denoland-deno/runtime/ops/permissions.rs

// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.

use crate::permissions::Permissions;
use deno_core::error::custom_error;
use deno_core::error::uri_error;
use deno_core::error::AnyError;
use deno_core::url;
use deno_core::OpState;
use deno_core::ZeroCopyBuf;
use serde::Deserialize;
use std::path::Path;

pub fn init(rt: &mut deno_core::JsRuntime) {
  super::reg_json_sync(rt, "op_query_permission", op_query_permission);
  super::reg_json_sync(rt, "op_revoke_permission", op_revoke_permission);
  super::reg_json_sync(rt, "op_request_permission", op_request_permission);
}

#[derive(Deserialize)]
pub struct PermissionArgs {
  name: String,
  path: Option<String>,
  host: Option<String>,
}

pub fn op_query_permission(
  state: &mut OpState,
  args: PermissionArgs,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<String, AnyError> {
  let permissions = state.borrow::<Permissions>();
  let path = args.path.as_deref();
  let perm = match args.name.as_ref() {
    "read" => permissions.read.query(path.as_deref().map(Path::new)),
    "write" => permissions.write.query(path.as_deref().map(Path::new)),
    "net" => permissions.net.query(
      match args.host.as_deref() {
        None => None,
        Some(h) => Some(parse_host(h)?),
      }
      .as_ref(),
    ),
    "env" => permissions.env.query(),
    "run" => permissions.run.query(),
    "plugin" => permissions.plugin.query(),
    "hrtime" => permissions.hrtime.query(),
    n => {
      return Err(custom_error(
        "ReferenceError",
        format!("No such permission name: {}", n),
      ))
    }
  };
  Ok(perm.to_string())
}

pub fn op_revoke_permission(
  state: &mut OpState,
  args: PermissionArgs,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<String, AnyError> {
  let permissions = state.borrow_mut::<Permissions>();
  let path = args.path.as_deref();
  let perm = match args.name.as_ref() {
    "read" => permissions.read.revoke(path.as_deref().map(Path::new)),
    "write" => permissions.write.revoke(path.as_deref().map(Path::new)),
    "net" => permissions.net.revoke(
      match args.host.as_deref() {
        None => None,
        Some(h) => Some(parse_host(h)?),
      }
      .as_ref(),
    ),
    "env" => permissions.env.revoke(),
    "run" => permissions.run.revoke(),
    "plugin" => permissions.plugin.revoke(),
    "hrtime" => permissions.hrtime.revoke(),
    n => {
      return Err(custom_error(
        "ReferenceError",
        format!("No such permission name: {}", n),
      ))
    }
  };
  Ok(perm.to_string())
}

pub fn op_request_permission(
  state: &mut OpState,
  args: PermissionArgs,
  _zero_copy: Option<ZeroCopyBuf>,
) -> Result<String, AnyError> {
  let permissions = state.borrow_mut::<Permissions>();
  let path = args.path.as_deref();
  let perm = match args.name.as_ref() {
    "read" => permissions.read.request(path.as_deref().map(Path::new)),
    "write" => permissions.write.request(path.as_deref().map(Path::new)),
    "net" => permissions.net.request(
      match args.host.as_deref() {
        None => None,
        Some(h) => Some(parse_host(h)?),
      }
      .as_ref(),
    ),
    "env" => permissions.env.request(),
    "run" => permissions.run.request(),
    "plugin" => permissions.plugin.request(),
    "hrtime" => permissions.hrtime.request(),
    n => {
      return Err(custom_error(
        "ReferenceError",
        format!("No such permission name: {}", n),
      ))
    }
  };
  Ok(perm.to_string())
}

