// Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. use crate::permissions::parse_sys_kind; use crate::permissions::PermissionState; use crate::permissions::PermissionsContainer; use deno_core::error::custom_error; use deno_core::error::uri_error; use deno_core::error::AnyError; use deno_core::op; use deno_core::url; use deno_core::OpState; use serde::Deserialize; use serde::Serialize; use std::path::Path; deno_core::extension!( deno_permissions, ops = [ op_query_permission, op_revoke_permission, op_request_permission, ], ); #[derive(Deserialize)] pub struct PermissionArgs { name: String, path: Option, host: Option, variable: Option, kind: Option, command: Option, } #[derive(Serialize)] pub struct PermissionStatus { state: String, partial: bool, } impl From for PermissionStatus { fn from(state: PermissionState) -> Self { PermissionStatus { state: if state == PermissionState::GrantedPartial { PermissionState::Granted.to_string() } else { state.to_string() }, partial: state == PermissionState::GrantedPartial, } } } #[op] pub fn op_query_permission( state: &mut OpState, args: PermissionArgs, ) -> Result { let permissions = state.borrow::().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.query(path.map(Path::new)), "write" => permissions.write.query(path.map(Path::new)), "net" => permissions.net.query( match args.host.as_deref() { None => None, Some(h) => Some(parse_host(h)?), } .as_ref(), ), "env" => permissions.env.query(args.variable.as_deref()), "sys" => permissions .sys .query(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.query(args.command.as_deref()), "ffi" => permissions.ffi.query(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.query(), n => { return Err(custom_error( "ReferenceError", format!("No such permission name: {n}"), )) } }; Ok(PermissionStatus::from(perm)) } #[op] pub fn op_revoke_permission( state: &mut OpState, args: PermissionArgs, ) -> Result { let mut permissions = state.borrow_mut::().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.revoke(path.map(Path::new)), "write" => permissions.write.revoke(path.map(Path::new)), "net" => permissions.net.revoke( match args.host.as_deref() { None => None, Some(h) => Some(parse_host(h)?), } .as_ref(), ), "env" => permissions.env.revoke(args.variable.as_deref()), "sys" => permissions .sys .revoke(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.revoke(args.command.as_deref()), "ffi" => permissions.ffi.revoke(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.revoke(), n => { return Err(custom_error( "ReferenceError", format!("No such permission name: {n}"), )) } }; Ok(PermissionStatus::from(perm)) } #[op] pub fn op_request_permission( state: &mut OpState, args: PermissionArgs, ) -> Result { let mut permissions = state.borrow_mut::().0.lock(); let path = args.path.as_deref(); let perm = match args.name.as_ref() { "read" => permissions.read.request(path.map(Path::new)), "write" => permissions.write.request(path.map(Path::new)), "net" => permissions.net.request( match args.host.as_deref() { None => None, Some(h) => Some(parse_host(h)?), } .as_ref(), ), "env" => permissions.env.request(args.variable.as_deref()), "sys" => permissions .sys .request(args.kind.as_deref().map(parse_sys_kind).transpose()?), "run" => permissions.run.request(args.command.as_deref()), "ffi" => permissions.ffi.request(args.path.as_deref().map(Path::new)), "hrtime" => permissions.hrtime.request(), n => { return Err(custom_error( "ReferenceError", format!("No such permission name: {n}"), )) } }; Ok(PermissionStatus::from(perm)) } fn parse_host(host_str: &str) -> Result<(String, Option), AnyError> { let url = url::Url::parse(&format!("http://{host_str}/")) .map_err(|_| uri_error("Invalid host"))?; if url.path() != "/" { return Err(uri_error("Invalid host")); } let hostname = url.host_str().unwrap(); Ok((hostname.to_string(), url.port())) }