mirror of
https://github.com/denoland/deno.git
synced 2024-12-23 15:49:44 -05:00
refactor: remove PermissionsContainer
in deno_runtime (#24119)
Also removes permissions being passed in for node resolution. It was completely useless because we only checked it for reading package.json files, but Deno reading package.json files for resolution is perfectly fine. My guess is this is also a perf improvement because Deno is doing less work.
This commit is contained in:
parent
da926009d4
commit
53c535d2b6
69 changed files with 428 additions and 564 deletions
8
Cargo.lock
generated
8
Cargo.lock
generated
|
@ -1432,6 +1432,7 @@ dependencies = [
|
|||
"bytes",
|
||||
"data-url",
|
||||
"deno_core",
|
||||
"deno_permissions",
|
||||
"deno_tls",
|
||||
"dyn-clone",
|
||||
"http 0.2.12",
|
||||
|
@ -1447,6 +1448,7 @@ name = "deno_ffi"
|
|||
version = "0.142.0"
|
||||
dependencies = [
|
||||
"deno_core",
|
||||
"deno_permissions",
|
||||
"dlopen2",
|
||||
"dynasmrt",
|
||||
"libffi",
|
||||
|
@ -1466,6 +1468,7 @@ dependencies = [
|
|||
"base32",
|
||||
"deno_core",
|
||||
"deno_io",
|
||||
"deno_permissions",
|
||||
"filetime",
|
||||
"junction",
|
||||
"libc",
|
||||
|
@ -1572,6 +1575,7 @@ dependencies = [
|
|||
"deno_core",
|
||||
"deno_fetch",
|
||||
"deno_node",
|
||||
"deno_permissions",
|
||||
"deno_tls",
|
||||
"denokv_proto",
|
||||
"denokv_remote",
|
||||
|
@ -1631,6 +1635,7 @@ name = "deno_napi"
|
|||
version = "0.85.0"
|
||||
dependencies = [
|
||||
"deno_core",
|
||||
"deno_permissions",
|
||||
"libloading 0.7.4",
|
||||
]
|
||||
|
||||
|
@ -1652,6 +1657,7 @@ name = "deno_net"
|
|||
version = "0.147.0"
|
||||
dependencies = [
|
||||
"deno_core",
|
||||
"deno_permissions",
|
||||
"deno_tls",
|
||||
"pin-project",
|
||||
"rustls-tokio-stream",
|
||||
|
@ -1928,6 +1934,7 @@ dependencies = [
|
|||
"deno_bench_util",
|
||||
"deno_console",
|
||||
"deno_core",
|
||||
"deno_permissions",
|
||||
"deno_url",
|
||||
"deno_webidl",
|
||||
"encoding_rs",
|
||||
|
@ -1965,6 +1972,7 @@ dependencies = [
|
|||
"bytes",
|
||||
"deno_core",
|
||||
"deno_net",
|
||||
"deno_permissions",
|
||||
"deno_tls",
|
||||
"fastwebsockets",
|
||||
"h2 0.4.4",
|
||||
|
|
|
@ -17,8 +17,8 @@ use deno_core::error::AnyError;
|
|||
use deno_core::resolve_url_or_path;
|
||||
use deno_core::url::Url;
|
||||
use deno_graph::GraphKind;
|
||||
use deno_runtime::permissions::parse_sys_kind;
|
||||
use deno_runtime::permissions::PermissionsOptions;
|
||||
use deno_runtime::deno_permissions::parse_sys_kind;
|
||||
use deno_runtime::deno_permissions::PermissionsOptions;
|
||||
use log::debug;
|
||||
use log::Level;
|
||||
use serde::Deserialize;
|
||||
|
|
|
@ -4,7 +4,7 @@ use deno_core::anyhow::Context;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::serde_json;
|
||||
use deno_core::url::Url;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use import_map::ImportMap;
|
||||
use import_map::ImportMapDiagnostic;
|
||||
use log::warn;
|
||||
|
|
|
@ -47,13 +47,13 @@ use deno_core::parking_lot::Mutex;
|
|||
use deno_core::serde_json;
|
||||
use deno_core::url::Url;
|
||||
use deno_runtime::deno_node::PackageJson;
|
||||
use deno_runtime::deno_permissions::PermissionsOptions;
|
||||
use deno_runtime::deno_tls::deno_native_certs::load_native_certs;
|
||||
use deno_runtime::deno_tls::rustls;
|
||||
use deno_runtime::deno_tls::rustls::RootCertStore;
|
||||
use deno_runtime::deno_tls::rustls_pemfile;
|
||||
use deno_runtime::deno_tls::webpki_roots;
|
||||
use deno_runtime::inspector_server::InspectorServer;
|
||||
use deno_runtime::permissions::PermissionsOptions;
|
||||
use deno_terminal::colors;
|
||||
use dotenvy::from_filename;
|
||||
use once_cell::sync::Lazy;
|
||||
|
|
2
cli/cache/mod.rs
vendored
2
cli/cache/mod.rs
vendored
|
@ -17,7 +17,7 @@ use deno_graph::source::CacheInfo;
|
|||
use deno_graph::source::LoadFuture;
|
||||
use deno_graph::source::LoadResponse;
|
||||
use deno_graph::source::Loader;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use std::collections::HashMap;
|
||||
use std::path::Path;
|
||||
use std::path::PathBuf;
|
||||
|
|
|
@ -22,8 +22,8 @@ use deno_core::url::Url;
|
|||
use deno_core::ModuleSpecifier;
|
||||
use deno_graph::source::LoaderChecksum;
|
||||
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use log::debug;
|
||||
use std::borrow::Cow;
|
||||
use std::collections::HashMap;
|
||||
|
|
|
@ -8,7 +8,7 @@ use deno_core::parking_lot::RwLock;
|
|||
use deno_core::resolve_url_or_path;
|
||||
use deno_graph::ModuleGraph;
|
||||
use deno_runtime::colors;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
|
||||
use crate::args::CliOptions;
|
||||
use crate::module_loader::ModuleLoadPreparer;
|
||||
|
|
|
@ -41,7 +41,7 @@ use deno_graph::ResolutionError;
|
|||
use deno_graph::SpecifierError;
|
||||
use deno_runtime::deno_fs::FileSystem;
|
||||
use deno_runtime::deno_node;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::package::PackageNv;
|
||||
use deno_semver::package::PackageReq;
|
||||
use import_map::ImportMapError;
|
||||
|
|
|
@ -10,7 +10,7 @@ use deno_core::ModuleSpecifier;
|
|||
use deno_graph::packages::JsrPackageInfo;
|
||||
use deno_graph::packages::JsrPackageVersionInfo;
|
||||
use deno_lockfile::Lockfile;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::jsr::JsrPackageReqReference;
|
||||
use deno_semver::package::PackageNv;
|
||||
use deno_semver::package::PackageReq;
|
||||
|
|
|
@ -29,8 +29,8 @@ use deno_lint::linter::LintConfig;
|
|||
use deno_lockfile::Lockfile;
|
||||
use deno_npm::npm_rc::ResolvedNpmRc;
|
||||
use deno_runtime::deno_node::PackageJson;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::fs_util::specifier_to_file_path;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use import_map::ImportMap;
|
||||
use lsp::Url;
|
||||
use lsp_types::ClientCapabilities;
|
||||
|
|
|
@ -7,7 +7,7 @@ use dashmap::DashMap;
|
|||
use deno_core::anyhow::anyhow;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::serde_json;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::package::PackageNv;
|
||||
use deno_semver::Version;
|
||||
use serde::Deserialize;
|
||||
|
|
|
@ -4,7 +4,7 @@ use dashmap::DashMap;
|
|||
use deno_core::anyhow::anyhow;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::serde_json;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::package::PackageNv;
|
||||
use deno_semver::Version;
|
||||
use serde::Deserialize;
|
||||
|
|
|
@ -30,7 +30,7 @@ use deno_core::url::Position;
|
|||
use deno_core::url::Url;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_graph::Dependency;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use log::error;
|
||||
use once_cell::sync::Lazy;
|
||||
use std::collections::HashMap;
|
||||
|
|
|
@ -38,7 +38,6 @@ use deno_runtime::deno_node::NodeResolutionMode;
|
|||
use deno_runtime::deno_node::NodeResolver;
|
||||
use deno_runtime::deno_node::PackageJson;
|
||||
use deno_runtime::fs_util::specifier_to_file_path;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_semver::jsr::JsrPackageReqReference;
|
||||
use deno_semver::npm::NpmPackageReqReference;
|
||||
use deno_semver::package::PackageNv;
|
||||
|
@ -247,12 +246,7 @@ impl LspResolver {
|
|||
let node_resolver = self.node_resolver.as_ref()?;
|
||||
Some(NodeResolution::into_specifier_and_media_type(
|
||||
node_resolver
|
||||
.resolve_req_reference(
|
||||
req_ref,
|
||||
&PermissionsContainer::allow_all(),
|
||||
referrer,
|
||||
NodeResolutionMode::Types,
|
||||
)
|
||||
.resolve_req_reference(req_ref, referrer, NodeResolutionMode::Types)
|
||||
.ok(),
|
||||
))
|
||||
}
|
||||
|
@ -282,8 +276,10 @@ impl LspResolver {
|
|||
let Some(node_resolver) = self.node_resolver.as_ref() else {
|
||||
return Ok(None);
|
||||
};
|
||||
node_resolver
|
||||
.get_closest_package_json(referrer, &PermissionsContainer::allow_all())
|
||||
node_resolver.get_closest_package_json(
|
||||
referrer,
|
||||
&mut deno_runtime::deno_node::AllowAllNodePermissions,
|
||||
)
|
||||
}
|
||||
|
||||
pub fn resolve_redirects(
|
||||
|
|
|
@ -26,7 +26,7 @@ use deno_core::parking_lot::RwLock;
|
|||
use deno_core::unsync::spawn;
|
||||
use deno_core::unsync::spawn_blocking;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::tokio_util::create_and_run_current_thread;
|
||||
use indexmap::IndexMap;
|
||||
use std::collections::HashMap;
|
||||
|
|
|
@ -318,7 +318,7 @@ pub fn main() {
|
|||
util::windows::ensure_stdio_open();
|
||||
#[cfg(windows)]
|
||||
colors::enable_ansi(); // For Windows 10
|
||||
deno_runtime::permissions::set_prompt_callbacks(
|
||||
deno_runtime::deno_permissions::set_prompt_callbacks(
|
||||
Box::new(util::draw_thread::DrawThread::hide),
|
||||
Box::new(util::draw_thread::DrawThread::show),
|
||||
);
|
||||
|
|
|
@ -68,7 +68,7 @@ use deno_graph::Resolution;
|
|||
use deno_lockfile::Lockfile;
|
||||
use deno_runtime::code_cache;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::npm::NpmPackageReqReference;
|
||||
|
||||
pub async fn load_top_level_deps(factory: &CliFactory) -> Result<(), AnyError> {
|
||||
|
@ -104,7 +104,7 @@ pub async fn load_top_level_deps(factory: &CliFactory) -> Result<(), AnyError> {
|
|||
&roots,
|
||||
false,
|
||||
factory.cli_options().ts_type_lib_window(),
|
||||
deno_runtime::permissions::PermissionsContainer::allow_all(),
|
||||
deno_runtime::deno_permissions::PermissionsContainer::allow_all(),
|
||||
)
|
||||
.await?;
|
||||
}
|
||||
|
@ -348,18 +348,12 @@ impl<TGraphContainer: ModuleGraphContainer>
|
|||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
maybe_referrer: Option<&ModuleSpecifier>,
|
||||
is_dynamic: bool,
|
||||
requested_module_type: RequestedModuleType,
|
||||
) -> Result<ModuleSource, AnyError> {
|
||||
let permissions = if is_dynamic {
|
||||
&self.dynamic_permissions
|
||||
} else {
|
||||
&self.root_permissions
|
||||
};
|
||||
let code_source = if let Some(result) = self
|
||||
.shared
|
||||
.npm_module_loader
|
||||
.load_if_in_npm_package(specifier, maybe_referrer, permissions)
|
||||
.load_if_in_npm_package(specifier, maybe_referrer)
|
||||
.await
|
||||
{
|
||||
result?
