fix(npm): allow to read package.json if permissions are granted (#17209)

This commit changes signature of "deno_core::ModuleLoader::resolve" to pass an enum indicating whether or not we're resolving a specifier for dynamic import. Additionally "CliModuleLoader" was changes to store both "parent permissions" (or "root permissions") as well as "dynamic permissions" that allow to check for permissions in top-level module load an dynamic imports. Then all code paths that have anything to do with Node/npm compat are now checking for permissions which are passed from module loader instance associated with given worker.
author: Bartek Iwańczuk <biwanczuk@gmail.com> 2023-01-10 14:35:44 +0100
committer: GitHub <noreply@github.com> 2023-01-10 14:35:44 +0100
commit: 636352e0ca1e611c7673f2ab68538e1ddb2dc5b7 (patch)
tree: c250c7a74917cef683999e06283ea9f7182f372c /ext/node/resolution.rs
parent: 45768f0e832e54d61ddb5a62d62239aef0e597b5 (diff)
1 files changed, 26 insertions, 5 deletions
diff --git a/ext/node/resolution.rs b/ext/node/resolution.rs
index 7500f0f31..e930215fd 100644
--- a/ext/node/resolution.rs
+++ b/ext/node/resolution.rs
@@ -15,6 +15,7 @@ use regex::Regex;
 use crate::errors;
 use crate::package_json::PackageJson;
 use crate::path::PathClean;
+use crate::NodePermissions;
 use crate::RequireNpmResolver;
 
 pub static DEFAULT_CONDITIONS: &[&str] = &["deno", "node", "import"];
@@ -188,6 +189,7 @@ pub fn package_imports_resolve(
   conditions: &[&str],
   mode: NodeResolutionMode,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<PathBuf, AnyError> {
   if name == "#" || name.starts_with("#/") || name.ends_with('/') {
     let reason = "is not a valid internal imports specifier name";
@@ -198,7 +200,8 @@ pub fn package_imports_resolve(
     ));
   }
 
-  let package_config = get_package_scope_config(referrer, npm_resolver)?;
+  let package_config =
+    get_package_scope_config(referrer, npm_resolver, permissions)?;
   let mut package_json_path = None;
   if package_config.exists {
     package_json_path = Some(package_config.path.clone());
@@ -216,6 +219,7 @@ pub fn package_imports_resolve(
           conditions,
           mode,
           npm_resolver,
+          permissions,
         )?;
         if let Some(resolved) = maybe_resolved {
           return Ok(resolved);
@@ -258,6 +262,7 @@ pub fn package_imports_resolve(
             conditions,
             mode,
             npm_resolver,
+            permissions,
           )?;
           if let Some(resolved) = maybe_resolved {
             return Ok(resolved);
@@ -322,6 +327,7 @@ fn resolve_package_target_string(
   conditions: &[&str],
   mode: NodeResolutionMode,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<PathBuf, AnyError> {
   if !subpath.is_empty() && !pattern && !target.ends_with('/') {
     return Err(throw_invalid_package_target(
@@ -355,6 +361,7 @@ fn resolve_package_target_string(
           conditions,
           mode,
           npm_resolver,
+          permissions,
         ) {
           Ok(Some(path)) => Ok(path),
           Ok(None) => Err(generic_error("not found")),
@@ -430,6 +437,7 @@ fn resolve_package_target(
   conditions: &[&str],
   mode: NodeResolutionMode,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<Option<PathBuf>, AnyError> {
   if let Some(target) = target.as_str() {
     return resolve_package_target_string(
@@ -444,6 +452,7 @@ fn resolve_package_target(
       conditions,
       mode,
       npm_resolver,
+      permissions,
     )
     .map(|path| {
       if mode.is_types() {
@@ -471,6 +480,7 @@ fn resolve_package_target(
         conditions,
         mode,
         npm_resolver,
+        permissions,
       );
 
       match resolved_result {
@@ -520,6 +530,7 @@ fn resolve_package_target(
           conditions,
           mode,
           npm_resolver,
+          permissions,
         )?;
         match resolved {
           Some(resolved) => return Ok(Some(resolved)),
@@ -564,6 +575,7 @@ pub fn package_exports_resolve(
   conditions: &[&str],
   mode: NodeResolutionMode,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<PathBuf, AnyError> {
   if package_exports.contains_key(&package_subpath)
     && package_subpath.find('*').is_none()
@@ -582,6 +594,7 @@ pub fn package_exports_resolve(
       conditions,
       mode,
       npm_resolver,
+      permissions,
     )?;
     if resolved.is_none() {
       return Err(throw_exports_not_found(
@@ -641,6 +654,7 @@ pub fn package_exports_resolve(
       conditions,
       mode,
       npm_resolver,
+      permissions,
     )?;
     if let Some(resolved) = maybe_resolved {
       return Ok(resolved);
@@ -718,12 +732,14 @@ pub fn package_resolve(
   conditions: &[&str],
   mode: NodeResolutionMode,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<Option<PathBuf>, AnyError> {
   let (package_name, package_subpath, _is_scoped) =
     parse_package_name(specifier, referrer)?;
 
   // ResolveSelf
-  let package_config = get_package_scope_config(referrer, npm_resolver)?;
+  let package_config =
+    get_package_scope_config(referrer, npm_resolver, permissions)?;
   if package_config.exists
     && package_config.name.as_ref() == Some(&package_name)
   {
@@ -737,6 +753,7 @@ pub fn package_resolve(
         conditions,
         mode,
         npm_resolver,
+        permissions,
       )
       .map(Some);
     }
@@ -763,7 +780,8 @@ pub fn package_resolve(
   // ))
 
   // Package match.
-  let package_json = PackageJson::load(npm_resolver, package_json_path)?;
+  let package_json =
+    PackageJson::load(npm_resolver, permissions, package_json_path)?;
   if let Some(exports) = &package_json.exports {
     return package_exports_resolve(
       &package_json.path,
@@ -774,6 +792,7 @@ pub fn package_resolve(
       conditions,
       mode,
       npm_resolver,
+      permissions,
     )
     .map(Some);
   }
@@ -795,19 +814,21 @@ pub fn package_resolve(
 pub fn get_package_scope_config(
   referrer: &ModuleSpecifier,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<PackageJson, AnyError> {
   let root_folder = npm_resolver
     .resolve_package_folder_from_path(&referrer.to_file_path().unwrap())?;
   let package_json_path = root_folder.join("package.json");
-  PackageJson::load(npm_resolver, package_json_path)
+  PackageJson::load(npm_resolver, permissions, package_json_path)
 }
 
 pub fn get_closest_package_json(
   url: &ModuleSpecifier,
   npm_resolver: &dyn RequireNpmResolver,
+  permissions: &mut dyn NodePermissions,
 ) -> Result<PackageJson, AnyError> {
   let package_json_path = get_closest_package_json_path(url, npm_resolver)?;
-  PackageJson::load(npm_resolver, package_json_path)
+  PackageJson::load(npm_resolver, permissions, package_json_path)
 }
 
 fn get_closest_package_json_path(
author	Bartek Iwańczuk <biwanczuk@gmail.com>	2023-01-10 14:35:44 +0100
committer	GitHub <noreply@github.com>	2023-01-10 14:35:44 +0100
commit	636352e0ca1e611c7673f2ab68538e1ddb2dc5b7 (patch)
tree	c250c7a74917cef683999e06283ea9f7182f372c /ext/node/resolution.rs
parent	45768f0e832e54d61ddb5a62d62239aef0e597b5 (diff)