mirror of
https://github.com/denoland/deno.git
synced 2024-12-23 15:49:44 -05:00
refactor(permissions): add PermissionsContainer struct for internal mutability (#17134)
Turns out we were cloning permissions which after prompting were discarded, so the state of permissions was never preserved. To handle that we need to store all permissions behind "Arc<Mutex<>>" (because there are situations where we need to send them to other thread). Testing and benching code still uses "Permissions" in most places - it's undesirable to share the same permission set between various test/bench files - otherwise granting or revoking permissions in one file would influence behavior of other test files.
This commit is contained in:
parent
f7613eac84
commit
ce8acee44d
30 changed files with 489 additions and 377 deletions
18
cli/build.rs
18
cli/build.rs
|
@ -7,7 +7,7 @@ use std::path::PathBuf;
|
|||
use deno_core::snapshot_util::*;
|
||||
use deno_core::Extension;
|
||||
use deno_runtime::deno_cache::SqliteBackedCache;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::*;
|
||||
|
||||
mod ts {
|
||||
|
@ -294,13 +294,13 @@ fn create_cli_snapshot(snapshot_path: PathBuf, files: Vec<PathBuf>) {
|
|||
deno_console::init(),
|
||||
deno_url::init(),
|
||||
deno_tls::init(),
|
||||
deno_web::init::<Permissions>(
|
||||
deno_web::init::<PermissionsContainer>(
|
||||
deno_web::BlobStore::default(),
|
||||
Default::default(),
|
||||
),
|
||||
deno_fetch::init::<Permissions>(Default::default()),
|
||||
deno_fetch::init::<PermissionsContainer>(Default::default()),
|
||||
deno_cache::init::<SqliteBackedCache>(None),
|
||||
deno_websocket::init::<Permissions>("".to_owned(), None, None),
|
||||
deno_websocket::init::<PermissionsContainer>("".to_owned(), None, None),
|
||||
deno_webstorage::init(None),
|
||||
deno_crypto::init(None),
|
||||
deno_webgpu::init(false),
|
||||
|
@ -308,15 +308,15 @@ fn create_cli_snapshot(snapshot_path: PathBuf, files: Vec<PathBuf>) {
|
|||
deno_broadcast_channel::InMemoryBroadcastChannel::default(),
|
||||
false, // No --unstable.
|
||||
),
|
||||
deno_node::init::<Permissions>(None), // No --unstable.
|
||||
deno_ffi::init::<Permissions>(false),
|
||||
deno_net::init::<Permissions>(
|
||||
deno_node::init::<PermissionsContainer>(None), // No --unstable.
|
||||
deno_ffi::init::<PermissionsContainer>(false),
|
||||
deno_net::init::<PermissionsContainer>(
|
||||
None, false, // No --unstable.
|
||||
None,
|
||||
),
|
||||
deno_napi::init::<Permissions>(false),
|
||||
deno_napi::init::<PermissionsContainer>(false),
|
||||
deno_http::init(),
|
||||
deno_flash::init::<Permissions>(false), // No --unstable
|
||||
deno_flash::init::<PermissionsContainer>(false), // No --unstable
|
||||
];
|
||||
|
||||
create_snapshot(CreateSnapshotOptions {
|
||||
|
|
14
cli/cache/mod.rs
vendored
14
cli/cache/mod.rs
vendored
|
@ -11,7 +11,7 @@ use deno_graph::source::CacheInfo;
|
|||
use deno_graph::source::LoadFuture;
|
||||
use deno_graph::source::LoadResponse;
|
||||
use deno_graph::source::Loader;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use std::sync::Arc;
|
||||
|
||||
mod check;
|
||||
|
@ -42,17 +42,17 @@ pub const CACHE_PERM: u32 = 0o644;
|
|||
/// a concise interface to the DENO_DIR when building module graphs.
|
||||
pub struct FetchCacher {
|
||||
emit_cache: EmitCache,
|
||||
dynamic_permissions: Permissions,
|
||||
dynamic_permissions: PermissionsContainer,
|
||||
file_fetcher: Arc<FileFetcher>,
|
||||
root_permissions: Permissions,
|
||||
root_permissions: PermissionsContainer,
|
||||
}
|
||||
|
||||
impl FetchCacher {
|
||||
pub fn new(
|
||||
emit_cache: EmitCache,
|
||||
file_fetcher: FileFetcher,
|
||||
root_permissions: Permissions,
|
||||
dynamic_permissions: Permissions,
|
||||
root_permissions: PermissionsContainer,
|
||||
dynamic_permissions: PermissionsContainer,
|
||||
) -> Self {
|
||||
let file_fetcher = Arc::new(file_fetcher);
|
||||
|
||||
|
@ -104,7 +104,7 @@ impl Loader for FetchCacher {
|
|||
}
|
||||
|
||||
let specifier = specifier.clone();
|
||||
let mut permissions = if is_dynamic {
|
||||
let permissions = if is_dynamic {
|
||||
self.dynamic_permissions.clone()
|
||||
} else {
|
||||
self.root_permissions.clone()
|
||||
|
@ -113,7 +113,7 @@ impl Loader for FetchCacher {
|
|||
|
||||
async move {
|
||||
file_fetcher
|
||||
.fetch(&specifier, &mut permissions)
|
||||
.fetch(&specifier, permissions)
|
||||
.await
|
||||
.map_or_else(
|
||||
|err| {
|
||||
|
|
|
@ -31,7 +31,7 @@ use deno_runtime::deno_fetch::reqwest::header::AUTHORIZATION;
|
|||
use deno_runtime::deno_fetch::reqwest::header::IF_NONE_MATCH;
|
||||
use deno_runtime::deno_fetch::reqwest::StatusCode;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use log::debug;
|
||||
use std::borrow::Borrow;
|
||||
use std::collections::HashMap;
|
||||
|
@ -406,7 +406,7 @@ impl FileFetcher {
|
|||
fn fetch_remote(
|
||||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
permissions: &mut Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
redirect_limit: i64,
|
||||
maybe_accept: Option<String>,
|
||||
) -> Pin<Box<dyn Future<Output = Result<File, AnyError>> + Send>> {
|
||||
|
@ -461,7 +461,6 @@ impl FileFetcher {
|
|||
};
|
||||
let maybe_auth_token = self.auth_tokens.get(specifier);
|
||||
let specifier = specifier.clone();
|
||||
let mut permissions = permissions.clone();
|
||||
let client = self.http_client.clone();
|
||||
let file_fetcher = self.clone();
|
||||
// A single pass of fetch either yields code or yields a redirect.
|
||||
|
@ -487,7 +486,7 @@ impl FileFetcher {
|
|||
file_fetcher
|
||||
.fetch_remote(
|
||||
&redirect_url,
|
||||
&mut permissions,
|
||||
permissions,
|
||||
redirect_limit - 1,
|
||||
maybe_accept,
|
||||
)
|
||||
|
@ -547,7 +546,7 @@ impl FileFetcher {
|
|||
pub async fn fetch(
|
||||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
permissions: &mut Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
) -> Result<File, AnyError> {
|
||||
debug!("FileFetcher::fetch() - specifier: {}", specifier);
|
||||
self.fetch_with_accept(specifier, permissions, None).await
|
||||
|
@ -556,7 +555,7 @@ impl FileFetcher {
|
|||
pub async fn fetch_with_accept(
|
||||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
permissions: &mut Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
maybe_accept: Option<&str>,
|
||||
) -> Result<File, AnyError> {
|
||||
let scheme = get_validated_scheme(specifier)?;
|
||||
|
@ -797,7 +796,7 @@ mod tests {
|
|||
async fn test_fetch(specifier: &ModuleSpecifier) -> (File, FileFetcher) {
|
||||
let (file_fetcher, _) = setup(CacheSetting::ReloadAll, None);
|
||||
let result = file_fetcher
|
||||
.fetch(specifier, &mut Permissions::allow_all())
|
||||
.fetch(specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
(result.unwrap(), file_fetcher)
|
||||
|
@ -809,7 +808,7 @@ mod tests {
|
|||
let _http_server_guard = test_util::http_server();
|
||||
let (file_fetcher, _) = setup(CacheSetting::ReloadAll, None);
|
||||
let result: Result<File, AnyError> = file_fetcher
|
||||
.fetch_remote(specifier, &mut Permissions::allow_all(), 1, None)
|
||||
.fetch_remote(specifier, PermissionsContainer::allow_all(), 1, None)
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let (_, headers, _) = file_fetcher.http_cache.get(specifier).unwrap();
|
||||
|
@ -1053,7 +1052,7 @@ mod tests {
|
|||
file_fetcher.insert_cached(file.clone());
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let result_file = result.unwrap();
|
||||
|
@ -1069,7 +1068,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
|
@ -1098,7 +1097,7 @@ mod tests {
|
|||
let specifier = resolve_url("data:application/typescript;base64,ZXhwb3J0IGNvbnN0IGEgPSAiYSI7CgpleHBvcnQgZW51bSBBIHsKICBBLAogIEIsCiAgQywKfQo=").unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1130,7 +1129,7 @@ mod tests {
|
|||
);
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1153,7 +1152,7 @@ mod tests {
|
|||
resolve_url_or_path("http://localhost:4545/subdir/mod2.ts").unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1175,7 +1174,7 @@ mod tests {
|
|||
metadata.write(&cache_filename).unwrap();
|
||||
|
||||
let result = file_fetcher_01
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1196,7 +1195,7 @@ mod tests {
|
|||
metadata.write(&cache_filename).unwrap();
|
||||
|
||||
let result = file_fetcher_02
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1219,7 +1218,7 @@ mod tests {
|
|||
)
|
||||
.unwrap();
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1252,7 +1251,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher_01
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
|
@ -1271,7 +1270,7 @@ mod tests {
|
|||
)
|
||||
.unwrap();
|
||||
let result = file_fetcher_02
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
|
@ -1303,7 +1302,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1356,7 +1355,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1422,7 +1421,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher_01
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
|
@ -1442,7 +1441,7 @@ mod tests {
|
|||
)
|
||||
.unwrap();
|
||||
let result = file_fetcher_02
|
||||
.fetch(&redirected_specifier, &mut Permissions::allow_all())
|
||||
.fetch(&redirected_specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
|
@ -1464,12 +1463,12 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch_remote(&specifier, &mut Permissions::allow_all(), 2, None)
|
||||
.fetch_remote(&specifier, PermissionsContainer::allow_all(), 2, None)
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch_remote(&specifier, &mut Permissions::allow_all(), 1, None)
|
||||
.fetch_remote(&specifier, PermissionsContainer::allow_all(), 1, None)
|
||||
.await;
|
||||
assert!(result.is_err());
|
