2014-02-23 23:59:49 +00:00
|
|
|
###
|
|
|
|
|
|
|
|
|
|
Dynamic Modules
|
|
|
|
|
===============
|
|
|
|
|
> Compiles CoffeeScript modules and loads JS modules in a VM, together
|
|
|
|
|
> with only a few allowed node.js modules.
|
|
|
|
|
###
|
|
|
|
|
|
2014-04-03 15:41:51 +00:00
|
|
|
# **Loads Modules:**
|
|
|
|
|
|
2014-04-04 21:57:22 +00:00
|
|
|
# - [Persistence](persistence.html)
|
2014-04-04 17:53:42 +00:00
|
|
|
db = require './persistence'
|
|
|
|
|
|
2014-02-23 23:59:49 +00:00
|
|
|
# - Node.js Modules: [vm](http://nodejs.org/api/vm.html) and
|
|
|
|
|
# [events](http://nodejs.org/api/events.html)
|
|
|
|
|
vm = require 'vm'
|
|
|
|
|
needle = require 'needle'
|
2014-04-06 19:36:34 +00:00
|
|
|
request = require 'request'
|
2014-02-23 23:59:49 +00:00
|
|
|
|
2014-04-03 15:41:51 +00:00
|
|
|
# - External Modules: [coffee-script](http://coffeescript.org/),
|
|
|
|
|
# [cryptico](https://github.com/wwwtyro/cryptico)
|
2014-02-23 23:59:49 +00:00
|
|
|
cs = require 'coffee-script'
|
2014-04-03 15:41:51 +00:00
|
|
|
cryptico = require 'my-cryptico'
|
2014-04-06 19:36:34 +00:00
|
|
|
cryptoJS = require 'crypto-js'
|
2014-04-02 21:08:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2014-02-23 23:59:49 +00:00
|
|
|
###
|
|
|
|
|
Module call
|
|
|
|
|
-----------
|
|
|
|
|
Initializes the dynamic module handler.
|
|
|
|
|
|
|
|
|
|
@param {Object} args
|
|
|
|
|
###
|
|
|
|
|
exports = module.exports = ( args ) =>
|
|
|
|
|
@log = args.logger
|
2014-04-03 15:41:51 +00:00
|
|
|
# FIXME this can't come through the arguments
|
|
|
|
|
if not @strPublicKey and args[ 'keygen' ]
|
2014-04-04 17:53:42 +00:00
|
|
|
db args
|
2014-04-03 15:41:51 +00:00
|
|
|
passPhrase = args[ 'keygen' ]
|
|
|
|
|
numBits = 1024
|
|
|
|
|
@oPrivateRSAkey = cryptico.generateRSAKey passPhrase, numBits
|
|
|
|
|
@strPublicKey = cryptico.publicKeyString @oPrivateRSAkey
|
2014-04-04 17:53:42 +00:00
|
|
|
@log.info "DM | Public Key generated: #{ @strPublicKey }"
|
2014-04-03 15:41:51 +00:00
|
|
|
|
2014-02-23 23:59:49 +00:00
|
|
|
module.exports
|
|
|
|
|
|
|
|
|
|
|
2014-04-03 15:41:51 +00:00
|
|
|
exports.getPublicKey = () =>
|
|
|
|
|
@strPublicKey
|
|
|
|
|
|
2014-04-06 19:36:34 +00:00
|
|
|
# We need to wrap the callbacks in try/catch so the token does not get killed and
|
|
|
|
|
# other modules are not called. This will be obsolete as soon as each module
|
|
|
|
|
# runs in a child process
|
|
|
|
|
# FIXME this seems not to achieve what we expected... token gets still lost
|
|
|
|
|
# -> implement child processes per module. (or better per user?)
|
|
|
|
|
issueNeedleCall = ( logger ) ->
|
2014-04-06 00:22:39 +00:00
|
|
|
( method, url, data, options, cb ) ->
|
|
|
|
|
try
|
|
|
|
|
needle.request method, url, data, options, ( err, resp, body ) =>
|
2014-04-05 17:02:03 +00:00
|
|
|
try
|
|
|
|
|
cb err, resp, body
|
|
|
|
|
catch err
|
2014-04-06 00:22:39 +00:00
|
|
|
logger 'Error during needle request! ' + err.message
|
2014-04-05 17:02:03 +00:00
|
|
|
catch err
|
2014-04-06 00:22:39 +00:00
|
|
|
logger 'Error before needle request! ' + err.message
|
2014-04-05 17:02:03 +00:00
|
|
|
|
2014-04-06 19:36:34 +00:00
|
|
|
issueRequest = ( logger ) ->
|
|
|
|
|
( options, cb ) ->
|
|
|
|
|
try
|
|
|
|
|
request options, ( err, resp, body ) =>
|
|
|
|
|
try
|
|
|
|
|
cb err, resp, body
|
|
|
|
|
catch err
|
|
|
|
|
logger 'Error during request! ' + err.message
|
|
|
|
|
catch err
|
|
|
|
|
logger 'Error before request! ' + err.message
|
|
|
|
|
|
2014-04-05 17:02:03 +00:00
|
|
|
logFunction = ( uId, rId, mId ) ->
|
|
|
|
|
( msg ) ->
|
|
|
|
|
db.appendLog uId, rId, mId, msg
|
|
|
|
|
|
2014-04-09 14:07:31 +00:00
|
|
|
regexpComments = /((\/\/.*$)|(\/\*[\s\S]*?\*\/))/mg;
|
|
|
|
|
getFunctionParamNames = ( fName, func, oFuncs ) ->
|
|
|
|
|
fnStr = func.toString().replace regexpComments, ''
|
|
|
|
|
result = fnStr.slice( fnStr.indexOf( '(' ) + 1, fnStr.indexOf( ')' ) ).match /([^\s,]+)/g
|
|
|
|
|
if not result
|
|
|
|
|
result = []
|
|
|
|
|
oFuncs[fName] = result
|
|
|
|
|
|
|
|
|
|
|
2014-02-23 23:59:49 +00:00
|
|
|
###
|
|
|
|
|
Try to run a JS module from a string, together with the
|
|
|
|
|
given parameters. If it is written in CoffeeScript we
|
|
|
|
|
compile it first into JS.
