summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorLeo Kettmeir <crowlkats@toaxl.com>2024-11-04 09:17:21 -0800
committerGitHub <noreply@github.com>2024-11-04 09:17:21 -0800
commitfe9f0ee5934871175758857899fe64e56c397fd5 (patch)
treeee770a45366d1b054e7429cea2eff56b04532830 /ext
parentfb1d33a7111e45e9b414cfe922a5db5ee4daf3ea (diff)
refactor(runtime/permissions): use concrete error types (#26464)
Diffstat (limited to 'ext')
-rw-r--r--ext/fetch/lib.rs23
-rw-r--r--ext/ffi/call.rs14
-rw-r--r--ext/ffi/callback.rs6
-rw-r--r--ext/ffi/dlfcn.rs6
-rw-r--r--ext/ffi/lib.rs11
-rw-r--r--ext/ffi/repr.rs86
-rw-r--r--ext/fs/lib.rs50
-rw-r--r--ext/fs/ops.rs217
-rw-r--r--ext/kv/remote.rs13
-rw-r--r--ext/kv/sqlite.rs12
-rw-r--r--ext/napi/lib.rs15
-rw-r--r--ext/net/lib.rs17
-rw-r--r--ext/net/ops.rs36
-rw-r--r--ext/node/lib.rs34
-rw-r--r--ext/node/ops/fs.rs35
-rw-r--r--ext/node/ops/http.rs4
-rw-r--r--ext/node/ops/os/mod.rs14
-rw-r--r--ext/websocket/lib.rs18
18 files changed, 229 insertions, 382 deletions
diff --git a/ext/fetch/lib.rs b/ext/fetch/lib.rs
index 4df8dc3d7..7ef26431c 100644
--- a/ext/fetch/lib.rs
+++ b/ext/fetch/lib.rs
@@ -39,6 +39,7 @@ use deno_core::OpState;
use deno_core::RcRef;
use deno_core::Resource;
use deno_core::ResourceId;
+use deno_permissions::PermissionCheckError;
use deno_tls::rustls::RootCertStore;
use deno_tls::Proxy;
use deno_tls::RootCertStoreProvider;
@@ -149,7 +150,7 @@ pub enum FetchError {
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] PermissionCheckError),
#[error("NetworkError when attempting to fetch resource")]
NetworkError,
#[error("Fetching files only supports the GET method: received {0}")]
@@ -346,13 +347,13 @@ pub trait FetchPermissions {
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), deno_core::error::AnyError>;
+ ) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_read<'a>(
&mut self,
p: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, deno_core::error::AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
}
impl FetchPermissions for deno_permissions::PermissionsContainer {
@@ -361,7 +362,7 @@ impl FetchPermissions for deno_permissions::PermissionsContainer {
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), deno_core::error::AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
}
@@ -370,7 +371,7 @@ impl FetchPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, deno_core::error::AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_path(
self,
path,
@@ -414,9 +415,7 @@ where
"file" => {
let path = url.to_file_path().map_err(|_| FetchError::NetworkError)?;
let permissions = state.borrow_mut::<FP>();
- let path = permissions
- .check_read(&path, "fetch()")
- .map_err(FetchError::Permission)?;
+ let path = permissions.check_read(&path, "fetch()")?;
let url = match path {
Cow::Owned(path) => Url::from_file_path(path).unwrap(),
Cow::Borrowed(_) => url,
@@ -442,9 +441,7 @@ where
}
"http" | "https" => {
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_net_url(&url, "fetch()")
- .map_err(FetchError::Resource)?;
+ permissions.check_net_url(&url, "fetch()")?;
let maybe_authority = extract_authority(&mut url);
let uri = url
@@ -863,9 +860,7 @@ where
if let Some(proxy) = args.proxy.clone() {
let permissions = state.borrow_mut::<FP>();
let url = Url::parse(&proxy.url)?;
- permissions
- .check_net_url(&url, "Deno.createHttpClient()")
- .map_err(FetchError::Permission)?;
+ permissions.check_net_url(&url, "Deno.createHttpClient()")?;
}
let options = state.borrow::<Options>();
diff --git a/ext/ffi/call.rs b/ext/ffi/call.rs
index ef61dc383..bbff0ee48 100644
--- a/ext/ffi/call.rs
+++ b/ext/ffi/call.rs
@@ -32,7 +32,9 @@ pub enum CallError {
#[error("Invalid FFI symbol name: '{0}'")]
InvalidSymbol(String),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
+ #[error(transparent)]
+ Resource(deno_core::error::AnyError),
#[error(transparent)]
Callback(#[from] super::CallbackError),
}
@@ -301,9 +303,7 @@ where
{
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(CallError::Permission)?;
+ permissions.check_partial_no_path()?;
};
let symbol = PtrSymbol::new(pointer, &def)?;
@@ -347,7 +347,7 @@ pub fn op_ffi_call_nonblocking(
let resource = state
.resource_table
.get::<DynamicLibraryResource>(rid)
- .map_err(CallError::Permission)?;
+ .map_err(CallError::Resource)?;
let symbols = &resource.symbols;
*symbols
.get(&symbol)
@@ -401,9 +401,7 @@ where
{
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(CallError::Permission)?;
+ permissions.check_partial_no_path()?;
};
let symbol = PtrSymbol::new(pointer, &def)?;
diff --git a/ext/ffi/callback.rs b/ext/ffi/callback.rs
index f33e0413a..29583c800 100644
--- a/ext/ffi/callback.rs
+++ b/ext/ffi/callback.rs
@@ -38,7 +38,7 @@ pub enum CallbackError {
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
#[error(transparent)]
Other(deno_core::error::AnyError),
}
@@ -572,9 +572,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(CallbackError::Permission)?;
+ permissions.check_partial_no_path()?;
let thread_id: u32 = LOCAL_THREAD_ID.with(|s| {
let value = *s.borrow();
diff --git a/ext/ffi/dlfcn.rs b/ext/ffi/dlfcn.rs
index 53bdcbc5c..55909468f 100644
--- a/ext/ffi/dlfcn.rs
+++ b/ext/ffi/dlfcn.rs
@@ -30,7 +30,7 @@ pub enum DlfcnError {
#[error(transparent)]
Dlopen(#[from] dlopen2::Error),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
#[error(transparent)]
Other(deno_core::error::AnyError),
}
@@ -133,9 +133,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- let path = permissions
- .check_partial_with_path(&args.path)
- .map_err(DlfcnError::Permission)?;
+ let path = permissions.check_partial_with_path(&args.path)?;
let lib = Library::open(&path).map_err(|e| {
dlopen2::Error::OpeningLibraryError(std::io::Error::new(
diff --git a/ext/ffi/lib.rs b/ext/ffi/lib.rs
index 237f8c3b0..73ec7757a 100644
--- a/ext/ffi/lib.rs
+++ b/ext/ffi/lib.rs
@@ -1,7 +1,5 @@
// Copyright 2018-2024 the Deno authors. All rights reserved. MIT license.