|
||||
|
@ -448,19 +442,11 @@ impl<TGraphContainer: ModuleGraphContainer>
|
|||
&self,
|
||||
specifier: &str,
|
||||
referrer: &ModuleSpecifier,
|
||||
kind: ResolutionKind,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
let permissions = if matches!(kind, ResolutionKind::DynamicImport) {
|
||||
&self.dynamic_permissions
|
||||
} else {
|
||||
&self.root_permissions
|
||||
};
|
||||
|
||||
if let Some(result) = self.shared.node_resolver.resolve_if_in_npm_package(
|
||||
specifier,
|
||||
referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
) {
|
||||
return match result? {
|
||||
Some(res) => Ok(res.into_url()),
|
||||
|
@ -505,7 +491,6 @@ impl<TGraphContainer: ModuleGraphContainer>
|
|||
.node_resolver
|
||||
.resolve_req_reference(
|
||||
&reference,
|
||||
permissions,
|
||||
referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
)
|
||||
|
@ -530,7 +515,6 @@ impl<TGraphContainer: ModuleGraphContainer>
|
|||
module.nv_reference.sub_path(),
|
||||
referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
)
|
||||
.with_context(|| {
|
||||
format!("Could not resolve '{}'.", module.nv_reference)
|
||||
|
@ -720,7 +704,7 @@ impl<TGraphContainer: ModuleGraphContainer> ModuleLoader
|
|||
&self,
|
||||
specifier: &str,
|
||||
referrer: &str,
|
||||
kind: ResolutionKind,
|
||||
_kind: ResolutionKind,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
fn ensure_not_jsr_non_jsr_remote_import(
|
||||
specifier: &ModuleSpecifier,
|
||||
|
@ -736,7 +720,7 @@ impl<TGraphContainer: ModuleGraphContainer> ModuleLoader
|
|||
}
|
||||
|
||||
let referrer = self.0.resolve_referrer(referrer)?;
|
||||
let specifier = self.0.inner_resolve(specifier, &referrer, kind)?;
|
||||
let specifier = self.0.inner_resolve(specifier, &referrer)?;
|
||||
ensure_not_jsr_non_jsr_remote_import(&specifier, &referrer)?;
|
||||
Ok(specifier)
|
||||
}
|
||||
|
@ -745,7 +729,7 @@ impl<TGraphContainer: ModuleGraphContainer> ModuleLoader
|
|||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
maybe_referrer: Option<&ModuleSpecifier>,
|
||||
is_dynamic: bool,
|
||||
_is_dynamic: bool,
|
||||
requested_module_type: RequestedModuleType,
|
||||
) -> deno_core::ModuleLoadResponse {
|
||||
let inner = self.0.clone();
|
||||
|
@ -757,7 +741,6 @@ impl<TGraphContainer: ModuleGraphContainer> ModuleLoader
|
|||
.load_inner(
|
||||
&specifier,
|
||||
maybe_referrer.as_ref(),
|
||||
is_dynamic,
|
||||
requested_module_type,
|
||||
)
|
||||
.await
|
||||
|
|
|
@ -160,7 +160,7 @@ impl NpmResolver for ByonmCliNpmResolver {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
if !path
|
||||
|
|
|
@ -550,7 +550,7 @@ impl NpmResolver for ManagedCliNpmResolver {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
self.fs_resolver.ensure_read_permission(permissions, path)
|
||||
|
|
|
@ -53,7 +53,7 @@ pub trait NpmPackageFsResolver: Send + Sync {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError>;
|
||||
}
|
||||
|
@ -76,7 +76,7 @@ impl RegistryReadPermissionChecker {
|
|||
|
||||
pub fn ensure_registry_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
// allow reading if it's in the node_modules
|
||||
|
|
|
@ -146,7 +146,7 @@ impl NpmPackageFsResolver for GlobalNpmPackageResolver {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
self
|
||||
|
|
|
@ -243,7 +243,7 @@ impl NpmPackageFsResolver for LocalNpmPackageResolver {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
self
|
||||
|
|
|
@ -14,7 +14,7 @@ use deno_core::error::AnyError;
|
|||
use deno_core::serde_json;
|
||||
use deno_npm::registry::NpmPackageInfo;
|
||||
use deno_runtime::deno_node::NpmResolver;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_semver::package::PackageNv;
|
||||
use deno_semver::package::PackageReq;
|
||||
|
||||
|
|
|
@ -11,9 +11,9 @@ use deno_core::op2;
|
|||
use deno_core::v8;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_core::OpState;
|
||||
use deno_runtime::permissions::create_child_permissions;
|
||||
use deno_runtime::permissions::ChildPermissionsArg;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::create_child_permissions;
|
||||
use deno_runtime::deno_permissions::ChildPermissionsArg;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use tokio::sync::mpsc::UnboundedSender;
|
||||
use uuid::Uuid;
|
||||
|
||||
|
@ -61,7 +61,7 @@ pub fn op_pledge_test_permissions(
|
|||
let token = Uuid::new_v4();
|
||||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = {
|
||||
let mut parent_permissions = parent_permissions.0 .0.lock();
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms = create_child_permissions(&mut parent_permissions, args)?;
|
||||
PermissionsContainer::new(perms)
|
||||
};
|
||||
|
|
|
@ -16,9 +16,9 @@ use deno_core::op2;
|
|||
use deno_core::v8;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_core::OpState;
|
||||
use deno_runtime::permissions::create_child_permissions;
|
||||
use deno_runtime::permissions::ChildPermissionsArg;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::create_child_permissions;
|
||||
use deno_runtime::deno_permissions::ChildPermissionsArg;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use serde::Serialize;
|
||||
use std::sync::atomic::AtomicUsize;
|
||||
use std::sync::atomic::Ordering;
|
||||
|
@ -57,7 +57,7 @@ pub fn op_pledge_test_permissions(
|
|||
let token = Uuid::new_v4();
|
||||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = {
|
||||
let mut parent_permissions = parent_permissions.0 .0.lock();
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms = create_child_permissions(&mut parent_permissions, args)?;
|
||||
PermissionsContainer::new(perms)
|
||||
};
|
||||
|
|
|
@ -30,7 +30,6 @@ use deno_runtime::deno_node::NodeResolver;
|
|||
use deno_runtime::deno_node::NpmResolver as DenoNodeNpmResolver;
|
||||
use deno_runtime::deno_node::PackageJson;
|
||||
use deno_runtime::fs_util::specifier_to_file_path;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_semver::npm::NpmPackageReqReference;
|
||||
use deno_semver::package::PackageReq;
|
||||
use import_map::ImportMap;
|
||||
|
@ -100,7 +99,7 @@ impl CliNodeResolver {
|
|||
pub fn get_closest_package_json(
|
||||
&self,
|
||||
referrer: &ModuleSpecifier,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
) -> Result<Option<Rc<PackageJson>>, AnyError> {
|
||||
self
|
||||
.node_resolver
|
||||
|
@ -112,11 +111,10 @@ impl CliNodeResolver {
|
|||
specifier: &str,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Option<Result<Option<NodeResolution>, AnyError>> {
|
||||
if self.in_npm_package(referrer) {
|
||||
// we're in an npm package, so use node resolution
|
||||
Some(self.resolve(specifier, referrer, mode, permissions))
|
||||
Some(self.resolve(specifier, referrer, mode))
|
||||
} else {
|
||||
None
|
||||
}
|
||||
|
@ -127,20 +125,15 @@ impl CliNodeResolver {
|
|||
specifier: &str,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Result<Option<NodeResolution>, AnyError> {
|
||||
self.handle_node_resolve_result(self.node_resolver.resolve(
|
||||
specifier,
|
||||
referrer,
|
||||
mode,
|
||||
permissions,
|
||||
))
|
||||
self.handle_node_resolve_result(
|
||||
self.node_resolver.resolve(specifier, referrer, mode),
|
||||
)
|
||||
}
|
||||
|
||||
pub fn resolve_req_reference(
|
||||
&self,
|
||||
req_ref: &NpmPackageReqReference,
|
||||
permissions: &PermissionsContainer,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
) -> Result<NodeResolution, AnyError> {
|
||||
|
@ -152,7 +145,6 @@ impl CliNodeResolver {
|
|||
req_ref.sub_path(),
|
||||
referrer,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
match maybe_resolution {
|
||||
Some(resolution) => Ok(resolution),
|
||||
|
@ -181,7 +173,6 @@ impl CliNodeResolver {
|
|||
sub_path: Option<&str>,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Result<Option<NodeResolution>, AnyError> {
|
||||
self.handle_node_resolve_result(
|
||||
self.node_resolver.resolve_package_subpath_from_deno_module(
|
||||
|
@ -189,7 +180,6 @@ impl CliNodeResolver {
|
|||
sub_path,
|
||||
referrer,
|
||||
mode,
|
||||
permissions,
|
||||
),
|
||||
)
|
||||
}
|
||||
|
@ -278,10 +268,9 @@ impl NpmModuleLoader {
|
|||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
maybe_referrer: Option<&ModuleSpecifier>,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Option<Result<ModuleCodeStringSource, AnyError>> {
|
||||
if self.node_resolver.in_npm_package(specifier) {
|
||||
Some(self.load(specifier, maybe_referrer, permissions).await)
|
||||
Some(self.load(specifier, maybe_referrer).await)
|
||||
} else {
|
||||
None
|
||||
}
|
||||
|
@ -291,7 +280,6 @@ impl NpmModuleLoader {
|
|||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
maybe_referrer: Option<&ModuleSpecifier>,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Result<ModuleCodeStringSource, AnyError> {
|
||||
let file_path = specifier.to_file_path().unwrap();
|
||||
let code = self
|
||||
|
@ -336,7 +324,7 @@ impl NpmModuleLoader {
|
|||
ModuleSourceCode::String(
|
||||
self
|
||||
.node_code_translator
|
||||
.translate_cjs_to_esm(specifier, Some(code), permissions)
|
||||
.translate_cjs_to_esm(specifier, Some(code))
|
||||
.await?
