diff options
| author | Bartek IwaĆczuk <biwanczuk@gmail.com> | 2023-01-10 14:35:44 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-10 14:35:44 +0100 |
| commit | 636352e0ca1e611c7673f2ab68538e1ddb2dc5b7 (patch) | |
| tree | c250c7a74917cef683999e06283ea9f7182f372c /ext/node/lib.rs | |
| parent | 45768f0e832e54d61ddb5a62d62239aef0e597b5 (diff) | |
fix(npm): allow to read package.json if permissions are granted (#17209)
This commit changes signature of "deno_core::ModuleLoader::resolve" to pass
an enum indicating whether or not we're resolving a specifier for dynamic import.
Additionally "CliModuleLoader" was changes to store both "parent permissions" (or
"root permissions") as well as "dynamic permissions" that allow to check for permissions
in top-level module load an dynamic imports.
Then all code paths that have anything to do with Node/npm compat are now checking
for permissions which are passed from module loader instance associated with given
worker.
Diffstat (limited to 'ext/node/lib.rs')
| -rw-r--r-- | ext/node/lib.rs | 59 |
1 files changed, 42 insertions, 17 deletions
diff --git a/ext/node/lib.rs b/ext/node/lib.rs index a670586d1..8a36e95fa 100644 --- a/ext/node/lib.rs +++ b/ext/node/lib.rs @@ -53,7 +53,11 @@ pub trait RequireNpmResolver { fn in_npm_package(&self, path: &Path) -> bool; - fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError>; + fn ensure_read_permission( + &self, + permissions: &mut dyn NodePermissions, + path: &Path, + ) -> Result<(), AnyError>; } pub const MODULE_ES_SHIM: &str = include_str!("./module_es_shim.js"); @@ -95,7 +99,7 @@ pub fn init<P: NodePermissions + 'static>( op_require_is_request_relative::decl(), op_require_resolve_lookup_paths::decl(), op_require_try_self_parent_path::decl::<P>(), - op_require_try_self::decl(), + op_require_try_self::decl::<P>(), op_require_real_path::decl::<P>(), op_require_path_is_absolute::decl(), op_require_path_dirname::decl(), @@ -104,9 +108,9 @@ pub fn init<P: NodePermissions + 'static>( op_require_path_basename::decl(), op_require_read_file::decl::<P>(), op_require_as_file_path::decl(), - op_require_resolve_exports::decl(), + op_require_resolve_exports::decl::<P>(), op_require_read_closest_package_json::decl::<P>(), - op_require_read_package_scope::decl(), + op_require_read_package_scope::decl::<P>(), op_require_package_imports_resolve::decl::<P>(), op_require_break_on_next_statement::decl(), ]) @@ -130,11 +134,8 @@ where let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>(); resolver.clone() }; - if resolver.ensure_read_permission(file_path).is_ok() { - return Ok(()); - } - - state.borrow_mut::<P>().check_read(file_path) + let permissions = state.borrow_mut::<P>(); + resolver.ensure_read_permission(permissions, file_path) } #[op] @@ -459,19 +460,24 @@ where } #[op] -fn op_require_try_self( +fn op_require_try_self<P>( state: &mut OpState, parent_path: Option<String>, request: String, -) -> Result<Option<String>, AnyError> { +) -> Result<Option<String>, AnyError> +where + P: NodePermissions + 'static, +{ if parent_path.is_none() { return Ok(None); } let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>().clone(); + let permissions = state.borrow_mut::<P>(); let pkg = resolution::get_package_scope_config( &Url::from_file_path(parent_path.unwrap()).unwrap(), &*resolver, + permissions, ) .ok(); if pkg.is_none() { @@ -508,6 +514,7 @@ fn op_require_try_self( resolution::REQUIRE_CONDITIONS, NodeResolutionMode::Execution, &*resolver, + permissions, ) .map(|r| Some(r.to_string_lossy().to_string())) } else { @@ -540,7 +547,7 @@ pub fn op_require_as_file_path(file_or_url: String) -> String { } #[op] -fn op_require_resolve_exports( +fn op_require_resolve_exports<P>( state: &mut OpState, uses_local_node_modules_dir: bool, modules_path: String, @@ -548,8 +555,12 @@ fn op_require_resolve_exports( name: String, expansion: String, parent_path: String, -) -> Result<Option<String>, AnyError> { +) -> Result<Option<String>, AnyError> +where + P: NodePermissions + 'static, +{ let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>().clone(); + let permissions = state.borrow_mut::<P>(); let pkg_path = if resolver.in_npm_package(&PathBuf::from(&modules_path)) && !uses_local_node_modules_dir @@ -560,6 +571,7 @@ fn op_require_resolve_exports( }; let pkg = PackageJson::load( &*resolver, + permissions, PathBuf::from(&pkg_path).join("package.json"), )?; @@ -574,6 +586,7 @@ fn op_require_resolve_exports( resolution::REQUIRE_CONDITIONS, NodeResolutionMode::Execution, &*resolver, + permissions, ) .map(|r| Some(r.to_string_lossy().to_string())) } else { @@ -594,20 +607,26 @@ where PathBuf::from(&filename).parent().unwrap(), )?; let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>().clone(); + let permissions = state.borrow_mut::<P>(); resolution::get_closest_package_json( &Url::from_file_path(filename).unwrap(), &*resolver, + permissions, ) } #[op] -fn op_require_read_package_scope( +fn op_require_read_package_scope<P>( state: &mut OpState, package_json_path: String, -) -> Option<PackageJson> { +) -> Option<PackageJson> +where + P: NodePermissions + 'static, +{ let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>().clone(); + let permissions = state.borrow_mut::<P>(); let package_json_path = PathBuf::from(package_json_path); - PackageJson::load(&*resolver, package_json_path).ok() + PackageJson::load(&*resolver, permissions, package_json_path).ok() } #[op] @@ -622,7 +641,12 @@ where let parent_path = PathBuf::from(&parent_filename); ensure_read_permission::<P>(state, &parent_path)?; let resolver = state.borrow::<Rc<dyn RequireNpmResolver>>().clone(); - let pkg = PackageJson::load(&*resolver, parent_path.join("package.json"))?; + let permissions = state.borrow_mut::<P>(); + let pkg = PackageJson::load( + &*resolver, + permissions, + parent_path.join("package.json"), + )?; if pkg.imports.is_some() { let referrer = @@ -634,6 +658,7 @@ where resolution::REQUIRE_CONDITIONS, NodeResolutionMode::Execution, &*resolver, + permissions, ) .map(|r| Some(Url::from_file_path(r).unwrap().to_string())); state.put(resolver); |