-use deno_core::error::AnyError;
-
use std::mem::size_of;
use std::os::raw::c_char;
use std::os::raw::c_short;
@@ -31,6 +29,7 @@ use symbol::Symbol;
pub use call::CallError;
pub use callback::CallbackError;
+use deno_permissions::PermissionCheckError;
pub use dlfcn::DlfcnError;
pub use ir::IRError;
pub use r#static::StaticError;
@@ -48,17 +47,17 @@ const _: () = {
pub const UNSTABLE_FEATURE_NAME: &str = "ffi";
pub trait FfiPermissions {
- fn check_partial_no_path(&mut self) -> Result<(), AnyError>;
+ fn check_partial_no_path(&mut self) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_partial_with_path(
&mut self,
path: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
}
impl FfiPermissions for deno_permissions::PermissionsContainer {
#[inline(always)]
- fn check_partial_no_path(&mut self) -> Result<(), AnyError> {
+ fn check_partial_no_path(&mut self) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_ffi_partial_no_path(self)
}
@@ -66,7 +65,7 @@ impl FfiPermissions for deno_permissions::PermissionsContainer {
fn check_partial_with_path(
&mut self,
path: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_ffi_partial_with_path(
self, path,
)
diff --git a/ext/ffi/repr.rs b/ext/ffi/repr.rs
index 2f04f4feb..fd8a2c8e7 100644
--- a/ext/ffi/repr.rs
+++ b/ext/ffi/repr.rs
@@ -46,7 +46,7 @@ pub enum ReprError {
#[error("Invalid pointer pointer, pointer is null")]
InvalidPointer,
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
}
#[op2(fast)]
@@ -58,9 +58,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
Ok(ptr_number as *mut c_void)
}
@@ -75,9 +73,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
Ok(a == b)
}
@@ -91,9 +87,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
Ok(buf as *mut c_void)
}
@@ -107,9 +101,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
let Some(buf) = buf.get_backing_store() else {
return Ok(0 as _);
@@ -130,9 +122,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidOffset);
@@ -162,9 +152,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
Ok(ptr as usize)
}
@@ -181,9 +169,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidArrayBuffer);
@@ -215,9 +201,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if src.is_null() {
Err(ReprError::InvalidArrayBuffer)
@@ -246,9 +230,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidCString);
@@ -272,9 +254,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidBool);
@@ -294,9 +274,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidU8);
@@ -318,9 +296,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidI8);
@@ -342,9 +318,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidU16);
@@ -366,9 +340,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidI16);
@@ -390,9 +362,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidU32);
@@ -412,9 +382,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidI32);
@@ -437,9 +405,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidU64);
@@ -465,9 +431,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidI64);
@@ -490,9 +454,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidF32);
@@ -512,9 +474,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidF64);
@@ -534,9 +494,7 @@ where
FP: FfiPermissions + 'static,
{
let permissions = state.borrow_mut::<FP>();
- permissions
- .check_partial_no_path()
- .map_err(ReprError::Permission)?;
+ permissions.check_partial_no_path()?;
if ptr.is_null() {
return Err(ReprError::InvalidPointer);
diff --git a/ext/fs/lib.rs b/ext/fs/lib.rs
index cd2baf22a..dd852e6be 100644
--- a/ext/fs/lib.rs
+++ b/ext/fs/lib.rs
@@ -22,8 +22,8 @@ pub use crate::sync::MaybeSync;
use crate::ops::*;
-use deno_core::error::AnyError;
use deno_io::fs::FsError;
+use deno_permissions::PermissionCheckError;
use std::borrow::Cow;
use std::path::Path;
use std::path::PathBuf;
@@ -42,45 +42,51 @@ pub trait FsPermissions {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_read_path<'a>(
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError>;
- fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
+ fn check_read_all(
+ &mut self,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError>;
fn check_read_blind(
&mut self,
p: &Path,
display: &str,
api_name: &str,
- ) -> Result<(), AnyError>;
+ ) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write(
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write_path<'a>(
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write_partial(
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
- fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
+ fn check_write_all(
+ &mut self,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError>;
fn check_write_blind(
&mut self,
p: &Path,
display: &str,
api_name: &str,
- ) -> Result<(), AnyError>;
+ ) -> Result<(), PermissionCheckError>;
fn check<'a>(
&mut self,
@@ -140,7 +146,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
}
@@ -148,7 +154,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_path(
self,
path,
@@ -160,7 +166,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
path: &Path,
display: &str,
api_name: &str,
- ) -> Result<(), AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_blind(
self, path, display, api_name,
)
@@ -170,7 +176,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write(self, path, api_name)
}
@@ -178,7 +184,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_path(
self, path, api_name,
)
@@ -188,7 +194,7 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_partial(
self, path, api_name,
)
@@ -199,17 +205,23 @@ impl FsPermissions for deno_permissions::PermissionsContainer {
p: &Path,
display: &str,
api_name: &str,
- ) -> Result<(), AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_blind(
self, p, display, api_name,
)
}
- fn check_read_all(&mut self, api_name: &str) -> Result<(), AnyError> {
+ fn check_read_all(
+ &mut self,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_all(self, api_name)
}
- fn check_write_all(&mut self, api_name: &str) -> Result<(), AnyError> {
+ fn check_write_all(