||||
|
||||
|
@ -1501,7 +1500,7 @@ mod tests {
|
|||
.unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1545,7 +1544,7 @@ mod tests {
|
|||
resolve_url("http://localhost:4545/run/002_hello.ts").unwrap();
|
||||
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_err());
|
||||
let err = result.unwrap_err();
|
||||
|
@ -1580,7 +1579,7 @@ mod tests {
|
|||
resolve_url("http://localhost:4545/run/002_hello.ts").unwrap();
|
||||
|
||||
let result = file_fetcher_01
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_err());
|
||||
let err = result.unwrap_err();
|
||||
|
@ -1588,12 +1587,12 @@ mod tests {
|
|||
assert_eq!(err.to_string(), "Specifier not found in cache: \"http://localhost:4545/run/002_hello.ts\", --cached-only is specified.");
|
||||
|
||||
let result = file_fetcher_02
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
|
||||
let result = file_fetcher_01
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
}
|
||||
|
@ -1606,7 +1605,7 @@ mod tests {
|
|||
resolve_url_or_path(&fixture_path.to_string_lossy()).unwrap();
|
||||
fs::write(fixture_path.clone(), r#"console.log("hello deno");"#).unwrap();
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1614,7 +1613,7 @@ mod tests {
|
|||
|
||||
fs::write(fixture_path, r#"console.log("goodbye deno");"#).unwrap();
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1630,7 +1629,7 @@ mod tests {
|
|||
let specifier =
|
||||
ModuleSpecifier::parse("http://localhost:4545/dynamic").unwrap();
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1639,7 +1638,7 @@ mod tests {
|
|||
let (file_fetcher, _) =
|
||||
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1657,7 +1656,7 @@ mod tests {
|
|||
let specifier =
|
||||
ModuleSpecifier::parse("http://localhost:4545/dynamic_cache").unwrap();
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
@ -1666,7 +1665,7 @@ mod tests {
|
|||
let (file_fetcher, _) =
|
||||
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
|
||||
let result = file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await;
|
||||
assert!(result.is_ok());
|
||||
let file = result.unwrap();
|
||||
|
|
|
@ -28,7 +28,7 @@ use deno_graph::ModuleGraphError;
|
|||
use deno_graph::ModuleKind;
|
||||
use deno_graph::Range;
|
||||
use deno_graph::Resolved;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use std::collections::BTreeMap;
|
||||
use std::collections::HashMap;
|
||||
use std::collections::HashSet;
|
||||
|
@ -514,8 +514,8 @@ pub async fn create_graph_and_maybe_check(
|
|||
let mut cache = cache::FetchCacher::new(
|
||||
ps.emit_cache.clone(),
|
||||
ps.file_fetcher.clone(),
|
||||
Permissions::allow_all(),
|
||||
Permissions::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
);
|
||||
let maybe_imports = ps.options.to_maybe_imports()?;
|
||||
let maybe_cli_resolver = CliResolver::maybe_new(
|
||||
|
|
|
@ -30,7 +30,7 @@ use deno_core::url::Url;
|
|||
use deno_core::ModuleSpecifier;
|
||||
use deno_graph::Dependency;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use log::error;
|
||||
use once_cell::sync::Lazy;
|
||||
use regex::Regex;
|
||||
|
@ -519,7 +519,7 @@ impl ModuleRegistry {
|
|||
.file_fetcher
|
||||
.fetch_with_accept(
|
||||
specifier,
|
||||
&mut Permissions::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
Some("application/vnd.deno.reg.v2+json, application/vnd.deno.reg.v1+json;q=0.9, application/json;q=0.8"),
|
||||
)
|
||||
.await;
|
||||
|
@ -617,7 +617,7 @@ impl ModuleRegistry {
|
|||
.ok()?;
|
||||
let file = self
|
||||
.file_fetcher
|
||||
.fetch(&endpoint, &mut Permissions::allow_all())
|
||||
.fetch(&endpoint, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.ok()?;
|
||||
let documentation: lsp::Documentation =
|
||||
|
@ -973,7 +973,7 @@ impl ModuleRegistry {
|
|||
let specifier = Url::parse(url).ok()?;
|
||||
let file = self
|
||||
.file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.ok()?;
|
||||
serde_json::from_str(&file.source).ok()
|
||||
|
@ -1030,7 +1030,7 @@ impl ModuleRegistry {
|
|||
let specifier = ModuleSpecifier::parse(url).ok()?;
|
||||
let file = self
|
||||
.file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.map_err(|err| {
|
||||
error!(
|
||||
|
@ -1066,7 +1066,7 @@ impl ModuleRegistry {
|
|||
.ok()?;
|
||||
let file = self
|
||||
.file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.map_err(|err| {
|
||||
error!(
|
||||
|
|
|
@ -30,6 +30,7 @@ use deno_core::ModuleSpecifier;
|
|||
use deno_runtime::ops::io::Stdio;
|
||||
use deno_runtime::ops::io::StdioPipe;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::tokio_util::run_local;
|
||||
use indexmap::IndexMap;
|
||||
use std::collections::HashMap;
|
||||
|
@ -162,7 +163,7 @@ async fn test_specifier(
|
|||
let mut worker = create_main_worker_for_test_or_bench(
|
||||
&ps,
|
||||
specifier.clone(),
|
||||
permissions,
|
||||
PermissionsContainer::new(permissions),
|
||||
vec![ops::testing::init(sender, fail_fast_tracker, filter)],
|
||||
Stdio {
|
||||
stdin: StdioPipe::Inherit,
|
||||
|
@ -254,6 +255,9 @@ impl TestRun {
|
|||
lsp_log!("Executing test run with arguments: {}", args.join(" "));
|
||||
let flags = flags_from_vec(args.into_iter().map(String::from).collect())?;
|
||||
let ps = proc_state::ProcState::build(flags).await?;
|
||||
// Various test files should not share the same permissions in terms of
|
||||
// `PermissionsContainer` - otherwise granting/revoking permissions in one
|
||||
// file would have impact on other files, which is undesirable.
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
test::check_specifiers(
|
||||
|
|
|
@ -21,7 +21,7 @@ use deno_core::ModuleSpecifier;
|
|||
use deno_core::ModuleType;
|
||||
use deno_core::OpState;
|
||||
use deno_core::SourceMapGetter;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use std::cell::RefCell;
|
||||
use std::pin::Pin;
|
||||
use std::rc::Rc;
|
||||
|
@ -38,7 +38,7 @@ pub struct CliModuleLoader {
|
|||
/// The initial set of permissions used to resolve the static imports in the
|
||||
/// worker. They are decoupled from the worker (dynamic) permissions since
|
||||
/// read access errors must be raised based on the parent thread permissions.
|
||||
pub root_permissions: Permissions,
|
||||
pub root_permissions: PermissionsContainer,
|
||||
pub ps: ProcState,
|
||||
}
|
||||
|
||||
|
@ -46,12 +46,15 @@ impl CliModuleLoader {
|
|||
pub fn new(ps: ProcState) -> Rc<Self> {
|
||||
Rc::new(CliModuleLoader {
|
||||
lib: ps.options.ts_type_lib_window(),
|
||||
root_permissions: Permissions::allow_all(),
|
||||
root_permissions: PermissionsContainer::allow_all(),
|
||||
ps,
|
||||
})
|
||||
}
|
||||
|
||||
pub fn new_for_worker(ps: ProcState, permissions: Permissions) -> Rc<Self> {
|
||||
pub fn new_for_worker(
|
||||
ps: ProcState,
|
||||
permissions: PermissionsContainer,
|
||||
) -> Rc<Self> {
|
||||
Rc::new(CliModuleLoader {
|
||||
lib: ps.options.ts_type_lib_worker(),
|
||||
root_permissions: permissions,
|
||||
|
@ -235,7 +238,7 @@ impl ModuleLoader for CliModuleLoader {
|
|||
let ps = self.ps.clone();
|
||||
let state = op_state.borrow();
|
||||
|
||||
let dynamic_permissions = state.borrow::<Permissions>().clone();
|
||||
let dynamic_permissions = state.borrow::<PermissionsContainer>().clone();
|
||||
let root_permissions = if is_dynamic {
|
||||
dynamic_permissions.clone()
|
||||
} else {
|
||||
|
|
|
@ -9,7 +9,7 @@ use deno_core::ModuleSpecifier;
|
|||
use deno_core::OpState;
|
||||
use deno_runtime::permissions::create_child_permissions;
|
||||
use deno_runtime::permissions::ChildPermissionsArg;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use serde::Deserialize;
|
||||
use serde::Serialize;
|
||||
use std::sync::atomic::AtomicUsize;
|
||||
|
@ -40,7 +40,7 @@ pub fn init(
|
|||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
struct PermissionsHolder(Uuid, Permissions);
|
||||
struct PermissionsHolder(Uuid, PermissionsContainer);
|
||||
|
||||
#[op]
|
||||
pub fn op_pledge_test_permissions(
|
||||
|
@ -48,8 +48,12 @@ pub fn op_pledge_test_permissions(
|
|||
args: ChildPermissionsArg,
|
||||
) -> Result<Uuid, AnyError> {
|
||||
let token = Uuid::new_v4();
|
||||
let parent_permissions = state.borrow_mut::<Permissions>();
|
||||
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
||||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = {
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms = create_child_permissions(&mut parent_permissions, args)?;
|
||||
PermissionsContainer::new(perms)
|
||||
};
|
||||
let parent_permissions = parent_permissions.clone();
|
||||
|
||||
if state.try_take::<PermissionsHolder>().is_some() {
|
||||
|
@ -59,7 +63,7 @@ pub fn op_pledge_test_permissions(
|
|||
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
||||
|
||||
// NOTE: This call overrides current permission set for the worker
|
||||
state.put::<Permissions>(worker_permissions);
|
||||
state.put::<PermissionsContainer>(worker_permissions);
|
||||
|
||||
Ok(token)
|
||||
}
|
||||
|
@ -75,7 +79,7 @@ pub fn op_restore_test_permissions(
|
|||
}
|
||||
|
||||
let permissions = permissions_holder.1;
|
||||
state.put::<Permissions>(permissions);
|
||||
state.put::<PermissionsContainer>(permissions);
|
||||
Ok(())
|
||||
} else {
|
||||
Err(generic_error("no permissions to restore"))
|
||||
|
|
|
@ -17,7 +17,7 @@ use deno_core::ModuleSpecifier;
|
|||
use deno_core::OpState;
|
||||
use deno_runtime::permissions::create_child_permissions;
|
||||
use deno_runtime::permissions::ChildPermissionsArg;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use serde::Deserialize;
|
||||
use serde::Deserializer;
|
||||
use serde::Serialize;
|
||||
|
@ -50,7 +50,7 @@ pub fn init(
|
|||
}
|
||||
|
||||
#[derive(Clone)]
|
||||
struct PermissionsHolder(Uuid, Permissions);
|