|
||||
.into(),
|
||||
)
|
||||
|
@ -638,12 +626,7 @@ impl Resolver for CliGraphResolver {
|
|||
{
|
||||
let node_resolver = self.node_resolver.as_ref().unwrap();
|
||||
return node_resolver
|
||||
.resolve_req_reference(
|
||||
&npm_req_ref,
|
||||
&PermissionsContainer::allow_all(),
|
||||
referrer,
|
||||
to_node_mode(mode),
|
||||
)
|
||||
.resolve_req_reference(&npm_req_ref, referrer, to_node_mode(mode))
|
||||
.map(|res| res.into_url())
|
||||
.map_err(|err| err.into());
|
||||
}
|
||||
|
@ -651,12 +634,8 @@ impl Resolver for CliGraphResolver {
|
|||
Err(_) => {
|
||||
if referrer.scheme() == "file" {
|
||||
if let Some(node_resolver) = &self.node_resolver {
|
||||
let node_result = node_resolver.resolve(
|
||||
specifier,
|
||||
referrer,
|
||||
to_node_mode(mode),
|
||||
&PermissionsContainer::allow_all(),
|
||||
);
|
||||
let node_result =
|
||||
node_resolver.resolve(specifier, referrer, to_node_mode(mode));
|
||||
match node_result {
|
||||
Ok(Some(res)) => {
|
||||
return Ok(res.into_url());
|
||||
|
@ -694,7 +673,6 @@ impl Resolver for CliGraphResolver {
|
|||
specifier,
|
||||
referrer,
|
||||
to_node_mode(mode),
|
||||
&PermissionsContainer::allow_all(),
|
||||
);
|
||||
if let Some(Ok(Some(res))) = node_result {
|
||||
return Ok(res.into_url());
|
||||
|
|
|
@ -53,10 +53,10 @@ use deno_runtime::deno_fs;
|
|||
use deno_runtime::deno_node::analyze::NodeCodeTranslator;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::deno_node::NodeResolver;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_tls::rustls::RootCertStore;
|
||||
use deno_runtime::deno_tls::RootCertStoreProvider;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
use deno_runtime::WorkerLogLevel;
|
||||
use deno_semver::npm::NpmPackageReqReference;
|
||||
|
@ -112,16 +112,10 @@ impl ModuleLoader for EmbeddedModuleLoader {
|
|||
})?
|
||||
};
|
||||
|
||||
let permissions = if matches!(kind, ResolutionKind::DynamicImport) {
|
||||
&self.dynamic_permissions
|
||||
} else {
|
||||
&self.root_permissions
|
||||
};
|
||||
if let Some(result) = self.shared.node_resolver.resolve_if_in_npm_package(
|
||||
specifier,
|
||||
&referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
) {
|
||||
return match result? {
|
||||
Some(res) => Ok(res.into_url()),
|
||||
|
@ -146,7 +140,6 @@ impl ModuleLoader for EmbeddedModuleLoader {
|
|||
.node_resolver
|
||||
.resolve_req_reference(
|
||||
&reference,
|
||||
permissions,
|
||||
&referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
)
|
||||
|
@ -174,7 +167,7 @@ impl ModuleLoader for EmbeddedModuleLoader {
|
|||
&self,
|
||||
original_specifier: &ModuleSpecifier,
|
||||
maybe_referrer: Option<&ModuleSpecifier>,
|
||||
is_dynamic: bool,
|
||||
_is_dynamic: bool,
|
||||
_requested_module_type: RequestedModuleType,
|
||||
) -> deno_core::ModuleLoadResponse {
|
||||
if original_specifier.scheme() == "data" {
|
||||
|
@ -203,15 +196,10 @@ impl ModuleLoader for EmbeddedModuleLoader {
|
|||
let npm_module_loader = self.shared.npm_module_loader.clone();
|
||||
let original_specifier = original_specifier.clone();
|
||||
let maybe_referrer = maybe_referrer.cloned();
|
||||
let permissions = if is_dynamic {
|
||||
self.dynamic_permissions.clone()
|
||||
} else {
|
||||
self.root_permissions.clone()
|
||||
};
|
||||
return deno_core::ModuleLoadResponse::Async(
|
||||
async move {
|
||||
let code_source = npm_module_loader
|
||||
.load(&original_specifier, maybe_referrer.as_ref(), &permissions)
|
||||
.load(&original_specifier, maybe_referrer.as_ref())
|
||||
.await?;
|
||||
Ok(deno_core::ModuleSource::new_with_redirect(
|
||||
match code_source.media_type {
|
||||
|
|
|
@ -31,8 +31,8 @@ use deno_core::unsync::spawn_blocking;
|
|||
use deno_core::v8;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_core::PollEventLoopOptions;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::tokio_util::create_and_run_current_thread;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
use indexmap::IndexMap;
|
||||
|
|
|
@ -18,8 +18,8 @@ use deno_core::serde_json;
|
|||
use deno_core::url::Url;
|
||||
use deno_runtime::deno_io::Stdio;
|
||||
use deno_runtime::deno_io::StdioPipe;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
use deno_terminal::colors;
|
||||
|
||||
|
|
|
@ -13,8 +13,8 @@ use deno_core::error::AnyError;
|
|||
use deno_core::futures::StreamExt;
|
||||
use deno_core::serde_json;
|
||||
use deno_core::unsync::spawn_blocking;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
use rustyline::error::ReadlineError;
|
||||
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
use std::io::Read;
|
||||
|
||||
use deno_core::error::AnyError;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
|
||||
use crate::args::EvalFlags;
|
||||
|
|
|
@ -54,9 +54,9 @@ use deno_core::OpState;
|
|||
use deno_core::PollEventLoopOptions;
|
||||
use deno_runtime::deno_io::Stdio;
|
||||
use deno_runtime::deno_io::StdioPipe;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::fmt_errors::format_js_error;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::tokio_util::create_and_run_current_thread;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
use deno_runtime::WorkerExecutionMode;
|
||||
|
|
|
@ -33,7 +33,6 @@ use deno_graph::ResolutionResolved;
|
|||
use deno_runtime::deno_node::NodeResolution;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::deno_node::NodeResolver;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_semver::npm::NpmPackageReqReference;
|
||||
use lsp_types::Url;
|
||||
use once_cell::sync::Lazy;
|
||||
|
@ -742,7 +741,6 @@ fn resolve_graph_specifier_types(
|
|||
module.nv_reference.sub_path(),
|
||||
referrer,
|
||||
NodeResolutionMode::Types,
|
||||
&PermissionsContainer::allow_all(),
|
||||
)?;
|
||||
Ok(Some(NodeResolution::into_specifier_and_media_type(
|
||||
maybe_resolution,
|
||||
|
@ -779,12 +777,7 @@ fn resolve_non_graph_specifier_types(
|
|||
// we're in an npm package, so use node resolution
|
||||
Ok(Some(NodeResolution::into_specifier_and_media_type(
|
||||
node_resolver
|
||||
.resolve(
|
||||
specifier,
|
||||
referrer,
|
||||
NodeResolutionMode::Types,
|
||||
&PermissionsContainer::allow_all(),
|
||||
)
|
||||
.resolve(specifier, referrer, NodeResolutionMode::Types)
|
||||
.ok()
|
||||
.flatten(),
|
||||
)))
|
||||
|
@ -802,7 +795,6 @@ fn resolve_non_graph_specifier_types(
|
|||
npm_req_ref.sub_path(),
|
||||
referrer,
|
||||
NodeResolutionMode::Types,
|
||||
&PermissionsContainer::allow_all(),
|
||||
)?;
|
||||
Ok(Some(NodeResolution::into_specifier_and_media_type(
|
||||
maybe_resolution,
|
||||
|
|
|
@ -28,12 +28,12 @@ use deno_runtime::deno_node;
|
|||
use deno_runtime::deno_node::NodeResolution;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::deno_node::NodeResolver;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_tls::RootCertStoreProvider;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::fmt_errors::format_js_error;
|
||||
use deno_runtime::inspector_server::InspectorServer;
|
||||
use deno_runtime::ops::worker_host::CreateWebWorkerCb;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::web_worker::WebWorker;
|
||||
use deno_runtime::web_worker::WebWorkerOptions;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
|
@ -522,11 +522,8 @@ impl CliMainWorkerFactory {
|
|||
package_ref.req(),
|
||||
&referrer,
|
||||
)?;
|
||||
let node_resolution = self.resolve_binary_entrypoint(
|
||||
&package_folder,
|
||||
package_ref.sub_path(),
|
||||
&permissions,
|
||||
)?;
|
||||
let node_resolution = self
|
||||
.resolve_binary_entrypoint(&package_folder, package_ref.sub_path())?;
|
||||
let is_main_cjs = matches!(node_resolution, NodeResolution::CommonJs(_));
|
||||
|
||||
if let Some(lockfile) = &shared.maybe_lockfile {
|
||||
|
@ -636,6 +633,7 @@ impl CliMainWorkerFactory {
|
|||
strace_ops: shared.options.strace_ops.clone(),
|
||||
module_loader,
|
||||
fs: shared.fs.clone(),
|
||||
node_resolver: Some(shared.node_resolver.clone()),
|
||||
npm_resolver: Some(shared.npm_resolver.clone().into_npm_resolver()),
|
||||
get_error_class_fn: Some(&errors::get_error_class_name),
|
||||
cache_storage_dir,
|
||||
|
@ -687,7 +685,6 @@ impl CliMainWorkerFactory {
|
|||
&self,
|
||||
package_folder: &Path,
|
||||
sub_path: Option<&str>,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Result<NodeResolution, AnyError> {
|
||||
match self
|
||||
.shared
|
||||
|
@ -697,11 +694,8 @@ impl CliMainWorkerFactory {
|
|||
Ok(node_resolution) => Ok(node_resolution),
|
||||
Err(original_err) => {
|
||||
// if the binary entrypoint was not found, fallback to regular node resolution
|
||||
let result = self.resolve_binary_entrypoint_fallback(
|
||||
package_folder,
|
||||
sub_path,
|
||||
permissions,
|
||||
);
|
||||
let result =
|
||||
self.resolve_binary_entrypoint_fallback(package_folder, sub_path);
|
||||
match result {
|
||||
Ok(Some(resolution)) => Ok(resolution),
|
||||
Ok(None) => Err(original_err),
|
||||
|
@ -718,7 +712,6 @@ impl CliMainWorkerFactory {
|
|||
&self,
|
||||
package_folder: &Path,
|
||||
sub_path: Option<&str>,
|
||||
permissions: &PermissionsContainer,
|
||||
) -> Result<Option<NodeResolution>, AnyError> {
|
||||
// only fallback if the user specified a sub path
|
||||
if sub_path.is_none() {
|
||||
|
@ -739,7 +732,6 @@ impl CliMainWorkerFactory {
|
|||
sub_path,
|
||||
&referrer,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
)?
