2024-12-31 14:12:39 -05:00
|
|
|
// Copyright 2018-2025 the Deno authors. MIT license.
|
2021-06-28 19:43:03 -04:00
|
|
|
|
|
|
|
pub mod io;
|
|
|
|
pub mod ops;
|
|
|
|
pub mod ops_tls;
|
|
|
|
#[cfg(unix)]
|
|
|
|
pub mod ops_unix;
|
2024-12-20 07:48:48 -05:00
|
|
|
mod quic;
|
2023-04-22 13:48:21 -04:00
|
|
|
pub mod raw;
|
2021-06-28 19:43:03 -04:00
|
|
|
pub mod resolve_addr;
|
2024-11-17 07:36:55 -05:00
|
|
|
pub mod tcp;
|
2021-06-28 19:43:03 -04:00
|
|
|
|
2024-12-31 12:13:39 -05:00
|
|
|
use std::borrow::Cow;
|
|
|
|
use std::path::Path;
|
|
|
|
use std::path::PathBuf;
|
|
|
|
use std::sync::Arc;
|
|
|
|
|
2021-06-28 19:43:03 -04:00
|
|
|
use deno_core::error::AnyError;
|
|
|
|
use deno_core::OpState;
|
2024-11-04 12:17:21 -05:00
|
|
|
use deno_permissions::PermissionCheckError;
|
2021-08-07 08:49:38 -04:00
|
|
|
use deno_tls::rustls::RootCertStore;
|
2023-05-01 16:42:05 -04:00
|
|
|
use deno_tls::RootCertStoreProvider;
|
2021-06-28 19:43:03 -04:00
|
|
|
|
2023-10-12 11:55:50 -04:00
|
|
|
pub const UNSTABLE_FEATURE_NAME: &str = "net";
|
|
|
|
|
2021-06-28 19:43:03 -04:00
|
|
|
pub trait NetPermissions {
|
|
|
|
fn check_net<T: AsRef<str>>(
|
|
|
|
&mut self,
|
2024-09-16 16:39:37 -04:00
|
|
|
host: &(T, Option<u16>),
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<(), PermissionCheckError>;
|
2024-09-16 16:39:37 -04:00
|
|
|
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
|
|
|
|
fn check_read(
|
|
|
|
&mut self,
|
|
|
|
p: &str,
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<PathBuf, PermissionCheckError>;
|
2024-09-16 16:39:37 -04:00
|
|
|
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
|
|
|
|
fn check_write(
|
|
|
|
&mut self,
|
|
|
|
p: &str,
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<PathBuf, PermissionCheckError>;
|
2024-09-16 16:39:37 -04:00
|
|
|
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
|
|
|
|
fn check_write_path<'a>(
|
|
|
|
&mut self,
|
|
|
|
p: &'a Path,
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<Cow<'a, Path>, PermissionCheckError>;
|
2021-06-28 19:43:03 -04:00
|
|
|
}
|
|
|
|
|
2024-06-06 23:37:53 -04:00
|
|
|
impl NetPermissions for deno_permissions::PermissionsContainer {
|
|
|
|
#[inline(always)]
|
|
|
|
fn check_net<T: AsRef<str>>(
|
|
|
|
&mut self,
|
|
|
|
host: &(T, Option<u16>),
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<(), PermissionCheckError> {
|
2024-06-06 23:37:53 -04:00
|
|
|
deno_permissions::PermissionsContainer::check_net(self, host, api_name)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[inline(always)]
|
|
|
|
fn check_read(
|
|
|
|
&mut self,
|
2024-09-16 16:39:37 -04:00
|
|
|
path: &str,
|
2024-06-06 23:37:53 -04:00
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<PathBuf, PermissionCheckError> {
|
2024-06-06 23:37:53 -04:00
|
|
|
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
|
|
|
|
}
|
|
|
|
|
|
|
|
#[inline(always)]
|
|
|
|
fn check_write(
|
|
|
|
&mut self,
|
2024-09-16 16:39:37 -04:00
|
|
|
path: &str,
|
2024-06-06 23:37:53 -04:00
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<PathBuf, PermissionCheckError> {
|
2024-06-06 23:37:53 -04:00
|
|
|
deno_permissions::PermissionsContainer::check_write(self, path, api_name)
|
|
|
|
}
|
2024-09-16 16:39:37 -04:00
|
|
|
|
|
|
|
#[inline(always)]
|
|
|
|
fn check_write_path<'a>(
|
|
|
|
&mut self,
|
|
|
|
path: &'a Path,
|
|
|
|
api_name: &str,
|
2024-11-04 12:17:21 -05:00
|
|
|
) -> Result<Cow<'a, Path>, PermissionCheckError> {
|
2024-09-16 16:39:37 -04:00
|
|
|
deno_permissions::PermissionsContainer::check_write_path(
|
|
|
|
self, path, api_name,
|
|
|
|
)
|
|
|
|
}
|
2024-06-06 23:37:53 -04:00
|
|
|
}
|
|
|
|
|
2021-06-28 19:43:03 -04:00
|
|
|
/// Helper for checking unstable features. Used for sync ops.