||||
struct PermissionsHolder(Uuid, PermissionsContainer);
|
||||
|
||||
#[op]
|
||||
pub fn op_pledge_test_permissions(
|
||||
|
@ -58,8 +58,12 @@ pub fn op_pledge_test_permissions(
|
|||
args: ChildPermissionsArg,
|
||||
) -> Result<Uuid, AnyError> {
|
||||
let token = Uuid::new_v4();
|
||||
let parent_permissions = state.borrow_mut::<Permissions>();
|
||||
let worker_permissions = create_child_permissions(parent_permissions, args)?;
|
||||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = {
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms = create_child_permissions(&mut parent_permissions, args)?;
|
||||
PermissionsContainer::new(perms)
|
||||
};
|
||||
let parent_permissions = parent_permissions.clone();
|
||||
|
||||
if state.try_take::<PermissionsHolder>().is_some() {
|
||||
|
@ -68,7 +72,7 @@ pub fn op_pledge_test_permissions(
|
|||
state.put::<PermissionsHolder>(PermissionsHolder(token, parent_permissions));
|
||||
|
||||
// NOTE: This call overrides current permission set for the worker
|
||||
state.put::<Permissions>(worker_permissions);
|
||||
state.put::<PermissionsContainer>(worker_permissions);
|
||||
|
||||
Ok(token)
|
||||
}
|
||||
|
@ -84,7 +88,7 @@ pub fn op_restore_test_permissions(
|
|||
}
|
||||
|
||||
let permissions = permissions_holder.1;
|
||||
state.put::<Permissions>(permissions);
|
||||
state.put::<PermissionsContainer>(permissions);
|
||||
Ok(())
|
||||
} else {
|
||||
Err(generic_error("no permissions to restore"))
|
||||
|
|
|
@ -59,7 +59,7 @@ use deno_runtime::deno_node::NodeResolutionMode;
|
|||
use deno_runtime::deno_tls::rustls::RootCertStore;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::inspector_server::InspectorServer;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use import_map::ImportMap;
|
||||
use log::warn;
|
||||
use std::collections::HashSet;
|
||||
|
@ -181,7 +181,7 @@ impl ProcState {
|
|||
let maybe_import_map =
|
||||
if let Some(import_map_specifier) = maybe_import_map_specifier {
|
||||
let file = file_fetcher
|
||||
.fetch(&import_map_specifier, &mut Permissions::allow_all())
|
||||
.fetch(&import_map_specifier, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.context(format!(
|
||||
"Unable to load '{}' import map",
|
||||
|
@ -289,8 +289,8 @@ impl ProcState {
|
|||
roots: Vec<ModuleSpecifier>,
|
||||
is_dynamic: bool,
|
||||
lib: TsTypeLib,
|
||||
root_permissions: Permissions,
|
||||
dynamic_permissions: Permissions,
|
||||
root_permissions: PermissionsContainer,
|
||||
dynamic_permissions: PermissionsContainer,
|
||||
reload_on_watch: bool,
|
||||
) -> Result<(), AnyError> {
|
||||
log::debug!("Preparing module load.");
|
||||
|
@ -490,8 +490,8 @@ impl ProcState {
|
|||
specifiers,
|
||||
false,
|
||||
lib,
|
||||
Permissions::allow_all(),
|
||||
Permissions::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
false,
|
||||
)
|
||||
.await
|
||||
|
@ -668,8 +668,8 @@ impl ProcState {
|
|||
cache::FetchCacher::new(
|
||||
self.emit_cache.clone(),
|
||||
self.file_fetcher.clone(),
|
||||
Permissions::allow_all(),
|
||||
Permissions::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
PermissionsContainer::allow_all(),
|
||||
)
|
||||
}
|
||||
|
||||
|
|
|
@ -29,6 +29,7 @@ use deno_runtime::deno_tls::rustls_pemfile;
|
|||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::fmt_errors::format_js_error;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::permissions::PermissionsOptions;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
use deno_runtime::worker::WorkerOptions;
|
||||
|
@ -226,7 +227,9 @@ pub async fn run(
|
|||
let flags = metadata_to_flags(&metadata);
|
||||
let main_module = &metadata.entrypoint;
|
||||
let ps = ProcState::build(flags).await?;
|
||||
let permissions = Permissions::from_options(&metadata.permissions)?;
|
||||
let permissions = PermissionsContainer::new(Permissions::from_options(
|
||||
&metadata.permissions,
|
||||
)?);
|
||||
let blob_store = BlobStore::default();
|
||||
let broadcast_channel = InMemoryBroadcastChannel::default();
|
||||
let module_loader = Rc::new(EmbeddedModuleLoader {
|
||||
|
|
|
@ -3725,4 +3725,21 @@ console.log("finish");
|
|||
args: "run --quiet run/001_hello.js --allow-net",
|
||||
output: "run/001_hello.js.out",
|
||||
});
|
||||
|
||||
// Regression test for https://github.com/denoland/deno/issues/16772
|
||||
#[test]
|
||||
fn file_fetcher_preserves_permissions() {
|
||||
let _guard = util::http_server();
|
||||
util::with_pty(&["repl"], |mut console| {
|
||||
console.write_text(
|
||||
"const a = import('http://127.0.0.1:4545/run/019_media_types.ts');",
|
||||
);
|
||||
console.write_text("y");
|
||||
console.write_line("");
|
||||
console.write_line("close();");
|
||||
let output = console.read_all_output();
|
||||
assert_contains!(output, "success");
|
||||
assert_contains!(output, "true");
|
||||
});
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ use deno_core::futures::StreamExt;
|
|||
use deno_core::ModuleSpecifier;
|
||||
use deno_graph::ModuleKind;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::tokio_util::run_local;
|
||||
use indexmap::IndexMap;
|
||||
use log::Level;
|
||||
|
@ -337,8 +338,8 @@ async fn check_specifiers(
|
|||
specifiers,
|
||||
false,
|
||||
lib,
|
||||
Permissions::allow_all(),
|
||||
permissions,
|
||||
PermissionsContainer::allow_all(),
|
||||
PermissionsContainer::new(permissions),
|
||||
true,
|
||||
)
|
||||
.await?;
|
||||
|
@ -358,7 +359,7 @@ async fn bench_specifier(
|
|||
let mut worker = create_main_worker_for_test_or_bench(
|
||||
&ps,
|
||||
specifier.clone(),
|
||||
permissions,
|
||||
PermissionsContainer::new(permissions),
|
||||
vec![ops::bench::init(channel.clone(), filter)],
|
||||
Default::default(),
|
||||
)
|
||||
|
@ -490,6 +491,9 @@ pub async fn run_benchmarks(
|
|||
bench_flags: BenchFlags,
|
||||
) -> Result<(), AnyError> {
|
||||
let ps = ProcState::build(flags).await?;
|
||||
// Various bench files should not share the same permissions in terms of
|
||||
// `PermissionsContainer` - otherwise granting/revoking permissions in one
|
||||
// file would have impact on other files, which is undesirable.
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
|
||||
|
@ -527,6 +531,9 @@ pub async fn run_benchmarks_with_watch(
|
|||
bench_flags: BenchFlags,
|
||||
) -> Result<(), AnyError> {
|
||||
let ps = ProcState::build(flags).await?;
|
||||
// Various bench files should not share the same permissions in terms of
|
||||
// `PermissionsContainer` - otherwise granting/revoking permissions in one
|
||||
// file would have impact on other files, which is undesirable.
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ use crate::worker::create_main_worker;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::resolve_url_or_path;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use rustyline::error::ReadlineError;
|
||||
|
||||
mod cdp;
|
||||
|
@ -72,7 +73,7 @@ async fn read_eval_file(
|
|||
|
||||
let file = ps
|
||||
.file_fetcher
|
||||
.fetch(&specifier, &mut Permissions::allow_all())
|
||||
.fetch(&specifier, PermissionsContainer::allow_all())
|
||||
.await?;
|
||||
|
||||
Ok((*file.source).to_string())
|
||||
|
@ -84,7 +85,9 @@ pub async fn run(flags: Flags, repl_flags: ReplFlags) -> Result<i32, AnyError> {
|
|||
let mut worker = create_main_worker(
|
||||
&ps,
|
||||
main_module.clone(),
|
||||
Permissions::from_options(&ps.options.permissions_options())?,
|
||||
PermissionsContainer::new(Permissions::from_options(
|
||||
&ps.options.permissions_options(),
|
||||
)?),
|
||||
)
|
||||
.await?;
|
||||
worker.setup_repl().await?;
|
||||
|
|
|
@ -9,6 +9,7 @@ use deno_ast::ModuleSpecifier;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::resolve_url_or_path;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
|
||||
use crate::args::EvalFlags;
|
||||
use crate::args::Flags;
|
||||
|
@ -56,8 +57,9 @@ To grant permissions, set them before the script argument. For example:
|
|||
} else {
|
||||
resolve_url_or_path(&run_flags.script)?
|
||||
};
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
let permissions = PermissionsContainer::new(Permissions::from_options(
|
||||
&ps.options.permissions_options(),
|
||||
)?);
|
||||
let mut worker =
|
||||
create_main_worker(&ps, main_module.clone(), permissions).await?;
|
||||
|
||||
|
@ -71,7 +73,9 @@ pub async fn run_from_stdin(flags: Flags) -> Result<i32, AnyError> {
|
|||
let mut worker = create_main_worker(
|
||||
&ps.clone(),
|
||||
main_module.clone(),
|
||||
Permissions::from_options(&ps.options.permissions_options())?,
|
||||
PermissionsContainer::new(Permissions::from_options(
|
||||
&ps.options.permissions_options(),
|
||||
)?),
|
||||
)
|
||||
.await?;
|
||||
|
||||
|
@ -110,8 +114,9 @@ async fn run_with_watch(flags: Flags, script: String) -> Result<i32, AnyError> {
|
|||
let ps =
|
||||
ProcState::build_for_file_watcher((*flags).clone(), sender.clone())
|
||||
.await?;
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
let permissions = PermissionsContainer::new(Permissions::from_options(
|
||||
&ps.options.permissions_options(),
|
||||
)?);
|
||||
let worker =
|
||||
create_main_worker(&ps, main_module.clone(), permissions).await?;
|
||||
worker.run_for_watcher().await?;
|
||||
|
@ -143,8 +148,9 @@ pub async fn eval_command(
|
|||
let main_module =
|
||||
resolve_url_or_path(&format!("./$deno$eval.{}", eval_flags.ext))?;
|
||||
let ps = ProcState::build(flags).await?;
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
let permissions = PermissionsContainer::new(Permissions::from_options(
|
||||
&ps.options.permissions_options(),
|
||||
)?);
|
||||
let mut worker =
|
||||
create_main_worker(&ps, main_module.clone(), permissions).await?;
|
||||
// Create a dummy source file.
