summaryrefslogtreecommitdiff
path: root/cli/file_fetcher.rs
diff options
context:
space:
mode:
authorDavid Sherret <dsherret@users.noreply.github.com>2024-09-16 21:39:37 +0100
committerGitHub <noreply@github.com>2024-09-16 21:39:37 +0100
commit62e952559f600e72d7498c9b12f906cb0b1ba150 (patch)
tree6dbcce6592973358ef4bf6341888b0bbbdb98cc5 /cli/file_fetcher.rs
parente0b9c745c15720914f14996bf357d5b375e2dbd8 (diff)
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
Diffstat (limited to 'cli/file_fetcher.rs')
-rw-r--r--cli/file_fetcher.rs166
1 files changed, 88 insertions, 78 deletions
diff --git a/cli/file_fetcher.rs b/cli/file_fetcher.rs
index ace4d3c7e..ca8fcbee4 100644
--- a/cli/file_fetcher.rs
+++ b/cli/file_fetcher.rs
@@ -161,9 +161,38 @@ fn get_validated_scheme(
}
}
+#[derive(Debug, Copy, Clone)]
+pub enum FetchPermissionsOptionRef<'a> {
+ AllowAll,
+ Container(&'a PermissionsContainer),
+}
+
+#[derive(Debug, Clone)]
+pub enum FetchPermissionsOption {
+ AllowAll,
+ Container(PermissionsContainer),
+}
+
+impl FetchPermissionsOption {
+ pub fn as_ref(&self) -> FetchPermissionsOptionRef {
+ match self {
+ FetchPermissionsOption::AllowAll => FetchPermissionsOptionRef::AllowAll,
+ FetchPermissionsOption::Container(container) => {
+ FetchPermissionsOptionRef::Container(container)
+ }
+ }
+ }
+}
+
+impl From<PermissionsContainer> for FetchPermissionsOption {
+ fn from(value: PermissionsContainer) -> Self {
+ Self::Container(value)
+ }
+}
+
pub struct FetchOptions<'a> {
pub specifier: &'a ModuleSpecifier,
- pub permissions: &'a PermissionsContainer,
+ pub permissions: FetchPermissionsOptionRef<'a>,
pub maybe_accept: Option<&'a str>,
pub maybe_cache_setting: Option<&'a CacheSetting>,
}
@@ -515,13 +544,35 @@ impl FileFetcher {
}
}
+ #[inline(always)]
+ pub async fn fetch_bypass_permissions(
+ &self,
+ specifier: &ModuleSpecifier,
+ ) -> Result<File, AnyError> {
+ self
+ .fetch_inner(specifier, FetchPermissionsOptionRef::AllowAll)
+ .await
+ }
+
/// Fetch a source file and asynchronously return it.
+ #[allow(dead_code)] // todo(25469): undo when merging
+ #[inline(always)]
pub async fn fetch(
&self,
specifier: &ModuleSpecifier,
permissions: &PermissionsContainer,
) -> Result<File, AnyError> {
self
+ .fetch_inner(specifier, FetchPermissionsOptionRef::Container(permissions))
+ .await
+ }
+
+ async fn fetch_inner(
+ &self,
+ specifier: &ModuleSpecifier,
+ permissions: FetchPermissionsOptionRef<'_>,
+ ) -> Result<File, AnyError> {
+ self
.fetch_with_options(FetchOptions {
specifier,
permissions,
@@ -583,7 +634,14 @@ impl FileFetcher {
specifier
);
let scheme = get_validated_scheme(specifier)?;
- options.permissions.check_specifier(specifier)?;
+ match options.permissions {
+ FetchPermissionsOptionRef::AllowAll => {
+ // allow
+ }
+ FetchPermissionsOptionRef::Container(permissions) => {
+ permissions.check_specifier(specifier)?;
+ }
+ }
if let Some(file) = self.memory_files.get(specifier) {
Ok(FileOrRedirect::File(file))
} else if scheme == "file" {
@@ -684,9 +742,7 @@ mod tests {
async fn test_fetch(specifier: &ModuleSpecifier) -> (File, FileFetcher) {
let (file_fetcher, _) = setup(CacheSetting::ReloadAll, None);
- let result = file_fetcher
- .fetch(specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(specifier).await;
assert!(result.is_ok());
(result.unwrap(), file_fetcher)
}
@@ -700,7 +756,7 @@ mod tests {
.fetch_with_options_and_max_redirect(
FetchOptions {
specifier,
- permissions: &PermissionsContainer::allow_all(),
+ permissions: FetchPermissionsOptionRef::AllowAll,
maybe_accept: None,
maybe_cache_setting: Some(&file_fetcher.cache_setting),
},
@@ -796,9 +852,7 @@ mod tests {
};
file_fetcher.insert_memory_files(file.clone());
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let result_file = result.unwrap();
assert_eq!(result_file, file);
@@ -809,9 +863,7 @@ mod tests {
let (file_fetcher, _) = setup(CacheSetting::Use, None);
let specifier = resolve_url("data:application/typescript;base64,ZXhwb3J0IGNvbnN0IGEgPSAiYSI7CgpleHBvcnQgZW51bSBBIHsKICBBLAogIEIsCiAgQywKfQo=").unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -840,9 +892,7 @@ mod tests {
None,
);
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -862,9 +912,7 @@ mod tests {
let specifier =
ModuleSpecifier::parse("http://localhost:4545/subdir/mod2.ts").unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -882,9 +930,7 @@ mod tests {
.set(&specifier, headers.clone(), file.source.as_bytes())
.unwrap();
- let result = file_fetcher_01
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher_01.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -908,9 +954,7 @@ mod tests {
.set(&specifier, headers.clone(), file.source.as_bytes())
.unwrap();