fn parse_host(host_str: &str) -> Result<(String, Option<u16>), AnyError> {
  let url = url::Url::parse(&format!("http://{}/", host_str))
    .map_err(|_| uri_error("Invalid host"))?;
  if url.path() != "/" {
    return Err(uri_error("Invalid host"));
  }
  let hostname = url.host_str().unwrap();
  Ok((hostname.to_string(), url.port()))
}
update copyright to 2021 (#9081) 2021-01-10 21:59:07 -05:00			`// Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.`
Move JSON ops to deno_core (#7336) 2020-09-05 20:34:02 -04:00
refactor: remove CliState, use OpState, add CliModuleLoader (#7588) - remove "CliState.workers" and "CliState.next_worker_id", instead store them on "OpState" using type aliases. - remove "CliState.global_timer" and "CliState.start_time", instead store them on "OpState" using type aliases. - remove "CliState.is_internal", instead pass it to Worker::new - move "CliState::permissions" to "OpState" - move "CliState::main_module" to "OpState" - move "CliState::global_state" to "OpState" - move "CliState::check_unstable()" to "GlobalState" - change "cli_state()" to "global_state()" - change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks - rename "CliState" to "CliModuleLoader" 2020-09-19 19:17:35 -04:00			`use crate::permissions::Permissions;`
refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476) 2020-09-14 12:48:57 -04:00			`use deno_core::error::custom_error;`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`use deno_core::error::uri_error;`
refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476) 2020-09-14 12:48:57 -04:00			`use deno_core::error::AnyError;`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`use deno_core::url;`
Use gotham-like state for ops (#7385) Provides a concrete state type that can be dynamically added. This is necessary for op crates. * renames BasicState to OpState * async ops take `Rc<RefCell<OpState>>` * sync ops take `&mut OpState` * removes `OpRegistry`, `OpRouter` traits * `get_error_class_fn` moved to OpState * ResourceTable moved to OpState 2020-09-10 09:57:45 -04:00			`use deno_core::OpState;`
Rename deno_core::Isolate to deno_core::CoreIsolate (#4851) 2020-04-23 05:51:07 -04:00			`use deno_core::ZeroCopyBuf;`
Remove unnecessary serde_derive dependency 2020-09-16 12:43:08 -04:00			`use serde::Deserialize;`
refactor: Improve path handling in permission checks (#3714) 2020-01-20 09:45:44 -05:00			`use std::path::Path;`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00
Use gotham-like state for ops (#7385) Provides a concrete state type that can be dynamically added. This is necessary for op crates. * renames BasicState to OpState * async ops take `Rc<RefCell<OpState>>` * sync ops take `&mut OpState` * removes `OpRegistry`, `OpRouter` traits * `get_error_class_fn` moved to OpState * ResourceTable moved to OpState 2020-09-10 09:57:45 -04:00			`pub fn init(rt: &mut deno_core::JsRuntime) {`
			`super::reg_json_sync(rt, "op_query_permission", op_query_permission);`
			`super::reg_json_sync(rt, "op_revoke_permission", op_revoke_permission);`
			`super::reg_json_sync(rt, "op_request_permission", op_request_permission);`
Add init methods for each op module (#3087) 2019-10-11 14:41:54 -04:00			`}`

Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`#[derive(Deserialize)]`
move runtime ops to serde ops (#9828) 2021-03-18 14:42:01 -04:00			`pub struct PermissionArgs {`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`name: String,`
			`path: Option<String>,`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`host: Option<String>,`
Use web standard Permissions API (#3200) 2019-10-27 11:22:53 -04:00			`}`

			`pub fn op_query_permission(`
Use gotham-like state for ops (#7385) Provides a concrete state type that can be dynamically added. This is necessary for op crates. * renames BasicState to OpState * async ops take `Rc<RefCell<OpState>>` * sync ops take `&mut OpState` * removes `OpRegistry`, `OpRouter` traits * `get_error_class_fn` moved to OpState * ResourceTable moved to OpState 2020-09-10 09:57:45 -04:00			`state: &mut OpState,`
move runtime ops to serde ops (#9828) 2021-03-18 14:42:01 -04:00			`args: PermissionArgs,`
refactor(ops): remove variadic buffers (#9944) 2021-04-02 09:47:57 -04:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`) -> Result<String, AnyError> {`
refactor: remove CliState, use OpState, add CliModuleLoader (#7588) - remove "CliState.workers" and "CliState.next_worker_id", instead store them on "OpState" using type aliases. - remove "CliState.global_timer" and "CliState.start_time", instead store them on "OpState" using type aliases. - remove "CliState.is_internal", instead pass it to Worker::new - move "CliState::permissions" to "OpState" - move "CliState::main_module" to "OpState" - move "CliState::global_state" to "OpState" - move "CliState::check_unstable()" to "GlobalState" - change "cli_state()" to "global_state()" - change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks - rename "CliState" to "CliModuleLoader" 2020-09-19 19:17:35 -04:00			`let permissions = state.borrow::<Permissions>();`
fix(cli/permissions): Fix CWD and exec path leaks (#5642) 2020-05-29 11:27:43 -04:00			`let path = args.path.as_deref();`
refactor: permissions (#7074) 2020-08-18 16:29:32 -04:00			`let perm = match args.name.as_ref() {`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"read" => permissions.read.query(path.as_deref().map(Path::new)),`
			`"write" => permissions.write.query(path.as_deref().map(Path::new)),`
			`"net" => permissions.net.query(`
			`match args.host.as_deref() {`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`None => None,`
			`Some(h) => Some(parse_host(h)?),`
			`}`
			`.as_ref(),`
			`),`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"env" => permissions.env.query(),`
			`"run" => permissions.run.query(),`
			`"plugin" => permissions.plugin.query(),`
			`"hrtime" => permissions.hrtime.query(),`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`n => {`
refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476) 2020-09-14 12:48:57 -04:00			`return Err(custom_error(`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`"ReferenceError",`
			`format!("No such permission name: {}", n),`
			`))`
			`}`
refactor: permissions (#7074) 2020-08-18 16:29:32 -04:00			`};`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`Ok(perm.to_string())`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00			`}`

