我收到TypeError:在检查权限时无法读取未定义的属性(读取’has’)。

huangapple go评论70阅读模式
英文:

I get TypeError: Cannot read properties of undefined (reading 'has') when checking permission

问题

I am experimenting with the Node.js permission model in Node.js v20. One of the features it provides is the ability to check for permissions during runtime. So here is my simplified code:

// app.js
console.log(process.permission.has("fs.read"));

When I run the program using node app.js, I receive an error that looks like so:

console.log(process.permission.has("fs.read"));
                               ^

TypeError: Cannot read properties of undefined (reading 'has')
    at file:///home/stanley/example-app/app.js:1:32
    at ModuleJob.run (node:internal/modules/esm/module_job:192:25)
    at async DefaultModuleLoader.import (node:internal/modules/esm/loader:246:24)
    at async loadESM (node:internal/process/esm_loader:40:7)
    at async handleMainPromise (node:internal/modules/run_main:66:12)

Node.js v20.3.0

When I run the program with the --experimental-permission flag, I receive this error:

node:internal/modules/cjs/loader:179
  const result = internalModuleStat(filename);
                 ^

Error: Access to this API has been restricted
    at stat (node:internal/modules/cjs/loader:179:18)
    at Module._findPath (node:internal/modules/cjs/loader:651:16)
    at resolveMainPath (node:internal/modules/run_main:15:25)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:76:24)
    at node:internal/main/run_main_module:23:47 {
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: '/home/stanley/example_app/app.js'
}

Node.js v20.3.0

I expect the program to print false in the console, but instead, I receive this error.

英文:

I am experimenting with the Node.js permission model in Node.js v20. One of the features it provides is the ability to check for permissions during runtime. So here is my simplified code:

// app.js
console.log(process.permission.has("fs.read"));

When I run the program using node app.js, I receive an error that looks like so:

console.log(process.permission.has("fs.read"));
                               ^

TypeError: Cannot read properties of undefined (reading 'has')
    at file:///home/stanley/example-app/app.js:1:32
    at ModuleJob.run (node:internal/modules/esm/module_job:192:25)
    at async DefaultModuleLoader.import (node:internal/modules/esm/loader:246:24)
    at async loadESM (node:internal/process/esm_loader:40:7)
    at async handleMainPromise (node:internal/modules/run_main:66:12)

Node.js v20.3.0

When I run the program with the `--experimental-permission flag, I receive this error:

node:internal/modules/cjs/loader:179
  const result = internalModuleStat(filename);
                 ^

Error: Access to this API has been restricted
    at stat (node:internal/modules/cjs/loader:179:18)
    at Module._findPath (node:internal/modules/cjs/loader:651:16)
    at resolveMainPath (node:internal/modules/run_main:15:25)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:76:24)
    at node:internal/main/run_main_module:23:47 {
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemRead',
  resource: '/home/stanley/example_app/app.js'
}

Node.js v20.3.0

I expect the program to print false in the console, but instead, I receive this error.

答案1

得分: 3

基于进程的权限文档中:

> Node.js权限模型是一种在执行过程中限制对特定资源访问的机制。API 存在于一个名为 --experimental-permission 的标志后面,当启用时,将限制对所有可用权限的访问。

要允许Node.js访问文件系统,我们可以使用 --allow-fs-read--allow-fs-write 标志。

--allow-fs-read=* - 它将允许所有的 FileSystemRead 操作。

index.js:

const fs = require('fs');
const path = require('path');

console.log('Has fs.read permission?', process.permission.has("fs.read"));
console.log('Has fs.write permission?', process.permission.has("fs.write"));

console.log('JSON: ', fs.readFileSync(path.resolve(__dirname, './a.json'), 'utf-8'))

fs.writeFileSync(path.resolve(__dirname, './b.json'), JSON.stringify({status: 'ok'}))

a.json:

{
  "name": "lin"
}
$ node --experimental-permission --allow-fs-read=* index.js

或者,使用特定文件(必须是绝对路径,不支持相对路径

node --experimental-permission --allow-fs-read=/home/lindu/workspace/nodejs-examples/v20/a.json,/home/lindu/workspace/nodejs-examples/v20/index.js index.js