+ &mut self,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_all(self, api_name)
}
}
diff --git a/ext/fs/ops.rs b/ext/fs/ops.rs
index a3f59da4e..9b76b49e6 100644
--- a/ext/fs/ops.rs
+++ b/ext/fs/ops.rs
@@ -10,6 +10,12 @@ use std::path::PathBuf;
use std::path::StripPrefixError;
use std::rc::Rc;
+use crate::interface::AccessCheckFn;
+use crate::interface::FileSystemRc;
+use crate::interface::FsDirEntry;
+use crate::interface::FsFileType;
+use crate::FsPermissions;
+use crate::OpenOptions;
use deno_core::op2;
use deno_core::CancelFuture;
use deno_core::CancelHandle;
@@ -20,18 +26,12 @@ use deno_core::ToJsBuffer;
use deno_io::fs::FileResource;
use deno_io::fs::FsError;
use deno_io::fs::FsStat;
+use deno_permissions::PermissionCheckError;
use rand::rngs::ThreadRng;
use rand::thread_rng;
use rand::Rng;
use serde::Serialize;
-use crate::interface::AccessCheckFn;
-use crate::interface::FileSystemRc;
-use crate::interface::FsDirEntry;
-use crate::interface::FsFileType;
-use crate::FsPermissions;
-use crate::OpenOptions;
-
#[derive(Debug, thiserror::Error)]
pub enum FsOpsError {
#[error("{0}")]
@@ -39,7 +39,7 @@ pub enum FsOpsError {
#[error("{0}")]
OperationError(#[source] OperationError),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] PermissionCheckError),
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error("File name or path {0:?} is not valid UTF-8")]
@@ -150,8 +150,7 @@ where
let path = fs.cwd()?;
state
.borrow_mut::<P>()
- .check_read_blind(&path, "CWD", "Deno.cwd()")
- .map_err(FsOpsError::Permission)?;
+ .check_read_blind(&path, "CWD", "Deno.cwd()")?;
let path_str = path_into_string(path.into_os_string())?;
Ok(path_str)
}
@@ -166,8 +165,7 @@ where
{
let d = state
.borrow_mut::<P>()
- .check_read(directory, "Deno.chdir()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(directory, "Deno.chdir()")?;
state
.borrow::<FileSystemRc>()
.chdir(&d)
@@ -253,8 +251,7 @@ where
let path = state
.borrow_mut::<P>()
- .check_write(&path, "Deno.mkdirSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(&path, "Deno.mkdirSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.mkdir_sync(&path, recursive, Some(mode))
@@ -277,10 +274,7 @@ where
let (fs, path) = {
let mut state = state.borrow_mut();
- let path = state
- .borrow_mut::<P>()
- .check_write(&path, "Deno.mkdir()")
- .map_err(FsOpsError::Permission)?;
+ let path = state.borrow_mut::<P>().check_write(&path, "Deno.mkdir()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -302,8 +296,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write(&path, "Deno.chmodSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(&path, "Deno.chmodSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.chmod_sync(&path, mode).context_path("chmod", &path)?;
Ok(())
@@ -320,10 +313,7 @@ where
{
let (fs, path) = {
let mut state = state.borrow_mut();
- let path = state
- .borrow_mut::<P>()
- .check_write(&path, "Deno.chmod()")
- .map_err(FsOpsError::Permission)?;
+ let path = state.borrow_mut::<P>().check_write(&path, "Deno.chmod()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
fs.chmod_async(path.clone(), mode)
@@ -344,8 +334,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write(&path, "Deno.chownSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(&path, "Deno.chownSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.chown_sync(&path, uid, gid)
.context_path("chown", &path)?;
@@ -364,10 +353,7 @@ where
{
let (fs, path) = {
let mut state = state.borrow_mut();
- let path = state
- .borrow_mut::<P>()
- .check_write(&path, "Deno.chown()")
- .map_err(FsOpsError::Permission)?;
+ let path = state.borrow_mut::<P>().check_write(&path, "Deno.chown()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
fs.chown_async(path.clone(), uid, gid)
@@ -387,8 +373,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write(path, "Deno.removeSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(path, "Deno.removeSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.remove_sync(&path, recursive)
@@ -411,13 +396,11 @@ where
let path = if recursive {
state
.borrow_mut::<P>()
- .check_write(&path, "Deno.remove()")
- .map_err(FsOpsError::Permission)?
+ .check_write(&path, "Deno.remove()")?
} else {
state
.borrow_mut::<P>()
- .check_write_partial(&path, "Deno.remove()")
- .map_err(FsOpsError::Permission)?
+ .check_write_partial(&path, "Deno.remove()")?
};
(state.borrow::<FileSystemRc>().clone(), path)
@@ -440,12 +423,8 @@ where
P: FsPermissions + 'static,
{
let permissions = state.borrow_mut::<P>();
- let from = permissions
- .check_read(from, "Deno.copyFileSync()")
- .map_err(FsOpsError::Permission)?;
- let to = permissions
- .check_write(to, "Deno.copyFileSync()")
- .map_err(FsOpsError::Permission)?;
+ let from = permissions.check_read(from, "Deno.copyFileSync()")?;
+ let to = permissions.check_write(to, "Deno.copyFileSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.copy_file_sync(&from, &to)
@@ -466,12 +445,8 @@ where
let (fs, from, to) = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- let from = permissions
- .check_read(&from, "Deno.copyFile()")
- .map_err(FsOpsError::Permission)?;
- let to = permissions
- .check_write(&to, "Deno.copyFile()")
- .map_err(FsOpsError::Permission)?;
+ let from = permissions.check_read(&from, "Deno.copyFile()")?;
+ let to = permissions.check_write(&to, "Deno.copyFile()")?;
(state.borrow::<FileSystemRc>().clone(), from, to)
};
@@ -493,8 +468,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.statSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.statSync()")?;
let fs = state.borrow::<FileSystemRc>();
let stat = fs.stat_sync(&path).context_path("stat", &path)?;
let serializable_stat = SerializableStat::from(stat);
@@ -514,9 +488,7 @@ where
let (fs, path) = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- let path = permissions
- .check_read(&path, "Deno.stat()")
- .map_err(FsOpsError::Permission)?;
+ let path = permissions.check_read(&path, "Deno.stat()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
let stat = fs