|
||||
else {
|
||||
return Ok(None);
|
||||
|
@ -843,6 +835,7 @@ fn create_web_worker_callback(
|
|||
source_map_getter,
|
||||
module_loader,
|
||||
fs: shared.fs.clone(),
|
||||
node_resolver: Some(shared.node_resolver.clone()),
|
||||
npm_resolver: Some(shared.npm_resolver.clone().into_npm_resolver()),
|
||||
worker_type: args.worker_type,
|
||||
maybe_inspector_server,
|
||||
|
@ -877,7 +870,7 @@ fn create_web_worker_callback(
|
|||
mod tests {
|
||||
use super::*;
|
||||
use deno_core::resolve_path;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::deno_permissions::Permissions;
|
||||
|
||||
fn create_test_worker() -> MainWorker {
|
||||
let main_module =
|
||||
|
|
|
@ -17,6 +17,7 @@ path = "lib.rs"
|
|||
bytes.workspace = true
|
||||
data-url.workspace = true
|
||||
deno_core.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
deno_tls.workspace = true
|
||||
dyn-clone = "1"
|
||||
http_v02.workspace = true
|
||||
|
|
|
@ -281,6 +281,26 @@ pub trait FetchPermissions {
|
|||
fn check_read(&mut self, _p: &Path, api_name: &str) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl FetchPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
#[op2]
|
||||
#[serde]
|
||||
#[allow(clippy::too_many_arguments)]
|
||||
|
|
|
@ -15,6 +15,7 @@ path = "lib.rs"
|
|||
|
||||
[dependencies]
|
||||
deno_core.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
dlopen2.workspace = true
|
||||
dynasmrt = "1.2.3"
|
||||
libffi = "=3.2.0"
|
||||
|
|
|
@ -53,6 +53,13 @@ pub trait FfiPermissions {
|
|||
fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl FfiPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_ffi_partial(self, path)
|
||||
}
|
||||
}
|
||||
|
||||
deno_core::extension!(deno_ffi,
|
||||
deps = [ deno_web ],
|
||||
parameters = [P: FfiPermissions],
|
||||
|
|
|
@ -21,6 +21,7 @@ async-trait.workspace = true
|
|||
base32.workspace = true
|
||||
deno_core.workspace = true
|
||||
deno_io.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
filetime.workspace = true
|
||||
libc.workspace = true
|
||||
rand.workspace = true
|
||||
|
|
|
@ -23,9 +23,10 @@ use crate::ops::*;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::OpState;
|
||||
use deno_io::fs::FsError;
|
||||
use std::borrow::Cow;
|
||||
use std::path::Path;
|
||||
|
||||
pub trait FsPermissions: Send + Sync {
|
||||
pub trait FsPermissions {
|
||||
fn check_open<'a>(
|
||||
&mut self,
|
||||
resolved: bool,
|
||||
|
@ -78,6 +79,92 @@ pub trait FsPermissions: Send + Sync {
|
|||
}
|
||||
}
|
||||
|
||||
impl FsPermissions for deno_permissions::PermissionsContainer {
|
||||
fn check_open<'a>(
|
||||
&mut self,
|
||||
resolved: bool,
|
||||
read: bool,
|
||||
write: bool,
|
||||
path: &'a Path,
|
||||
api_name: &str,
|
||||
) -> Result<Cow<'a, Path>, FsError> {
|
||||
if resolved {
|
||||
self.check_special_file(path, api_name).map_err(|_| {
|
||||
std::io::Error::from(std::io::ErrorKind::PermissionDenied)
|
||||
})?;
|
||||
return Ok(Cow::Borrowed(path));
|
||||
}
|
||||
|
||||
// If somehow read or write aren't specified, use read
|
||||
let read = read || !write;
|
||||
if read {
|
||||
FsPermissions::check_read(self, path, api_name)
|
||||
.map_err(|_| FsError::PermissionDenied("read"))?;
|
||||
}
|
||||
if write {
|
||||
FsPermissions::check_write(self, path, api_name)
|
||||
.map_err(|_| FsError::PermissionDenied("write"))?;
|
||||
}
|
||||
Ok(Cow::Borrowed(path))
|
||||
}
|
||||
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
|
||||
}
|
||||
|
||||
fn check_read_blind(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
display: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read_blind(
|
||||
self, path, display, api_name,
|
||||
)
|
||||
}
|
||||
|
||||
fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write(self, path, api_name)
|
||||
}
|
||||
|
||||
fn check_write_partial(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write_partial(
|
||||
self, path, api_name,
|
||||
)
|
||||
}
|
||||
|
||||
fn check_write_blind(
|
||||
&mut self,
|
||||
p: &Path,
|
||||
display: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write_blind(
|
||||
self, p, display, api_name,
|
||||
)
|
||||
}
|
||||
|
||||
fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read_all(self, api_name)
|
||||
}
|
||||
|
||||
fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write_all(self, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
pub const UNSTABLE_FEATURE_NAME: &str = "fs";
|
||||
|
||||
/// Helper for checking unstable features. Used for sync ops.
|
||||
|
|
|
@ -21,6 +21,7 @@ chrono = { workspace = true, features = ["now"] }
|
|||
deno_core.workspace = true
|
||||
deno_fetch.workspace = true
|
||||
deno_node.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
deno_tls.workspace = true
|
||||
denokv_proto.workspace = true
|
||||
denokv_remote.workspace = true
|
||||
|
|
|
@ -48,6 +48,22 @@ pub trait RemoteDbHandlerPermissions {
|
|||
) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl RemoteDbHandlerPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_env(&mut self, var: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_env(self, var)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
pub struct RemoteDbHandler<P: RemoteDbHandlerPermissions + 'static> {
|
||||
http_options: HttpOptions,
|
||||
_p: std::marker::PhantomData<P>,
|
||||
|
|
|
@ -40,6 +40,18 @@ pub trait SqliteDbHandlerPermissions {
|
|||
fn check_write(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl SqliteDbHandlerPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_read(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read(self, p, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write(self, p, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl<P: SqliteDbHandlerPermissions> SqliteDbHandler<P> {
|
||||
pub fn new(
|
||||
default_storage_dir: Option<PathBuf>,
|
||||
|
|
|
@ -15,4 +15,5 @@ path = "lib.rs"
|
|||
|
||||
[dependencies]
|
||||
deno_core.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
libloading = { version = "0.7" }
|
||||
|
|
|
@ -432,6 +432,15 @@ pub trait NapiPermissions {
|
|||
-> std::result::Result<(), AnyError>;
|
||||
}
|
||||
|
||||
// NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might
|
||||
// change in the future.
|
||||
impl NapiPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_ffi(self, path)
|
||||
}
|
||||
}
|
||||
|
||||
/// # Safety
|
||||
///
|
||||
/// This function is unsafe because it dereferences raw pointer Env.
|
||||
|
|
|
@ -15,6 +15,7 @@ path = "lib.rs"
|
|||
|
||||
[dependencies]
|
||||
deno_core.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
deno_tls.workspace = true
|
||||
pin-project.workspace = true
|
||||
rustls-tokio-stream.workspace = true
|
||||
|
|
|
@ -30,6 +30,35 @@ pub trait NetPermissions {
|
|||
-> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl NetPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net<T: AsRef<str>>(
|
||||
&mut self,
|
||||
host: &(T, Option<u16>),
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_net(self, host, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write(self, path, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
/// Helper for checking unstable features. Used for sync ops.
