2024-01-14 12:38:39 +00:00
|
|
|
import { WorkerSandbox } from "./worker_sandbox.ts";
|
2022-10-10 12:50:21 +00:00
|
|
|
import { Plug } from "../plug.ts";
|
2024-01-14 12:38:39 +00:00
|
|
|
import { Sandbox } from "./sandbox.ts";
|
2022-10-12 09:47:13 +00:00
|
|
|
|
2023-05-23 18:53:53 +00:00
|
|
|
// Uses Deno's permissions to lock the worker down significantly
|
|
|
|
export function createSandbox<HookT>(plug: Plug<HookT>): Sandbox<HookT> {
|
2024-01-14 12:38:39 +00:00
|
|
|
return new WorkerSandbox(plug, {
|
2023-05-23 18:53:53 +00:00
|
|
|
deno: {
|
|
|
|
permissions: {
|
2023-08-04 16:56:55 +00:00
|
|
|
// Allow network access
|
|
|
|
net: true,
|
2023-05-23 18:53:53 +00:00
|
|
|
// This is required for console logging to work, apparently?
|
|
|
|
env: true,
|
|
|
|
// No talking to native code
|
|
|
|
ffi: false,
|
|
|
|
// No invocation of shell commands
|
|
|
|
run: false,
|
|
|
|
// No read access to the file system
|
|
|
|
read: false,
|
|
|
|
// No write access to the file system
|
|
|
|
write: false,
|
2022-10-17 13:56:47 +00:00
|
|
|
},
|
2023-05-23 18:53:53 +00:00
|
|
|
},
|
|
|
|
// Have to do this because the "deno" option is not standard and doesn't typecheck yet
|
|
|
|
} as any);
|
2022-03-20 08:56:28 +00:00
|
|
|
}
|