From c6e34bc7a7784611c92402bb4b9b1f45f62e924b Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Tue, 22 Feb 2022 23:25:59 +0100 Subject: [PATCH] lib: enable global WebCrypto by default Enables `--experimental-global-webcrypto` by default, and ensures that the classic `node:crypto` core module is still available in `--eval` or `--print` contexts. --- .eslintrc.js | 1 + doc/api/cli.md | 18 +++++----- doc/api/globals.md | 34 ++++++++++++++----- doc/node.1 | 6 ++-- lib/internal/bootstrap/pre_execution.js | 2 +- lib/internal/main/eval_string.js | 2 ++ src/node_options.cc | 3 +- src/node_options.h | 2 +- test/parallel/test-bootstrap-modules.js | 8 +++++ test/parallel/test-cli-eval.js | 10 ++++++ .../parallel/test-global-webcrypto-classes.js | 2 +- .../parallel/test-global-webcrypto-disbled.js | 10 ++++++ test/parallel/test-global.js | 1 + 13 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 test/parallel/test-global-webcrypto-disbled.js diff --git a/.eslintrc.js b/.eslintrc.js index d44e3f1414f438..7faf45a39defd8 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -317,6 +317,7 @@ module.exports = { 'node-core/no-duplicate-requires': 'error', }, globals: { + crypto: 'readable', Crypto: 'readable', CryptoKey: 'readable', fetch: 'readable', diff --git a/doc/api/cli.md b/doc/api/cli.md index 8bfb1e9792ace5..5f57706fb38d3b 100644 --- a/doc/api/cli.md +++ b/doc/api/cli.md @@ -280,14 +280,6 @@ effort to report stack traces relative to the original source file. Overriding `Error.prepareStackTrace` prevents `--enable-source-maps` from modifying the stack trace. -### `--experimental-global-webcrypto` - - - -Expose the [Web Crypto API][] on the global scope. - ### `--experimental-import-meta-resolve` + +Disable exposition of [Web Crypto API][] on the global scope. + ### `--no-experimental-repl-await` -> Stability: 1 - Experimental. Enable this API with the -> [`--experimental-global-webcrypto`][] CLI flag. +> Stability: 1 - Experimental. Disable this API with the +> [`--no-experimental-global-webcrypto`][] CLI flag. A browser-compatible implementation of {Crypto}. This global is available only if the Node.js binary was compiled with including support for the @@ -324,10 +328,14 @@ only if the Node.js binary was compiled with including support for the -> Stability: 1 - Experimental. Enable this API with the -> [`--experimental-global-webcrypto`][] CLI flag. +> Stability: 1 - Experimental. Disable this API with the +> [`--no-experimental-global-webcrypto`][] CLI flag. A browser-compatible implementation of the [Web Crypto API][]. @@ -335,10 +343,14 @@ A browser-compatible implementation of the [Web Crypto API][]. -> Stability: 1 - Experimental. Enable this API with the -> [`--experimental-global-webcrypto`][] CLI flag. +> Stability: 1 - Experimental. Disable this API with the +> [`--no-experimental-global-webcrypto`][] CLI flag. A browser-compatible implementation of {CryptoKey}. This global is available only if the Node.js binary was compiled with including support for the @@ -586,10 +598,14 @@ The WHATWG [`structuredClone`][] method. -> Stability: 1 - Experimental. Enable this API with the -> [`--experimental-global-webcrypto`][] CLI flag. +> Stability: 1 - Experimental. Disable this API with the +> [`--no-experimental-global-webcrypto`][] CLI flag. A browser-compatible implementation of {SubtleCrypto}. This global is available only if the Node.js binary was compiled with including support for the @@ -660,8 +676,8 @@ The object that acts as the namespace for all W3C [Mozilla Developer Network][webassembly-mdn] for usage and compatibility. [Web Crypto API]: webcrypto.md -[`--experimental-global-webcrypto`]: cli.md#--experimental-global-webcrypto [`--no-experimental-fetch`]: cli.md#--no-experimental-fetch +[`--no-experimental-global-webcrypto`]: cli.md#--no-experimental-global-webcrypto [`AbortController`]: https://developer.mozilla.org/en-US/docs/Web/API/AbortController [`DOMException`]: https://developer.mozilla.org/en-US/docs/Web/API/DOMException [`EventTarget` and `Event` API]: events.md#eventtarget-and-event-api diff --git a/doc/node.1 b/doc/node.1 index 27b3365140cc57..f7742e68182b37 100644 --- a/doc/node.1 +++ b/doc/node.1 @@ -139,9 +139,6 @@ Requires Node.js to be built with .It Fl -enable-source-maps Enable Source Map V3 support for stack traces. . -.It Fl -experimental-global-webcrypto -Expose the Web Crypto API on the global scope. -. .It Fl -experimental-import-meta-resolve Enable experimental ES modules support for import.meta.resolve(). . @@ -159,6 +156,9 @@ Use the specified file as a security policy. .It Fl -no-experimental-fetch Disable experimental support for the Fetch API. . +.It Fl -no-experimental-global-webcrypto +Disable exposition of the Web Crypto API on the global scope. +. .It Fl -no-experimental-repl-await Disable top-level await keyword support in REPL. . diff --git a/lib/internal/bootstrap/pre_execution.js b/lib/internal/bootstrap/pre_execution.js index 33a594d35fcbb0..8431b1ab1ca70a 100644 --- a/lib/internal/bootstrap/pre_execution.js +++ b/lib/internal/bootstrap/pre_execution.js @@ -199,7 +199,7 @@ function setupFetch() { // removed. function setupWebCrypto() { if (process.config.variables.node_no_browser_globals || - !getOptionValue('--experimental-global-webcrypto')) { + getOptionValue('--no-experimental-global-webcrypto')) { return; } diff --git a/lib/internal/main/eval_string.js b/lib/internal/main/eval_string.js index 2784204f6002e9..656bb4982d75a6 100644 --- a/lib/internal/main/eval_string.js +++ b/lib/internal/main/eval_string.js @@ -16,6 +16,8 @@ const { addBuiltinLibsToObject } = require('internal/modules/cjs/helpers'); const { getOptionValue } = require('internal/options'); prepareMainThreadExecution(); +// Delete Webcrypto from the global scope for backward compatibility. +delete globalThis.crypto; addBuiltinLibsToObject(globalThis, ''); markBootstrapComplete(); diff --git a/src/node_options.cc b/src/node_options.cc index b8b6d85f39e4ed..41eebd1e13edb8 100644 --- a/src/node_options.cc +++ b/src/node_options.cc @@ -323,7 +323,8 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() { AddOption("--experimental-global-webcrypto", "expose experimental Web Crypto API on the global scope", &EnvironmentOptions::experimental_global_web_crypto, - kAllowedInEnvironment); + kAllowedInEnvironment, + true); AddOption("--experimental-json-modules", "", NoOp{}, kAllowedInEnvironment); AddOption("--experimental-loader", "use the specified module as a custom loader", diff --git a/src/node_options.h b/src/node_options.h index 3335c12b8cdcf7..034c7e18e1bdcf 100644 --- a/src/node_options.h +++ b/src/node_options.h @@ -108,7 +108,7 @@ class EnvironmentOptions : public Options { std::string dns_result_order; bool enable_source_maps = false; bool experimental_fetch = true; - bool experimental_global_web_crypto = false; + bool experimental_global_web_crypto = true; bool experimental_https_modules = false; std::string experimental_specifier_resolution; bool experimental_wasm_modules = false; diff --git a/test/parallel/test-bootstrap-modules.js b/test/parallel/test-bootstrap-modules.js index d29e2de66bdf4d..c91568352f35a4 100644 --- a/test/parallel/test-bootstrap-modules.js +++ b/test/parallel/test-bootstrap-modules.js @@ -16,6 +16,7 @@ const expectedModules = new Set([ 'Internal Binding constants', 'Internal Binding contextify', 'Internal Binding credentials', + 'Internal Binding crypto', 'Internal Binding errors', 'Internal Binding fs_dir', 'Internal Binding fs_event_wrap', @@ -55,6 +56,12 @@ const expectedModules = new Set([ 'NativeModule internal/console/constructor', 'NativeModule internal/console/global', 'NativeModule internal/constants', + 'NativeModule internal/crypto/hash', + 'NativeModule internal/crypto/hashnames', + 'NativeModule internal/crypto/keys', + 'NativeModule internal/crypto/random', + 'NativeModule internal/crypto/util', + 'NativeModule internal/crypto/webcrypto', 'NativeModule internal/dtrace', 'NativeModule internal/encoding', 'NativeModule internal/errors', @@ -120,6 +127,7 @@ const expectedModules = new Set([ 'NativeModule internal/streams/duplex', 'NativeModule internal/streams/end-of-stream', 'NativeModule internal/streams/from', + 'NativeModule internal/streams/lazy_transform', 'NativeModule internal/streams/legacy', 'NativeModule internal/streams/operators', 'NativeModule internal/streams/passthrough', diff --git a/test/parallel/test-cli-eval.js b/test/parallel/test-cli-eval.js index e95fee008d6e3a..e320e5c692bf8a 100644 --- a/test/parallel/test-cli-eval.js +++ b/test/parallel/test-cli-eval.js @@ -288,3 +288,13 @@ child.exec( common.mustSucceed((stdout) => { assert.strictEqual(stdout, '.mjs file\n'); })); + +if (common.hasCrypto) { + // Assert that calls to crypto utils work without require. + child.exec( + `${nodejs} ` + + '-e "console.log(crypto.randomBytes(16).toString(\'hex\'))"', + common.mustSucceed((stdout) => { + assert.match(stdout, /[0-9a-f]{32}/i); + })); +} diff --git a/test/parallel/test-global-webcrypto-classes.js b/test/parallel/test-global-webcrypto-classes.js index 083592bd92278c..ac42ff1d82e2d1 100644 --- a/test/parallel/test-global-webcrypto-classes.js +++ b/test/parallel/test-global-webcrypto-classes.js @@ -1,4 +1,4 @@ -// Flags: --experimental-global-webcrypto --expose-internals +// Flags: --expose-internals 'use strict'; const common = require('../common'); diff --git a/test/parallel/test-global-webcrypto-disbled.js b/test/parallel/test-global-webcrypto-disbled.js new file mode 100644 index 00000000000000..ebbb4afa9a03c5 --- /dev/null +++ b/test/parallel/test-global-webcrypto-disbled.js @@ -0,0 +1,10 @@ +// Flags: --no-experimental-global-webcrypto +'use strict'; + +require('../common'); +const assert = require('assert'); + +assert.strictEqual(typeof crypto, 'undefined'); +assert.strictEqual(typeof Crypto, 'undefined'); +assert.strictEqual(typeof CryptoKey, 'undefined'); +assert.strictEqual(typeof SubtleCrypto, 'undefined'); diff --git a/test/parallel/test-global.js b/test/parallel/test-global.js index 3585062bf310e5..583e44c7a583cb 100644 --- a/test/parallel/test-global.js +++ b/test/parallel/test-global.js @@ -55,6 +55,7 @@ builtinModules.forEach((moduleName) => { 'setTimeout', 'structuredClone', 'fetch', + 'crypto', ]; assert.deepStrictEqual(new Set(Object.keys(global)), new Set(expected)); }