|
|
|
|
|
|
|
|
|
|
@public compileString ( *src, id, params, lang* )
|
|
|
|
|
@param {String} src
|
|
|
|
|
@param {String} id
|
|
|
|
|
@param {Object} params
|
|
|
|
|
@param {String} lang
|
|
|
|
|
###
|
2014-04-04 17:53:42 +00:00
|
|
|
exports.compileString = ( src, userId, ruleId, modId, lang, dbMod, cb ) =>
|
2014-02-23 23:59:49 +00:00
|
|
|
answ =
|
|
|
|
|
code: 200
|
|
|
|
|
message: 'Successfully compiled'
|
2014-02-24 12:20:25 +00:00
|
|
|
|
2014-04-03 15:41:51 +00:00
|
|
|
if lang is 'CoffeeScript'
|
2014-02-23 23:59:49 +00:00
|
|
|
try
|
|
|
|
|
src = cs.compile src
|
|
|
|
|
catch err
|
|
|
|
|
answ.code = 400
|
|
|
|
|
answ.message = 'Compilation of CoffeeScript failed at line ' +
|
|
|
|
|
err.location.first_line
|
2014-04-04 17:53:42 +00:00
|
|
|
|
|
|
|
|
fTryToLoad = ( params ) =>
|
2014-04-06 19:36:34 +00:00
|
|
|
|
2014-04-04 17:53:42 +00:00
|
|
|
if params
|
|
|
|
|
try
|
|
|
|
|
oDecrypted = cryptico.decrypt params, @oPrivateRSAkey
|
|
|
|
|
params = JSON.parse oDecrypted.plaintext
|
|
|
|
|
catch err
|
|
|
|
|
@log.warn "DM | Error during parsing of user defined params for #{ userId }, #{ ruleId }, #{ modId }"
|
2014-04-05 17:02:03 +00:00
|
|
|
@log.warn err
|
2014-04-04 17:53:42 +00:00
|
|
|
params = {}
|
|
|
|
|
else
|
|
|
|
|
params = {}
|
2014-04-04 21:57:22 +00:00
|
|
|
|
2014-04-05 17:02:03 +00:00
|
|
|
logFunc = logFunction userId, ruleId, modId
|
2014-04-04 17:53:42 +00:00
|
|
|
sandbox =
|
|
|
|
|
id: userId + '.' + modId + '.vm'
|
|
|
|
|
params: params
|
2014-04-06 19:36:34 +00:00
|
|
|
needlereq: issueNeedleCall logFunc
|
|
|
|
|
request: issueRequest logFunc
|
|
|
|
|
cryptoJS: cryptoJS
|
2014-04-05 17:02:03 +00:00
|
|
|
log: logFunc
|
2014-04-06 00:22:39 +00:00
|
|
|
debug: console.log
|
2014-04-04 17:53:42 +00:00
|
|
|
exports: {}
|
|
|
|
|
|
|
|
|
|
#TODO child_process to run module!
|
|
|
|
|
#Define max runtime per loop as 10 seconds, after that the child will be killed
|
|
|
|
|
#it can still be active after that if there was a timing function or a callback used...
|
|
|
|
|
#kill the child each time? how to determine whether there's still a token in the module?
|
|
|
|
|
try
|
|
|
|
|
vm.runInNewContext src, sandbox, sandbox.id
|
|
|
|
|
# TODO We should investigate memory usage and garbage collection (global.gc())?
|
|
|
|
|
# Start Node with the flags —nouse_idle_notification and —expose_gc, and then when you want to run the GC, just call global.gc().
|
|
|
|
|
catch err
|
|
|
|
|
answ.code = 400
|
2014-04-06 00:22:39 +00:00
|
|
|
msg = err.message
|
|
|
|
|
if not msg
|
|
|
|
|
msg = 'Try to run the script locally to track the error! Sadly we cannot provide the line number'
|
|
|
|
|
answ.message = 'Loading Module failed: ' + msg
|
2014-04-09 14:07:31 +00:00
|
|
|
oFuncParams = {}
|
|
|
|
|
for fName, func of sandbox.exports
|
|
|
|
|
getFunctionParamNames fName, func, oFuncParams
|
2014-04-04 17:53:42 +00:00
|
|
|
cb
|
|
|
|
|
answ: answ
|
|
|
|
|
module: sandbox.exports
|
2014-04-09 14:07:31 +00:00
|
|
|
funcParams: oFuncParams
|
2014-04-05 17:02:03 +00:00
|
|
|
logger: sandbox.log
|
2014-04-04 17:53:42 +00:00
|
|
|
|
|
|
|
|
if dbMod
|
|
|
|
|
dbMod.getUserParams modId, userId, ( err, obj ) ->
|
|
|
|
|
fTryToLoad obj
|
|
|
|
|
else
|
|
|
|
|
fTryToLoad()
|