|
||||
|
|
|
@ -21,7 +21,7 @@ use deno_core::serde_json;
|
|||
use deno_core::url::Url;
|
||||
use deno_graph::ModuleSpecifier;
|
||||
use deno_runtime::colors;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use std::env;
|
||||
use std::fs;
|
||||
use std::fs::File;
|
||||
|
@ -170,7 +170,7 @@ async fn create_standalone_binary(
|
|||
Some(import_map_specifier) => {
|
||||
let file = ps
|
||||
.file_fetcher
|
||||
.fetch(&import_map_specifier, &mut Permissions::allow_all())
|
||||
.fetch(&import_map_specifier, PermissionsContainer::allow_all())
|
||||
.await
|
||||
.context(format!(
|
||||
"Unable to load '{}' import map",
|
||||
|
|
|
@ -37,6 +37,7 @@ use deno_runtime::fmt_errors::format_js_error;
|
|||
use deno_runtime::ops::io::Stdio;
|
||||
use deno_runtime::ops::io::StdioPipe;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::tokio_util::run_local;
|
||||
use indexmap::IndexMap;
|
||||
use log::Level;
|
||||
|
@ -723,7 +724,7 @@ async fn test_specifier(
|
|||
let mut worker = create_main_worker_for_test_or_bench(
|
||||
&ps,
|
||||
specifier.clone(),
|
||||
permissions,
|
||||
PermissionsContainer::new(permissions),
|
||||
vec![ops::testing::init(
|
||||
sender,
|
||||
fail_fast_tracker,
|
||||
|
@ -895,11 +896,8 @@ async fn fetch_inline_files(
|
|||
) -> Result<Vec<File>, AnyError> {
|
||||
let mut files = Vec::new();
|
||||
for specifier in specifiers {
|
||||
let mut fetch_permissions = Permissions::allow_all();
|
||||
let file = ps
|
||||
.file_fetcher
|
||||
.fetch(&specifier, &mut fetch_permissions)
|
||||
.await?;
|
||||
let fetch_permissions = PermissionsContainer::allow_all();
|
||||
let file = ps.file_fetcher.fetch(&specifier, fetch_permissions).await?;
|
||||
|
||||
let inline_files = if file.media_type == MediaType::Unknown {
|
||||
extract_files_from_fenced_blocks(
|
||||
|
@ -957,8 +955,8 @@ pub async fn check_specifiers(
|
|||
specifiers,
|
||||
false,
|
||||
lib,
|
||||
Permissions::allow_all(),
|
||||
permissions.clone(),
|
||||
PermissionsContainer::new(Permissions::allow_all()),
|
||||
PermissionsContainer::new(permissions.clone()),
|
||||
false,
|
||||
)
|
||||
.await?;
|
||||
|
@ -979,8 +977,8 @@ pub async fn check_specifiers(
|
|||
module_specifiers,
|
||||
false,
|
||||
lib,
|
||||
Permissions::allow_all(),
|
||||
permissions,
|
||||
PermissionsContainer::allow_all(),
|
||||
PermissionsContainer::new(permissions),
|
||||
true,
|
||||
)
|
||||
.await?;
|
||||
|
@ -1324,7 +1322,7 @@ async fn fetch_specifiers_with_test_mode(
|
|||
for (specifier, mode) in &mut specifiers_with_mode {
|
||||
let file = ps
|
||||
.file_fetcher
|
||||
.fetch(specifier, &mut Permissions::allow_all())
|
||||
.fetch(specifier, PermissionsContainer::allow_all())
|
||||
.await?;
|
||||
|
||||
if file.media_type == MediaType::Unknown
|
||||
|
@ -1342,6 +1340,9 @@ pub async fn run_tests(
|
|||
test_flags: TestFlags,
|
||||
) -> Result<(), AnyError> {
|
||||
let ps = ProcState::build(flags).await?;
|
||||
// Various test files should not share the same permissions in terms of
|
||||
// `PermissionsContainer` - otherwise granting/revoking permissions in one
|
||||
// file would have impact on other files, which is undesirable.
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
let specifiers_with_mode = fetch_specifiers_with_test_mode(
|
||||
|
@ -1383,6 +1384,9 @@ pub async fn run_tests_with_watch(
|
|||
test_flags: TestFlags,
|
||||
) -> Result<(), AnyError> {
|
||||
let ps = ProcState::build(flags).await?;
|
||||
// Various test files should not share the same permissions in terms of
|
||||
// `PermissionsContainer` - otherwise granting/revoking permissions in one
|
||||
// file would have impact on other files, which is undesirable.
|
||||
let permissions =
|
||||
Permissions::from_options(&ps.options.permissions_options())?;
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ use deno_runtime::colors;
|
|||
use deno_runtime::fmt_errors::format_js_error;
|
||||
use deno_runtime::ops::worker_host::CreateWebWorkerCb;
|
||||
use deno_runtime::ops::worker_host::WorkerEventCb;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::web_worker::WebWorker;
|
||||
use deno_runtime::web_worker::WebWorkerOptions;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
|
@ -410,7 +410,7 @@ impl CliMainWorker {
|
|||
pub async fn create_main_worker(
|
||||
ps: &ProcState,
|
||||
main_module: ModuleSpecifier,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
) -> Result<CliMainWorker, AnyError> {
|
||||
create_main_worker_internal(
|
||||
ps,
|
||||
|
@ -426,7 +426,7 @@ pub async fn create_main_worker(
|
|||
pub async fn create_main_worker_for_test_or_bench(
|
||||
ps: &ProcState,
|
||||
main_module: ModuleSpecifier,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
custom_extensions: Vec<Extension>,
|
||||
stdio: deno_runtime::ops::io::Stdio,
|
||||
) -> Result<CliMainWorker, AnyError> {
|
||||
|
@ -444,7 +444,7 @@ pub async fn create_main_worker_for_test_or_bench(
|
|||
async fn create_main_worker_internal(
|
||||
ps: &ProcState,
|
||||
main_module: ModuleSpecifier,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
mut custom_extensions: Vec<Extension>,
|
||||
stdio: deno_runtime::ops::io::Stdio,
|
||||
bench_or_test: bool,
|
||||
|
@ -731,10 +731,11 @@ mod tests {
|
|||
use deno_core::{resolve_url_or_path, FsModuleLoader};
|
||||
use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
|
||||
fn create_test_worker() -> MainWorker {
|
||||
let main_module = resolve_url_or_path("./hello.js").unwrap();
|
||||
let permissions = Permissions::default();
|
||||
let permissions = PermissionsContainer::new(Permissions::default());
|
||||
|
||||
let options = WorkerOptions {
|
||||
bootstrap: BootstrapOptions {
|
||||
|
|
|
@ -4,7 +4,7 @@ use deno_core::error::AnyError;
|
|||
use deno_core::FsModuleLoader;
|
||||
use deno_runtime::deno_broadcast_channel::InMemoryBroadcastChannel;
|
||||
use deno_runtime::deno_web::BlobStore;
|
||||
use deno_runtime::permissions::Permissions;
|
||||
use deno_runtime::permissions::PermissionsContainer;
|
||||
use deno_runtime::worker::MainWorker;
|
||||
use deno_runtime::worker::WorkerOptions;
|
||||
use deno_runtime::BootstrapOptions;
|
||||
|
@ -71,7 +71,7 @@ async fn main() -> Result<(), AnyError> {
|
|||
let js_path =
|
||||
Path::new(env!("CARGO_MANIFEST_DIR")).join("examples/hello_runtime.js");
|
||||
let main_module = deno_core::resolve_path(&js_path.to_string_lossy())?;
|
||||
let permissions = Permissions::allow_all();
|
||||
let permissions = PermissionsContainer::allow_all();
|
||||
|
||||
let mut worker = MainWorker::bootstrap_from_options(
|
||||
main_module.clone(),
|
||||
|
|
|
@ -3,18 +3,17 @@
|
|||
use super::io::StdFileResource;
|
||||
use super::utils::into_string;
|
||||
use crate::fs_util::canonicalize_path;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::custom_error;
|
||||
use deno_core::error::type_error;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::op;
|
||||
use deno_core::CancelFuture;
|
||||
use deno_core::CancelHandle;
|
||||
use deno_core::ZeroCopyBuf;
|
||||
|
||||
use deno_core::Extension;
|
||||
use deno_core::OpState;
|
||||
use deno_core::ResourceId;
|
||||
use deno_core::ZeroCopyBuf;
|
||||
use deno_crypto::rand::thread_rng;
|
||||
use deno_crypto::rand::Rng;
|
||||
use log::debug;
|
||||
|
@ -144,11 +143,11 @@ fn open_helper(
|
|||
let _ = mode; // avoid unused warning
|
||||
}
|
||||
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
|
||||
match options {
|
||||
None => {
|
||||
permissions.read.check(&path, Some(api_name))?;
|
||||
permissions.check_read(&path, api_name)?;
|
||||
open_options
|
||||
.read(true)
|
||||
.create(false)
|
||||
|
@ -159,11 +158,11 @@ fn open_helper(
|
|||
}
|
||||
Some(options) => {
|
||||
if options.read {
|
||||
permissions.read.check(&path, Some(api_name))?;
|
||||
permissions.check_read(&path, api_name)?;
|
||||
}
|
||||
|
||||
if options.write || options.append {
|
||||
permissions.write.check(&path, Some(api_name))?;
|
||||
permissions.check_write(&path, api_name)?;
|
||||
}
|
||||
|
||||
open_options
|
||||
|
@ -540,9 +539,8 @@ fn op_umask(state: &mut OpState, mask: Option<u32>) -> Result<u32, AnyError> {
|
|||
fn op_chdir(state: &mut OpState, directory: String) -> Result<(), AnyError> {
|
||||
let d = PathBuf::from(&directory);
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&d, Some("Deno.chdir()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&d, "Deno.chdir()")?;
|
||||
set_current_dir(&d).map_err(|err| {
|
||||
Error::new(err.kind(), format!("{}, chdir '{}'", err, directory))
|
||||
})?;
|
||||
|
@ -562,9 +560,8 @@ fn op_mkdir_sync(state: &mut OpState, args: MkdirArgs) -> Result<(), AnyError> {
|
|||
let path = Path::new(&args.path).to_path_buf();
|
||||
let mode = args.mode.unwrap_or(0o777) & 0o777;
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.mkdirSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.mkdirSync()")?;
|
||||
debug!("op_mkdir {} {:o} {}", path.display(), mode, args.recursive);
|
||||
let mut builder = std::fs::DirBuilder::new();
|
||||
builder.recursive(args.recursive);
|
||||
|
@ -590,9 +587,8 @@ async fn op_mkdir_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.mkdir()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.mkdir()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -623,9 +619,8 @@ fn op_chmod_sync(
|
|||
let mode = mode & 0o777;
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(path, Some("Deno.chmodSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(path, "Deno.chmodSync()")?;
|
||||
raw_chmod(path, mode)
|
||||
}
|
||||
|
||||
|
@ -641,9 +636,8 @@ async fn op_chmod_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.chmod()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.chmod()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || raw_chmod(&path, mode))
|
||||
|
@ -680,9 +674,8 @@ fn op_chown_sync(
|
|||
) -> Result<(), AnyError> {
|
||||
let path = Path::new(&path).to_path_buf();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.chownSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.chownSync()")?;
|
||||
#[cfg(unix)]
|
||||
{
|
||||
use crate::errors::get_nix_error_class;
|
||||
|
