6fb7e8d93b
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.
These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.
Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.
Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.
Closes #18804.
---------
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
|
||
|---|---|---|
| .. | ||
| examples | ||
| js | ||
| ops | ||
| permissions | ||
| build.rs | ||
| Cargo.toml | ||
| clippy.toml | ||
| colors.rs | ||
| errors.rs | ||
| fmt_errors.rs | ||
| fs_util.rs | ||
| inspector_server.rs | ||
| js.rs | ||
| lib.rs | ||
| README.md | ||
| tokio_util.rs | ||
| web_worker.rs | ||
| worker.rs | ||
| worker_bootstrap.rs | ||
deno_runtime crate
This is a slim version of the Deno CLI which removes typescript integration and various tooling (like lint and doc). Basically only JavaScript execution with Deno's operating system bindings (ops).
Stability
This crate is built using battle-tested modules that were originally in deno
crate, however the API of this crate is subject to rapid and breaking changes.
MainWorker
The main API of this crate is MainWorker. MainWorker is a structure
encapsulating deno_core::JsRuntime with a set of ops used to implement Deno
namespace.
When creating a MainWorker implementors must call MainWorker::bootstrap to
prepare JS runtime for use.
MainWorker is highly configurable and allows to customize many of the
runtime's properties:
- module loading implementation
- error formatting
- support for source maps
- support for V8 inspector and Chrome Devtools debugger
- HTTP client user agent, CA certificate
- random number generator seed
Worker Web API
deno_runtime comes with support for Worker Web API. The Worker API is
implemented using WebWorker structure.
When creating a new instance of MainWorker implementors must provide a
callback function that is used when creating a new instance of Worker.
All WebWorker instances are descendents of MainWorker which is responsible
for setting up communication with child worker. Each WebWorker spawns a new OS
thread that is dedicated solely to that worker.