f83228fb..e5ef9678d 100644
--- a/plugin/pluginenv/options.go
+++ b/plugin/pluginenv/options.go
@@ -3,6 +3,7 @@ package pluginenv
 import (
 	"fmt"
 
+	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/plugin"
 	"github.com/mattermost/platform/plugin/rpcplugin"
 )
@@ -29,14 +30,21 @@ func SearchPath(path string) Option {
 	}
 }
 
+// WebappPath specifies the static directory serving the webapp.
+func WebappPath(path string) Option {
+	return func(env *Environment) {
+		env.webappPath = path
+	}
+}
+
 // DefaultSupervisorProvider chooses a supervisor based on the plugin's manifest contents. E.g. if
 // the manifest specifies a backend executable, it will be given an rpcplugin.Supervisor.
-func DefaultSupervisorProvider(bundle *plugin.BundleInfo) (plugin.Supervisor, error) {
+func DefaultSupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
 	if bundle.Manifest == nil {
 		return nil, fmt.Errorf("a manifest is required")
 	}
 	if bundle.Manifest.Backend == nil {
-		return nil, fmt.Errorf("invalid manifest: at this time, only backend plugins are supported")
+		return nil, fmt.Errorf("invalid manifest: missing backend plugin")
 	}
 	return rpcplugin.SupervisorProvider(bundle)
 }
diff --git a/plugin/pluginenv/options_test.go b/plugin/pluginenv/options_test.go
index 4f8d411bd..073d1861e 100644
--- a/plugin/pluginenv/options_test.go
+++ b/plugin/pluginenv/options_test.go
@@ -6,22 +6,22 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/mattermost/platform/plugin"
+	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/plugin/rpcplugin"
 )
 
 func TestDefaultSupervisorProvider(t *testing.T) {
-	_, err := DefaultSupervisorProvider(&plugin.BundleInfo{})
+	_, err := DefaultSupervisorProvider(&model.BundleInfo{})
 	assert.Error(t, err)
 
-	_, err = DefaultSupervisorProvider(&plugin.BundleInfo{
-		Manifest: &plugin.Manifest{},
+	_, err = DefaultSupervisorProvider(&model.BundleInfo{
+		Manifest: &model.Manifest{},
 	})
 	assert.Error(t, err)
 
-	supervisor, err := DefaultSupervisorProvider(&plugin.BundleInfo{
-		Manifest: &plugin.Manifest{
-			Backend: &plugin.ManifestBackend{
+	supervisor, err := DefaultSupervisorProvider(&model.BundleInfo{
+		Manifest: &model.Manifest{
+			Backend: &model.ManifestBackend{
 				Executable: "foo",
 			},
 		},
diff --git a/plugin/pluginenv/search_path.go b/plugin/pluginenv/search_path.go
index daebdb0d3..b50c7019c 100644
--- a/plugin/pluginenv/search_path.go
+++ b/plugin/pluginenv/search_path.go
@@ -4,7 +4,7 @@ import (
 	"io/ioutil"
 	"path/filepath"
 
-	"github.com/mattermost/platform/plugin"
+	"github.com/mattermost/platform/model"
 )
 
 // Performs a full scan of the given path.
@@ -14,17 +14,17 @@ import (
 // parsed).
 //
 // Plugins are found non-recursively and paths beginning with a dot are always ignored.
-func ScanSearchPath(path string) ([]*plugin.BundleInfo, error) {
+func ScanSearchPath(path string) ([]*model.BundleInfo, error) {
 	files, err := ioutil.ReadDir(path)
 	if err != nil {
 		return nil, err
 	}
-	var ret []*plugin.BundleInfo
+	var ret []*model.BundleInfo
 	for _, file := range files {
 		if !file.IsDir() || file.Name()[0] == '.' {
 			continue
 		}
-		if info := plugin.BundleInfoForPath(filepath.Join(path, file.Name())); info.ManifestPath != "" {
+		if info := model.BundleInfoForPath(filepath.Join(path, file.Name())); info.ManifestPath != "" {
 			ret = append(ret, info)
 		}
 	}
diff --git a/plugin/pluginenv/search_path_test.go b/plugin/pluginenv/search_path_test.go
index d9a18cf56..f8243e5e4 100644
--- a/plugin/pluginenv/search_path_test.go
+++ b/plugin/pluginenv/search_path_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/mattermost/platform/plugin"
+	"github.com/mattermost/platform/model"
 )
 