|
||||
fn check_unstable(state: &OpState, api_name: &str) {
|
||||
// TODO(bartlomieju): replace with `state.feature_checker.check_or_exit`
|
||||
|
|
|
@ -17,8 +17,8 @@ use deno_core::error::AnyError;
|
|||
|
||||
use crate::path::to_file_specifier;
|
||||
use crate::resolution::NodeResolverRc;
|
||||
use crate::AllowAllNodePermissions;
|
||||
use crate::NodeModuleKind;
|
||||
use crate::NodePermissions;
|
||||
use crate::NodeResolutionMode;
|
||||
use crate::NpmResolverRc;
|
||||
use crate::PackageJson;
|
||||
|
@ -87,7 +87,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
&self,
|
||||
entry_specifier: &ModuleSpecifier,
|
||||
source: Option<String>,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<String, AnyError> {
|
||||
let mut temp_var_count = 0;
|
||||
|
||||
|
@ -115,7 +114,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
.analyze_reexports(
|
||||
entry_specifier,
|
||||
analysis.reexports,
|
||||
permissions,
|
||||
&mut all_exports,
|
||||
&mut errors,
|
||||
)
|
||||
|
@ -161,7 +159,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
&'a self,
|
||||
entry_specifier: &url::Url,
|
||||
reexports: Vec<String>,
|
||||
permissions: &dyn NodePermissions,
|
||||
all_exports: &mut HashSet<String>,
|
||||
// this goes through the modules concurrently, so collect
|
||||
// the errors in order to be deterministic
|
||||
|
@ -194,7 +191,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
// should be `deno-require`, because `deno` is already used in `esm_resolver.rs`
|
||||
&["deno", "require", "default"],
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
);
|
||||
let reexport_specifier = match result {
|
||||
Ok(specifier) => specifier,
|
||||
|
@ -287,7 +283,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
referrer: &ModuleSpecifier,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
if specifier.starts_with('/') {
|
||||
todo!();
|
||||
|
@ -319,7 +314,7 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
let package_json = PackageJson::load(
|
||||
&*self.fs,
|
||||
&*self.npm_resolver,
|
||||
permissions,
|
||||
&mut AllowAllNodePermissions,
|
||||
package_json_path.clone(),
|
||||
)?;
|
||||
if package_json.exists {
|
||||
|
@ -332,7 +327,6 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
NodeModuleKind::Esm,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -345,7 +339,7 @@ impl<TCjsCodeAnalyzer: CjsCodeAnalyzer> NodeCodeTranslator<TCjsCodeAnalyzer> {
|
|||
let package_json = PackageJson::load(
|
||||
&*self.fs,
|
||||
&*self.npm_resolver,
|
||||
permissions,
|
||||
&mut AllowAllNodePermissions,
|
||||
package_json_path,
|
||||
)?;
|
||||
if package_json.exists {
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use std::mem::MaybeUninit;
|
||||
use std::rc::Rc;
|
||||
|
||||
use deno_core::v8;
|
||||
use deno_core::v8::GetPropertyNamesArgs;
|
||||
use deno_core::v8::MapFnTo;
|
||||
|
||||
use crate::NodeResolver;
|
||||
use crate::resolution::NodeResolverRc;
|
||||
|
||||
// NOTE(bartlomieju): somehow calling `.map_fn_to()` multiple times on a function
|
||||
// returns two different pointers. That shouldn't be the case as `.map_fn_to()`
|
||||
|
@ -271,7 +270,7 @@ fn current_mode(scope: &mut v8::HandleScope) -> Mode {
|
|||
};
|
||||
let op_state = deno_core::JsRuntime::op_state_from(scope);
|
||||
let op_state = op_state.borrow();
|
||||
let Some(node_resolver) = op_state.try_borrow::<Rc<NodeResolver>>() else {
|
||||
let Some(node_resolver) = op_state.try_borrow::<NodeResolverRc>() else {
|
||||
return Mode::Deno;
|
||||
};
|
||||
let mut buffer = [MaybeUninit::uninit(); 2048];
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
use std::collections::HashSet;
|
||||
use std::path::Path;
|
||||
use std::path::PathBuf;
|
||||
use std::rc::Rc;
|
||||
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::located_script_name;
|
||||
|
@ -46,6 +45,7 @@ pub use resolution::NodeModuleKind;
|
|||
pub use resolution::NodeResolution;
|
||||
pub use resolution::NodeResolutionMode;
|
||||
pub use resolution::NodeResolver;
|
||||
use resolution::NodeResolverRc;
|
||||
|
||||
use crate::global::global_object_middleware;
|
||||
use crate::global::global_template_middleware;
|
||||
|
@ -57,23 +57,23 @@ pub trait NodePermissions {
|
|||
api_name: &str,
|
||||
) -> Result<(), AnyError>;
|
||||
#[inline(always)]
|
||||
fn check_read(&self, path: &Path) -> Result<(), AnyError> {
|
||||
fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
|
||||
self.check_read_with_api_name(path, None)
|
||||
}
|
||||
fn check_read_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError>;
|
||||
fn check_sys(&self, kind: &str, api_name: &str) -> Result<(), AnyError>;
|
||||
fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError>;
|
||||
fn check_write_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
pub(crate) struct AllowAllNodePermissions;
|
||||
pub struct AllowAllNodePermissions;
|
||||
|
||||
impl NodePermissions for AllowAllNodePermissions {
|
||||
fn check_net_url(
|
||||
|
@ -84,24 +84,65 @@ impl NodePermissions for AllowAllNodePermissions {
|
|||
Ok(())
|
||||
}
|
||||
fn check_read_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
_path: &Path,
|
||||
_api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
Ok(())
|
||||
}
|
||||
fn check_write_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
_path: &Path,
|
||||
_api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
Ok(())
|
||||
}
|
||||
fn check_sys(&self, _kind: &str, _api_name: &str) -> Result<(), AnyError> {
|
||||
fn check_sys(
|
||||
&mut self,
|
||||
_kind: &str,
|
||||
_api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
impl NodePermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read_with_api_name(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_read_with_api_name(
|
||||
self, path, api_name,
|
||||
)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write_with_api_name(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_write_with_api_name(
|
||||
self, path, api_name,
|
||||
)
|
||||
}
|
||||
|
||||
fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_sys(self, kind, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
#[allow(clippy::disallowed_types)]
|
||||
pub type NpmResolverRc = deno_fs::sync::MaybeArc<dyn NpmResolver>;
|
||||
|
||||
|
@ -146,7 +187,7 @@ pub trait NpmResolver: std::fmt::Debug + MaybeSend + MaybeSync {
|
|||
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError>;
|
||||
}
|
||||
|
@ -582,18 +623,21 @@ deno_core::extension!(deno_node,
|
|||
"node:zlib" = "zlib.ts",
|
||||
],
|
||||
options = {
|
||||
maybe_node_resolver: Option<NodeResolverRc>,
|
||||
maybe_npm_resolver: Option<NpmResolverRc>,
|
||||
fs: deno_fs::FileSystemRc,
|
||||
},
|
||||
state = |state, options| {
|
||||
let fs = options.fs;
|
||||
state.put(fs.clone());
|
||||
if let Some(npm_resolver) = options.maybe_npm_resolver {
|
||||
// you should provide both of these or neither
|
||||
debug_assert_eq!(options.maybe_node_resolver.is_some(), options.maybe_npm_resolver.is_some());
|
||||
|
||||
state.put(options.fs.clone());
|
||||
|
||||
if let Some(node_resolver) = &options.maybe_node_resolver {
|
||||
state.put(node_resolver.clone());
|
||||
}
|
||||
if let Some(npm_resolver) = &options.maybe_npm_resolver {
|
||||
state.put(npm_resolver.clone());
|
||||
state.put(Rc::new(NodeResolver::new(
|
||||
fs,
|
||||
npm_resolver,
|
||||
)))
|
||||
}
|
||||
},
|
||||
global_template_middleware = global_template_middleware,
|
||||
|
|
|
@ -16,10 +16,11 @@ use std::path::PathBuf;
|
|||
use std::rc::Rc;
|
||||
|
||||
use crate::resolution;
|
||||
use crate::resolution::NodeResolverRc;
|
||||
use crate::AllowAllNodePermissions;
|
||||
use crate::NodeModuleKind;
|
||||
use crate::NodePermissions;
|
||||
use crate::NodeResolutionMode;
|
||||
use crate::NodeResolver;
|
||||
use crate::NpmResolverRc;
|
||||
use crate::PackageJson;
|
||||
|
||||
|
@ -30,8 +31,8 @@ fn ensure_read_permission<P>(
|
|||
where
|
||||
P: NodePermissions + 'static,
|
||||
{
|
||||
let resolver = state.borrow::<NpmResolverRc>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let resolver = state.borrow::<NpmResolverRc>().clone();
|
||||
let permissions = state.borrow_mut::<P>();
|
||||
resolver.ensure_read_permission(permissions, file_path)
|
||||
}
|
||||
|
||||
|
@ -386,12 +387,11 @@ where
|
|||
return Ok(None);
|
||||
}
|
||||
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let node_resolver = state.borrow::<NodeResolverRc>();
|
||||
let pkg = node_resolver
|
||||
.get_closest_package_json(
|
||||
&Url::from_file_path(parent_path.unwrap()).unwrap(),
|
||||
permissions,
|
||||
&mut AllowAllNodePermissions,
|
||||
)
|
||||
.ok()
|
||||
.flatten();
|
||||
|
@ -428,7 +428,6 @@ where
|
|||
NodeModuleKind::Cjs,
|
||||
resolution::REQUIRE_CONDITIONS,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
)?;
|
||||
Ok(Some(if r.scheme() == "file" {
|
||||
url_to_file_path_string(&r)?
|
||||
|
@ -483,8 +482,7 @@ where
|
|||
{
|
||||
let fs = state.borrow::<FileSystemRc>();
|
||||
let npm_resolver = state.borrow::<NpmResolverRc>();
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let node_resolver = state.borrow::<NodeResolverRc>();
|
||||
|
||||
let pkg_path = if npm_resolver
|
||||
.in_npm_package_at_file_path(&PathBuf::from(&modules_path))
|
||||
|
@ -501,7 +499,7 @@ where
|
|||
}
|
||||
};
|
||||
let pkg = node_resolver.load_package_json(
|
||||
permissions,
|
||||
&mut AllowAllNodePermissions,
|
||||
PathBuf::from(&pkg_path).join("package.json"),
|
||||
)?;
|
||||
|
||||
|
@ -515,7 +513,6 @@ where
|
|||
NodeModuleKind::Cjs,
|
||||
resolution::REQUIRE_CONDITIONS,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
)?;
|
||||
Ok(Some(if r.scheme() == "file" {
|
||||
url_to_file_path_string(&r)?
|
||||
|
@ -540,8 +537,8 @@ where
|
|||
state,
|
||||
PathBuf::from(&filename).parent().unwrap(),
|
||||
)?;
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let node_resolver = state.borrow::<NodeResolverRc>().clone();
|
||||
let permissions = state.borrow_mut::<P>();
|
||||
node_resolver
|
||||
.get_closest_package_json(
|
||||
&Url::from_file_path(filename).unwrap(),
|
||||
|
@ -559,8 +556,8 @@ pub fn op_require_read_package_scope<P>(
|
|||
where
|
||||
P: NodePermissions + 'static,
|
||||
{
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let node_resolver = state.borrow::<NodeResolverRc>().clone();
|
||||
let permissions = state.borrow_mut::<P>();
|
||||
let package_json_path = PathBuf::from(package_json_path);
|
||||
node_resolver
|
||||
.load_package_json(permissions, package_json_path)
|
||||
|
@ -580,10 +577,11 @@ where
|
|||
{
|
||||
let referrer_path = PathBuf::from(&referrer_filename);
|
||||
ensure_read_permission::<P>(state, &referrer_path)?;
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let Some(pkg) = node_resolver
|
||||
.get_closest_package_json_from_path(&referrer_path, permissions)?
|
||||
let node_resolver = state.borrow::<NodeResolverRc>();
|
||||
let Some(pkg) = node_resolver.get_closest_package_json_from_path(
|
||||
&referrer_path,
|
||||
&mut AllowAllNodePermissions,
|
||||
)?
|
||||
else {
|
||||
return Ok(None);
|
||||
};
|
||||
|
@ -598,7 +596,6 @@ where
|
|||
Some(&pkg),
|
||||
resolution::REQUIRE_CONDITIONS,
|
||||
NodeResolutionMode::Execution,
|
||||
permissions,
|
||||
)?;
|
||||
Ok(Some(url_to_file_path_string(&url)?))
