1 #ifndef SRC_PERMISSION_PERMISSION_H_ 2 #define SRC_PERMISSION_PERMISSION_H_ 3 4 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 5 6 #include "debug_utils.h" 7 #include "node_options.h" 8 #include "permission/child_process_permission.h" 9 #include "permission/fs_permission.h" 10 #include "permission/permission_base.h" 11 #include "permission/worker_permission.h" 12 #include "v8.h" 13 14 #include <string_view> 15 #include <unordered_map> 16 17 namespace node { 18 19 class Environment; 20 21 namespace permission { 22 23 #define THROW_IF_INSUFFICIENT_PERMISSIONS(env, perm_, resource_, ...) \ 24 do { \ 25 if (UNLIKELY(!(env)->permission()->is_granted(perm_, resource_))) { \ 26 node::permission::Permission::ThrowAccessDenied( \ 27 (env), perm_, resource_); \ 28 return __VA_ARGS__; \ 29 } \ 30 } while (0) 31 32 class Permission { 33 public: 34 Permission(); 35 36 FORCE_INLINE bool is_granted(const PermissionScope permission, 37 const std::string_view& res = "") const { 38 if (LIKELY(!enabled_)) return true; 39 return is_scope_granted(permission, res); 40 } 41 42 static PermissionScope StringToPermission(const std::string& perm); 43 static const char* PermissionToString(PermissionScope perm); 44 static void ThrowAccessDenied(Environment* env, 45 PermissionScope perm, 46 const std::string_view& res); 47 48 // CLI Call 49 void Apply(const std::string& allow, PermissionScope scope); 50 void EnablePermissions(); 51 52 private: 53 COLD_NOINLINE bool is_scope_granted(const PermissionScope permission, 54 const std::string_view& res = "") const { 55 auto perm_node = nodes_.find(permission); 56 if (perm_node != nodes_.end()) { 57 return perm_node->second->is_granted(permission, res); 58 } 59 return false; 60 } 61 62 std::unordered_map<PermissionScope, std::shared_ptr<PermissionBase>> nodes_; 63 bool enabled_; 64 }; 65 66 } // namespace permission 67 68 } // namespace node 69 70 #endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 71 #endif // SRC_PERMISSION_PERMISSION_H_ 72