Add CI/CD pull file filter mechanism

t-ski · t-ski · commit bfe67b0e028c · 2024-11-15T17:16:46.000+01:00
diff --git a/packages/rjs-build/src/Plugin.ts b/packages/rjs-build/src/Plugin.ts
@@ -62,32 +62,27 @@ export class Plugin {
 
     private resolveBuildModulePath(): string {
         const buildConfig: TJSON = this.fetchBuildConfig();
-        const buildModuleReferences: string[] = _config.buildModuleNames.map(
-            (buildModuleName: string) =>
-                join(this.pluginDirectoryPath, buildModuleName)
-        );
-        buildConfig[_config.buildModuleReferenceKey] &&
-            buildModuleReferences.push(
-                resolve(
-                    this.pluginDirectoryPath,
-                    buildConfig[_config.buildModuleReferenceKey] as string
-                )
-            );
+        const buildModuleReferences: string[] = [
+            ..._config.buildModuleNames.map((reference: string) =>
+                join(this.pluginDirectoryPath, reference)
+            ),
+            buildConfig[_config.buildModuleReferenceKey] as string
+        ].filter((reference: string | undefined) => !!reference);
 
         let buildModulePath: string;
         while (!buildModulePath && buildModuleReferences.length) {
             const buildModuleReference: string = buildModuleReferences.shift();
             try {
-                buildModulePath = require.resolve(buildModuleReference);
+                buildModulePath = require.resolve(buildModuleReference, {
+                    paths: [this.pluginDirectoryPath]
+                });
                 buildModulePath = !/\.json$/.test(buildModulePath)
                     ? buildModulePath
                     : null;
             } catch {}
         }
 
-        if (!buildModulePath || /\.json$/.test(buildModulePath)) return null;
-
-        return buildModulePath;
+        return buildModulePath ?? null;
     }
 
     private async fetchBuildInterface(): Promise<TPluginInterfaceCallable> {
diff --git a/packages/rjs-handler/.gitignore b/packages/rjs-handler/.gitignore
@@ -0,0 +1 @@
+test/unit/.*.__repo
diff --git a/packages/rjs-handler/src/Handler.ts b/packages/rjs-handler/src/Handler.ts
@@ -1,4 +1,4 @@
-import { resolve } from "path";
+import { normalize, resolve } from "path";
 
 import {
     TAtomicSerializable,
@@ -41,13 +41,19 @@ export class Handler {
     >;
     private readonly rpcController: RPCController | null;
     private readonly configuredHostnames: string[];
+    private readonly deployPaths: string[];
 
-    constructor(env: Partial<IHandlerEnv>, options: TJSON = {}) {
+    constructor(
+        env: Partial<IHandlerEnv>,
+        options: TJSON = {},
+        deployPaths: string[] = []
+    ) {
         this.env = new Options(env ?? {}, {
             dev: false,
             cwd: process.cwd()
         }).object;
         this.config = new TypeResolver(options ?? {}, GLOBAL_CONFIG_DEFAULTS);
+        this.deployPaths = deployPaths.map((path: string) => normalize(path));
 
         this.configuredHostnames = [
             "localhost",
@@ -223,6 +229,7 @@ export class Handler {
                     handler = new POSTHandlerContext(
                         request,
                         this.config,
+                        this.deployPaths,
                         this.env.cwd,
                         this.env.dev
                     );
diff --git a/packages/rjs-handler/src/handler-context/POSTHandlerContext.ts b/packages/rjs-handler/src/handler-context/POSTHandlerContext.ts
@@ -1,5 +1,13 @@
-import { dirname, basename, join, resolve } from "path";
-import { existsSync, readdirSync, writeFileSync, cpSync, rmSync } from "fs";
+import { dirname, basename, join, resolve, normalize } from "path";
+import {
+    existsSync,
+    readdirSync,
+    writeFileSync,
+    cpSync,
+    rmSync,
+    statSync,
+    mkdirSync
+} from "fs";
 import { IncomingMessage, OutgoingHttpHeaders } from "http";
 import { request } from "https";
 import { createHmac, timingSafeEqual } from "crypto";
@@ -37,11 +45,13 @@ export class POSTHandlerContext extends AHandlerContext {
 
     private readonly cwd: string;
     private readonly localEnv: LocalEnv;
+    private readonly deployPaths: string[];
     private readonly repo: IGitRemote | null;
 
     constructor(
         request: Request,
         config: TypeResolver,
+        deployPaths: string[],
         cwd: string,
         dev: boolean
     ) {
@@ -82,6 +92,7 @@ export class POSTHandlerContext extends AHandlerContext {
 
         this.cwd = cwd;
         this.localEnv = new LocalEnv(dev, cwd);
+        this.deployPaths = deployPaths ?? [];
     }
 
     private requestAPI(
@@ -221,11 +232,49 @@ export class POSTHandlerContext extends AHandlerContext {
                     force: true
                 });
 