- let result = file_fetcher_02
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher_02.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -933,9 +977,7 @@ mod tests {
Default::default(),
None,
);
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(
@@ -966,9 +1008,7 @@ mod tests {
None,
);
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let cache_key =
file_fetcher.http_cache.cache_item_key(&specifier).unwrap();
@@ -1002,9 +1042,7 @@ mod tests {
Default::default(),
None,
);
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let cache_key =
@@ -1041,9 +1079,7 @@ mod tests {
resolve_url("http://localhost:4545/subdir/redirects/redirect1.js")
.unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
assert_eq!(file.specifier, redirected_specifier);
@@ -1082,9 +1118,7 @@ mod tests {
resolve_url("http://localhost:4545/subdir/redirects/redirect1.js")
.unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
assert_eq!(file.specifier, redirected_02_specifier);
@@ -1142,9 +1176,7 @@ mod tests {
None,
);
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let cache_key = file_fetcher
@@ -1182,7 +1214,7 @@ mod tests {
None,
);
let result = file_fetcher
- .fetch(&redirected_specifier, &PermissionsContainer::allow_all())
+ .fetch_bypass_permissions(&redirected_specifier)
.await;
assert!(result.is_ok());
@@ -1223,7 +1255,7 @@ mod tests {
.fetch_with_options_and_max_redirect(
FetchOptions {
specifier: &specifier,
- permissions: &PermissionsContainer::allow_all(),
+ permissions: FetchPermissionsOptionRef::AllowAll,
maybe_accept: None,
maybe_cache_setting: Some(&file_fetcher.cache_setting),
},
@@ -1236,7 +1268,7 @@ mod tests {
.fetch_with_options_and_max_redirect(
FetchOptions {
specifier: &specifier,
- permissions: &PermissionsContainer::allow_all(),
+ permissions: FetchPermissionsOptionRef::AllowAll,
maybe_accept: None,
maybe_cache_setting: Some(&file_fetcher.cache_setting),
},
@@ -1264,9 +1296,7 @@ mod tests {
resolve_url("http://localhost:4550/subdir/redirects/redirect1.js")
.unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
assert_eq!(file.specifier, redirected_specifier);
@@ -1310,9 +1340,7 @@ mod tests {
let specifier =
resolve_url("http://localhost:4545/run/002_hello.ts").unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_err());
let err = result.unwrap_err();
assert_eq!(get_custom_error_class(&err), Some("NoRemote"));
@@ -1343,22 +1371,16 @@ mod tests {
let specifier =
resolve_url("http://localhost:4545/run/002_hello.ts").unwrap();
- let result = file_fetcher_01
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher_01.fetch_bypass_permissions(&specifier).await;
assert!(result.is_err());
let err = result.unwrap_err();
assert_eq!(err.to_string(), "Specifier not found in cache: \"http://localhost:4545/run/002_hello.ts\", --cached-only is specified.");
assert_eq!(get_custom_error_class(&err), Some("NotCached"));
- let result = file_fetcher_02
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher_02.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
- let result = file_fetcher_01
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher_01.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
}
@@ -1368,17 +1390,13 @@ mod tests {
let fixture_path = temp_dir.path().join("mod.ts");
let specifier = ModuleSpecifier::from_file_path(&fixture_path).unwrap();
fs::write(fixture_path.clone(), r#"console.log("hello deno");"#).unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(&*file.source, r#"console.log("hello deno");"#);
fs::write(fixture_path, r#"console.log("goodbye deno");"#).unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap().into_text_decoded().unwrap();
assert_eq!(&*file.source, r#"console.log("goodbye deno");"#);
@@ -1392,18 +1410,14 @@ mod tests {
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
let specifier =
ModuleSpecifier::parse("http://localhost:4545/dynamic").unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
let first = file.source;
let (file_fetcher, _) =
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
let second = file.source;
@@ -1419,18 +1433,14 @@ mod tests {
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
let specifier =
ModuleSpecifier::parse("http://localhost:4545/dynamic_cache").unwrap();
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
let first = file.source;
let (file_fetcher, _) =
setup(CacheSetting::RespectHeaders, Some(temp_dir.clone()));
- let result = file_fetcher
- .fetch(&specifier, &PermissionsContainer::allow_all())
- .await;
+ let result = file_fetcher.fetch_bypass_permissions(&specifier).await;
assert!(result.is_ok());
let file = result.unwrap();
let second = file.source;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 22:05:30 +0000