			`pub fn op_revoke_permission(`
Use gotham-like state for ops (#7385) Provides a concrete state type that can be dynamically added. This is necessary for op crates. * renames BasicState to OpState * async ops take `Rc<RefCell<OpState>>` * sync ops take `&mut OpState` * removes `OpRegistry`, `OpRouter` traits * `get_error_class_fn` moved to OpState * ResourceTable moved to OpState 2020-09-10 09:57:45 -04:00			`state: &mut OpState,`
move runtime ops to serde ops (#9828) 2021-03-18 14:42:01 -04:00			`args: PermissionArgs,`
refactor(ops): remove variadic buffers (#9944) 2021-04-02 09:47:57 -04:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`) -> Result<String, AnyError> {`
refactor: remove CliState, use OpState, add CliModuleLoader (#7588) - remove "CliState.workers" and "CliState.next_worker_id", instead store them on "OpState" using type aliases. - remove "CliState.global_timer" and "CliState.start_time", instead store them on "OpState" using type aliases. - remove "CliState.is_internal", instead pass it to Worker::new - move "CliState::permissions" to "OpState" - move "CliState::main_module" to "OpState" - move "CliState::global_state" to "OpState" - move "CliState::check_unstable()" to "GlobalState" - change "cli_state()" to "global_state()" - change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks - rename "CliState" to "CliModuleLoader" 2020-09-19 19:17:35 -04:00			`let permissions = state.borrow_mut::<Permissions>();`
fix(cli/permissions): Fix CWD and exec path leaks (#5642) 2020-05-29 11:27:43 -04:00			`let path = args.path.as_deref();`
refactor: permissions (#7074) 2020-08-18 16:29:32 -04:00			`let perm = match args.name.as_ref() {`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"read" => permissions.read.revoke(path.as_deref().map(Path::new)),`
			`"write" => permissions.write.revoke(path.as_deref().map(Path::new)),`
			`"net" => permissions.net.revoke(`
			`match args.host.as_deref() {`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`None => None,`
			`Some(h) => Some(parse_host(h)?),`
			`}`
			`.as_ref(),`
			`),`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"env" => permissions.env.revoke(),`
			`"run" => permissions.run.revoke(),`
			`"plugin" => permissions.plugin.revoke(),`
			`"hrtime" => permissions.hrtime.revoke(),`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`n => {`
refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476) 2020-09-14 12:48:57 -04:00			`return Err(custom_error(`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`"ReferenceError",`
			`format!("No such permission name: {}", n),`
			`))`
			`}`
refactor: permissions (#7074) 2020-08-18 16:29:32 -04:00			`};`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`Ok(perm.to_string())`
split up ops.rs (#2753) Note cli/dispatch_minimal.rs ops are not yet included in cli/ops. This is part of work towards #2730 2019-08-14 11:03:02 -04:00			`}`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00
			`pub fn op_request_permission(`
Use gotham-like state for ops (#7385) Provides a concrete state type that can be dynamically added. This is necessary for op crates. * renames BasicState to OpState * async ops take `Rc<RefCell<OpState>>` * sync ops take `&mut OpState` * removes `OpRegistry`, `OpRouter` traits * `get_error_class_fn` moved to OpState * ResourceTable moved to OpState 2020-09-10 09:57:45 -04:00			`state: &mut OpState,`
move runtime ops to serde ops (#9828) 2021-03-18 14:42:01 -04:00			`args: PermissionArgs,`
