feat(runtime): allow URL for permissions (#11578)

author: Leo K <crowlkats@toaxl.com> 2021-08-06 15:04:00 +0200
committer: GitHub <noreply@github.com> 2021-08-06 15:04:00 +0200
commit: 15b0e61de523c1a0157e754379f0ec7decf0c23e (patch)
tree: 4d3aed3e1b80dbe38e70dad363c64532656c7e5a
parent: b6b71c3d590722117db04fda7362d3b23245c3c3 (diff)
5 files changed, 75 insertions, 13 deletions
diff --git a/cli/dts/lib.deno.ns.d.ts b/cli/dts/lib.deno.ns.d.ts
index e1aff59fc..b0c56591b 100644
--- a/cli/dts/lib.deno.ns.d.ts
+++ b/cli/dts/lib.deno.ns.d.ts
@@ -2133,17 +2133,17 @@ declare namespace Deno {
 
   export interface RunPermissionDescriptor {
     name: "run";
-    command?: string;
+    command?: string | URL;
   }
 
   export interface ReadPermissionDescriptor {
     name: "read";
-    path?: string;
+    path?: string | URL;
   }
 
   export interface WritePermissionDescriptor {
     name: "write";
-    path?: string;
+    path?: string | URL;
   }
 
   export interface NetPermissionDescriptor {
@@ -2153,7 +2153,7 @@ declare namespace Deno {
      *      "github.com"
      *      "deno.land:8080"
      */
-    host?: string;
+    host?: string | URL;
   }
 
   export interface EnvPermissionDescriptor {
diff --git a/cli/dts/lib.deno.unstable.d.ts b/cli/dts/lib.deno.unstable.d.ts
index 6fbd13f5f..ccb5ae2cd 100644
--- a/cli/dts/lib.deno.unstable.d.ts
+++ b/cli/dts/lib.deno.unstable.d.ts
@@ -959,7 +959,7 @@ declare namespace Deno {
       *
       * Defaults to "inherit".
       */
-      env?: "inherit" | boolean;
+      env?: "inherit" | boolean | string[];
 
       /** Specifies if the `hrtime` permission should be requested or revoked.
       * If set to `"inherit"`, the current `hrtime` permission will be inherited.
@@ -1041,7 +1041,7 @@ declare namespace Deno {
       * });
       * ```
       */
-      net?: "inherit" | boolean | string[];
+      net?: "inherit" | boolean | Array<string | URL>;
 
       /** Specifies if the `plugin` permission should be requested or revoked.
       * If set to `"inherit"`, the current `plugin` permission will be inherited.
@@ -1070,7 +1070,7 @@ declare namespace Deno {
       *
       * Defaults to "inherit".
       */
-      run?: "inherit" | boolean;
+      run?: "inherit" | boolean | Array<string | URL>;
 