 func TestScanSearchPath(t *testing.T) {
@@ -27,17 +27,17 @@ func TestScanSearchPath(t *testing.T) {
 	plugins, err := ScanSearchPath(dir)
 	require.NoError(t, err)
 	assert.Len(t, plugins, 3)
-	assert.Contains(t, plugins, &plugin.BundleInfo{
+	assert.Contains(t, plugins, &model.BundleInfo{
 		Path:         filepath.Join(dir, "foo"),
 		ManifestPath: filepath.Join(dir, "foo", "plugin.json"),
-		Manifest: &plugin.Manifest{
+		Manifest: &model.Manifest{
 			Id: "foo",
 		},
 	})
-	assert.Contains(t, plugins, &plugin.BundleInfo{
+	assert.Contains(t, plugins, &model.BundleInfo{
 		Path:         filepath.Join(dir, "baz"),
 		ManifestPath: filepath.Join(dir, "baz", "plugin.yaml"),
-		Manifest: &plugin.Manifest{
+		Manifest: &model.Manifest{
 			Id: "baz",
 		},
 	})
diff --git a/plugin/rpcplugin/supervisor.go b/plugin/rpcplugin/supervisor.go
index 9316d7186..7abcca0fc 100644
--- a/plugin/rpcplugin/supervisor.go
+++ b/plugin/rpcplugin/supervisor.go
@@ -7,6 +7,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/plugin"
 )
 
@@ -116,7 +117,7 @@ func (s *Supervisor) runPlugin(ctx context.Context, start chan<- error) error {
 	return nil
 }
 
-func SupervisorProvider(bundle *plugin.BundleInfo) (plugin.Supervisor, error) {
+func SupervisorProvider(bundle *model.BundleInfo) (plugin.Supervisor, error) {
 	if bundle.Manifest == nil {
 		return nil, fmt.Errorf("no manifest available")
 	} else if bundle.Manifest.Backend == nil || bundle.Manifest.Backend.Executable == "" {
diff --git a/plugin/rpcplugin/supervisor_test.go b/plugin/rpcplugin/supervisor_test.go
index c43fd3dc9..014d0dd39 100644
--- a/plugin/rpcplugin/supervisor_test.go
+++ b/plugin/rpcplugin/supervisor_test.go
@@ -10,7 +10,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"github.com/mattermost/platform/plugin"
+	"github.com/mattermost/platform/model"
 )
 
 func TestSupervisor(t *testing.T) {
@@ -35,7 +35,7 @@ func TestSupervisor(t *testing.T) {
 
 	ioutil.WriteFile(filepath.Join(dir, "plugin.json"), []byte(`{"id": "foo", "backend": {"executable": "backend.exe"}}`), 0600)
 
-	bundle := plugin.BundleInfoForPath(dir)
+	bundle := model.BundleInfoForPath(dir)
 	supervisor, err := SupervisorProvider(bundle)
 	require.NoError(t, err)
 	require.NoError(t, supervisor.Start())
@@ -61,7 +61,7 @@ func TestSupervisor_StartTimeout(t *testing.T) {
 
 	ioutil.WriteFile(filepath.Join(dir, "plugin.json"), []byte(`{"id": "foo", "backend": {"executable": "backend.exe"}}`), 0600)
 
-	bundle := plugin.BundleInfoForPath(dir)
+	bundle := model.BundleInfoForPath(dir)
 	supervisor, err := SupervisorProvider(bundle)
 	require.NoError(t, err)
 	require.Error(t, supervisor.Start())
@@ -98,7 +98,7 @@ func TestSupervisor_PluginCrash(t *testing.T) {
 
 	ioutil.WriteFile(filepath.Join(dir, "plugin.json"), []byte(`{"id": "foo", "backend": {"executable": "backend.exe"}}`), 0600)
 