|
||||
} else {
|
||||
|
|
|
@ -8,11 +8,10 @@ use deno_core::OpState;
|
|||
use deno_fs::FileSystemRc;
|
||||
use std::path::Path;
|
||||
use std::path::PathBuf;
|
||||
use std::rc::Rc;
|
||||
|
||||
use crate::resolution;
|
||||
use crate::resolution::NodeResolverRc;
|
||||
use crate::NodePermissions;
|
||||
use crate::NodeResolver;
|
||||
use crate::NpmResolverRc;
|
||||
|
||||
fn ensure_read_permission<P>(
|
||||
|
@ -22,8 +21,8 @@ fn ensure_read_permission<P>(
|
|||
where
|
||||
P: NodePermissions + 'static,
|
||||
{
|
||||
let resolver = state.borrow::<NpmResolverRc>();
|
||||
let permissions = state.borrow::<P>();
|
||||
let resolver = state.borrow::<NpmResolverRc>().clone();
|
||||
let permissions = state.borrow_mut::<P>();
|
||||
resolver.ensure_read_permission(permissions, file_path)
|
||||
}
|
||||
|
||||
|
@ -63,7 +62,7 @@ where
|
|||
if !fs.exists_sync(&url_path) {
|
||||
return Err(generic_error(format!("File not found [{:?}]", url_path)));
|
||||
}
|
||||
let node_resolver = state.borrow::<Rc<NodeResolver>>();
|
||||
let node_resolver = state.borrow::<NodeResolverRc>();
|
||||
match node_resolver.url_to_node_resolution(url)? {
|
||||
resolution::NodeResolution::Esm(u) => Ok(u.to_string()),
|
||||
resolution::NodeResolution::CommonJs(u) => wrap_cjs(u),
|
||||
|
|
|
@ -65,7 +65,7 @@ impl PackageJson {
|
|||
pub fn load(
|
||||
fs: &dyn deno_fs::FileSystem,
|
||||
resolver: &dyn NpmResolver,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: PathBuf,
|
||||
) -> Result<Rc<PackageJson>, AnyError> {
|
||||
resolver.ensure_read_permission(permissions, &path)?;
|
||||
|
|
|
@ -154,7 +154,6 @@ impl NodeResolver {
|
|||
specifier: &str,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<NodeResolution>, AnyError> {
|
||||
// Note: if we are here, then the referrer is an esm module
|
||||
// TODO(bartlomieju): skipped "policy" part as we don't plan to support it
|
||||
|
@ -187,13 +186,8 @@ impl NodeResolver {
|
|||
}
|
||||
}
|
||||
|
||||
let url = self.module_resolve(
|
||||
specifier,
|
||||
referrer,
|
||||
DEFAULT_CONDITIONS,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
let url =
|
||||
self.module_resolve(specifier, referrer, DEFAULT_CONDITIONS, mode)?;
|
||||
let url = match url {
|
||||
Some(url) => url,
|
||||
None => return Ok(None),
|
||||
|
@ -204,12 +198,8 @@ impl NodeResolver {
|
|||
let path = url.to_file_path().unwrap();
|
||||
// todo(16370): the module kind is not correct here. I think we need
|
||||
// typescript to tell us if the referrer is esm or cjs
|
||||
let maybe_decl_url = self.path_to_declaration_url(
|
||||
path,
|
||||
referrer,
|
||||
NodeModuleKind::Esm,
|
||||
permissions,
|
||||
)?;
|
||||
let maybe_decl_url =
|
||||
self.path_to_declaration_url(path, referrer, NodeModuleKind::Esm)?;
|
||||
match maybe_decl_url {
|
||||
Some(url) => url,
|
||||
None => return Ok(None),
|
||||
|
@ -229,7 +219,6 @@ impl NodeResolver {
|
|||
referrer: &ModuleSpecifier,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
// note: if we're here, the referrer is an esm module
|
||||
let url = if should_be_treated_as_relative_or_absolute_path(specifier) {
|
||||
|
@ -242,13 +231,13 @@ impl NodeResolver {
|
|||
file_path,
|
||||
referrer,
|
||||
NodeModuleKind::Esm,
|
||||
permissions,
|
||||
)?
|
||||
} else {
|
||||
Some(resolved_specifier)
|
||||
}
|
||||
} else if specifier.starts_with('#') {
|
||||
let pkg_config = self.get_closest_package_json(referrer, permissions)?;
|
||||
let pkg_config = self
|
||||
.get_closest_package_json(referrer, &mut AllowAllNodePermissions)?;
|
||||
Some(self.package_imports_resolve(
|
||||
specifier,
|
||||
referrer,
|
||||
|
@ -256,7 +245,6 @@ impl NodeResolver {
|
|||
pkg_config.as_deref(),
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?)
|
||||
} else if let Ok(resolved) = Url::parse(specifier) {
|
||||
Some(resolved)
|
||||
|
@ -267,7 +255,6 @@ impl NodeResolver {
|
|||
NodeModuleKind::Esm,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?
|
||||
};
|
||||
Ok(match url {
|
||||
|
@ -337,11 +324,12 @@ impl NodeResolver {
|
|||
package_subpath: Option<&str>,
|
||||
referrer: &ModuleSpecifier,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<NodeResolution>, AnyError> {
|
||||
let package_json_path = package_dir.join("package.json");
|
||||
let package_json =
|
||||
self.load_package_json(permissions, package_json_path.clone())?;
|
||||
let package_json = self.load_package_json(
|
||||
&mut AllowAllNodePermissions,
|
||||
package_json_path.clone(),
|
||||
)?;
|
||||
let node_module_kind = NodeModuleKind::Esm;
|
||||
let package_subpath = package_subpath
|
||||
.map(|s| format!("./{s}"))
|
||||
|
@ -354,7 +342,6 @@ impl NodeResolver {
|
|||
node_module_kind,
|
||||
DEFAULT_CONDITIONS,
|
||||
mode,
|
||||
permissions,
|
||||
)
|
||||
.with_context(|| {
|
||||
format!(
|
||||
|
@ -376,7 +363,6 @@ impl NodeResolver {
|
|||
path,
|
||||
referrer,
|
||||
node_module_kind,
|
||||
permissions,
|
||||
)? {
|
||||
Some(url) => url,
|
||||
None => return Ok(None),
|
||||
|
@ -397,8 +383,10 @@ impl NodeResolver {
|
|||
package_folder: &Path,
|
||||
) -> Result<Vec<String>, AnyError> {
|
||||
let package_json_path = package_folder.join("package.json");
|
||||
let package_json = self
|
||||
.load_package_json(&AllowAllNodePermissions, package_json_path.clone())?;
|
||||
let package_json = self.load_package_json(
|
||||
&mut AllowAllNodePermissions,
|
||||
package_json_path.clone(),
|
||||
)?;
|
||||
|
||||
Ok(match &package_json.bin {
|
||||
Some(Value::String(_)) => {
|
||||
|
@ -420,8 +408,10 @@ impl NodeResolver {
|
|||
sub_path: Option<&str>,
|
||||
) -> Result<NodeResolution, AnyError> {
|
||||
let package_json_path = package_folder.join("package.json");
|
||||
let package_json = self
|
||||
.load_package_json(&AllowAllNodePermissions, package_json_path.clone())?;
|
||||
let package_json = self.load_package_json(
|
||||
&mut AllowAllNodePermissions,
|
||||
package_json_path.clone(),
|
||||
)?;
|
||||
let bin_entry = resolve_bin_entry_value(&package_json, sub_path)?;
|
||||
let url = to_file_specifier(&package_folder.join(bin_entry));
|
||||
|
||||
|
@ -440,7 +430,7 @@ impl NodeResolver {
|
|||
Ok(NodeResolution::Esm(url))
|
||||
} else if url_str.ends_with(".js") || url_str.ends_with(".d.ts") {
|
||||
let maybe_package_config =
|
||||
self.get_closest_package_json(&url, &AllowAllNodePermissions)?;
|
||||
self.get_closest_package_json(&url, &mut AllowAllNodePermissions)?;
|
||||
match maybe_package_config {
|
||||
Some(c) if c.typ == "module" => Ok(NodeResolution::Esm(url)),
|
||||
Some(_) => Ok(NodeResolution::CommonJs(url)),
|
||||
|
@ -467,7 +457,6 @@ impl NodeResolver {
|
|||
path: PathBuf,
|
||||
referrer: &ModuleSpecifier,
|
||||
referrer_kind: NodeModuleKind,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
fn probe_extensions(
|
||||
fs: &dyn deno_fs::FileSystem,
|
||||
|
@ -528,7 +517,7 @@ impl NodeResolver {
|
|||
if self.fs.is_dir_sync(&path) {
|
||||
let package_json_path = path.join("package.json");
|
||||
if let Ok(pkg_json) =
|
||||
self.load_package_json(permissions, package_json_path)
|
||||
self.load_package_json(&mut AllowAllNodePermissions, package_json_path)
|
||||
{
|
||||
let maybe_resolution = self.resolve_package_subpath(
|
||||
&pkg_json,
|
||||
|
@ -540,7 +529,6 @@ impl NodeResolver {
|
|||
NodeModuleKind::Cjs => REQUIRE_CONDITIONS,
|
||||
},
|
||||
NodeResolutionMode::Types,
|
||||
permissions,
|
||||
)?;
|
||||
if let Some(resolution) = maybe_resolution {
|
||||
return Ok(Some(resolution));
|
||||
|
@ -572,7 +560,6 @@ impl NodeResolver {
|
|||
referrer_pkg_json: Option<&PackageJson>,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
if name == "#" || name.starts_with("#/") || name.ends_with('/') {
|
||||
let reason = "is not a valid internal imports specifier name";
|
||||
|
@ -601,7 +588,6 @@ impl NodeResolver {
|
|||
true,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
if let Some(resolved) = maybe_resolved {
|
||||
return Ok(resolved);
|
||||
|
@ -644,7 +630,6 @@ impl NodeResolver {
|
|||
true,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
if let Some(resolved) = maybe_resolved {
|
||||
return Ok(resolved);
|
||||
|
@ -675,7 +660,6 @@ impl NodeResolver {
|
|||
internal: bool,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
if !subpath.is_empty() && !pattern && !target.ends_with('/') {
|
||||
return Err(throw_invalid_package_target(
|
||||
|
@ -715,7 +699,6 @@ impl NodeResolver {
|
|||
referrer_kind,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
) {
|
||||
Ok(Some(url)) => Ok(url),
|
||||
Ok(None) => Err(generic_error("not found")),
|
||||
|
@ -804,7 +787,6 @@ impl NodeResolver {
|
|||
internal: bool,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
if let Some(target) = target.as_str() {
|
||||
let url = self.resolve_package_target_string(
|
||||
|
@ -818,16 +800,10 @@ impl NodeResolver {
|
|||
internal,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
if mode.is_types() && url.scheme() == "file" {
|
||||
let path = url.to_file_path().unwrap();
|
||||
return self.path_to_declaration_url(
|
||||
path,
|
||||
referrer,
|
||||
referrer_kind,
|
||||
permissions,
|
||||
);
|
||||
return self.path_to_declaration_url(path, referrer, referrer_kind);
|
||||
} else {
|
||||
return Ok(Some(url));
|
||||
}
|
||||
|
@ -849,7 +825,6 @@ impl NodeResolver {
|
|||
internal,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
);
|
||||
|
||||
match resolved_result {
|
||||
|
@ -898,7 +873,6 @@ impl NodeResolver {
|
|||
internal,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
match resolved {
|
||||
Some(resolved) => return Ok(Some(resolved)),
|
||||
|
@ -931,7 +905,6 @@ impl NodeResolver {
|
|||
referrer_kind: NodeModuleKind,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<ModuleSpecifier, AnyError> {
|
||||
if package_exports.contains_key(package_subpath)
|
||||
&& package_subpath.find('*').is_none()
|
||||
|
@ -949,7 +922,6 @@ impl NodeResolver {
|
|||
false,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
return match resolved {
|
||||
Some(resolved) => Ok(resolved),
|
||||
|
@ -1009,7 +981,6 @@ impl NodeResolver {
|
|||
false,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)?;
|
||||
if let Some(resolved) = maybe_resolved {
|
||||
return Ok(resolved);
|
||||
|
@ -1038,13 +1009,12 @@ impl NodeResolver {
|
|||
referrer_kind: NodeModuleKind,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
let (package_name, package_subpath, _is_scoped) =
|
||||
parse_npm_pkg_name(specifier, referrer)?;
|
||||
|
||||
let Some(package_config) =
|
||||
self.get_closest_package_json(referrer, permissions)?
