Skip to content

authgear/authgear-deno

Repository files navigation

authgear-deno

authgear-deno is a HTTP server that takes a JavaScript / TypeScript file and an JSON value. The file is expected to have a default export of a function taking one argument, and return a value. The function can be async or sync.

authgear-deno takes care of granting permission as the script runs. Only network access to remote is granted.

Setup

Install Deno according to .tool-versions.

Run

$ make start

Examples

Evaluate a pure function

$ curl --request POST \
  --url http://localhost:8090/run \
  --header 'Content-Type: application/json' \
  --data '{
	"script": "export default async function addOne(a) { return a + 1; }",
	"input": 42
}'
{"output":43,"stderr":{},"stdout":{}}

Evaluate a function with side-effects

$ curl --request POST \
  --url http://localhost:8090/run \
  --header 'Content-Type: application/json' \
  --data '{
	"script": "export default async function addOne(a) { console.log('\''hello'\''); return a + 1; }",
	"input": 42
}'
{"output":43,"stderr":{},"stdout":{"string":"hello\n"}}

Evaluate a malicious function

$ curl --request POST \
  --url http://localhost:8090/run \
  --header 'Content-Type: application/json' \
  --data '{
	"script": "export default async function malicious() { Deno.remove('\''/'\'', { recursive: true}) }",
	"input": 42
}'
{"error":"exit status 1","stderr":{"string":"┌ ⚠️  Deno requests write access to \"/\".\r\n├ Requested by `Deno.remove()` API.\r\n├ Run again with --allow-write to bypass this prompt.\r\n└ Allow? [y/n/A] (y = yes, allow; n = no, deny; A = allow all write permissions) \u003e n\r\n\u001b[4A\u001b[0J❌ Denied write access to \"/\".\r\nerror: Uncaught (in promise) PermissionDenied: Requires write access to \"/\", run again with the --allow-write flag\r\nexport default async function malicious() { Deno.remove('/', { recursive: true}) }\r\n                                                 ^\r\n    at Object.remove (ext:deno_fs/30_fs.js:259:9)\r\n    at Module.malicious (file:///var/folders/8x/b6m06y8j6xdfhnb574s1yn_00000gn/T/authgear-deno-script.3385027413.ts:1:50)\r\n    at file:///Users/louischan/authgear-deno/pkg/deno/runner.ts:7:47\r\n"},"stdout":{}}

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published