@ -716,9 +709,8 @@ async fn op_chown_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.chown()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.chown()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -753,9 +745,8 @@ fn op_remove_sync(
|
|||
let path = PathBuf::from(&path);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.removeSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.removeSync()")?;
|
||||
|
||||
#[cfg(not(unix))]
|
||||
use std::os::windows::prelude::MetadataExt;
|
||||
|
@ -802,9 +793,8 @@ async fn op_remove_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.remove()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.remove()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -854,13 +844,9 @@ fn op_copy_file_sync(
|
|||
let from_path = PathBuf::from(&from);
|
||||
let to_path = PathBuf::from(&to);
|
||||
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions
|
||||
.read
|
||||
.check(&from_path, Some("Deno.copyFileSync()"))?;
|
||||
permissions
|
||||
.write
|
||||
.check(&to_path, Some("Deno.copyFileSync()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&from_path, "Deno.copyFileSync()")?;
|
||||
permissions.check_write(&to_path, "Deno.copyFileSync()")?;
|
||||
|
||||
// On *nix, Rust reports non-existent `from` as ErrorKind::InvalidInput
|
||||
// See https://github.com/rust-lang/rust/issues/54800
|
||||
|
@ -955,9 +941,9 @@ async fn op_copy_file_async(
|
|||
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&from, Some("Deno.copyFile()"))?;
|
||||
permissions.write.check(&to, Some("Deno.copyFile()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&from, "Deno.copyFile()")?;
|
||||
permissions.check_write(&to, "Deno.copyFile()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1116,9 +1102,8 @@ fn op_stat_sync(
|
|||
) -> Result<(), AnyError> {
|
||||
let path = PathBuf::from(&path);
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.statSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.statSync()")?;
|
||||
let err_mapper = |err: Error| {
|
||||
Error::new(err.kind(), format!("{}, stat '{}'", err, path.display()))
|
||||
};
|
||||
|
@ -1145,9 +1130,8 @@ async fn op_stat_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.stat()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.stat()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1173,10 +1157,10 @@ fn op_realpath_sync(
|
|||
) -> Result<String, AnyError> {
|
||||
let path = PathBuf::from(&path);
|
||||
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&path, Some("Deno.realPathSync()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&path, "Deno.realPathSync()")?;
|
||||
if path.is_relative() {
|
||||
permissions.read.check_blind(
|
||||
permissions.check_read_blind(
|
||||
¤t_dir()?,
|
||||
"CWD",
|
||||
"Deno.realPathSync()",
|
||||
|
@ -1200,10 +1184,10 @@ async fn op_realpath_async(
|
|||
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&path, Some("Deno.realPath()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&path, "Deno.realPath()")?;
|
||||
if path.is_relative() {
|
||||
permissions.read.check_blind(
|
||||
permissions.check_read_blind(
|
||||
¤t_dir()?,
|
||||
"CWD",
|
||||
"Deno.realPath()",
|
||||
|
@ -1240,9 +1224,8 @@ fn op_read_dir_sync(
|
|||
let path = PathBuf::from(&path);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.readDirSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.readDirSync()")?;
|
||||
|
||||
debug!("op_read_dir_sync {}", path.display());
|
||||
let err_mapper = |err: Error| {
|
||||
|
@ -1284,9 +1267,8 @@ async fn op_read_dir_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.readDir()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.readDir()")?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
debug!("op_read_dir_async {}", path.display());
|
||||
|
@ -1332,16 +1314,10 @@ fn op_rename_sync(
|
|||
let oldpath = PathBuf::from(&oldpath);
|
||||
let newpath = PathBuf::from(&newpath);
|
||||
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions
|
||||
.read
|
||||
.check(&oldpath, Some("Deno.renameSync()"))?;
|
||||
permissions
|
||||
.write
|
||||
.check(&oldpath, Some("Deno.renameSync()"))?;
|
||||
permissions
|
||||
.write
|
||||
.check(&newpath, Some("Deno.renameSync()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&oldpath, "Deno.renameSync()")?;
|
||||
permissions.check_write(&oldpath, "Deno.renameSync()")?;
|
||||
permissions.check_write(&newpath, "Deno.renameSync()")?;
|
||||
|
||||
let err_mapper = |err: Error| {
|
||||
Error::new(
|
||||
|
@ -1368,10 +1344,10 @@ async fn op_rename_async(
|
|||
let newpath = PathBuf::from(&newpath);
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&oldpath, Some("Deno.rename()"))?;
|
||||
permissions.write.check(&oldpath, Some("Deno.rename()"))?;
|
||||
permissions.write.check(&newpath, Some("Deno.rename()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&oldpath, "Deno.rename()")?;
|
||||
permissions.check_write(&oldpath, "Deno.rename()")?;
|
||||
permissions.check_write(&newpath, "Deno.rename()")?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
let err_mapper = |err: Error| {
|
||||
|
@ -1401,11 +1377,11 @@ fn op_link_sync(
|
|||
let oldpath = PathBuf::from(&oldpath);
|
||||
let newpath = PathBuf::from(&newpath);
|
||||
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&oldpath, Some("Deno.linkSync()"))?;
|
||||
permissions.write.check(&oldpath, Some("Deno.linkSync()"))?;
|
||||
permissions.read.check(&newpath, Some("Deno.linkSync()"))?;
|
||||
permissions.write.check(&newpath, Some("Deno.linkSync()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&oldpath, "Deno.linkSync()")?;
|
||||
permissions.check_write(&oldpath, "Deno.linkSync()")?;
|
||||
permissions.check_read(&newpath, "Deno.linkSync()")?;
|
||||
permissions.check_write(&newpath, "Deno.linkSync()")?;
|
||||
|
||||
let err_mapper = |err: Error| {
|
||||
Error::new(
|
||||
|
@ -1433,11 +1409,11 @@ async fn op_link_async(
|
|||
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
permissions.read.check(&oldpath, Some("Deno.link()"))?;
|
||||
permissions.write.check(&oldpath, Some("Deno.link()"))?;
|
||||
permissions.read.check(&newpath, Some("Deno.link()"))?;
|
||||
permissions.write.check(&newpath, Some("Deno.link()"))?;
|
||||
let permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
permissions.check_read(&oldpath, "Deno.link()")?;
|
||||
permissions.check_write(&oldpath, "Deno.link()")?;
|
||||
permissions.check_read(&newpath, "Deno.link()")?;
|
||||
permissions.check_write(&newpath, "Deno.link()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1470,13 +1446,11 @@ fn op_symlink_sync(
|
|||
let newpath = PathBuf::from(&newpath);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check_all(Some("Deno.symlinkSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write_all("Deno.symlinkSync()")?;
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check_all(Some("Deno.symlinkSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read_all("Deno.symlinkSync()")?;
|
||||
|
||||
let err_mapper = |err: Error| {
|
||||
Error::new(
|
||||
|
@ -1536,13 +1510,11 @@ async fn op_symlink_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check_all(Some("Deno.symlink()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write_all("Deno.symlink()")?;
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check_all(Some("Deno.symlink()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read_all("Deno.symlink()")?;
|
||||
}
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1602,9 +1574,8 @@ fn op_read_link_sync(
|
|||
let path = PathBuf::from(&path);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.readLink()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.readLink()")?;
|
||||
|
||||
debug!("op_read_link_value {}", path.display());
|
||||
let err_mapper = |err: Error| {
|
||||
|
@ -1629,9 +1600,8 @@ async fn op_read_link_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.readLink()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.readLink()")?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
debug!("op_read_link_async {}", path.display());
|
||||
|
@ -1688,9 +1658,8 @@ fn op_truncate_sync(
|
|||
let path = PathBuf::from(&path);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.truncateSync()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.truncateSync()")?;
|
||||
|
||||
debug!("op_truncate_sync {} {}", path.display(), len);
|
||||
let err_mapper = |err: Error| {
|
||||
|
@ -1718,9 +1687,8 @@ async fn op_truncate_async(
|
|||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.truncate()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.truncate()")?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
debug!("op_truncate_async {} {}", path.display(), len);
|
||||
|
@ -1803,9 +1771,9 @@ fn op_make_temp_dir_sync(
|
|||
let prefix = args.prefix.map(String::from);
|
||||
let suffix = args.suffix.map(String::from);
|
||||
|
||||
state.borrow_mut::<Permissions>().write.check(
|
||||
state.borrow_mut::<PermissionsContainer>().check_write(
|
||||
dir.clone().unwrap_or_else(temp_dir).as_path(),
|
||||
Some("Deno.makeTempDirSync()"),
|
||||
"Deno.makeTempDirSync()",
|
||||
)?;
|
||||
|
||||
// TODO(piscisaureus): use byte vector for paths, not a string.
|
||||
|
@ -1833,9 +1801,9 @@ async fn op_make_temp_dir_async(
|
|||
let suffix = args.suffix.map(String::from);
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state.borrow_mut::<Permissions>().write.check(
|
||||
state.borrow_mut::<PermissionsContainer>().check_write(
|
||||
dir.clone().unwrap_or_else(temp_dir).as_path(),
|
||||
Some("Deno.makeTempDir()"),
|
||||
"Deno.makeTempDir()",
|
||||
)?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1866,9 +1834,9 @@ fn op_make_temp_file_sync(
|
|||
let prefix = args.prefix.map(String::from);
|
||||
let suffix = args.suffix.map(String::from);
|
||||
|
||||
state.borrow_mut::<Permissions>().write.check(
|
||||
state.borrow_mut::<PermissionsContainer>().check_write(
|
||||
dir.clone().unwrap_or_else(temp_dir).as_path(),
|
||||
Some("Deno.makeTempFileSync()"),
|
||||
"Deno.makeTempFileSync()",
|
||||
)?;
|
||||
|
||||
// TODO(piscisaureus): use byte vector for paths, not a string.
