mirror of
https://github.com/denoland/deno.git
synced 2025-08-04 19:08:15 +00:00
fix(npm): allow to read package.json if permissions are granted (#17209)
This commit changes signature of "deno_core::ModuleLoader::resolve" to pass an enum indicating whether or not we're resolving a specifier for dynamic import. Additionally "CliModuleLoader" was changes to store both "parent permissions" (or "root permissions") as well as "dynamic permissions" that allow to check for permissions in top-level module load an dynamic imports. Then all code paths that have anything to do with Node/npm compat are now checking for permissions which are passed from module loader instance associated with given worker.
This commit is contained in:
Bartek Iwańczuk
GitHub
parent
45768f0e83
commit
636352e0ca
26 changed files with 306 additions and 93 deletions
|
|
@ -10,6 +10,7 @@ use deno_core::error::AnyError;
|
|||
use deno_core::futures;
|
||||
use deno_core::futures::future::BoxFuture;
|
||||
use deno_core::url::Url;
|
||||
use deno_runtime::deno_node::NodePermissions;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
|
||||
use crate::args::Lockfile;
|
||||
|
|
@ -54,7 +55,11 @@ pub trait InnerNpmPackageResolver: Send + Sync {
|
|||
|
||||
fn cache_packages(&self) -> BoxFuture<'static, Result<(), AnyError>>;
|
||||
|
||||
fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError>;
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError>;
|
||||
|
||||
fn snapshot(&self) -> NpmResolutionSnapshot;
|
||||
|
||||
|
|
@ -103,6 +108,7 @@ pub async fn cache_packages(
|
|||
}
|
||||
|
||||
pub fn ensure_registry_read_permission(
|
||||
permissions: &mut dyn NodePermissions,
|
||||
registry_path: &Path,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
|
|
@ -126,10 +132,7 @@ pub fn ensure_registry_read_permission(
|
|||
}
|
||||
}
|
||||
|
||||
Err(deno_core::error::custom_error(
|
||||
"PermissionDenied",
|
||||
format!("Reading {} is not allowed", path.display()),
|
||||
))
|
||||
permissions.check_read(path)
|
||||
}
|
||||
|
||||
/// Gets the corresponding @types package for the provided package name.
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ use deno_core::error::AnyError;
|
|||
use deno_core::futures::future::BoxFuture;
|
||||
use deno_core::futures::FutureExt;
|
||||
use deno_core::url::Url;
|
||||
use deno_runtime::deno_node::NodePermissions;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
|
||||
use crate::args::Lockfile;
|
||||
|
|
@ -154,9 +155,13 @@ impl InnerNpmPackageResolver for GlobalNpmPackageResolver {
|
|||
async move { cache_packages_in_resolver(&resolver).await }.boxed()
|
||||
}
|
||||
|
||||
fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError> {
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
let registry_path = self.cache.registry_folder(&self.registry_url);
|
||||
ensure_registry_read_permission(®istry_path, path)
|
||||
ensure_registry_read_permission(permissions, ®istry_path, path)
|
||||
}
|
||||
|
||||
fn snapshot(&self) -> NpmResolutionSnapshot {
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ use deno_core::futures::future::BoxFuture;
|
|||
use deno_core::futures::FutureExt;
|
||||
use deno_core::url::Url;
|
||||
use deno_runtime::deno_core::futures;
|
||||
use deno_runtime::deno_node::NodePermissions;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::deno_node::PackageJson;
|
||||
use tokio::task::JoinHandle;
|
||||
|
|
@ -245,8 +246,16 @@ impl InnerNpmPackageResolver for LocalNpmPackageResolver {
|
|||
.boxed()
|
||||
}
|
||||
|
||||
fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError> {
|
||||
ensure_registry_read_permission(&self.root_node_modules_path, path)
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
ensure_registry_read_permission(
|
||||
permissions,
|
||||
&self.root_node_modules_path,
|
||||
path,
|
||||
)
|
||||
}
|
||||
|
||||
fn snapshot(&self) -> NpmResolutionSnapshot {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ use deno_core::error::custom_error;
|
|||
use deno_core::error::AnyError;
|
||||
use deno_core::parking_lot::Mutex;
|
||||
use deno_core::serde_json;
|
||||
use deno_runtime::deno_node::NodePermissions;
|
||||
use deno_runtime::deno_node::NodeResolutionMode;
|
||||
use deno_runtime::deno_node::PathClean;
|
||||
use deno_runtime::deno_node::RequireNpmResolver;
|
||||
|
|
@ -367,8 +368,12 @@ impl RequireNpmResolver for NpmPackageResolver {
|
|||
.is_ok()
|
||||
}
|
||||
|
||||
fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError> {
|
||||
self.inner.ensure_read_permission(path)
|
||||
fn ensure_read_permission(
|
||||
&self,
|
||||
permissions: &mut dyn NodePermissions,
|
||||
path: &Path,
|
||||
) -> Result<(), AnyError> {
|
||||
self.inner.ensure_read_permission(permissions, path)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue