js/permissions.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

// Copyright 2018-2019 the Deno authors. All rights reserved. MIT license.
import * as msg from "gen/msg_generated";
import * as flatbuffers from "./flatbuffers";
import * as dispatch from "./dispatch";
import { assert } from "./util";

/** Permissions as granted by the caller */
export interface Permissions {
  read: boolean;
  write: boolean;
  net: boolean;
  env: boolean;
  run: boolean;

  // NOTE: Keep in sync with src/permissions.rs
}

export type Permission = keyof Permissions;

function getReq(): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
  const builder = flatbuffers.createBuilder();
  msg.Permissions.startPermissions(builder);
  const inner = msg.Permissions.endPermissions(builder);
  return [builder, msg.Any.Permissions, inner];
}

function createPermissions(inner: msg.PermissionsRes): Permissions {
  return {
    read: inner.read(),
    write: inner.write(),
    net: inner.net(),
    env: inner.env(),
    run: inner.run()
  };
}

/** Inspect granted permissions for the current program.
 *
 *       if (Deno.permissions().read) {
 *         const file = await Deno.readFile("example.test");
 *         // ...
 *       }
 */
export function permissions(): Permissions {
  const baseRes = dispatch.sendSync(...getReq())!;
  assert(msg.Any.PermissionsRes === baseRes.innerType());
  const res = new msg.PermissionsRes();
  assert(baseRes.inner(res) != null);
  // TypeScript cannot track assertion above, therefore not null assertion
  return createPermissions(res);
}

function revokeReq(
  permission: string
): [flatbuffers.Builder, msg.Any, flatbuffers.Offset] {
  const builder = flatbuffers.createBuilder();
  const permission_ = builder.createString(permission);
  msg.PermissionRevoke.startPermissionRevoke(builder);
  msg.PermissionRevoke.addPermission(builder, permission_);
  const inner = msg.PermissionRevoke.endPermissionRevoke(builder);
  return [builder, msg.Any.PermissionRevoke, inner];
}

/** Revoke a permission. When the permission was already revoked nothing changes
 *
 *       if (Deno.permissions().read) {
 *         const file = await Deno.readFile("example.test");
 *         Deno.revokePermission('read');
 *       }
 *       Deno.readFile("example.test"); // -> error or permission prompt
 */
export function revokePermission(permission: Permission): void {
  dispatch.sendSync(...revokeReq(permission));
}