-	bundle := plugin.BundleInfoForPath(dir)
+	bundle := model.BundleInfoForPath(dir)
 	supervisor, err := SupervisorProvider(bundle)
 	require.NoError(t, err)
 	require.NoError(t, supervisor.Start())
diff --git a/tests/testplugin.tar.gz b/tests/testplugin.tar.gz
new file mode 100644
index 000000000..1852064fa
--- /dev/null
+++ b/tests/testplugin.tar.gz
diff --git a/utils/extract.go b/utils/extract.go
new file mode 100644
index 000000000..0559c6ce8
--- /dev/null
+++ b/utils/extract.go
@@ -0,0 +1,83 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package utils
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+)
+
+// ExtractTarGz takes in an io.Reader containing the bytes for a .tar.gz file and
+// a destination string to extract to. A list of the file and directory names that
+// were extracted is returned.
+func ExtractTarGz(gzipStream io.Reader, dst string) ([]string, error) {
+	uncompressedStream, err := gzip.NewReader(gzipStream)
+	if err != nil {
+		return nil, fmt.Errorf("ExtractTarGz: NewReader failed: %s", err.Error())
+	}
+	defer uncompressedStream.Close()
+
+	tarReader := tar.NewReader(uncompressedStream)
+
+	filenames := []string{}
+
+	for true {
+		header, err := tarReader.Next()
+
+		if err == io.EOF {
+			break
+		}
+
+		if err != nil {
+			return nil, fmt.Errorf("ExtractTarGz: Next() failed: %s", err.Error())
+		}
+
+		switch header.Typeflag {
+		case tar.TypeDir:
+			if PathTraversesUpward(header.Name) {
+				return nil, fmt.Errorf("ExtractTarGz: path attempts to traverse upwards")
+			}
+
+			path := filepath.Join(dst, header.Name)
+			if err := os.Mkdir(path, 0744); err != nil && !os.IsExist(err) {
+				return nil, fmt.Errorf("ExtractTarGz: Mkdir() failed: %s", err.Error())
+			}
+
+			filenames = append(filenames, header.Name)
+		case tar.TypeReg:
+			if PathTraversesUpward(header.Name) {
+				return nil, fmt.Errorf("ExtractTarGz: path attempts to traverse upwards")
+			}
+
+			path := filepath.Join(dst, header.Name)
+			dir := filepath.Dir(path)
+
+			if err := os.MkdirAll(dir, 0744); err != nil {
+				return nil, fmt.Errorf("ExtractTarGz: MkdirAll() failed: %s", err.Error())
+			}
+
+			outFile, err := os.Create(path)
+			if err != nil {
+				return nil, fmt.Errorf("ExtractTarGz: Create() failed: %s", err.Error())
+			}
+			defer outFile.Close()
+			if _, err := io.Copy(outFile, tarReader); err != nil {
+				return nil, fmt.Errorf("ExtractTarGz: Copy() failed: %s", err.Error())
+			}
+
+			filenames = append(filenames, header.Name)
+		default:
+			return nil, fmt.Errorf(
+				"ExtractTarGz: unknown type: %v in %v",
+				header.Typeflag,
+				header.Name)
+		}
+	}
+
+	return filenames, nil
+}
diff --git a/utils/path.go b/utils/path.go
new file mode 100644
index 000000000..5f921b41d
--- /dev/null
+++ b/utils/path.go
@@ -0,0 +1,15 @@
+// Copyright (c) 2017-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package utils
+
+import (
+	"path/filepath"
+	"strings"
+)
+
+// PathTraversesUpward will return true if the path attempts to traverse upwards by using
+// ".." in the path.
+func PathTraversesUpward(path string) bool {
+	return strings.HasPrefix(filepath.Clean(path), "..")
+}
diff --git a/utils/path_test.go b/utils/path_test.go
new file mode 100644
index 000000000..70b7c24fc
--- /dev/null
+++ b/utils/path_test.go
@@ -0,0 +1,31 @@
+// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
+// See License.txt for license information.
+
+package utils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPathTraversesUpward(t *testing.T) {
+	cases := []struct {
+		input    string
+		expected bool
+	}{
+		{"../test/path", true},
+		{"../../test/path", true},
+		{"../../test/../path", true},
+		{"test/../../path", true},
+		{"test/path/../../", false},
+		{"test", false},
+		{"test/path", false},
+		{"test/path/", false},
+		{"test/path/file.ext", false},
+	}
+
+	for _, c := range cases {
+		assert.Equal(t, c.expected, PathTraversesUpward(c.input), c.input)
+	}
+}