Let PolicyWorker run in sandbox with store

2025-12-06 11:29:46 +00:00 · 2024-09-11 14:04:11 -05:00 · 2024-09-11 14:04:11 -05:00 · cae0f492f3
commit cae0f492f3
parent ebc0250d81
3 changed files with 34 additions and 4 deletions
--- a/src/config.ts
+++ b/src/config.ts
@ -1,3 +1,4 @@
+import os from 'node:os';
 import * as dotenv from '@std/dotenv';
 import { getPublicKey, nip19 } from 'nostr-tools';
 import { z } from 'zod';
@ -240,6 +241,14 @@ class Conf {
  static get policy(): string {
    return Deno.env.get('DITTO_POLICY') || new URL('../data/policy.ts', import.meta.url).pathname;
  }
+  /** Absolute path to the data directory used by Ditto. */
+  static get dataDir(): string {
+    return Deno.env.get('DITTO_DATA_DIR') || new URL('../data', import.meta.url).pathname;
+  }
+  /** Absolute path of the Deno directory. */
+  static get denoDir(): string {
+    return Deno.env.get('DENO_DIR') || `${os.userInfo().homedir}/.cache/deno`;
+  }
  /** Whether zap splits should be enabled. */
  static get zapSplitsEnabled(): boolean {
    return optionalBooleanSchema.parse(Deno.env.get('ZAP_SPLITS_ENABLED')) ?? false;
--- a/src/workers/policy.ts
+++ b/src/workers/policy.ts
@ -13,8 +13,8 @@ export const policyWorker = Comlink.wrap<CustomPolicy>(
      type: 'module',
      deno: {
        permissions: {
-          read: [Conf.policy],
-          write: false,
+          read: [Conf.denoDir, Conf.policy, Conf.dataDir],
+          write: [Conf.dataDir],
          net: 'inherit',
          env: false,
        },
@ -24,7 +24,12 @@ export const policyWorker = Comlink.wrap<CustomPolicy>(
 );

 try {
-  await policyWorker.init(Conf.policy, Conf.databaseUrl, Conf.pubkey);
+  await policyWorker.init({
+    path: Conf.policy,
+    cwd: Deno.cwd(),
+    databaseUrl: Conf.databaseUrl,
+    adminPubkey: Conf.pubkey,
+  });
  console.debug(`Using custom policy: ${Conf.policy}`);
 } catch (e) {
  if (e.message.includes('Module not found')) {
--- a/src/workers/policy.worker.ts
+++ b/src/workers/policy.worker.ts
@ -6,6 +6,18 @@ import * as Comlink from 'comlink';
 import { DittoDB } from '@/db/DittoDB.ts';
 import { EventsDB } from '@/storages/EventsDB.ts';

+/** Serializable object the worker can use to set up the state. */
+interface PolicyInit {
+  /** Path to the policy module (https, jsr, file, etc) */
+  path: string;
+  /** Current working directory. */
+  cwd: string;
+  /** Database URL to connect to. */
+  databaseUrl: string;
+  /** Admin pubkey to use for EventsDB checks. */
+  adminPubkey: string;
+}
+
 export class CustomPolicy implements NPolicy {
  private policy: NPolicy = new ReadOnlyPolicy();

@ -14,7 +26,11 @@ export class CustomPolicy implements NPolicy {
    return this.policy.call(event);
  }

-  async init(path: string, databaseUrl: string, adminPubkey: string): Promise<void> {
+  async init({ path, cwd, databaseUrl, adminPubkey }: PolicyInit): Promise<void> {
+    // HACK: PGlite uses `path.resolve`, which requires read permission on Deno (which we don't want to give).
+    // We can work around this getting the cwd from the caller and overwriting `Deno.cwd`.
+    Deno.cwd = () => cwd;
+
    const { kysely } = DittoDB.create(databaseUrl, { poolSize: 1 });

    const store = new EventsDB({