Convert Sub hosting user code to commands
Hi !
I'm new on Deno. I built my project on Node.js, but it seems that Deno is more appropriate for what I want to do.
I'm looking for a way to safely run user scripts to feed a command pattern on top. The idea is to do something similar to an online Robocode.
I see Sub hosting. I've already consulted the doc' and played with the github demo to build an online IDE. It allows the user to call the import in sub hosting, but I haven't found a way to use the user code to populate my command queue. Also, I'd like to limit their imports to authorized files only.
Is the subhosting the right tool to do this?
2 Replies
Hello! Welcome to the world of Deno 🦕. It's great to hear that you're considering Deno for your project. Based on the documentation, Deno Subhosting is indeed a suitable tool for running user scripts in a secure and scalable environment designed for multitenancy. Subhosting allows you to execute user-provided code in a controlled and secure way, which aligns with your requirement to safely run user scripts.
To use user code to populate your command queue, you would typically execute the user scripts within Deno's secure environment and handle the output or side effects to interact with your command pattern. However, the documentation does not provide a direct example of populating a command queue with user code.
Regarding limiting imports to authorized files only, Deno's import system works with URLs, which means you can control what can be imported by serving only the allowed files from your server or by specifying import maps that restrict the available imports to a predefined set of modules.
While the documentation does not provide a specific example for your use case, here's a general approach you could take based on the capabilities of Deno Subhosting:
1. Secure Execution: Run the user scripts in isolated environments using Deno Deploy. Each user script would be executed in its own V8 isolate, ensuring that it cannot interfere with other scripts or your system.
2. Command Queue Interaction: You would need to define an API or a set of functions that user scripts can call to interact with your command queue. These functions would be responsible for validating and queuing commands as necessary.
3. Import Restrictions: Use Deno's permission system and import maps to restrict access to only the files and capabilities you want to expose to user
scripts. You can specify which URLs are allowed to be imported and deny access to any other modules.
4. Monitoring and Control: Implement monitoring to track the execution of user scripts and enforce any additional runtime constraints or resource limits.
Please note that while Deno Subhosting provides the infrastructure for running user code securely, the specifics of how you implement the command queue interaction and import restrictions will depend on your application's architecture and requirements.
If you need to dive deeper into how to implement these features, you might want to explore the Deno Deploy REST API and the documentation on subhosting, as well as Deno's permission system and import maps for more detailed guidance. 📘