       /** Specifies if the `write` permission should be requested or revoked.
       * If set to `"inherit"`, the current `write` permission will be inherited.
@@ -1129,17 +1129,17 @@ declare interface WorkerOptions {
     namespace?: boolean;
     /** Set to `"none"` to disable all the permissions in the worker. */
     permissions?: "inherit" | "none" | {
-      env?: "inherit" | boolean;
+      env?: "inherit" | boolean | string[];
       hrtime?: "inherit" | boolean;
       /** The format of the net access list must be `hostname[:port]`
        * in order to be resolved.
        *
        * For example: `["https://deno.land", "localhost:8080"]`.
        */
-      net?: "inherit" | boolean | string[];
+      net?: "inherit" | boolean | Array<string | URL>;
       plugin?: "inherit" | boolean;
       read?: "inherit" | boolean | Array<string | URL>;
-      run?: "inherit" | boolean;
+      run?: "inherit" | boolean | Array<string | URL>;
       write?: "inherit" | boolean | Array<string | URL>;
     };
   };
diff --git a/cli/tests/unit/permissions_test.ts b/cli/tests/unit/permissions_test.ts
index d89b1e355..2ed9c11a9 100644
--- a/cli/tests/unit/permissions_test.ts
+++ b/cli/tests/unit/permissions_test.ts
@@ -57,3 +57,22 @@ unitTest(function permissionStatusIllegalConstructor() {
   );
   assertEquals(Deno.PermissionStatus.length, 0);
 });
+
+unitTest(async function permissionURL() {
+  await Deno.permissions.query({
+    name: "read",
+    path: new URL(".", import.meta.url),
+  });
+  await Deno.permissions.query({
+    name: "write",
+    path: new URL(".", import.meta.url),
+  });
+  await Deno.permissions.query({
+    name: "run",
+    command: new URL(".", import.meta.url),
+  });
+  await Deno.permissions.query({
+    name: "net",
+    host: new URL("https://deno.land/foo"),
+  });
+});
diff --git a/runtime/js/11_workers.js b/runtime/js/11_workers.js
index 602046a14..a0385357d 100644
--- a/runtime/js/11_workers.js
+++ b/runtime/js/11_workers.js
@@ -93,7 +93,16 @@
     } else if (ArrayIsArray(value)) {
       value = ArrayPrototypeMap(value, (route) => {
         if (route instanceof URL) {
-          route = pathFromURL(route);
+          if (permission === "net") {
+            route = route.host;
+          }
+          if (permission === "env") {
+            throw new Error(
+              `Expected 'string' for env permission, received 'URL'`,
+            );
+          } else {
+            route = pathFromURL(route);
+          }
         }
         return route;
       });
@@ -115,12 +124,12 @@
     write = "inherit",
   }) {
     return {
-      env: parseUnitPermission(env, "env"),
+      env: parseArrayPermission(env, "env"),
       hrtime: parseUnitPermission(hrtime, "hrtime"),
       net: parseArrayPermission(net, "net"),
       plugin: parseUnitPermission(plugin, "plugin"),
       read: parseArrayPermission(read, "read"),
-      run: parseUnitPermission(run, "run"),
+      run: parseArrayPermission(run, "run"),
       write: parseArrayPermission(write, "write"),
     };
   }
diff --git a/runtime/js/40_permissions.js b/runtime/js/40_permissions.js
index 8e57a5b5a..019e65446 100644
--- a/runtime/js/40_permissions.js
+++ b/runtime/js/40_permissions.js
@@ -8,6 +8,7 @@
     Deno: { core },
     __bootstrap: { webUtil: { illegalConstructorKey } },
   } = window;
+  const { pathFromURL } = window.__bootstrap.util;
   const {
     ArrayPrototypeIncludes,
     Map,
@@ -161,6 +162,17 @@
           ),
         );
       }
+
+      if (desc.name === "read" || desc.name === "write") {
+        desc.path = pathFromURL(desc.path);
+      } else if (desc.name === "run") {
+        desc.command = pathFromURL(desc.command);
+      } else if (desc.name === "net") {
+        if (desc.host instanceof URL) {
+          desc.host = desc.host.host;
+        }
+      }
+
       const state = opQuery(desc);
       return PromiseResolve(cache(desc, state));
     }
@@ -173,6 +185,17 @@
           ),
         );
       }
+
+      if (desc.name === "read" || desc.name === "write") {
+        desc.path = pathFromURL(desc.path);
+      } else if (desc.name === "run") {
+        desc.command = pathFromURL(desc.command);
+      } else if (desc.name === "net") {
+        if (desc.host instanceof URL) {
+          desc.host = desc.host.host;
+        }
+      }
+
       const state = opRevoke(desc);
       return PromiseResolve(cache(desc, state));
     }
@@ -185,6 +208,17 @@
           ),
         );
       }
+
+      if (desc.name === "read" || desc.name === "write") {
+        desc.path = pathFromURL(desc.path);
+      } else if (desc.name === "run") {
+        desc.command = pathFromURL(desc.command);
+      } else if (desc.name === "net") {
+        if (desc.host instanceof URL) {
+          desc.host = desc.host.host;
+        }
+      }
+
       const state = opRequest(desc);
       return PromiseResolve(cache(desc, state));
     }
author	Leo K <crowlkats@toaxl.com>	2021-08-06 15:04:00 +0200
committer	GitHub <noreply@github.com>	2021-08-06 15:04:00 +0200
commit	15b0e61de523c1a0157e754379f0ec7decf0c23e (patch)
tree	4d3aed3e1b80dbe38e70dad363c64532656c7e5a
parent	b6b71c3d590722117db04fda7362d3b23245c3c3 (diff)