|
||||
|
@ -1896,9 +1864,9 @@ async fn op_make_temp_file_async(
|
|||
let suffix = args.suffix.map(String::from);
|
||||
{
|
||||
let mut state = state.borrow_mut();
|
||||
state.borrow_mut::<Permissions>().write.check(
|
||||
state.borrow_mut::<PermissionsContainer>().check_write(
|
||||
dir.clone().unwrap_or_else(temp_dir).as_path(),
|
||||
Some("Deno.makeTempFile()"),
|
||||
"Deno.makeTempFile()",
|
||||
)?;
|
||||
}
|
||||
tokio::task::spawn_blocking(move || {
|
||||
|
@ -1973,9 +1941,8 @@ fn op_utime_sync(
|
|||
let mtime = filetime::FileTime::from_unix_time(mtime_secs, mtime_nanos);
|
||||
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.utime()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.utime()")?;
|
||||
filetime::set_file_times(&path, atime, mtime).map_err(|err| {
|
||||
Error::new(err.kind(), format!("{}, utime '{}'", err, path.display()))
|
||||
})?;
|
||||
|
@ -1997,9 +1964,8 @@ async fn op_utime_async(
|
|||
|
||||
state
|
||||
.borrow_mut()
|
||||
.borrow_mut::<Permissions>()
|
||||
.write
|
||||
.check(&path, Some("Deno.utime()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_write(&path, "Deno.utime()")?;
|
||||
|
||||
tokio::task::spawn_blocking(move || {
|
||||
filetime::set_file_times(&path, atime, mtime).map_err(|err| {
|
||||
|
@ -2014,11 +1980,9 @@ async fn op_utime_async(
|
|||
#[op]
|
||||
fn op_cwd(state: &mut OpState) -> Result<String, AnyError> {
|
||||
let path = current_dir()?;
|
||||
state.borrow_mut::<Permissions>().read.check_blind(
|
||||
&path,
|
||||
"CWD",
|
||||
"Deno.cwd()",
|
||||
)?;
|
||||
state
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read_blind(&path, "CWD", "Deno.cwd()")?;
|
||||
let path_str = into_string(path.into_os_string())?;
|
||||
Ok(path_str)
|
||||
}
|
||||
|
@ -2028,9 +1992,10 @@ fn op_readfile_sync(
|
|||
state: &mut OpState,
|
||||
path: String,
|
||||
) -> Result<ZeroCopyBuf, AnyError> {
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
let path = Path::new(&path);
|
||||
permissions.read.check(path, Some("Deno.readFileSync()"))?;
|
||||
state
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(path, "Deno.readFileSync()")?;
|
||||
Ok(std::fs::read(path)?.into())
|
||||
}
|
||||
|
||||
|
@ -2039,11 +2004,10 @@ fn op_readfile_text_sync(
|
|||
state: &mut OpState,
|
||||
path: String,
|
||||
) -> Result<String, AnyError> {
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
let path = Path::new(&path);
|
||||
permissions
|
||||
.read
|
||||
.check(path, Some("Deno.readTextFileSync()"))?;
|
||||
state
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(path, "Deno.readTextFileSync()")?;
|
||||
Ok(string_from_utf8_lossy(std::fs::read(path)?))
|
||||
}
|
||||
|
||||
|
@ -2057,9 +2021,8 @@ async fn op_readfile_async(
|
|||
let path = Path::new(&path);
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(path, Some("Deno.readFile()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(path, "Deno.readFile()")?;
|
||||
}
|
||||
let fut = tokio::task::spawn_blocking(move || {
|
||||
let path = Path::new(&path);
|
||||
|
@ -2087,9 +2050,8 @@ async fn op_readfile_text_async(
|
|||
let path = Path::new(&path);
|
||||
let mut state = state.borrow_mut();
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(path, Some("Deno.readTextFile()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(path, "Deno.readTextFile()")?;
|
||||
}
|
||||
let fut = tokio::task::spawn_blocking(move || {
|
||||
let path = Path::new(&path);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::parking_lot::Mutex;
|
||||
use deno_core::AsyncRefCell;
|
||||
|
@ -119,9 +119,8 @@ fn op_fs_events_open(
|
|||
for path in &args.paths {
|
||||
let path = PathBuf::from(path);
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.read
|
||||
.check(&path, Some("Deno.watchFs()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read(&path, "Deno.watchFs()")?;
|
||||
watcher.watch(&path, recursive_mode)?;
|
||||
}
|
||||
let resource = FsEventsResource {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use super::utils::into_string;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::worker::ExitCode;
|
||||
use deno_core::error::{type_error, AnyError};
|
||||
use deno_core::op;
|
||||
|
@ -68,11 +68,9 @@ fn noop_op() -> Result<(), AnyError> {
|
|||
#[op]
|
||||
fn op_exec_path(state: &mut OpState) -> Result<String, AnyError> {
|
||||
let current_exe = env::current_exe().unwrap();
|
||||
state.borrow_mut::<Permissions>().read.check_blind(
|
||||
¤t_exe,
|
||||
"exec_path",
|
||||
"Deno.execPath()",
|
||||
)?;
|
||||
state
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read_blind(¤t_exe, "exec_path", "Deno.execPath()")?;
|
||||
// Now apply URL parser to current exe to get fully resolved path, otherwise
|
||||
// we might get `./` and `../` bits in `exec_path`
|
||||
let exe_url = Url::from_file_path(current_exe).unwrap();
|
||||
|
@ -87,7 +85,7 @@ fn op_set_env(
|
|||
key: String,
|
||||
value: String,
|
||||
) -> Result<(), AnyError> {
|
||||
state.borrow_mut::<Permissions>().env.check(&key)?;
|
||||
state.borrow_mut::<PermissionsContainer>().check_env(&key)?;
|
||||
if key.is_empty() {
|
||||
return Err(type_error("Key is an empty string."));
|
||||
}
|
||||
|
@ -109,7 +107,7 @@ fn op_set_env(
|
|||
|
||||
#[op]
|
||||
fn op_env(state: &mut OpState) -> Result<HashMap<String, String>, AnyError> {
|
||||
state.borrow_mut::<Permissions>().env.check_all()?;
|
||||
state.borrow_mut::<PermissionsContainer>().check_env_all()?;
|
||||
Ok(env::vars().collect())
|
||||
}
|
||||
|
||||
|
@ -121,7 +119,7 @@ fn op_get_env(
|
|||
let skip_permission_check = NODE_ENV_VAR_ALLOWLIST.contains(&key);
|
||||
|
||||
if !skip_permission_check {
|
||||
state.borrow_mut::<Permissions>().env.check(&key)?;
|
||||
state.borrow_mut::<PermissionsContainer>().check_env(&key)?;
|
||||
}
|
||||
|
||||
if key.is_empty() {
|
||||
|
@ -144,7 +142,7 @@ fn op_get_env(
|
|||
|
||||
#[op]
|
||||
fn op_delete_env(state: &mut OpState, key: String) -> Result<(), AnyError> {
|
||||
state.borrow_mut::<Permissions>().env.check(&key)?;
|
||||
state.borrow_mut::<PermissionsContainer>().check_env(&key)?;
|
||||
if key.is_empty() || key.contains(&['=', '\0'] as &[char]) {
|
||||
return Err(type_error("Key contains invalid characters."));
|
||||
}
|
||||
|
@ -166,27 +164,24 @@ fn op_exit(state: &mut OpState) {
|
|||
#[op]
|
||||
fn op_loadavg(state: &mut OpState) -> Result<(f64, f64, f64), AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("loadavg", Some("Deno.loadavg()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("loadavg", "Deno.loadavg()")?;
|
||||
Ok(sys_info::loadavg())
|
||||
}
|
||||
|
||||
#[op]
|
||||
fn op_hostname(state: &mut OpState) -> Result<String, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("hostname", Some("Deno.hostname()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("hostname", "Deno.hostname()")?;
|
||||
Ok(sys_info::hostname())
|
||||
}
|
||||
|
||||
#[op]
|
||||
fn op_os_release(state: &mut OpState) -> Result<String, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("osRelease", Some("Deno.osRelease()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("osRelease", "Deno.osRelease()")?;
|
||||
Ok(sys_info::os_release())
|
||||
}
|
||||
|
||||
|
@ -195,9 +190,8 @@ fn op_network_interfaces(
|
|||
state: &mut OpState,
|
||||
) -> Result<Vec<NetworkInterface>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("networkInterfaces", Some("Deno.networkInterfaces()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("networkInterfaces", "Deno.networkInterfaces()")?;
|
||||
Ok(netif::up()?.map(NetworkInterface::from).collect())
|
||||
}
|
||||
|
||||
|
@ -250,9 +244,8 @@ fn op_system_memory_info(
|
|||
state: &mut OpState,
|
||||
) -> Result<Option<sys_info::MemInfo>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("systemMemoryInfo", Some("Deno.systemMemoryInfo()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("systemMemoryInfo", "Deno.systemMemoryInfo()")?;
|
||||
Ok(sys_info::mem_info())
|
||||
}
|
||||
|
||||
|
@ -260,9 +253,8 @@ fn op_system_memory_info(
|
|||
#[op]
|
||||
fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("gid", Some("Deno.gid()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("gid", "Deno.gid()")?;
|
||||
// TODO(bartlomieju):
|
||||
#[allow(clippy::undocumented_unsafe_blocks)]
|
||||
unsafe {
|
||||
|
@ -274,9 +266,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
|||
#[op]
|
||||
fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("gid", Some("Deno.gid()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("gid", "Deno.gid()")?;
|
||||
Ok(None)
|
||||
}
|
||||
|
||||
|
@ -284,9 +275,8 @@ fn op_gid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
|||
#[op]
|
||||
fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("uid", Some("Deno.uid()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("uid", "Deno.uid()")?;
|
||||
// TODO(bartlomieju):
|
||||
#[allow(clippy::undocumented_unsafe_blocks)]
|
||||
unsafe {
|
||||
|
@ -298,9 +288,8 @@ fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
|||
#[op]
|
||||
fn op_uid(state: &mut OpState) -> Result<Option<u32>, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("uid", Some("Deno.uid()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("uid", "Deno.uid()")?;
|
||||
Ok(None)
|
||||
}
|
||||
|
||||
|
@ -428,9 +417,8 @@ fn rss() -> usize {
|
|||
|
||||
fn os_uptime(state: &mut OpState) -> Result<u64, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.sys
|
||||
.check("osUptime", Some("Deno.osUptime()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_sys("osUptime", "Deno.osUptime()")?;
|
||||
Ok(sys_info::os_uptime())
|
||||
}
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::permissions::parse_sys_kind;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::custom_error;
|
||||
use deno_core::error::uri_error;
|
||||
use deno_core::error::AnyError;
|
||||
|
@ -37,7 +37,7 @@ pub fn op_query_permission(
|
|||
state: &mut OpState,
|
||||
args: PermissionArgs,
|
||||
) -> Result<String, AnyError> {
|
||||
let permissions = state.borrow::<Permissions>();
|
||||
let permissions = state.borrow::<PermissionsContainer>().0.lock();
|
||||
let path = args.path.as_deref();
|
||||
let perm = match args.name.as_ref() {
|
||||
"read" => permissions.read.query(path.map(Path::new)),
|
||||
|
@ -71,7 +71,7 @@ pub fn op_revoke_permission(
|
|||
state: &mut OpState,
|
||||
args: PermissionArgs,
|
||||
) -> Result<String, AnyError> {
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock();
|
||||
let path = args.path.as_deref();
|
||||
let perm = match args.name.as_ref() {
|
||||
"read" => permissions.read.revoke(path.map(Path::new)),
|
||||
|
@ -105,7 +105,7 @@ pub fn op_request_permission(
|
|||
state: &mut OpState,
|
||||
args: PermissionArgs,
|
||||
) -> Result<String, AnyError> {
|
||||
let permissions = state.borrow_mut::<Permissions>();
|
||||
let mut permissions = state.borrow_mut::<PermissionsContainer>().0.lock();
|
||||
let path = args.path.as_deref();
|
||||
let perm = match args.name.as_ref() {
|
||||
"read" => permissions.read.request(path.map(Path::new)),
|
||||
|
|
|
@ -4,7 +4,7 @@ use super::io::ChildStderrResource;
|
|||
use super::io::ChildStdinResource;
|
||||
use super::io::ChildStdoutResource;
|
||||
use super::io::StdFileResource;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::op;
|
||||
|
||||
|
@ -145,9 +145,8 @@ struct RunInfo {
|
|||
fn op_run(state: &mut OpState, run_args: RunArgs) -> Result<RunInfo, AnyError> {
|
||||
let args = run_args.cmd;
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.run
|
||||
.check(&args[0], Some("Deno.run()"))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_run(&args[0], "Deno.run()")?;
|
||||
let env = run_args.env;
|
||||
let cwd = run_args.cwd;
|
||||
|
||||
|
@ -354,9 +353,8 @@ fn op_kill(
|
|||
api_name: String,
|
||||
) -> Result<(), AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.run
|
||||
.check_all(Some(&api_name))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_run_all(&api_name)?;
|
||||
kill(pid, &signal)?;
|
||||
Ok(())
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license.
|
||||
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::anyhow::Context;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::op;
|
||||
|
@ -26,11 +26,9 @@ fn op_main_module(state: &mut OpState) -> Result<String, AnyError> {
|
|||
let main_path = std::env::current_dir()
|
||||
.context("Failed to get current working directory")?
|
||||
.join(main_url.to_string());
|
||||
state.borrow_mut::<Permissions>().read.check_blind(
|
||||
&main_path,
|
||||
"main_module",
|
||||
"Deno.mainModule",
|
||||
)?;
|
||||
state
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_read_blind(&main_path, "main_module", "Deno.mainModule")?;
|
||||
}
|
||||
Ok(main)
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ use super::io::ChildStdinResource;
|
|||
use super::io::ChildStdoutResource;
|
||||
use super::process::Stdio;
|
||||
use super::process::StdioOrRid;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::op;
|
||||
use deno_core::Extension;
|
||||
|
@ -131,9 +131,8 @@ fn node_unstable_create_command(
|
|||
api_name: &str,
|
||||
) -> Result<std::process::Command, AnyError> {
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.run
|
||||
.check(&args.cmd, Some(api_name))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_run(&args.cmd, api_name)?;
|
||||
|
||||
let mut command = std::process::Command::new(args.cmd);
|
||||
|
||||
|
@ -196,9 +195,8 @@ fn create_command(
|
|||
) -> Result<std::process::Command, AnyError> {
|
||||
super::check_unstable(state, "Deno.spawn");
|
||||
state
|
||||
.borrow_mut::<Permissions>()
|
||||
.run
|
||||
.check(&args.cmd, Some(api_name))?;
|
||||
.borrow_mut::<PermissionsContainer>()
|
||||
.check_run(&args.cmd, api_name)?;
|
||||
|
||||
let mut command = std::process::Command::new(args.cmd);
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
use crate::ops::TestingFeaturesEnabled;
|
||||
use crate::permissions::create_child_permissions;
|
||||
use crate::permissions::ChildPermissionsArg;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::web_worker::run_web_worker;
|
||||
use crate::web_worker::SendableWebWorkerHandle;
|
||||
use crate::web_worker::WebWorker;
|
||||
|
@ -15,7 +15,6 @@ use crate::worker::FormatJsErrorFn;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::futures::future::LocalFutureObj;
|
||||
use deno_core::op;
|
||||
|
||||
use deno_core::serde::Deserialize;
|
||||
use deno_core::CancelFuture;
|
||||
use deno_core::CancelHandle;
|
||||
|
@ -32,8 +31,8 @@ use std::sync::Arc;
|
|||
pub struct CreateWebWorkerArgs {
|
||||
pub name: String,
|
||||
pub worker_id: WorkerId,
|
||||
pub parent_permissions: Permissions,
|
||||
pub permissions: Permissions,
|
||||
pub parent_permissions: PermissionsContainer,
|
||||
pub permissions: PermissionsContainer,
|
||||
pub main_module: ModuleSpecifier,
|
||||
pub worker_type: WebWorkerType,
|
||||
}
|
||||
|
@ -164,10 +163,13 @@ fn op_create_worker(
|
|||
if args.permissions.is_some() {
|
||||
super::check_unstable(state, "Worker.deno.permissions");
|
||||
}
|
||||
let parent_permissions = state.borrow_mut::<Permissions>();
|
||||
let parent_permissions = state.borrow_mut::<PermissionsContainer>();
|
||||
let worker_permissions = if let Some(child_permissions_arg) = args.permissions
|
||||
{
|
||||
create_child_permissions(parent_permissions, child_permissions_arg)?
|
||||
let mut parent_permissions = parent_permissions.0.lock();
|
||||
let perms =
|
||||
create_child_permissions(&mut parent_permissions, child_permissions_arg)?;
|
||||
PermissionsContainer::new(perms)
|
||||
} else {
|
||||
parent_permissions.clone()
|
||||
};
|
||||
|
|
|
@ -6,6 +6,7 @@ use deno_core::error::custom_error;
|
|||
use deno_core::error::type_error;
|
||||
use deno_core::error::uri_error;
|
||||
use deno_core::error::AnyError;
|
||||
use deno_core::parking_lot::Mutex;
|
||||
use deno_core::serde::de;
|
||||
use deno_core::serde::Deserialize;
|
||||
use deno_core::serde::Deserializer;
|
||||
|
@ -22,6 +23,7 @@ use std::hash::Hash;
|
|||
use std::path::{Path, PathBuf};
|
||||
use std::str::FromStr;
|
||||
use std::string::ToString;
|
||||
use std::sync::Arc;
|
||||
|
||||
mod prompter;
|
||||
use prompter::permission_prompt;
|
||||
|
@ -1614,97 +1616,207 @@ impl Permissions {
|
|||
}
|
||||
}
|
||||
|
||||
impl deno_flash::FlashPermissions for Permissions {
|
||||
/// Wrapper struct for `Permissions` that can be shared across threads.
|
||||
///
|
||||
/// We need a way to have internal mutability for permissions as they might get
|
||||
/// passed to a future that will prompt the user for permission (and in such
|
||||
/// case might need to be mutated). Also for the Web Worker API we need a way
|
||||
/// to send permissions to a new thread.
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct PermissionsContainer(pub Arc<Mutex<Permissions>>);
|
||||
|
||||
impl PermissionsContainer {
|
||||
pub fn new(perms: Permissions) -> Self {
|
||||
Self(Arc::new(Mutex::new(perms)))
|
||||
}
|
||||
|
||||
pub fn allow_all() -> Self {
|
||||
Self::new(Permissions::allow_all())
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_specifier(
|
||||
&self,
|
||||
specifier: &ModuleSpecifier,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().check_specifier(specifier)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().read.check(path, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_read_blind(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
display: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().read.check_blind(path, display, api_name)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.lock().read.check_all(Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().write.check(path, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.lock().write.check_all(Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_run(
|
||||
&mut self,
|
||||
cmd: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().run.check(cmd, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_run_all(&mut self, api_name: &str) -> Result<(), AnyError> {
|
||||
self.0.lock().run.check_all(Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_sys(
|
||||
&mut self,
|
||||
kind: &str,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.0.lock().sys.check(kind, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_env(&mut self, var: &str) -> Result<(), AnyError> {
|
||||
self.0.lock().env.check(var)
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
pub fn check_env_all(&mut self) -> Result<(), AnyError> {
|
||||
self.0.lock().env.check_all()
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_flash::FlashPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net<T: AsRef<str>>(
|
||||
&mut self,
|
||||
host: &(T, Option<u16>),
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.net.check(host, Some(api_name))
|
||||
self.0.lock().net.check(host, Some(api_name))
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_node::NodePermissions for Permissions {
|
||||
impl deno_node::NodePermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_read(&mut self, path: &Path) -> Result<(), AnyError> {
|
||||
self.read.check(path, None)
|
||||
self.0.lock().read.check(path, None)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_net::NetPermissions for Permissions {
|
||||
impl deno_net::NetPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net<T: AsRef<str>>(
|
||||
&mut self,
|
||||
host: &(T, Option<u16>),
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.net.check(host, Some(api_name))
|
||||
self.0.lock().net.check(host, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.read.check(path, Some(api_name))
|
||||
self.0.lock().read.check(path, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_write(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.write.check(path, Some(api_name))
|
||||
self.0.lock().write.check(path, Some(api_name))
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_fetch::FetchPermissions for Permissions {
|
||||
impl deno_fetch::FetchPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &url::Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.net.check_url(url, Some(api_name))
|
||||
self.0.lock().net.check_url(url, Some(api_name))
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_read(
|
||||
&mut self,
|
||||
path: &Path,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.read.check(path, Some(api_name))
|
||||
self.0.lock().read.check(path, Some(api_name))
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_web::TimersPermission for Permissions {
|
||||
impl deno_web::TimersPermission for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn allow_hrtime(&mut self) -> bool {
|
||||
self.hrtime.check().is_ok()
|
||||
self.0.lock().hrtime.check().is_ok()
|
||||
}
|
||||
|
||||
#[inline(always)]
|
||||
fn check_unstable(&self, state: &OpState, api_name: &'static str) {
|
||||
crate::ops::check_unstable(state, api_name);
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_websocket::WebSocketPermissions for Permissions {
|
||||
impl deno_websocket::WebSocketPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check_net_url(
|
||||
&mut self,
|
||||
url: &url::Url,
|
||||
api_name: &str,
|
||||
) -> Result<(), AnyError> {
|
||||
self.net.check_url(url, Some(api_name))
|
||||
self.0.lock().net.check_url(url, Some(api_name))
|
||||
}
|
||||
}
|
||||
|
||||
// NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might
|
||||
// change in the future.