@@ -537,8 +509,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.lstatSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.lstatSync()")?;
let fs = state.borrow::<FileSystemRc>();
let stat = fs.lstat_sync(&path).context_path("lstat", &path)?;
let serializable_stat = SerializableStat::from(stat);
@@ -558,9 +529,7 @@ where
let (fs, path) = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- let path = permissions
- .check_read(&path, "Deno.lstat()")
- .map_err(FsOpsError::Permission)?;
+ let path = permissions.check_read(&path, "Deno.lstat()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
let stat = fs
@@ -581,13 +550,9 @@ where
{
let fs = state.borrow::<FileSystemRc>().clone();
let permissions = state.borrow_mut::<P>();
- let path = permissions
- .check_read(&path, "Deno.realPathSync()")
- .map_err(FsOpsError::Permission)?;
+ let path = permissions.check_read(&path, "Deno.realPathSync()")?;
if path.is_relative() {
- permissions
- .check_read_blind(&fs.cwd()?, "CWD", "Deno.realPathSync()")
- .map_err(FsOpsError::Permission)?;
+ permissions.check_read_blind(&fs.cwd()?, "CWD", "Deno.realPathSync()")?;
}
let resolved_path =
@@ -610,13 +575,9 @@ where
let mut state = state.borrow_mut();
let fs = state.borrow::<FileSystemRc>().clone();
let permissions = state.borrow_mut::<P>();
- let path = permissions
- .check_read(&path, "Deno.realPath()")
- .map_err(FsOpsError::Permission)?;
+ let path = permissions.check_read(&path, "Deno.realPath()")?;
if path.is_relative() {
- permissions
- .check_read_blind(&fs.cwd()?, "CWD", "Deno.realPath()")
- .map_err(FsOpsError::Permission)?;
+ permissions.check_read_blind(&fs.cwd()?, "CWD", "Deno.realPath()")?;
}
(fs, path)
};
@@ -640,8 +601,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.readDirSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.readDirSync()")?;
let fs = state.borrow::<FileSystemRc>();
let entries = fs.read_dir_sync(&path).context_path("readdir", &path)?;
@@ -662,8 +622,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.readDir()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.readDir()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -685,15 +644,9 @@ where
P: FsPermissions + 'static,
{
let permissions = state.borrow_mut::<P>();
- let _ = permissions
- .check_read(&oldpath, "Deno.renameSync()")
- .map_err(FsOpsError::Permission)?;
- let oldpath = permissions
- .check_write(&oldpath, "Deno.renameSync()")
- .map_err(FsOpsError::Permission)?;
- let newpath = permissions
- .check_write(&newpath, "Deno.renameSync()")
- .map_err(FsOpsError::Permission)?;
+ let _ = permissions.check_read(&oldpath, "Deno.renameSync()")?;
+ let oldpath = permissions.check_write(&oldpath, "Deno.renameSync()")?;
+ let newpath = permissions.check_write(&newpath, "Deno.renameSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.rename_sync(&oldpath, &newpath)
@@ -714,15 +667,9 @@ where
let (fs, oldpath, newpath) = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- _ = permissions
- .check_read(&oldpath, "Deno.rename()")
- .map_err(FsOpsError::Permission)?;
- let oldpath = permissions
- .check_write(&oldpath, "Deno.rename()")
- .map_err(FsOpsError::Permission)?;
- let newpath = permissions
- .check_write(&newpath, "Deno.rename()")
- .map_err(FsOpsError::Permission)?;
+ _ = permissions.check_read(&oldpath, "Deno.rename()")?;
+ let oldpath = permissions.check_write(&oldpath, "Deno.rename()")?;
+ let newpath = permissions.check_write(&newpath, "Deno.rename()")?;
(state.borrow::<FileSystemRc>().clone(), oldpath, newpath)
};
@@ -743,18 +690,10 @@ where
P: FsPermissions + 'static,
{
let permissions = state.borrow_mut::<P>();
- _ = permissions
- .check_read(oldpath, "Deno.linkSync()")
- .map_err(FsOpsError::Permission)?;
- let oldpath = permissions
- .check_write(oldpath, "Deno.linkSync()")
- .map_err(FsOpsError::Permission)?;
- _ = permissions
- .check_read(newpath, "Deno.linkSync()")
- .map_err(FsOpsError::Permission)?;
- let newpath = permissions
- .check_write(newpath, "Deno.linkSync()")
- .map_err(FsOpsError::Permission)?;
+ _ = permissions.check_read(oldpath, "Deno.linkSync()")?;
+ let oldpath = permissions.check_write(oldpath, "Deno.linkSync()")?;
+ _ = permissions.check_read(newpath, "Deno.linkSync()")?;
+ let newpath = permissions.check_write(newpath, "Deno.linkSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.link_sync(&oldpath, &newpath)
@@ -775,18 +714,10 @@ where
let (fs, oldpath, newpath) = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- _ = permissions
- .check_read(&oldpath, "Deno.link()")
- .map_err(FsOpsError::Permission)?;
- let oldpath = permissions
- .check_write(&oldpath, "Deno.link()")
- .map_err(FsOpsError::Permission)?;
- _ = permissions
- .check_read(&newpath, "Deno.link()")
- .map_err(FsOpsError::Permission)?;
- let newpath = permissions
- .check_write(&newpath, "Deno.link()")
- .map_err(FsOpsError::Permission)?;
+ _ = permissions.check_read(&oldpath, "Deno.link()")?;
+ let oldpath = permissions.check_write(&oldpath, "Deno.link()")?;
+ _ = permissions.check_read(&newpath, "Deno.link()")?;
+ let newpath = permissions.check_write(&newpath, "Deno.link()")?;
(state.borrow::<FileSystemRc>().clone(), oldpath, newpath)
};
@@ -811,12 +742,8 @@ where
let newpath = PathBuf::from(newpath);
let permissions = state.borrow_mut::<P>();
- permissions
- .check_write_all("Deno.symlinkSync()")
- .map_err(FsOpsError::Permission)?;
- permissions
- .check_read_all("Deno.symlinkSync()")
- .map_err(FsOpsError::Permission)?;
+ permissions.check_write_all("Deno.symlinkSync()")?;
+ permissions.check_read_all("Deno.symlinkSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.symlink_sync(&oldpath, &newpath, file_type)
@@ -841,12 +768,8 @@ where
let fs = {
let mut state = state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- permissions
- .check_write_all("Deno.symlink()")
- .map_err(FsOpsError::Permission)?;
- permissions
- .check_read_all("Deno.symlink()")
- .map_err(FsOpsError::Permission)?;
+ permissions.check_write_all("Deno.symlink()")?;
+ permissions.check_read_all("Deno.symlink()")?;
state.borrow::<FileSystemRc>().clone()
};