|
2023-10-04 15:42:17 -04:00
|
|
|
fn check_unstable(state: &OpState, api_name: &str) {
|
|
|
|
state
|
|
|
|
.feature_checker
|
2024-09-16 21:13:34 -04:00
|
|
|
.check_or_exit(UNSTABLE_FEATURE_NAME, api_name);
|
2021-06-28 19:43:03 -04:00
|
|
|
}
|
|
|
|
|
2022-03-16 20:25:44 -04:00
|
|
|
pub fn get_declaration() -> PathBuf {
|
|
|
|
PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("lib.deno_net.d.ts")
|
|
|
|
}
|
|
|
|
|
2021-07-22 06:28:46 -04:00
|
|
|
#[derive(Clone)]
|
|
|
|
pub struct DefaultTlsOptions {
|
2023-05-01 16:42:05 -04:00
|
|
|
pub root_cert_store_provider: Option<Arc<dyn RootCertStoreProvider>>,
|
|
|
|
}
|
|
|
|
|
|
|
|
impl DefaultTlsOptions {
|
|
|
|
pub fn root_cert_store(&self) -> Result<Option<RootCertStore>, AnyError> {
|
|
|
|
Ok(match &self.root_cert_store_provider {
|
|
|
|
Some(provider) => Some(provider.get_or_try_init()?.clone()),
|
|
|
|
None => None,
|
|
|
|
})
|
|
|
|
}
|
2021-07-22 06:28:46 -04:00
|
|
|
}
|
|
|
|
|
2021-08-10 07:19:45 -04:00
|
|
|
/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
|
2021-08-09 10:53:21 -04:00
|
|
|
/// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
|
|
|
|
/// that there might be another type alias pointing to a `Option<Vec<String>>`, which
|
|
|
|
/// would override previously used alias.
|
2021-09-20 10:05:23 -04:00
|
|
|
pub struct UnsafelyIgnoreCertificateErrors(pub Option<Vec<String>>);
|
2021-08-09 10:53:21 -04:00
|
|
|
|
2023-03-17 14:22:15 -04:00
|
|
|
deno_core::extension!(deno_net,
|
|
|
|
deps = [ deno_web ],
|
|
|
|
parameters = [ P: NetPermissions ],
|
|
|
|
ops = [
|
|
|
|
ops::op_net_accept_tcp,
|
|
|
|
ops::op_net_connect_tcp<P>,
|
|
|
|
ops::op_net_listen_tcp<P>,
|
|
|
|
ops::op_net_listen_udp<P>,
|
|
|
|
ops::op_node_unstable_net_listen_udp<P>,
|
|
|
|
ops::op_net_recv_udp,
|
|
|
|
ops::op_net_send_udp<P>,
|
2023-06-05 20:35:39 -04:00
|
|
|
ops::op_net_join_multi_v4_udp,
|
|
|
|
ops::op_net_join_multi_v6_udp,
|
|
|
|
ops::op_net_leave_multi_v4_udp,
|
|
|
|
ops::op_net_leave_multi_v6_udp,
|
|
|
|
ops::op_net_set_multi_loopback_udp,
|
|
|
|
ops::op_net_set_multi_ttl_udp,
|
2023-03-17 14:22:15 -04:00
|
|
|
ops::op_dns_resolve<P>,
|
|
|
|
ops::op_set_nodelay,
|
|
|
|
ops::op_set_keepalive,
|
2023-03-09 09:56:19 -05:00
|
|
|
|
2024-04-08 17:01:02 -04:00
|
|
|
ops_tls::op_tls_key_null,
|
|
|
|
ops_tls::op_tls_key_static,
|
refactor(ext/tls): Implement required functionality for later SNI support (#23686)
Precursor to #23236
This implements the SNI features, but uses private symbols to avoid
exposing the functionality at this time. Note that to properly test this
feature, we need to add a way for `connectTls` to specify a hostname.
