1
0
silverbullet/plugos/sandboxes/deno_worker_sandbox.ts

27 lines
851 B
TypeScript
Raw Normal View History

2024-01-14 12:38:39 +00:00
import { WorkerSandbox } from "./worker_sandbox.ts";
import { Plug } from "../plug.ts";
2024-01-14 12:38:39 +00:00
import { Sandbox } from "./sandbox.ts";
2022-10-12 09:47:13 +00:00
// Uses Deno's permissions to lock the worker down significantly
export function createSandbox<HookT>(plug: Plug<HookT>): Sandbox<HookT> {
2024-01-14 12:38:39 +00:00
return new WorkerSandbox(plug, {
deno: {
permissions: {
2023-08-04 16:56:55 +00:00
// Allow network access
net: true,
// This is required for console logging to work, apparently?
env: true,
// No talking to native code
ffi: false,
// No invocation of shell commands
run: false,
// No read access to the file system
read: false,
// No write access to the file system
write: false,
2022-10-17 13:56:47 +00:00
},
},
// Have to do this because the "deno" option is not standard and doesn't typecheck yet
} as any);
}