| Age | Commit message (Collapse) | Author |
|---|
|
Issue https://github.com/denoland/deno/issues/22222
This PR moves `runtime/permissions` code to a upstream crate called
`deno_permissions`. The `deno_permissions::PermissionsContainer` is put
into the OpState and can be used instead of the current trait-based
permissions system.
For this PR, I've migrated `deno_fetch` to the new crate but kept the
rest of the trait-based system as a wrapper of `deno_permissions` crate.
Doing the migration all at once is error prone and hard to review.
Comparing incremental compile times for `ext/fetch` on Mac M1:
| profile | `cargo build --bin deno` | `cargo plonk build --bin deno` |
| --------- | ------------- | ------------------- |
| `debug` | 20 s | 0.8s |
| `release` | 4 mins 12 s | 1.4s |
|
|
|
|
Fixes #22221 with the suggested fix, and added "cpus" to the existing
tests.
|
|
Fixes https://github.com/denoland/deno/issues/20803
Fixes https://github.com/denoland/deno/issues/21723
Performance: copying a 48GiB rust `target` folder (recursive)
| Platform | `deno` | `node v21.5` | Improvement |
| -------- | ------- | ------- | ------- |
| macOS (APFS) | 3.1secs | 127.99 secs | **42x** |
| Windows | 18.3secs | 67.2secs | **3.8x** |
Copying files with varying sizes:
|
|
|
|
|
|
|
|
fix #21385
|
|
This is dead code that was not used in any way.
Ref https://github.com/denoland/deno/pull/20797
|
|
queries (#14130)
Closes #14122.
Adds two extensions to `--allow-run` behaviour:
- When `--allow-run=foo` is specified and `foo` is found in the `PATH`
at startup, `RunDescriptor::Path(which("foo"))` is added to the
allowlist alongside `RunDescriptor::Name("foo")`. Currently only the
latter is.
- When run permission for `foo` is queried and `foo` is found in the
`PATH` at runtime, either `RunDescriptor::Path(which("foo"))` or
`RunDescriptor::Name("foo")` would qualify in the allowlist. Currently
only the latter does.
|
|
This patch adds a `remote` backend for `ext/kv`. This supports
connection to Deno Deploy and potentially other services compatible with
the KV Connect protocol.
|
|
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.
These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.
Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.
Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.
Closes #18804.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
|
|
Takes #4202 over
Closes #17850
---------
Co-authored-by: ecyrbe <ecyrbe@gmail.com>
|
|
|
|
Co-authored-by: linbingquan <695601626@qq.com>
|
|
Refactors the internal usage of a readablestream to write to the
resource directly
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
clones (#18831)
We can make `NodePermissions` rely on interior mutability (which the
`PermissionsContainer` is already doing) in order to not have to clone
everything all the time. This also reduces the chance of an accidental
`borrow` while `borrrow_mut`.
|
|
This commit abstracts out the specifics of the underlying system calls
FS operations behind a new `FileSystem` and `File` trait in the
`ext/fs` extension.
This allows other embedders to re-use ext/fs, but substituting in a
different FS backend.
This is likely not the final form of these traits. Eventually they will
be entirely `deno_core::Resource` agnostic, and will live in a seperate
crate.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
With https://github.com/denoland/deno/pull/18568 landed we no longer
need "ext/flash".
This commit removes "deno_flash" extension completely.
This should have some impact on the binary and snapshot size.
Closes https://github.com/denoland/deno/issues/17356
|
|
This commit adds unstable "Deno.openKv()" API that allows to open
a key-value database at a specified path.
---------
Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
These methods are confusing because the arguments are backwards. I feel
like they should have never been added to `Option<T>` and that clippy
should suggest rewriting to
`map(...).unwrap_or(...)`/`map(...).unwrap_or_else(|| ...)`
https://github.com/rust-lang/rfcs/issues/1025
|
|
These call sites didn't need to use "resolve_url_or_path".
Towards landing https://github.com/denoland/deno/pull/15454
|
|
|
|
This commit factors out APIs related to file system from "runtime/"
to a separate "deno_fs" extension crate.
|
|
This will help us with moving fs ops to a separate extension crate.
|
|
(#17140)
This commit adds new "A" option to the interactive permission prompt, that will
allow all subsequent permissions for given group (domain). Ie. when querying for
permissions to access eg. env variables responding with "A" will allow access
to all environmental variables.
This works for all permission domains and should make permission prompts
more ergonomic for users.
|
|
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
|
|
Closes https://github.com/denoland/deno/issues/2699
Closes https://github.com/denoland/deno/issues/2347
Uses unstable rustfmt features. Since dprint invokes `rustfmt` we do not
need to switch the cargo toolchain to nightly. Do we care about
formatting stability of our codebase across Rust versions? (I don't)
|
|
Co-authored-by: Divy Srivastava <dj.srivastava23@gmail.com>
|
|
mutability (#17134)
Turns out we were cloning permissions which after prompting were discarded,
so the state of permissions was never preserved. To handle that we need to store
all permissions behind "Arc<Mutex<>>" (because there are situations where we
need to send them to other thread).
Testing and benching code still uses "Permissions" in most places - it's undesirable
to share the same permission set between various test/bench files - otherwise
granting or revoking permissions in one file would influence behavior of other test
files.
|
|
Yearly tradition of creating extra noise in git.
|
|
This PR adds support for `Deno.osUptime` which reports number of seconds
since os was booted. It will allow us to be compatible with Node's `os.uptime` -
https://nodejs.org/api/os.html#osuptime
Partially based on
https://docs.rs/uptime_lib/latest/src/uptime_lib/lib.rs.html
|
|
This commit changes permission prompt to show that "import()" API
is requesting permissions.
Given "dynamic_import.js" like so:
```
import("https://deno.land/std@0.170.0/version.ts");
```
Before:
```
deno run dynamic_import.js
⚠️ ┌ Deno requests net access to "deno.land".
├ Run again with --allow-net to bypass this prompt.
└ Allow? [y/n] (y = yes, allow; n = no, deny) >
```
After:
```
deno run dynamic_import.js
⚠️ ┌ Deno requests net access to "deno.land".
├ Requested by `import()` API
├ Run again with --allow-net to bypass this prompt.
└ Allow? [y/n] (y = yes, allow; n = no, deny) >
```
|
|
(#16975)
This commit refactors several things in "runtime/permissions" module:
- splits it into "mod.rs" and "prompter.rs"
- adds "PermissionPrompter" trait with two implementations:
* "TtyPrompter"
* "TestPrompter"
- adds "before" and "after" prompt callback which can be used to hide
progress bar in the CLI (to be done in a follow up)
- "permissions_prompt" API returns "PromptResponse" enum, instead
of a boolean; this allows to add "allow all"/"deny all" functionality
for the prompt
|