|
||||
self.get_closest_package_json(referrer, &mut AllowAllNodePermissions)?
|
||||
else {
|
||||
return Ok(None);
|
||||
};
|
||||
|
@ -1062,7 +1032,6 @@ impl NodeResolver {
|
|||
referrer_kind,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)
|
||||
.map(Some);
|
||||
}
|
||||
|
@ -1087,8 +1056,8 @@ impl NodeResolver {
|
|||
// ))
|
||||
|
||||
// Package match.
|
||||
let package_json =
|
||||
self.load_package_json(permissions, package_json_path)?;
|
||||
let package_json = self
|
||||
.load_package_json(&mut AllowAllNodePermissions, package_json_path)?;
|
||||
self.resolve_package_subpath(
|
||||
&package_json,
|
||||
&package_subpath,
|
||||
|
@ -1096,7 +1065,6 @@ impl NodeResolver {
|
|||
referrer_kind,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -1109,7 +1077,6 @@ impl NodeResolver {
|
|||
referrer_kind: NodeModuleKind,
|
||||
conditions: &[&str],
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
if let Some(exports) = &package_json.exports {
|
||||
let result = self.package_exports_resolve(
|
||||
|
@ -1120,7 +1087,6 @@ impl NodeResolver {
|
|||
referrer_kind,
|
||||
conditions,
|
||||
mode,
|
||||
permissions,
|
||||
);
|
||||
match result {
|
||||
Ok(found) => return Ok(Some(found)),
|
||||
|
@ -1131,7 +1097,6 @@ impl NodeResolver {
|
|||
referrer,
|
||||
referrer_kind,
|
||||
mode,
|
||||
permissions,
|
||||
);
|
||||
}
|
||||
return Err(exports_err);
|
||||
|
@ -1144,18 +1109,12 @@ impl NodeResolver {
|
|||
referrer,
|
||||
referrer_kind,
|
||||
mode,
|
||||
permissions,
|
||||
);
|
||||
}
|
||||
|
||||
let file_path = package_json.path.parent().unwrap().join(package_subpath);
|
||||
if mode.is_types() {
|
||||
self.path_to_declaration_url(
|
||||
file_path,
|
||||
referrer,
|
||||
referrer_kind,
|
||||
permissions,
|
||||
)
|
||||
self.path_to_declaration_url(file_path, referrer, referrer_kind)
|
||||
} else {
|
||||
Ok(Some(to_file_specifier(&file_path)))
|
||||
}
|
||||
|
@ -1164,7 +1123,7 @@ impl NodeResolver {
|
|||
pub fn get_closest_package_json(
|
||||
&self,
|
||||
url: &ModuleSpecifier,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
) -> Result<Option<Rc<PackageJson>>, AnyError> {
|
||||
let Ok(file_path) = url.to_file_path() else {
|
||||
return Ok(None);
|
||||
|
@ -1175,7 +1134,7 @@ impl NodeResolver {
|
|||
pub fn get_closest_package_json_from_path(
|
||||
&self,
|
||||
file_path: &Path,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
) -> Result<Option<Rc<PackageJson>>, AnyError> {
|
||||
let Some(package_json_path) =
|
||||
self.get_closest_package_json_path(file_path)?
|
||||
|
@ -1212,7 +1171,7 @@ impl NodeResolver {
|
|||
|
||||
pub(super) fn load_package_json(
|
||||
&self,
|
||||
permissions: &dyn NodePermissions,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
package_json_path: PathBuf,
|
||||
) -> Result<Rc<PackageJson>, AnyError> {
|
||||
PackageJson::load(
|
||||
|
@ -1229,7 +1188,6 @@ impl NodeResolver {
|
|||
referrer: &ModuleSpecifier,
|
||||
referrer_kind: NodeModuleKind,
|
||||
mode: NodeResolutionMode,
|
||||
permissions: &dyn NodePermissions,
|
||||
) -> Result<Option<ModuleSpecifier>, AnyError> {
|
||||
let maybe_main = if mode.is_types() {
|
||||
match package_json.types.as_ref() {
|
||||
|
@ -1239,12 +1197,8 @@ impl NodeResolver {
|
|||
// a corresponding declaration file
|
||||
if let Some(main) = package_json.main(referrer_kind) {
|
||||
let main = package_json.path.parent().unwrap().join(main).clean();
|
||||
let maybe_decl_url = self.path_to_declaration_url(
|
||||
main,
|
||||
referrer,
|
||||
referrer_kind,
|
||||
permissions,
|
||||
)?;
|
||||
let maybe_decl_url =
|
||||
self.path_to_declaration_url(main, referrer, referrer_kind)?;
|
||||
if let Some(path) = maybe_decl_url {
|
||||
return Ok(Some(path));
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ async-trait.workspace = true
|
|||
base64-simd = "0.8"
|
||||
bytes.workspace = true
|
||||
deno_core.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
encoding_rs.workspace = true
|
||||
flate2 = { workspace = true, features = ["default"] }
|
||||
futures.workspace = true
|
||||
|
|
|
@ -10,6 +10,13 @@ pub trait TimersPermission {
|
|||
fn allow_hrtime(&mut self) -> bool;
|
||||
}
|
||||
|
||||
impl TimersPermission for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn allow_hrtime(&mut self) -> bool {
|
||||
deno_permissions::PermissionsContainer::allow_hrtime(self)
|
||||
}
|
||||
}
|
||||
|
||||
pub type StartTime = Instant;
|
||||
|
||||
// Returns a milliseconds and nanoseconds subsec
|
||||
|
|
|
@ -17,6 +17,7 @@ path = "lib.rs"
|
|||
bytes.workspace = true
|
||||
deno_core.workspace = true
|
||||
deno_net.workspace = true
|
||||
deno_permissions.workspace = true
|
||||
deno_tls.workspace = true
|
||||
fastwebsockets.workspace = true
|
||||
h2.workspace = true
|
||||
|
|
|
@ -99,6 +99,17 @@ pub trait WebSocketPermissions {
|
|||
) -> Result<(), AnyError>;
|
||||
}
|
||||
|
||||
impl WebSocketPermissions for deno_permissions::PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &url::Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
|
||||
/// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
|
||||
/// that there might be another type alias pointing to a `Option<Vec<String>>`, which
|
||||
|
|
|
@ -10,7 +10,7 @@ use deno_core::error::AnyError;
|
|||
use deno_core::op2;
|
||||
use deno_core::FsModuleLoader;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::deno_permissions::PermissionsContainer;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
use deno_runtime::worker::WorkerOptions;
|
||||
|
||||
|
|
|
@ -33,7 +33,6 @@ pub mod fs_util;
|
|||
pub mod inspector_server;
|
||||
pub mod js;
|
||||
pub mod ops;
|
||||
pub mod permissions;
|
||||
pub mod snapshot;
|
||||
pub mod tokio_util;
|
||||
pub mod web_worker;
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::parking_lot::Mutex;
|
||||
use deno_core::AsyncRefCell;
|
||||
|
@ -13,6 +12,7 @@ use deno_core::ResourceId;
|
|||
|
||||
use deno_core::op2;
|
||||
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use notify::event::Event as NotifyEvent;
|
||||
use notify::Error as NotifyError;
|
||||
use notify::EventKind;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use super::utils::into_string;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::worker::ExitCode;
|
||||
use deno_core::error::type_error;
|
||||
use deno_core::error::AnyError;
|
||||
|
@ -10,6 +9,7 @@ use deno_core::url::Url;
|
|||
use deno_core::v8;
|
||||
use deno_core::OpState;
|
||||
use deno_node::NODE_ENV_VAR_ALLOWLIST;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use serde::Serialize;
|
||||
use std::collections::HashMap;
|
||||
use std::env;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use super::check_unstable;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::anyhow::Context;
|
||||
use deno_core::error::type_error;
|
||||
use deno_core::error::AnyError;
|
||||
|
@ -18,6 +17,7 @@ use deno_io::fs::FileResource;
|
|||
use deno_io::ChildStderrResource;
|
||||
use deno_io::ChildStdinResource;
|
||||
use deno_io::ChildStdoutResource;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use serde::Deserialize;
|
||||
use serde::Serialize;
|
||||
use std::borrow::Cow;
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::op2;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_core::OpState;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
|
||||
deno_core::extension!(
|
||||
deno_runtime,
|
||||
|
|
|
@ -1,9 +1,6 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::ops::TestingFeaturesEnabled;
|
||||
use crate::permissions::create_child_permissions;
|
||||
use crate::permissions::ChildPermissionsArg;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::web_worker::run_web_worker;
|
||||
use crate::web_worker::SendableWebWorkerHandle;
|
||||
use crate::web_worker::WebWorker;
|
||||
|
@ -20,6 +17,9 @@ use deno_core::CancelFuture;
|
|||
use deno_core::CancelHandle;
|
||||
use deno_core::ModuleSpecifier;
|
||||
use deno_core::OpState;
|
||||
use deno_permissions::create_child_permissions;
|
||||
use deno_permissions::ChildPermissionsArg;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use deno_web::deserialize_js_transferables;
|
||||
use deno_web::JsMessageData;
|
||||
use log::debug;
|
||||
|
@ -156,7 +156,7 @@ fn op_create_worker(
|
|||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = if let Some(child_permissions_arg) = args.permissions
|
||||
{
|
||||
let mut parent_permissions = parent_permissions.0 .0.lock();
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms =
|
||||
create_child_permissions(&mut parent_permissions, child_permissions_arg)?;
|
||||
PermissionsContainer::new(perms)
|
||||
|
|
|
@ -1,268 +0,0 @@
|
|||
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use std::borrow::Cow;
|
||||
use std::path::Path;
|
||||
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::url::Url;
|
||||
pub use deno_io::fs::FsError;
|
||||
pub use deno_permissions::create_child_permissions;
|
||||
pub use deno_permissions::parse_sys_kind;
|
||||
pub use deno_permissions::set_prompt_callbacks;
|
||||
pub use deno_permissions::ChildPermissionsArg;
|
||||
pub use deno_permissions::Permissions;
|
||||
pub use deno_permissions::PermissionsOptions;
|
||||
|
||||
// NOTE: Temporary permissions container to satisfy traits. We are migrating to the deno_permissions
|
||||
// crate.