This is something that should be pushed into that API at a later time as
well.
```ts
Deno.test(
{ permissions: { net: true, read: true } },
async function listenResolver() {
let sniRequests = [];
const listener = Deno.listenTls({
hostname: "localhost",
port: 0,
[resolverSymbol]: (sni: string) => {
sniRequests.push(sni);
return {
cert,
key,
};
},
});
{
const conn = await Deno.connectTls({
hostname: "localhost",
[serverNameSymbol]: "server-1",
port: listener.addr.port,
});
const [_handshake, serverConn] = await Promise.all([
conn.handshake(),
listener.accept(),
]);
conn.close();
serverConn.close();
}
{
const conn = await Deno.connectTls({
hostname: "localhost",
[serverNameSymbol]: "server-2",
port: listener.addr.port,
});
const [_handshake, serverConn] = await Promise.all([
conn.handshake(),
listener.accept(),
]);
conn.close();
serverConn.close();
}
assertEquals(sniRequests, ["server-1", "server-2"]);
listener.close();
},
);
```
---------
Signed-off-by: Matt Mastracci <matthew@mastracci.com>
2024-05-09 12:54:47 -04:00
|
|
|
ops_tls::op_tls_cert_resolver_create,
|
|
|
|
ops_tls::op_tls_cert_resolver_poll,
|
|
|
|
ops_tls::op_tls_cert_resolver_resolve,
|
|
|
|
ops_tls::op_tls_cert_resolver_resolve_error,
|
2023-03-17 14:22:15 -04:00
|
|
|
ops_tls::op_tls_start<P>,
|
|
|
|
ops_tls::op_net_connect_tls<P>,
|
|
|
|
ops_tls::op_net_listen_tls<P>,
|
|
|
|
ops_tls::op_net_accept_tls,
|
|
|
|
ops_tls::op_tls_handshake,
|
2023-03-09 09:56:19 -05:00
|
|
|
|
2024-04-08 18:18:14 -04:00
|
|
|
ops_unix::op_net_accept_unix,
|
|
|
|
ops_unix::op_net_connect_unix<P>,
|
|
|
|
ops_unix::op_net_listen_unix<P>,
|
|
|
|
ops_unix::op_net_listen_unixpacket<P>,
|
|
|
|
ops_unix::op_node_unstable_net_listen_unixpacket<P>,
|
|
|
|
ops_unix::op_net_recv_unixpacket,
|
|
|
|
ops_unix::op_net_send_unixpacket<P>,
|
2024-12-20 07:48:48 -05:00
|
|
|
|
|
|
|
quic::op_quic_accept,
|
|
|
|
quic::op_quic_accept_bi,
|
|
|
|
quic::op_quic_accept_incoming,
|
|
|
|
quic::op_quic_accept_uni,
|
|
|
|
quic::op_quic_close_connection,
|
|
|
|
quic::op_quic_close_endpoint,
|
|
|
|
quic::op_quic_connection_closed,
|
|
|
|
quic::op_quic_connection_get_protocol,
|
|
|
|
quic::op_quic_connection_get_remote_addr,
|
|
|
|
quic::op_quic_connect<P>,
|
|
|
|
quic::op_quic_endpoint_get_addr,
|
|
|
|
quic::op_quic_get_send_stream_priority,
|
|
|
|
quic::op_quic_incoming_accept,
|
|
|
|
quic::op_quic_incoming_refuse,
|
|
|
|
quic::op_quic_incoming_ignore,
|
|
|
|
quic::op_quic_incoming_local_ip,
|
|
|
|
quic::op_quic_incoming_remote_addr,
|
|
|
|
quic::op_quic_incoming_remote_addr_validated,
|
|
|
|
quic::op_quic_listen<P>,
|
|
|
|