refactor(ops): remove variadic buffers (#9944) 2021-04-02 09:47:57 -04:00			`_zero_copy: Option<ZeroCopyBuf>,`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`) -> Result<String, AnyError> {`
refactor: remove CliState, use OpState, add CliModuleLoader (#7588) - remove "CliState.workers" and "CliState.next_worker_id", instead store them on "OpState" using type aliases. - remove "CliState.global_timer" and "CliState.start_time", instead store them on "OpState" using type aliases. - remove "CliState.is_internal", instead pass it to Worker::new - move "CliState::permissions" to "OpState" - move "CliState::main_module" to "OpState" - move "CliState::global_state" to "OpState" - move "CliState::check_unstable()" to "GlobalState" - change "cli_state()" to "global_state()" - change "deno_core::ModuleLoader" trait to pass "OpState" to callbacks - rename "CliState" to "CliModuleLoader" 2020-09-19 19:17:35 -04:00			`let permissions = state.borrow_mut::<Permissions>();`
fix(cli/permissions): Fix CWD and exec path leaks (#5642) 2020-05-29 11:27:43 -04:00			`let path = args.path.as_deref();`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`let perm = match args.name.as_ref() {`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"read" => permissions.read.request(path.as_deref().map(Path::new)),`
			`"write" => permissions.write.request(path.as_deref().map(Path::new)),`
			`"net" => permissions.net.request(`
			`match args.host.as_deref() {`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00			`None => None,`
			`Some(h) => Some(parse_host(h)?),`
			`}`
			`.as_ref(),`
			`),`
refactor: clean up permission handling (#9367) 2021-03-17 17:45:12 -04:00			`"env" => permissions.env.request(),`
			`"run" => permissions.run.request(),`
			`"plugin" => permissions.plugin.request(),`
			`"hrtime" => permissions.hrtime.request(),`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`n => {`
refactor: use the 'anyhow' crate instead of 'ErrBox' (#7476) 2020-09-14 12:48:57 -04:00			`return Err(custom_error(`
refactor: remove OpError, use ErrBox everywhere (#7187) Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> 2020-08-25 18:22:15 -04:00			`"ReferenceError",`
			`format!("No such permission name: {}", n),`
			`))`
			`}`
refactor: permissions (#7074) 2020-08-18 16:29:32 -04:00			`};`
refactor: convert ops to use serde_v8 (#10009) This commit rewrites most of the ops to use "serde_v8" instead of "json" serialization. 2021-04-05 12:40:24 -04:00			`Ok(perm.to_string())`
Add permissions.request (#3296) 2019-11-11 10:33:29 -05:00			`}`
BREAKING(unstable): Use hosts for net allowlists (#8845) Allowlist checking already uses hosts but for some reason requests, revokes and the runtime permissions API use URLs. - BREAKING(lib.deno.unstable.d.ts): Change NetPermissionDescriptor::url to NetPermissionDescriptor::host - fix(runtime/permissions): Don't add whole URLs to the allowlist on request - fix(runtime/permissions): Harden strength semantics: ({ name: "net", host: "127.0.0.1" } is stronger than { name: "net", host: "127.0.0.1:8000" }) for blocklisting - refactor(runtime/permissions): Use tuples for hosts, make the host optional in Permissions::{query_net, request_net, revoke_net}() 2020-12-30 17:35:28 -05:00
			`fn parse_host(host_str: &str) -> Result<(String, Option<u16>), AnyError> {`
			`let url = url::Url::parse(&format!("http://{}/", host_str))`
			`.map_err(\|_\| uri_error("Invalid host"))?;`
			`if url.path() != "/" {`
			`return Err(uri_error("Invalid host"));`
			`}`
			`let hostname = url.host_str().unwrap();`
			`Ok((hostname.to_string(), url.port()))`
			`}`