@@ -868,8 +791,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.readLink()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.readLink()")?;
let fs = state.borrow::<FileSystemRc>();
@@ -891,8 +813,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_read(&path, "Deno.readLink()")
- .map_err(FsOpsError::Permission)?;
+ .check_read(&path, "Deno.readLink()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -915,8 +836,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write(path, "Deno.truncateSync()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(path, "Deno.truncateSync()")?;
let fs = state.borrow::<FileSystemRc>();
fs.truncate_sync(&path, len)
@@ -938,8 +858,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_write(&path, "Deno.truncate()")
- .map_err(FsOpsError::Permission)?;
+ .check_write(&path, "Deno.truncate()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -962,10 +881,7 @@ pub fn op_fs_utime_sync<P>(
where
P: FsPermissions + 'static,
{
- let path = state
- .borrow_mut::<P>()
- .check_write(path, "Deno.utime()")
- .map_err(FsOpsError::Permission)?;
+ let path = state.borrow_mut::<P>().check_write(path, "Deno.utime()")?;
let fs = state.borrow::<FileSystemRc>();
fs.utime_sync(&path, atime_secs, atime_nanos, mtime_secs, mtime_nanos)
@@ -988,10 +904,7 @@ where
{
let (fs, path) = {
let mut state = state.borrow_mut();
- let path = state
- .borrow_mut::<P>()
- .check_write(&path, "Deno.utime()")
- .map_err(FsOpsError::Permission)?;
+ let path = state.borrow_mut::<P>().check_write(&path, "Deno.utime()")?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -1219,16 +1132,12 @@ where
{
let fs = state.borrow::<FileSystemRc>().clone();
let dir = match dir {
- Some(dir) => state
- .borrow_mut::<P>()
- .check_write(dir, api_name)
- .map_err(FsOpsError::Permission)?,
+ Some(dir) => state.borrow_mut::<P>().check_write(dir, api_name)?,
None => {
let dir = fs.tmp_dir().context("tmpdir")?;
state
.borrow_mut::<P>()
- .check_write_blind(&dir, "TMP", api_name)
- .map_err(FsOpsError::Permission)?;
+ .check_write_blind(&dir, "TMP", api_name)?;
dir
}
};
@@ -1246,16 +1155,12 @@ where
let mut state = state.borrow_mut();
let fs = state.borrow::<FileSystemRc>().clone();
let dir = match dir {
- Some(dir) => state
- .borrow_mut::<P>()
- .check_write(dir, api_name)
- .map_err(FsOpsError::Permission)?,
+ Some(dir) => state.borrow_mut::<P>().check_write(dir, api_name)?,
None => {
let dir = fs.tmp_dir().context("tmpdir")?;
state
.borrow_mut::<P>()
- .check_write_blind(&dir, "TMP", api_name)
- .map_err(FsOpsError::Permission)?;
+ .check_write_blind(&dir, "TMP", api_name)?;
dir
}
};
diff --git a/ext/kv/remote.rs b/ext/kv/remote.rs
index 922853588..4930aacfe 100644
--- a/ext/kv/remote.rs
+++ b/ext/kv/remote.rs
@@ -15,6 +15,7 @@ use deno_core::futures::Stream;
use deno_core::OpState;
use deno_fetch::create_http_client;
use deno_fetch::CreateHttpClientOptions;
+use deno_permissions::PermissionCheckError;
use deno_tls::rustls::RootCertStore;
use deno_tls::Proxy;
use deno_tls::RootCertStoreProvider;
@@ -45,17 +46,17 @@ impl HttpOptions {
}
pub trait RemoteDbHandlerPermissions {
- fn check_env(&mut self, var: &str) -> Result<(), AnyError>;
+ fn check_env(&mut self, var: &str) -> Result<(), PermissionCheckError>;
fn check_net_url(
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), AnyError>;
+ ) -> Result<(), PermissionCheckError>;
}
impl RemoteDbHandlerPermissions for deno_permissions::PermissionsContainer {
#[inline(always)]
- fn check_env(&mut self, var: &str) -> Result<(), AnyError> {
+ fn check_env(&mut self, var: &str) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_env(self, var)
}
@@ -64,7 +65,7 @@ impl RemoteDbHandlerPermissions for deno_permissions::PermissionsContainer {
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
}
}
@@ -103,7 +104,9 @@ impl<P: RemoteDbHandlerPermissions + 'static> denokv_remote::RemotePermissions
fn check_net_url(&self, url: &Url) -> Result<(), anyhow::Error> {
let mut state = self.state.borrow_mut();
let permissions = state.borrow_mut::<P>();
- permissions.check_net_url(url, "Deno.openKv")
+ permissions
+ .check_net_url(url, "Deno.openKv")
+ .map_err(Into::into)
}
}
diff --git a/ext/kv/sqlite.rs b/ext/kv/sqlite.rs
index 0b4a3693c..9de520927 100644
--- a/ext/kv/sqlite.rs
+++ b/ext/kv/sqlite.rs
@@ -13,20 +13,20 @@ use std::sync::Arc;
use std::sync::Mutex;
use std::sync::OnceLock;
+use crate::DatabaseHandler;
use async_trait::async_trait;
use deno_core::error::type_error;
use deno_core::error::AnyError;
use deno_core::unsync::spawn_blocking;
use deno_core::OpState;
use deno_path_util::normalize_path;
+use deno_permissions::PermissionCheckError;
pub use denokv_sqlite::SqliteBackendError;
use denokv_sqlite::SqliteConfig;
use denokv_sqlite::SqliteNotifier;
use rand::SeedableRng;
use rusqlite::OpenFlags;
-use crate::DatabaseHandler;
-
static SQLITE_NOTIFIERS_MAP: OnceLock<Mutex<HashMap<PathBuf, SqliteNotifier>>> =
OnceLock::new();
@@ -42,13 +42,13 @@ pub trait SqliteDbHandlerPermissions {
&mut self,
p: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write<'a>(
&mut self,
p: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
}
impl SqliteDbHandlerPermissions for deno_permissions::PermissionsContainer {
@@ -57,7 +57,7 @@ impl SqliteDbHandlerPermissions for deno_permissions::PermissionsContainer {
&mut self,
p: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read(self, p, api_name)
}
@@ -66,7 +66,7 @@ impl SqliteDbHandlerPermissions for deno_permissions::PermissionsContainer {
&mut self,
p: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_path(self, p, api_name)
}
}
diff --git a/ext/napi/lib.rs b/ext/napi/lib.rs
index 20f924bdb..88b8c238d 100644
--- a/ext/napi/lib.rs
+++ b/ext/napi/lib.rs
@@ -43,7 +43,7 @@ pub enum NApiError {
#[error("Unable to find register Node-API module at {}", .0.display())]
ModuleNotFound(PathBuf),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] PermissionCheckError),
}
#[cfg(unix)]
@@ -55,6 +55,7 @@ use libloading::os::windows::*;
// Expose common stuff for ease of use.
