1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-01 03:54:06 -05:00
Commit graph

20 commits

Author SHA1 Message Date
Asher Gomez
6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00
Kenta Moriuchi
f086ec57b4
fix(core): Use safe primordials wrappers (#18687) 2023-04-14 22:23:28 +02:00
Bartek Iwańczuk
72fe9bb470
refactor: rename InternalModuleLoader to ExtModuleLoader, use ext: scheme for snapshotted modules (#18041)
This commit renames "deno_core::InternalModuleLoader" to
"ExtModuleLoader" and changes the specifiers used by the 
modules loaded from this loader to "ext:".

"internal:" scheme was really ambiguous and it's more characters than
"ext:", which should result in slightly smaller snapshot size.

Closes https://github.com/denoland/deno/issues/18020
2023-03-08 12:44:54 +01:00
Bartek Iwańczuk
76b173b60c
refactor: move "pathFromURL" to deno_web extension (#18037)
This API is required by several extensions like "ext/node", "ext/ffi"
and also FS APIs that we want to move to a separate crate. Because 
of that "pathFromURL" API was moved to "deno_web" extension so
other extension crates can rely on it.
2023-03-05 22:46:37 +00:00
Bartek Iwańczuk
b40086fd7d
refactor(core): include_js_files! 'dir' option doesn't change specifiers (#18019)
This commit changes "include_js_files!" macro from "deno_core"
in a way that "dir" option doesn't cause specifiers to be rewritten 
to include it.

Example:
```
include_js_files! {
  dir "js",
  "hello.js",
}
```

The above definition required embedders to use:
`import ... from "internal:<ext_name>/js/hello.js"`. 
But with this change, the "js" directory in which the files are stored
is an implementation detail, which for embedders results in: 
`import ... from "internal:<ext_name>/hello.js"`.

The directory the files are stored in, is an implementation detail and 
in some cases might result in a significant size difference for the 
snapshot. As an example, in "deno_node" extension, we store the 
source code in "polyfills" directory; which resulted in each specifier 
to look like "internal:deno_node/polyfills/<module_name>", but with 
this change it's "internal:deno_node/<module_name>". 

Given that "deno_node" has over 100 files, many of them having 
several import specifiers to the same extension, this change removes
10 characters from each import specifier.
2023-03-05 02:31:38 +00:00
Leo Kettmeir
49af1ab18d
refactor: remove prefix from include_js_files & use extension name (#17683) 2023-02-07 21:09:50 +00:00
Leo Kettmeir
b4aa153097
refactor: Use ES modules for internal runtime code (#17648)
This PR refactors all internal js files (except core) to be written as
ES modules.
`__bootstrap`has been mostly replaced with static imports in form in
`internal:[path to file from repo root]`.
To specify if files are ESM, an `esm` method has been added to
`Extension`, similar to the `js` method.
A new ModuleLoader called `InternalModuleLoader` has been added to
enable the loading of internal specifiers, which is used in all
situations except when a snapshot is only loaded, and not a new one is
created from it.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2023-02-07 20:22:46 +01:00
Asher Gomez
900929f65c
feat: Add sync APIs for "Deno.permissions" (#17019)
This commit adds sync versions of async APIs to "Deno.permissions"
namespace.

Following APIs were added:
- "Deno.permissions.querySync"
- "Deno.permissions.requestSync"
- "Deno.permissions.revokeSync"
2023-01-25 00:42:44 +01:00
Asher Gomez
1b001d1b18
fix(permissions): process URL in Deno.FfiPermissionDescriptor.path for revoke() and request() (#17094)
Previously, `Deno.permissions.[revoke|request]()` wouldn't correctly
process the `path: URL` when `name` was `ffi`. This change fixes that
behaviour and adds a new function, `formDescriptor()`, to ensure `URL`
arguments are consistently handled across
`Deno.permissions.[query|revoke|request]()`.
2023-01-03 21:50:14 +01:00
David Sherret
10e4b2e140
chore: update copyright year to 2023 (#17247)
Yearly tradition of creating extra noise in git.
2023-01-02 21:00:42 +00:00
Kenta Moriuchi
948f85216a
chore: Update dlint (#17031)
Introduces `SafeSetIterator` and `SafeMapIterator` to primordials
2022-12-20 03:37:50 +01:00
Andreu Botella
dbcbf53ab5
experiment(ext/web): Don't expose event classes during the bootstrap phase (#16213) 2022-10-24 16:14:17 +02:00
Yoshiya Hinosawa
fa9e7aab6d
feat: add --allow-sys permission flag (#16028) 2022-09-28 21:46:50 +09:00
Nayeem Rahman
38280990da
fix(runtime): fix permission status cache keys (#15899) 2022-09-16 20:46:38 +09:00
Aapo Alasuutari
2164f6b1eb
perf(ops): Monomorphic sync op calls (#15337)
Welcome to better optimised op calls! Currently opSync is called with parameters of every type and count. This most definitely makes the call megamorphic. Additionally, it seems that spread params leads to V8 not being able to optimise the calls quite as well (apparently Fast Calls cannot be used with spread params).

Monomorphising op calls should lead to some improved performance. Now that unwrapping of sync ops results is done on Rust side, this is pretty simple:

```
opSync("op_foo", param1, param2);
// -> turns to
ops.op_foo(param1, param2);
```

This means sync op calls are now just directly calling the native binding function. When V8 Fast API Calls are enabled, this will enable those to be called on the optimised path.

Monomorphising async ops likely requires using callbacks and is left as an exercise to the reader.
2022-08-11 15:56:56 +02:00
David Sherret
888b26819e
fix: various formatting fixes (#15412) 2022-08-05 19:31:19 -04:00
Colin Ihrig
0a96cb62a8
fix(runtime): improve permission descriptor validation (#14676)
This commit improves the permission descriptor validation by
explicitly checking for object types and using optional
chaining when creating error messages in case the descriptor
is not an object.

Fixes: https://github.com/denoland/deno/issues/14675
2022-05-19 17:45:09 -04:00
Bartek Iwańczuk
0bb96cde72
refactor: update runtime code for primordial check x in y (#13642)
Co-authored-by: Yoshiya Hinosawa <stibium121@gmail.com>
2022-04-16 14:09:07 +02:00
Ryan Dahl
1fb5858009
chore: update copyright to 2022 (#13306)
Co-authored-by: Erfan Safari <erfanshield@outlook.com>
2022-01-07 22:09:52 -05:00
Nayeem Rahman
7a22df9b76
fix(runtime/ops/worker_host): move permission arg parsing to Rust (#12297) 2021-10-13 13:04:44 -04:00
Renamed from runtime/js/40_permissions.js (Browse further)