英文:
I get TypeError: Cannot read properties of undefined (reading 'has') when checking permission
问题
I am experimenting with the Node.js permission model in Node.js v20. One of the features it provides is the ability to check for permissions during runtime. So here is my simplified code:
// app.js
console.log(process.permission.has("fs.read"));
When I run the program using node app.js, I receive an error that looks like so:
console.log(process.permission.has("fs.read"));
^
TypeError: Cannot read properties of undefined (reading 'has')
at file:///home/stanley/example-app/app.js:1:32
at ModuleJob.run (node:internal/modules/esm/module_job:192:25)
at async DefaultModuleLoader.import (node:internal/modules/esm/loader:246:24)
at async loadESM (node:internal/process/esm_loader:40:7)
at async handleMainPromise (node:internal/modules/run_main:66:12)
Node.js v20.3.0
When I run the program with the --experimental-permission flag, I receive this error:
node:internal/modules/cjs/loader:179
const result = internalModuleStat(filename);
^
Error: Access to this API has been restricted
at stat (node:internal/modules/cjs/loader:179:18)
at Module._findPath (node:internal/modules/cjs/loader:651:16)
at resolveMainPath (node:internal/modules/run_main:15:25)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:76:24)
at node:internal/main/run_main_module:23:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: '/home/stanley/example_app/app.js'
}
Node.js v20.3.0
I expect the program to print false in the console, but instead, I receive this error.
英文:
I am experimenting with the Node.js permission model in Node.js v20. One of the features it provides is the ability to check for permissions during runtime. So here is my simplified code:
// app.js
console.log(process.permission.has("fs.read"));
When I run the program using node app.js, I receive an error that looks like so:
console.log(process.permission.has("fs.read"));
^
TypeError: Cannot read properties of undefined (reading 'has')
at file:///home/stanley/example-app/app.js:1:32
at ModuleJob.run (node:internal/modules/esm/module_job:192:25)
at async DefaultModuleLoader.import (node:internal/modules/esm/loader:246:24)
at async loadESM (node:internal/process/esm_loader:40:7)
at async handleMainPromise (node:internal/modules/run_main:66:12)
Node.js v20.3.0
When I run the program with the `--experimental-permission flag, I receive this error:
node:internal/modules/cjs/loader:179
const result = internalModuleStat(filename);
^
Error: Access to this API has been restricted
at stat (node:internal/modules/cjs/loader:179:18)
at Module._findPath (node:internal/modules/cjs/loader:651:16)
at resolveMainPath (node:internal/modules/run_main:15:25)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:76:24)
at node:internal/main/run_main_module:23:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemRead',
resource: '/home/stanley/example_app/app.js'
}
Node.js v20.3.0
I expect the program to print false in the console, but instead, I receive this error.
答案1
得分: 3
从基于进程的权限文档中:
> Node.js权限模型是一种在执行过程中限制对特定资源访问的机制。API 存在于一个名为 --experimental-permission 的标志后面,当启用时,将限制对所有可用权限的访问。
要允许Node.js访问文件系统,我们可以使用 --allow-fs-read 和 --allow-fs-write 标志。
--allow-fs-read=* - 它将允许所有的 FileSystemRead 操作。
index.js:
const fs = require('fs');
const path = require('path');
console.log('Has fs.read permission?', process.permission.has("fs.read"));
console.log('Has fs.write permission?', process.permission.has("fs.write"));
console.log('JSON: ', fs.readFileSync(path.resolve(__dirname, './a.json'), 'utf-8'))
fs.writeFileSync(path.resolve(__dirname, './b.json'), JSON.stringify({status: 'ok'}))
a.json:
{
"name": "lin"
}
$ node --experimental-permission --allow-fs-read=* index.js
或者,使用特定文件(必须是绝对路径,不支持相对路径)
node --experimental-permission --allow-fs-read=/home/lindu/workspace/nodejs-examples/v20/a.json,/home/lindu/workspace/nodejs-examples/v20/index.js index.js
Node进程只能读取 a.json 和 index.js 文件。
输出:
Has fs.read permission? true
Has fs.write permission? false
JSON: {
"name": "lin"
}
node:fs:589
const result = binding.open(pathModule.toNamespacedPath(path),
^
Error: Access to this API has been restricted
at Object.openSync (node:fs:589:26)
at Object.writeFileSync (node:fs:2323:35)
at Object.<anonymous> (/home/lindu/workspace/nodejs-examples/v20/app.js:9:4)
at Module._compile (node:internal/modules/cjs/loader:1255:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1309:10)
at Module.load (node:internal/modules/cjs/loader:1113:32)
at Module._load (node:internal/modules/cjs/loader:960:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
at node:internal/main/run_main_module:23:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemWrite',
resource: '/home/lindu/workspace/nodejs-examples/v20/b.json'
}
Node.js v20.3.0
上述代码允许所有 FileSystemRead 操作,但不允许所有 FileSystemWrite 操作。
因此,fs.writeFileSync 操作失败。
英文:
From the Process-based permissions doc:
> The Node.js Permission Model is a mechanism for restricting access to specific resources during execution. The API exists behind a flag --experimental-permission which when enabled, will restrict access to all available permissions.
To allow Node access to the file system. We can use the --allow-fs-read and --allow-fs-write flags.
--allow-fs-read=* - It will allow all FileSystemRead operations.
index.js:
const fs = require('fs');
const path = require('path');
console.log('Has fs.read permission?', process.permission.has("fs.read"));
console.log('Has fs.write permission?', process.permission.has("fs.write"));
console.log('JSON: ', fs.readFileSync(path.resolve(__dirname, './a.json'), 'utf-8'))
fs.writeFileSync(path.resolve(__dirname, './b.json'), JSON.stringify({status: 'ok'}))
a.json:
{
"name": "lin"
}
$ node --experimental-permission --allow-fs-read=* index.js
OR, use specific files(must be absolute paths, relative paths are not supported)
node --experimental-permission --allow-fs-read=/home/lindu/workspace/nodejs-examples/v20/a.json,/home/lindu/workspace/nodejs-examples/v20/index.js index.js
Node process can only read a.json and index.js files.
Output:
Has fs.read permission? true
Has fs.write permission? false
JSON: {
"name": "lin"
}
node:fs:589
const result = binding.open(pathModule.toNamespacedPath(path),
^
Error: Access to this API has been restricted
at Object.openSync (node:fs:589:26)
at Object.writeFileSync (node:fs:2323:35)
at Object.<anonymous> (/home/lindu/workspace/nodejs-examples/v20/app.js:9:4)
at Module._compile (node:internal/modules/cjs/loader:1255:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1309:10)
at Module.load (node:internal/modules/cjs/loader:1113:32)
at Module._load (node:internal/modules/cjs/loader:960:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
at node:internal/main/run_main_module:23:47 {
code: 'ERR_ACCESS_DENIED',
permission: 'FileSystemWrite',
resource: '/home/lindu/workspace/nodejs-examples/v20/b.json'
}
Node.js v20.3.0
Above code allow all FileSystemRead operations, but not allow all FileSystemWrite operations.
So the fs.writeFileSync operation fails.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论