// `use deno_napi::*`
pub use deno_core::v8;
+use deno_permissions::PermissionCheckError;
pub use std::ffi::CStr;
pub use std::os::raw::c_char;
pub use std::os::raw::c_void;
@@ -508,20 +509,14 @@ deno_core::extension!(deno_napi,
pub trait NapiPermissions {
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
- fn check(
- &mut self,
- path: &str,
- ) -> Result<PathBuf, deno_core::error::AnyError>;
+ fn check(&mut self, path: &str) -> Result<PathBuf, PermissionCheckError>;
}
// NOTE(bartlomieju): for now, NAPI uses `--allow-ffi` flag, but that might
// change in the future.
impl NapiPermissions for deno_permissions::PermissionsContainer {
#[inline(always)]
- fn check(
- &mut self,
- path: &str,
- ) -> Result<PathBuf, deno_core::error::AnyError> {
+ fn check(&mut self, path: &str) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_ffi(self, path)
}
}
@@ -553,7 +548,7 @@ where
let (async_work_sender, cleanup_hooks, external_ops_tracker, path) = {
let mut op_state = op_state.borrow_mut();
let permissions = op_state.borrow_mut::<NP>();
- let path = permissions.check(&path).map_err(NApiError::Permission)?;
+ let path = permissions.check(&path)?;
let napi_state = op_state.borrow::<NapiState>();
(
op_state.borrow::<V8CrossThreadTaskSpawner>().clone(),
diff --git a/ext/net/lib.rs b/ext/net/lib.rs
index b039965d4..bf8f58aa2 100644
--- a/ext/net/lib.rs
+++ b/ext/net/lib.rs
@@ -11,6 +11,7 @@ mod tcp;
use deno_core::error::AnyError;
use deno_core::OpState;
+use deno_permissions::PermissionCheckError;
use deno_tls::rustls::RootCertStore;
use deno_tls::RootCertStoreProvider;
use std::borrow::Cow;
@@ -25,25 +26,25 @@ pub trait NetPermissions {
&mut self,
host: &(T, Option<u16>),
api_name: &str,
- ) -> Result<(), AnyError>;
+ ) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_read(
&mut self,
p: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write(
&mut self,
p: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write_path<'a>(
&mut self,
p: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
}
impl NetPermissions for deno_permissions::PermissionsContainer {
@@ -52,7 +53,7 @@ impl NetPermissions for deno_permissions::PermissionsContainer {
&mut self,
host: &(T, Option<u16>),
api_name: &str,
- ) -> Result<(), AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net(self, host, api_name)
}
@@ -61,7 +62,7 @@ impl NetPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read(self, path, api_name)
}
@@ -70,7 +71,7 @@ impl NetPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: &str,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write(self, path, api_name)
}
@@ -79,7 +80,7 @@ impl NetPermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &'a Path,
api_name: &str,
- ) -> Result<Cow<'a, Path>, AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_path(
self, path, api_name,
)
diff --git a/ext/net/ops.rs b/ext/net/ops.rs
index 0f92dead0..35bcff8dc 100644
--- a/ext/net/ops.rs
+++ b/ext/net/ops.rs
@@ -81,8 +81,8 @@ pub enum NetError {
Io(#[from] std::io::Error),
#[error("Another accept task is ongoing")]
AcceptTaskOngoing,
- #[error("{0}")]
- Permission(deno_core::error::AnyError),
+ #[error(transparent)]
+ Permission(#[from] deno_permissions::PermissionCheckError),
#[error("{0}")]
Resource(deno_core::error::AnyError),
#[error("No resolved address found")]
@@ -195,12 +195,10 @@ where
{
{
let mut s = state.borrow_mut();
- s.borrow_mut::<NP>()
- .check_net(
- &(&addr.hostname, Some(addr.port)),
- "Deno.DatagramConn.send()",
- )
- .map_err(NetError::Permission)?;
+ s.borrow_mut::<NP>().check_net(
+ &(&addr.hostname, Some(addr.port)),
+ "Deno.DatagramConn.send()",
+ )?;
}
let addr = resolve_addr(&addr.hostname, addr.port)
.await?
@@ -369,8 +367,7 @@ where
let mut state_ = state.borrow_mut();
state_
.borrow_mut::<NP>()
- .check_net(&(&addr.hostname, Some(addr.port)), "Deno.connect()")
- .map_err(NetError::Permission)?;
+ .check_net(&(&addr.hostname, Some(addr.port)), "Deno.connect()")?;
}
let addr = resolve_addr(&addr.hostname, addr.port)
@@ -420,8 +417,7 @@ where
}
state
.borrow_mut::<NP>()
- .check_net(&(&addr.hostname, Some(addr.port)), "Deno.listen()")
- .map_err(NetError::Permission)?;
+ .check_net(&(&addr.hostname, Some(addr.port)), "Deno.listen()")?;
let addr = resolve_addr_sync(&addr.hostname, addr.port)?
.next()
.ok_or_else(|| NetError::NoResolvedAddress)?;
@@ -449,8 +445,7 @@ where
{
state
.borrow_mut::<NP>()
- .check_net(&(&addr.hostname, Some(addr.port)), "Deno.listenDatagram()")
- .map_err(NetError::Permission)?;
+ .check_net(&(&addr.hostname, Some(addr.port)), "Deno.listenDatagram()")?;
let addr = resolve_addr_sync(&addr.hostname, addr.port)?
