Pass API execution context to sandbox

tshemsedinov · tshemsedinov · commit ab67a0a8ec2f · 2020-05-15T23:38:16.000+03:00
Closes: #114 PR-URL: #112
diff --git a/lib/application.js b/lib/application.js
@@ -34,7 +34,8 @@ class Application extends events.EventEmitter {
 
   createSandbox() {
     const introspection = async () => [...this.api.keys()];
-    const application = { security, api: { introspection } };
+    const context = Object.freeze({});
+    const application = { security, api: { introspection }, context };
     for (const name of this.namespaces) application[name] = this[name];
     const sandbox = { console: this.logger, application, Buffer, api };
     sandbox.global = sandbox;
@@ -51,7 +52,7 @@ class Application extends events.EventEmitter {
     const data = await fsp.readFile(fileName, 'utf8');
     const code = data.startsWith('({') ? data :
       `({ access: 'logged', method: ${data.trim().slice(0, -1)} });`;
-    const src = `'use strict';\ncontext => ${code}`;
+    const src = `'use strict';\n${code}`;
     const options = { filename: fileName, lineOffset: -1 };
     try {
       return new vm.Script(src, options);
@@ -61,7 +62,8 @@ class Application extends events.EventEmitter {
     }
   }
 
-  runScript(methodName, sandbox = this.sandbox) {
+  runScript(methodName, session) {
+    const sandbox = session ? session.sandbox : this.sandbox;
     const script = this.api.get(methodName);
     if (!script) return null;
     return script.runInContext(sandbox, SCRIPT_OPTIONS);
diff --git a/lib/auth.js b/lib/auth.js
@@ -90,7 +90,7 @@ module.exports = application => {
       this.token = token;
       this.sandbox = sandbox;
       this.data = contextData;
-      this.context = new Proxy(contextData, contextHandler);
+      sandbox.context = new Proxy(contextData, contextHandler);
     }
   }
 
diff --git a/lib/server.js b/lib/server.js
@@ -92,14 +92,11 @@ class Client {
     }
     try {
       const session = await application.auth.restore(this);
-      const sandbox = session ? session.sandbox : undefined;
-      const context = session ? session.context : {};
-      const exp = application.runScript(method, sandbox);
-      if (!exp) {
+      const proc = application.runScript(method, session);
+      if (!proc) {
         this.error(404);
         return;
       }
-      const proc = exp(context);
       if (!session && proc.access !== 'public') {
         this.error(403, new Error(`Forbidden: /api/${method}`));
         return;

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ module.exports = application => {`
`90`	`90`	`this.token = token;`
`91`	`91`	`this.sandbox = sandbox;`
`92`	`92`	`this.data = contextData;`
`93`		`- this.context = new Proxy(contextData, contextHandler);`
	`93`	`+ sandbox.context = new Proxy(contextData, contextHandler);`
`94`	`94`	`}`
`95`	`95`	`}`
`96`	`96`