quic::op_quic_max_datagram_size,
|
|
|
|
quic::op_quic_open_bi,
|
|
|
|
quic::op_quic_open_uni,
|
|
|
|
quic::op_quic_read_datagram,
|
|
|
|
quic::op_quic_send_datagram,
|
|
|
|
quic::op_quic_set_send_stream_priority,
|
2023-03-17 14:22:15 -04:00
|
|
|
],
|
2024-12-20 07:48:48 -05:00
|
|
|
esm = [ "01_net.js", "02_tls.js", "03_quic.js" ],
|
2023-03-17 18:15:27 -04:00
|
|
|
options = {
|
2023-05-01 16:42:05 -04:00
|
|
|
root_cert_store_provider: Option<Arc<dyn RootCertStoreProvider>>,
|
2023-03-17 14:22:15 -04:00
|
|
|
unsafely_ignore_certificate_errors: Option<Vec<String>>,
|
|
|
|
},
|
2023-03-17 18:15:27 -04:00
|
|
|
state = |state, options| {
|
2023-03-09 09:56:19 -05:00
|
|
|
state.put(DefaultTlsOptions {
|
2023-05-01 16:42:05 -04:00
|
|
|
root_cert_store_provider: options.root_cert_store_provider,
|
2023-03-09 09:56:19 -05:00
|
|
|
});
|
|
|
|
state.put(UnsafelyIgnoreCertificateErrors(
|
2023-03-17 18:15:27 -04:00
|
|
|
options.unsafely_ignore_certificate_errors,
|
2023-03-09 09:56:19 -05:00
|
|
|
));
|
2023-03-17 14:22:15 -04:00
|
|
|
},
|
|
|
|
);
|
2023-12-26 20:30:26 -05:00
|
|
|
|
2024-04-08 18:18:14 -04:00
|
|
|
/// Stub ops for non-unix platforms.
|
|
|
|
#[cfg(not(unix))]
|
|
|
|
mod ops_unix {
|
|
|
|
use deno_core::op2;
|
2023-12-26 20:30:26 -05:00
|
|
|
|
2024-12-31 12:13:39 -05:00
|
|
|
use crate::NetPermissions;
|
|
|
|
|
2024-04-08 18:18:14 -04:00
|
|
|
macro_rules! stub_op {
|
|
|
|
($name:ident) => {
|
|
|
|
#[op2(fast)]
|
2024-07-09 07:44:12 -04:00
|
|
|
pub fn $name() -> Result<(), std::io::Error> {
|
|
|
|
let error_msg = format!(
|
|
|
|
"Operation `{:?}` not supported on non-unix platforms.",
|
|
|
|
stringify!($name)
|
|
|
|
);
|
|
|
|
Err(std::io::Error::new(
|
|
|
|
std::io::ErrorKind::Unsupported,
|
|
|
|
error_msg,
|
|
|
|
))
|
2024-04-08 18:18:14 -04:00
|
|
|
}
|
|
|
|
};
|
|
|
|
($name:ident<P>) => {
|
|
|
|
#[op2(fast)]
|
2024-07-09 07:44:12 -04:00
|
|
|
pub fn $name<P: NetPermissions>() -> Result<(), std::io::Error> {
|
|
|
|
let error_msg = format!(
|
|
|
|
"Operation `{:?}` not supported on non-unix platforms.",
|
|
|
|
stringify!($name)
|
|
|
|
);
|
|
|
|
Err(std::io::Error::new(
|
|
|
|
std::io::ErrorKind::Unsupported,
|
|
|
|
error_msg,
|
|
|
|
))
|
2024-04-08 18:18:14 -04:00
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
stub_op!(op_net_accept_unix);
|
|
|
|
stub_op!(op_net_connect_unix<P>);
|
|
|
|
stub_op!(op_net_listen_unix<P>);
|
|
|
|
stub_op!(op_net_listen_unixpacket<P>);
|
|
|
|
stub_op!(op_node_unstable_net_listen_unixpacket<P>);
|
|
|
|
stub_op!(op_net_recv_unixpacket);
|
|
|
|
stub_op!(op_net_send_unixpacket<P>);
|
|
|
|
}
|