.next()
.ok_or_else(|| NetError::NoResolvedAddress)?;
@@ -647,9 +642,7 @@ where
let socker_addr = &ns.socket_addr;
let ip = socker_addr.ip().to_string();
let port = socker_addr.port();
- perm
- .check_net(&(ip, Some(port)), "Deno.resolveDns()")
- .map_err(NetError::Permission)?;
+ perm.check_net(&(ip, Some(port)), "Deno.resolveDns()")?;
}
}
@@ -834,6 +827,7 @@ mod tests {
use deno_core::futures::FutureExt;
use deno_core::JsRuntime;
use deno_core::RuntimeOptions;
+ use deno_permissions::PermissionCheckError;
use socket2::SockRef;
use std::net::Ipv4Addr;
use std::net::Ipv6Addr;
@@ -1041,7 +1035,7 @@ mod tests {
&mut self,
_host: &(T, Option<u16>),
_api_name: &str,
- ) -> Result<(), deno_core::error::AnyError> {
+ ) -> Result<(), PermissionCheckError> {
Ok(())
}
@@ -1049,7 +1043,7 @@ mod tests {
&mut self,
p: &str,
_api_name: &str,
- ) -> Result<PathBuf, deno_core::error::AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
Ok(PathBuf::from(p))
}
@@ -1057,7 +1051,7 @@ mod tests {
&mut self,
p: &str,
_api_name: &str,
- ) -> Result<PathBuf, deno_core::error::AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
Ok(PathBuf::from(p))
}
@@ -1065,7 +1059,7 @@ mod tests {
&mut self,
p: &'a Path,
_api_name: &str,
- ) -> Result<Cow<'a, Path>, deno_core::error::AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
Ok(Cow::Borrowed(p))
}
}
diff --git a/ext/node/lib.rs b/ext/node/lib.rs
index db6d08e11..b08b0493b 100644
--- a/ext/node/lib.rs
+++ b/ext/node/lib.rs
@@ -24,6 +24,7 @@ pub mod ops;
mod polyfill;
pub use deno_package_json::PackageJson;
+use deno_permissions::PermissionCheckError;
pub use node_resolver::PathClean;
pub use ops::ipc::ChildPipeFd;
pub use ops::ipc::IpcJsonStreamResource;
@@ -45,10 +46,13 @@ pub trait NodePermissions {
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), AnyError>;
+ ) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
#[inline(always)]
- fn check_read(&mut self, path: &str) -> Result<PathBuf, AnyError> {
+ fn check_read(
+ &mut self,
+ path: &str,
+ ) -> Result<PathBuf, PermissionCheckError> {
self.check_read_with_api_name(path, None)
}
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
@@ -56,20 +60,24 @@ pub trait NodePermissions {
&mut self,
path: &str,
api_name: Option<&str>,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_read_path<'a>(
&mut self,
path: &'a Path,
- ) -> Result<Cow<'a, Path>, AnyError>;
+ ) -> Result<Cow<'a, Path>, PermissionCheckError>;
fn query_read_all(&mut self) -> bool;
- fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError>;
+ fn check_sys(
+ &mut self,
+ kind: &str,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError>;
#[must_use = "the resolved return value to mitigate time-of-check to time-of-use issues"]
fn check_write_with_api_name(
&mut self,
path: &str,
api_name: Option<&str>,
- ) -> Result<PathBuf, AnyError>;
+ ) -> Result<PathBuf, PermissionCheckError>;
}
impl NodePermissions for deno_permissions::PermissionsContainer {
@@ -78,7 +86,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
&mut self,
url: &Url,
api_name: &str,
- ) -> Result<(), AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
}
@@ -87,7 +95,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: Option<&str>,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_with_api_name(
self, path, api_name,
)
@@ -96,7 +104,7 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
fn check_read_path<'a>(
&mut self,
path: &'a Path,
- ) -> Result<Cow<'a, Path>, AnyError> {
+ ) -> Result<Cow<'a, Path>, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_read_path(self, path, None)
}
@@ -109,13 +117,17 @@ impl NodePermissions for deno_permissions::PermissionsContainer {
&mut self,
path: &str,
api_name: Option<&str>,
- ) -> Result<PathBuf, AnyError> {
+ ) -> Result<PathBuf, PermissionCheckError> {
deno_permissions::PermissionsContainer::check_write_with_api_name(
self, path, api_name,
)
}
- fn check_sys(&mut self, kind: &str, api_name: &str) -> Result<(), AnyError> {
+ fn check_sys(
+ &mut self,
+ kind: &str,
+ api_name: &str,
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_sys(self, kind, api_name)
}
}
diff --git a/ext/node/ops/fs.rs b/ext/node/ops/fs.rs
index 98b3c46a1..9c0e4e1cc 100644
--- a/ext/node/ops/fs.rs
+++ b/ext/node/ops/fs.rs
@@ -13,7 +13,7 @@ use crate::NodePermissions;
#[derive(Debug, thiserror::Error)]
pub enum FsError {
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
#[error("{0}")]
Io(#[from] std::io::Error),
#[cfg(windows)]
@@ -53,8 +53,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_read_with_api_name(&path, Some("node:fs.exists()"))
- .map_err(FsError::Permission)?;
+ .check_read_with_api_name(&path, Some("node:fs.exists()"))?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -72,12 +71,10 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_read_with_api_name(path, Some("node:fs.cpSync"))
- .map_err(FsError::Permission)?;
+ .check_read_with_api_name(path, Some("node:fs.cpSync"))?;
let new_path = state
.borrow_mut::<P>()
- .check_write_with_api_name(new_path, Some("node:fs.cpSync"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(new_path, Some("node:fs.cpSync"))?;
let fs = state.borrow::<FileSystemRc>();
fs.cp_sync(&path, &new_path)?;
@@ -97,12 +94,10 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_read_with_api_name(&path, Some("node:fs.cpSync"))
- .map_err(FsError::Permission)?;
