Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Proposal: allow specifying permissions with an external typescirpt file #17177

Closed
sigmaSd opened this issue Dec 24, 2022 · 1 comment
Closed

Proposal: allow specifying permissions with an external typescirpt file #17177

sigmaSd opened this issue Dec 24, 2022 · 1 comment

Comments

@sigmaSd
Copy link
Contributor

sigmaSd commented Dec 24, 2022

Text copied from https://github.com/sigmaSd/deno-with-permissions-ts

deno-with-permissions-ts

Deno with more flexible permissions specificaiton

Whats this

A proposal to allow deno users to specify permissions via an external typescript file

Motivation

  • Some permissions are complex
  • Some permissions needs to be expressed in a crossplatform way
  • Some permissions requires knowing the internals of the application

But all theses permissions are expressable if we use Deno ecosystem, and thus this proposal

How it looks

the user can write a permissions.ts (any name), it has to export a default memeber with this signature

https://github.com/sigmaSd/deno-with-permissions-ts/blob/master/api.ts

// simple api can be improved
export interface Permissions {
  read?: string[];
  write?: string[];
  env?: string[];
  net?: string[];
}

and then the user can run his application with deno run --permissions=$path_to_permissions_file.ts user_app.ts

Example

Taking https://github.com/sigmaSd/Chef/tree/permissions as an example, here are its permissions
https://github.com/sigmaSd/Chef/blob/permissions/permissions.ts

import { Chef } from "./src/lib.ts";
import { Permissions } from "https://raw.githubusercontent.com/sigmaSd/deno-with-permissions-ts/master/api.ts";

const getEnvPermission = () => {
  switch (Deno.build.os) {
    case "linux": {
      return ["XDG_CACHE_HOME", "HOME"];
    }
    case "darwin": {
      return ["HOME"];
    }
    case "windows":
      return ["LOCALAPPDATA"];
  }
};

const permissions: Permissions = {
  read: [Chef.dbPath, Chef.binPath], // uses internal chef dbPath and binPath
  write: [Chef.dbPath, Chef.binPath],
  env: getEnvPermission(),
  net: ["github.com"],
};

export default permissions;

Can I test this right now?

First install a wrapper around deno, with this idea implemented:

deno install --unstable -A -n deno2 https://github.com/sigmaSd/deno-with-permissions-ts/raw/master/main.ts

Then you can try with the chef repo example:

deno2  run --print-generated-permissions=true --permissions=https://github.com/sigmaSd/Chef/raw/permissions/permissions.ts https://github.com/sigmaSd/Chef/raw/permissions/example.ts
@sigmaSd sigmaSd mentioned this issue Dec 24, 2022
Open
@bartlomieju
Copy link
Member

There are no plans to support permissions in JS/TS files, but currently there is a PR going on (#27483) that would implement support for specifying permissions in the config file(#26372, #12763). Gonna close this one in favor of these two other issues.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bartlomieju @sigmaSd