|
||||
impl deno_napi::NapiPermissions for Permissions {
|
||||
impl deno_napi::NapiPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
self.ffi.check(path)
|
||||
self.0.lock().ffi.check(path)
|
||||
}
|
||||
}
|
||||
|
||||
impl deno_ffi::FfiPermissions for Permissions {
|
||||
impl deno_ffi::FfiPermissions for PermissionsContainer {
|
||||
#[inline(always)]
|
||||
fn check(&mut self, path: Option<&Path>) -> Result<(), AnyError> {
|
||||
self.ffi.check(path)
|
||||
self.0.lock().ffi.check(path)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ use crate::inspector_server::InspectorServer;
|
|||
use crate::js;
|
||||
use crate::ops;
|
||||
use crate::ops::io::Stdio;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::tokio_util::run_local;
|
||||
use crate::worker::FormatJsErrorFn;
|
||||
use crate::BootstrapOptions;
|
||||
|
@ -348,7 +348,7 @@ pub struct WebWorkerOptions {
|
|||
impl WebWorker {
|
||||
pub fn bootstrap_from_options(
|
||||
name: String,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
main_module: ModuleSpecifier,
|
||||
worker_id: WorkerId,
|
||||
options: WebWorkerOptions,
|
||||
|
@ -362,7 +362,7 @@ impl WebWorker {
|
|||
|
||||
pub fn from_options(
|
||||
name: String,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
main_module: ModuleSpecifier,
|
||||
worker_id: WorkerId,
|
||||
mut options: WebWorkerOptions,
|
||||
|
@ -372,7 +372,7 @@ impl WebWorker {
|
|||
let enable_testing_features = options.bootstrap.enable_testing_features;
|
||||
let perm_ext = Extension::builder()
|
||||
.state(move |state| {
|
||||
state.put::<Permissions>(permissions.clone());
|
||||
state.put::<PermissionsContainer>(permissions.clone());
|
||||
state.put(ops::UnstableChecker { unstable });
|
||||
state.put(ops::TestingFeaturesEnabled(enable_testing_features));
|
||||
Ok(())
|
||||
|
@ -388,11 +388,11 @@ impl WebWorker {
|
|||
deno_webidl::init(),
|
||||
deno_console::init(),
|
||||
deno_url::init(),
|
||||
deno_web::init::<Permissions>(
|
||||
deno_web::init::<PermissionsContainer>(
|
||||
options.blob_store.clone(),
|
||||
Some(main_module.clone()),
|
||||
),
|
||||
deno_fetch::init::<Permissions>(deno_fetch::Options {
|
||||
deno_fetch::init::<PermissionsContainer>(deno_fetch::Options {
|
||||
user_agent: options.bootstrap.user_agent.clone(),
|
||||
root_cert_store: options.root_cert_store.clone(),
|
||||
unsafely_ignore_certificate_errors: options
|
||||
|
@ -402,7 +402,7 @@ impl WebWorker {
|
|||
..Default::default()
|
||||
}),
|
||||
deno_cache::init::<SqliteBackedCache>(create_cache),
|
||||
deno_websocket::init::<Permissions>(
|
||||
deno_websocket::init::<PermissionsContainer>(
|
||||
options.bootstrap.user_agent.clone(),
|
||||
options.root_cert_store.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
|
@ -412,7 +412,7 @@ impl WebWorker {
|
|||
deno_crypto::init(options.seed),
|
||||
deno_webgpu::init(unstable),
|
||||
// ffi
|
||||
deno_ffi::init::<Permissions>(unstable),
|
||||
deno_ffi::init::<PermissionsContainer>(unstable),
|
||||
// Runtime ops that are always initialized for WebWorkers
|
||||
ops::web_worker::init(),
|
||||
ops::runtime::init(main_module.clone()),
|
||||
|
@ -428,13 +428,13 @@ impl WebWorker {
|
|||
ops::io::init(),
|
||||
ops::io::init_stdio(options.stdio),
|
||||
deno_tls::init(),
|
||||
deno_net::init::<Permissions>(
|
||||
deno_net::init::<PermissionsContainer>(
|
||||
options.root_cert_store.clone(),
|
||||
unstable,
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_napi::init::<Permissions>(unstable),
|
||||
deno_node::init::<Permissions>(options.npm_resolver),
|
||||
deno_napi::init::<PermissionsContainer>(unstable),
|
||||
deno_node::init::<PermissionsContainer>(options.npm_resolver),
|
||||
ops::os::init_for_worker(),
|
||||
ops::permissions::init(),
|
||||
ops::process::init(),
|
||||
|
@ -442,7 +442,7 @@ impl WebWorker {
|
|||
ops::signal::init(),
|
||||
ops::tty::init(),
|
||||
deno_http::init(),
|
||||
deno_flash::init::<Permissions>(unstable),
|
||||
deno_flash::init::<PermissionsContainer>(unstable),
|
||||
ops::http::init(),
|
||||
// Permissions ext (worker specific state)
|
||||
perm_ext,
|
||||
|
|
|
@ -38,7 +38,7 @@ use crate::inspector_server::InspectorServer;
|
|||
use crate::js;
|
||||
use crate::ops;
|
||||
use crate::ops::io::Stdio;
|
||||
use crate::permissions::Permissions;
|
||||
use crate::permissions::PermissionsContainer;
|
||||
use crate::BootstrapOptions;
|
||||
|
||||
pub type FormatJsErrorFn = dyn Fn(&JsError) -> String + Sync + Send;
|
||||
|
@ -185,7 +185,7 @@ impl Default for WorkerOptions {
|
|||
impl MainWorker {
|
||||
pub fn bootstrap_from_options(
|
||||
main_module: ModuleSpecifier,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
options: WorkerOptions,
|
||||
) -> Self {
|
||||
let bootstrap_options = options.bootstrap.clone();
|
||||
|
@ -196,7 +196,7 @@ impl MainWorker {
|
|||
|
||||
pub fn from_options(
|
||||
main_module: ModuleSpecifier,
|
||||
permissions: Permissions,
|
||||
permissions: PermissionsContainer,
|
||||
mut options: WorkerOptions,
|
||||
) -> Self {
|
||||
// Permissions: many ops depend on this
|
||||
|
@ -204,7 +204,7 @@ impl MainWorker {
|
|||
let enable_testing_features = options.bootstrap.enable_testing_features;
|
||||
let perm_ext = Extension::builder()
|
||||
.state(move |state| {
|
||||
state.put::<Permissions>(permissions.clone());
|
||||
state.put::<PermissionsContainer>(permissions.clone());
|
||||
state.put(ops::UnstableChecker { unstable });
|
||||
state.put(ops::TestingFeaturesEnabled(enable_testing_features));
|
||||
Ok(())
|
||||
|
@ -222,11 +222,11 @@ impl MainWorker {
|
|||
deno_webidl::init(),
|
||||
deno_console::init(),
|
||||
deno_url::init(),
|
||||
deno_web::init::<Permissions>(
|
||||
deno_web::init::<PermissionsContainer>(
|
||||
options.blob_store.clone(),
|
||||
options.bootstrap.location.clone(),
|
||||
),
|
||||
deno_fetch::init::<Permissions>(deno_fetch::Options {
|
||||
deno_fetch::init::<PermissionsContainer>(deno_fetch::Options {
|
||||
user_agent: options.bootstrap.user_agent.clone(),
|
||||
root_cert_store: options.root_cert_store.clone(),
|
||||
unsafely_ignore_certificate_errors: options
|
||||
|
@ -236,7 +236,7 @@ impl MainWorker {
|
|||
..Default::default()
|
||||
}),
|
||||
deno_cache::init::<SqliteBackedCache>(create_cache),
|
||||
deno_websocket::init::<Permissions>(
|
||||
deno_websocket::init::<PermissionsContainer>(
|
||||
options.bootstrap.user_agent.clone(),
|
||||
options.root_cert_store.clone(),
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
|
@ -246,7 +246,7 @@ impl MainWorker {
|
|||
deno_crypto::init(options.seed),
|
||||
deno_webgpu::init(unstable),
|
||||
// ffi
|
||||
deno_ffi::init::<Permissions>(unstable),
|
||||
deno_ffi::init::<PermissionsContainer>(unstable),
|
||||
// Runtime ops
|
||||
ops::runtime::init(main_module.clone()),
|
||||
ops::worker_host::init(
|
||||
|
@ -261,20 +261,20 @@ impl MainWorker {
|
|||
ops::io::init(),
|
||||
ops::io::init_stdio(options.stdio),
|
||||
deno_tls::init(),
|
||||
deno_net::init::<Permissions>(
|
||||
deno_net::init::<PermissionsContainer>(
|
||||
options.root_cert_store.clone(),
|
||||
unstable,
|
||||
options.unsafely_ignore_certificate_errors.clone(),
|
||||
),
|
||||
deno_napi::init::<Permissions>(unstable),
|
||||
deno_node::init::<Permissions>(options.npm_resolver),
|
||||
deno_napi::init::<PermissionsContainer>(unstable),
|
||||
deno_node::init::<PermissionsContainer>(options.npm_resolver),
|
||||
ops::os::init(exit_code.clone()),
|
||||
ops::permissions::init(),
|
||||
ops::process::init(),
|
||||
ops::signal::init(),
|
||||
ops::tty::init(),
|
||||
deno_http::init(),
|
||||
deno_flash::init::<Permissions>(unstable),
|
||||
deno_flash::init::<PermissionsContainer>(unstable),
|
||||
ops::http::init(),
|
||||
// Permissions ext (worker specific state)
|
||||
perm_ext,
|
||||
|
|
Loading…
Reference in a new issue