+ .check_read_with_api_name(&path, Some("node:fs.cpSync"))?;
let new_path = state
.borrow_mut::<P>()
- .check_write_with_api_name(&new_path, Some("node:fs.cpSync"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(&new_path, Some("node:fs.cpSync"))?;
(state.borrow::<FileSystemRc>().clone(), path, new_path)
};
@@ -136,12 +131,10 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_read_with_api_name(&path, Some("node:fs.statfs"))
- .map_err(FsError::Permission)?;
+ .check_read_with_api_name(&path, Some("node:fs.statfs"))?;
state
.borrow_mut::<P>()
- .check_sys("statfs", "node:fs.statfs")
- .map_err(FsError::Permission)?;
+ .check_sys("statfs", "node:fs.statfs")?;
path
};
#[cfg(unix)]
@@ -279,8 +272,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write_with_api_name(path, Some("node:fs.lutimes"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(path, Some("node:fs.lutimes"))?;
let fs = state.borrow::<FileSystemRc>();
fs.lutime_sync(&path, atime_secs, atime_nanos, mtime_secs, mtime_nanos)?;
@@ -303,8 +295,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_write_with_api_name(&path, Some("node:fs.lutimesSync"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(&path, Some("node:fs.lutimesSync"))?;
(state.borrow::<FileSystemRc>().clone(), path)
};
@@ -326,8 +317,7 @@ where
{
let path = state
.borrow_mut::<P>()
- .check_write_with_api_name(&path, Some("node:fs.lchownSync"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(&path, Some("node:fs.lchownSync"))?;
let fs = state.borrow::<FileSystemRc>();
fs.lchown_sync(&path, uid, gid)?;
Ok(())
@@ -347,8 +337,7 @@ where
let mut state = state.borrow_mut();
let path = state
.borrow_mut::<P>()
- .check_write_with_api_name(&path, Some("node:fs.lchown"))
- .map_err(FsError::Permission)?;
+ .check_write_with_api_name(&path, Some("node:fs.lchown"))?;
(state.borrow::<FileSystemRc>().clone(), path)
};
fs.lchown_async(path, uid, gid).await?;
diff --git a/ext/node/ops/http.rs b/ext/node/ops/http.rs
index 730e1e482..69571078f 100644
--- a/ext/node/ops/http.rs
+++ b/ext/node/ops/http.rs
@@ -78,9 +78,7 @@ where
{
let permissions = state.borrow_mut::<P>();
- permissions
- .check_net_url(&url, "ClientRequest")
- .map_err(FetchError::Permission)?;
+ permissions.check_net_url(&url, "ClientRequest")?;
}
let mut header_map = HeaderMap::new();
diff --git a/ext/node/ops/os/mod.rs b/ext/node/ops/os/mod.rs
index ea7e6b99f..d291277ad 100644
--- a/ext/node/ops/os/mod.rs
+++ b/ext/node/ops/os/mod.rs
@@ -14,7 +14,7 @@ pub enum OsError {
#[error(transparent)]
Priority(priority::PriorityError),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] deno_permissions::PermissionCheckError),
#[error("Failed to get cpu info")]
FailedToGetCpuInfo,
#[error("Failed to get user info")]
@@ -31,9 +31,7 @@ where
{
{
let permissions = state.borrow_mut::<P>();
- permissions
- .check_sys("getPriority", "node:os.getPriority()")
- .map_err(OsError::Permission)?;
+ permissions.check_sys("getPriority", "node:os.getPriority()")?;
}
priority::get_priority(pid).map_err(OsError::Priority)
@@ -50,9 +48,7 @@ where
{
{
let permissions = state.borrow_mut::<P>();
- permissions
- .check_sys("setPriority", "node:os.setPriority()")
- .map_err(OsError::Permission)?;
+ permissions.check_sys("setPriority", "node:os.setPriority()")?;
}
priority::set_priority(pid, priority).map_err(OsError::Priority)
@@ -266,9 +262,7 @@ where
{
{
let permissions = state.borrow_mut::<P>();
- permissions
- .check_sys("cpus", "node:os.cpus()")
- .map_err(OsError::Permission)?;
+ permissions.check_sys("cpus", "node:os.cpus()")?;
}
cpus::cpu_info().ok_or(OsError::FailedToGetCpuInfo)
diff --git a/ext/websocket/lib.rs b/ext/websocket/lib.rs
index 2a67ac5a1..a5734271c 100644
--- a/ext/websocket/lib.rs
+++ b/ext/websocket/lib.rs
@@ -50,6 +50,7 @@ use tokio::io::ReadHalf;
use tokio::io::WriteHalf;
use tokio::net::TcpStream;
+use deno_permissions::PermissionCheckError;
use fastwebsockets::CloseCode;
use fastwebsockets::FragmentCollectorRead;
use fastwebsockets::Frame;
@@ -75,7 +76,7 @@ pub enum WebsocketError {
#[error(transparent)]
Url(url::ParseError),
#[error(transparent)]
- Permission(deno_core::error::AnyError),
+ Permission(#[from] PermissionCheckError),
#[error(transparent)]
Resource(deno_core::error::AnyError),
#[error(transparent)]
@@ -112,7 +113,7 @@ pub trait WebSocketPermissions {
&mut self,
_url: &url::Url,
_api_name: &str,
- ) -> Result<(), deno_core::error::AnyError>;
+ ) -> Result<(), PermissionCheckError>;
}
impl WebSocketPermissions for deno_permissions::PermissionsContainer {
@@ -121,7 +122,7 @@ impl WebSocketPermissions for deno_permissions::PermissionsContainer {
&mut self,
url: &url::Url,
api_name: &str,
- ) -> Result<(), deno_core::error::AnyError> {
+ ) -> Result<(), PermissionCheckError> {
deno_permissions::PermissionsContainer::check_net_url(self, url, api_name)
}
}
@@ -158,13 +159,10 @@ pub fn op_ws_check_permission_and_cancel_handle<WP>(
where
WP: WebSocketPermissions + 'static,
{
- state
- .borrow_mut::<WP>()
- .check_net_url(
- &url::Url::parse(&url).map_err(WebsocketError::Url)?,
- &api_name,
- )
- .map_err(WebsocketError::Permission)?;
+ state.borrow_mut::<WP>().check_net_url(
+ &url::Url::parse(&url).map_err(WebsocketError::Url)?,
+ &api_name,
+ )?;
if cancel_handle {
let rid = state
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-26 20:23:01 +0000