Node进程只能读取 a.jsonindex.js 文件。

输出:

Has fs.read permission? true
Has fs.write permission? false
JSON:  {
  "name": "lin"
}

node:fs:589
  const result = binding.open(pathModule.toNamespacedPath(path),
                         ^

Error: Access to this API has been restricted
    at Object.openSync (node:fs:589:26)
    at Object.writeFileSync (node:fs:2323:35)
    at Object.<anonymous> (/home/lindu/workspace/nodejs-examples/v20/app.js:9:4)
    at Module._compile (node:internal/modules/cjs/loader:1255:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1309:10)
    at Module.load (node:internal/modules/cjs/loader:1113:32)
    at Module._load (node:internal/modules/cjs/loader:960:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47 {
  code: 'ERR_ACCESS_DENIED',
  permission: 'FileSystemWrite',
  resource: '/home/lindu/workspace/nodejs-examples/v20/b.json'
}

Node.js v20.3.0

上述代码允许所有 FileSystemRead 操作,但不允许所有 FileSystemWrite 操作。

因此,fs.writeFileSync 操作失败。

英文:

From the Process-based permissions doc:

> The Node.js Permission Model is a mechanism for restricting access to specific resources during execution. The API exists behind a flag --experimental-permission which when enabled, will restrict access to all available permissions.

To allow Node access to the file system. We can use the --allow-fs-read and --allow-fs-write flags.

--allow-fs-read=* - It will allow all FileSystemRead operations.

index.js:

const fs = require(&#39;fs&#39;);
const path = require(&#39;path&#39;);

console.log(&#39;Has fs.read permission?&#39;, process.permission.has(&quot;fs.read&quot;));
console.log(&#39;Has fs.write permission?&#39;, process.permission.has(&quot;fs.write&quot;));

console.log(&#39;JSON: &#39;, fs.readFileSync(path.resolve(__dirname, &#39;./a.json&#39;), &#39;utf-8&#39;))

fs.writeFileSync(path.resolve(__dirname, &#39;./b.json&#39;), JSON.stringify({status: &#39;ok&#39;}))

a.json:

{
  &quot;name&quot;: &quot;lin&quot;
}
$ node --experimental-permission --allow-fs-read=* index.js

OR, use specific files(must be absolute paths, relative paths are not supported)

node --experimental-permission --allow-fs-read=/home/lindu/workspace/nodejs-examples/v20/a.json,/home/lindu/workspace/nodejs-examples/v20/index.js index.js

Node process can only read a.json and index.js files.

Output:

Has fs.read permission? true
Has fs.write permission? false
JSON:  {
  &quot;name&quot;: &quot;lin&quot;
}

node:fs:589
  const result = binding.open(pathModule.toNamespacedPath(path),
                         ^

Error: Access to this API has been restricted
    at Object.openSync (node:fs:589:26)
    at Object.writeFileSync (node:fs:2323:35)
    at Object.&lt;anonymous&gt; (/home/lindu/workspace/nodejs-examples/v20/app.js:9:4)
    at Module._compile (node:internal/modules/cjs/loader:1255:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1309:10)
    at Module.load (node:internal/modules/cjs/loader:1113:32)
    at Module._load (node:internal/modules/cjs/loader:960:12)
    at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:83:12)
    at node:internal/main/run_main_module:23:47 {
  code: &#39;ERR_ACCESS_DENIED&#39;,
  permission: &#39;FileSystemWrite&#39;,
  resource: &#39;/home/lindu/workspace/nodejs-examples/v20/b.json&#39;
}

Node.js v20.3.0

Above code allow all FileSystemRead operations, but not allow all FileSystemWrite operations.

So the fs.writeFileSync operation fails.

huangapple
  • 本文由 发表于 2023年6月12日 14:36:53
  • 转载请务必保留本文链接:https://go.coder-hub.com/76454106.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定