|
||||
#[derive(Debug, Clone)]
|
||||
|
||||
pub struct PermissionsContainer(pub deno_permissions::PermissionsContainer);
|
||||
|
||||
impl PermissionsContainer {
|
||||
pub fn new(permissions: deno_permissions::Permissions) -> Self {
|
||||
Self(deno_permissions::PermissionsContainer::new(permissions))
|
||||
}
|
||||
|
||||
pub fn allow_all() -> Self {
|
||||
Self(deno_permissions::PermissionsContainer::allow_all())
|
||||
}
|
||||
}
|
||||
|
||||
impl std::ops::Deref for PermissionsContainer {
|
||||
type Target = deno_permissions::PermissionsContainer;
|
||||
|
||||
fn deref(&self) -> &Self::Target {
|
||||
&self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl std::ops::DerefMut for PermissionsContainer {
|
||||
fn deref_mut(&mut self) -> &mut Self::Target {
|
||||
&mut self.0
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_node::NodePermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_net_url(url, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read_with_api_name(
|
||||
&self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_read_with_api_name(path, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write_with_api_name(
|
||||
&self,
|
||||
path: &Path,
|
||||
api_name: Option<&str>,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_write_with_api_name(path, api_name)
|
||||
}
|
||||
|
||||
fn check_sys(&self, kind: &str, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.check_sys(kind, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_fetch::FetchPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_net_url(url, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_read(path, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_net::NetPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net<T: AsRef<str>>(
|
||||
&mut self,
|
||||
host: &(T, Option<u16>),
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_net(host, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_read(path, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_write(path, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_web::TimersPermission for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn allow_hrtime(&mut self) -> bool {
|
||||
self.0.allow_hrtime()
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_websocket::WebSocketPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_net_url(url, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_fs::FsPermissions for PermissionsContainer {
|
||||
fn check_open<'a>(
|
||||
&mut self,
|
||||
resolved: bool,
|
||||
read: bool,
|
||||
write: bool,
|
||||
path: &'a Path,
|
||||
api_name: &str,
|
||||
) -> Result<Cow<'a, Path>, FsError> {
|
||||
if resolved {
|
||||
self.check_special_file(path, api_name).map_err(|_| {
|
||||
std::io::Error::from(std::io::ErrorKind::PermissionDenied)
|
||||
})?;
|
||||
return Ok(Cow::Borrowed(path));
|
||||
}
|
||||
|
||||
// If somehow read or write aren't specified, use read
|
||||
let read = read || !write;
|
||||
if read {
|
||||
deno_fs::FsPermissions::check_read(self, path, api_name)
|
||||
.map_err(|_| FsError::PermissionDenied("read"))?;
|
||||
}
|
||||
if write {
|
||||
deno_fs::FsPermissions::check_write(self, path, api_name)
|
||||
.map_err(|_| FsError::PermissionDenied("write"))?;
|
||||
}
|
||||
Ok(Cow::Borrowed(path))
|
||||
}
|
||||
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_read(path, api_name)
|
||||
}
|
||||
|
||||
fn check_read_blind(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
display: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_read_blind(path, display, api_name)
|
||||
}
|
||||
|
||||
fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_write(path, api_name)
|
||||
}
|
||||
|
||||
fn check_write_partial(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_write_partial(path, api_name)
|
||||
}
|
||||
|
||||
fn check_write_blind(
|
||||
&mut self,
|
||||
p: &Path,
|
||||
display: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_write_blind(p, display, api_name)
|
||||
}
|
||||
|
||||
fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.check_read_all(api_name)
|
||||
}
|
||||
|
||||
fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.check_write_all(api_name)
|
||||
}
|
||||
}
|
||||
|
||||
// NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might
|
||||
// change in the future.
|
||||
impl deno_napi::NapiPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
self.0.check_ffi(path)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_ffi::FfiPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_partial(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
self.0.check_ffi_partial(path)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_kv::sqlite::SqliteDbHandlerPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_read(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.check_read(p, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write(&mut self, p: &Path, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.check_write(p, api_name)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_kv::remote::RemoteDbHandlerPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_env(&mut self, var: &str) -> Result<(), AnyError> {
|
||||
self.0.check_env(var)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.check_net_url(url, api_name)
|
||||
}
|
||||
}
|
|
@ -81,21 +81,21 @@ impl deno_node::NodePermissions for Permissions {
|
|||
unreachable!("snapshotting!")
|
||||
}
|
||||
fn check_read_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
_p: &Path,
|
||||
_api_name: Option<&str>,
|
||||
) -> Result<(), deno_core::error::AnyError> {
|
||||
unreachable!("snapshotting!")
|
||||
}
|
||||
fn check_write_with_api_name(
|
||||
&self,
|
||||
&mut self,
|
||||
_p: &Path,
|
||||
_api_name: Option<&str>,
|
||||
) -> Result<(), deno_core::error::AnyError> {
|
||||
unreachable!("snapshotting!")
|
||||
}
|
||||
fn check_sys(
|
||||
&self,
|
||||
&mut self,
|
||||
_kind: &str,
|
||||
_api_name: &str,
|
||||
) -> Result<(), deno_core::error::AnyError> {
|
||||
|
@ -254,7 +254,7 @@ pub fn create_runtime_snapshot(
|
|||
deno_http::deno_http::init_ops_and_esm::<DefaultHttpPropertyExtractor>(),
|
||||
deno_io::deno_io::init_ops_and_esm(Default::default()),
|
||||
deno_fs::deno_fs::init_ops_and_esm::<Permissions>(fs.clone()),
|
||||
deno_node::deno_node::init_ops_and_esm::<Permissions>(None, fs),
|
||||
deno_node::deno_node::init_ops_and_esm::<Permissions>(None, None, fs),
|
||||
runtime::init_ops_and_esm(),
|
||||
ops::runtime::deno_runtime::init_ops("deno:runtime".parse().unwrap()),
|
||||
ops::worker_host::deno_worker_host::init_ops(
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
use crate::inspector_server::InspectorServer;
|
||||
use crate::ops;
|
||||
use crate::ops::worker_host::WorkersTable;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::shared::maybe_transpile_source;
|
||||
use crate::shared::runtime;
|
||||
use crate::tokio_util::create_and_run_current_thread;
|
||||
|
@ -45,6 +44,8 @@ use deno_fs::FileSystem;
|
|||
use deno_http::DefaultHttpPropertyExtractor;
|
||||
use deno_io::Stdio;
|
||||
use deno_kv::dynamic::MultiBackendDbHandler;
|
||||
use deno_node::NodeResolver;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use deno_terminal::colors;
|
||||
use deno_tls::RootCertStoreProvider;
|
||||
use deno_tls::TlsKeys;
|
||||
|
@ -364,6 +365,7 @@ pub struct WebWorkerOptions {
|
|||
pub seed: Option<u64>,
|
||||
pub fs: Arc<dyn FileSystem>,
|
||||
pub module_loader: Rc<dyn ModuleLoader>,
|
||||
pub node_resolver: Option<Arc<NodeResolver>>,
|
||||
pub npm_resolver: Option<Arc<dyn deno_node::NpmResolver>>,
|
||||
pub create_web_worker_cb: Arc<ops::worker_host::CreateWebWorkerCb>,
|
||||
pub format_js_error_fn: Option<Arc<FormatJsErrorFn>>,
|
||||
|
@ -411,7 +413,6 @@ impl WebWorker {
|
|||
enable_testing_features: bool,
|
||||
},
|
||||
state = |state, options| {
|
||||
state.put::<deno_permissions::PermissionsContainer>(options.permissions.0.clone());
|
||||
state.put::<PermissionsContainer>(options.permissions);
|
||||
state.put(ops::TestingFeaturesEnabled(options.enable_testing_features));
|
||||
},
|
||||
|
@ -491,6 +492,7 @@ impl WebWorker {
|
|||
options.fs.clone(),
|
||||
),
|
||||
deno_node::deno_node::init_ops_and_esm::<PermissionsContainer>(
|
||||
options.node_resolver,
|
||||
options.npm_resolver,
|
||||
options.fs,
|
||||
),
|
||||
|
|
|
@ -39,6 +39,7 @@ use deno_fs::FileSystem;
|
|||
use deno_http::DefaultHttpPropertyExtractor;
|
||||
use deno_io::Stdio;
|
||||
use deno_kv::dynamic::MultiBackendDbHandler;
|
||||
use deno_permissions::PermissionsContainer;
|
||||
use deno_tls::RootCertStoreProvider;
|
||||
use deno_tls::TlsKeys;
|
||||
use deno_web::BlobStore;
|
||||
|
@ -48,7 +49,6 @@ use crate::code_cache::CodeCache;
|
|||
use crate::code_cache::CodeCacheType;
|
||||
use crate::inspector_server::InspectorServer;
|
||||
use crate::ops;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::shared::maybe_transpile_source;
|
||||
use crate::shared::runtime;
|
||||
use crate::BootstrapOptions;
|
||||
|
@ -156,6 +156,7 @@ pub struct WorkerOptions {
|
|||
/// If not provided runtime will error if code being
|
||||
/// executed tries to load modules.
|
||||
pub module_loader: Rc<dyn ModuleLoader>,
|
||||
pub node_resolver: Option<Arc<deno_node::NodeResolver>>,
|
||||
pub npm_resolver: Option<Arc<dyn deno_node::NpmResolver>>,
|
||||
// Callbacks invoked when creating new instance of WebWorker
|
||||
pub create_web_worker_cb: Arc<ops::worker_host::CreateWebWorkerCb>,
|
||||
|
@ -227,6 +228,7 @@ impl Default for WorkerOptions {
|
|||
broadcast_channel: Default::default(),
|
||||
source_map_getter: Default::default(),
|
||||
root_cert_store_provider: Default::default(),
|
||||
node_resolver: Default::default(),
|
||||
npm_resolver: Default::default(),
|
||||
blob_store: Default::default(),
|
||||
extensions: Default::default(),
|
||||
|
@ -329,9 +331,6 @@ impl MainWorker {
|
|||
enable_testing_features: bool,
|
||||
},
|
||||
state = |state, options| {
|
||||
// Save the permissions container and the wrapper.
|
||||
state.put::<deno_permissions::PermissionsContainer>(options.permissions.0.clone());
|
||||
// This is temporary until we migrate all exts/ to the deno_permissions crate.
|
||||
state.put::<PermissionsContainer>(options.permissions);
|
||||
state.put(ops::TestingFeaturesEnabled(options.enable_testing_features));
|
||||
},
|
||||
|
@ -419,6 +418,7 @@ impl MainWorker {
|
|||
options.fs.clone(),
|
||||
),
|
||||
deno_node::deno_node::init_ops_and_esm::<PermissionsContainer>(
|
||||
options.node_resolver,
|
||||
options.npm_resolver,
|
||||
options.fs,
|
||||
),
|
||||
|
|
Loading…
Reference in a new issue