-                readdirSync(dirPath).forEach((path: string) => {
-                    cpSync(join(dirPath, path), join(this.cwd, path), {
-                        force: true,
-                        recursive: true
-                    });
+                readdirSync(dirPath, {
+                    recursive: true
+                }).forEach((rawPath: string | Buffer) => {
+                    const path = rawPath.toString();
+
+                    if (this.deployPaths.length) {
+                        const maxDirectoryDepth = 50;
+
+                        let isWhitelisted = false;
+                        let i = 0;
+                        let traversalPath: string = normalize(path);
+                        do {
+                            if (
+                                this.deployPaths.includes(
+                                    normalize(traversalPath)
+                                )
+                            ) {
+                                isWhitelisted = true;
+
+                                break;
+                            }
+
+                            traversalPath = normalize(
+                                join(traversalPath, "..")
+                            );
+                        } while (
+                            traversalPath !== "." &&
+                            ++i < maxDirectoryDepth
+                        );
+
+                        if (!isWhitelisted) return;
+                    }
+
+                    const sourcePath: string = join(dirPath, path);
+                    const targetPath: string = join(this.cwd, path);
+                    statSync(sourcePath).isDirectory()
+                        ? mkdirSync(targetPath, {
+                              recursive: true
+                          })
+                        : cpSync(sourcePath, targetPath, {
+                              force: true,
+                              recursive: true
+                          });
                 });
 
                 rmSync(dirPath, {
diff --git a/packages/rjs-handler/test/unit/_api.js b/packages/rjs-handler/test/unit/_api.js
@@ -16,7 +16,10 @@ const initHandler = (appWorkingDir) => {
         },
         "www": "never",
         "hostnames": [ "example.org", "other.example.org" ]
-    });
+    }, [
+        "README.md",
+        "test/file.txt"
+    ]);
 }
 
 const defaultHandler = initHandler(
diff --git a/packages/rjs-handler/test/unit/webhook/webhook.test.js b/packages/rjs-handler/test/unit/webhook/webhook.test.js
@@ -1,12 +1,12 @@
-const { createHmac } = require("crypto");
-
 const { initHandler, requestWithHandler } = require("../_api");
 
+
 const SECRET = "secret";
 const PAYLOAD = JSON.stringify({
     foo: "bar"
 });
 
+
 const requestWithWebhookHandler = () => {
     return requestWithHandler(
         initHandler(require("path").join(__dirname, "./app")),
@@ -16,6 +16,7 @@ const requestWithWebhookHandler = () => {
             headers: {
                 "User-Agent": "GitHub-Hookshot/044aadd",
                 "X-Hub-Signature-256": `sha256=${
+                    require("crypto").
                     createHmac("sha256", SECRET)
                     .update(PAYLOAD)
                     .digest("hex")
@@ -26,37 +27,55 @@ const requestWithWebhookHandler = () => {
     );
 };
 
-const README_FILE_PATH = require("path").join(__dirname, "./app", "README.md");
+
+const getFilePath = name => {
+    return require("path").join(__dirname, "./app", name);
+}
+const fileExists = name => {
+    return require("fs").existsSync(getFilePath(name));
+}
+
 const README_OVERRIDE_DATA = "OVERRIDE";
-require("fs").writeFileSync(README_FILE_PATH, README_OVERRIDE_DATA);
+
+require("fs").writeFileSync(getFilePath("README.md"), README_OVERRIDE_DATA);
+require("fs").rmSync(getFilePath("EMPTY.md"), { force: true });
+require("fs").rmSync(getFilePath("test/file-2.txt"), { force: true });
+
 
 new UnitTest("POST_ GitHub:/ (dummy)")
 .actual(async () => {
     const res = await requestWithWebhookHandler();
 
-    const fileExists = name => {
-        return require("fs")
-        .existsSync(require("path").join(__dirname, "./app", name));
-    }
-
-    new UnitTest("POST GitHub:/ (dummy) &rarr; .env (from local)")
-    .actual(fileExists(".env"))
-    .expect(true);
+    await new Promise(r => setTimeout(() => {
+        new UnitTest("POST GitHub:/ (dummy) &rarr; .env (from local)")
+        .actual(fileExists(".env"))
+        .expect(true);
+        
+        new UnitTest("POST GitHub:/ (dummy) &rarr; test/file.txt (from remote)")
+        .actual(fileExists("test/file.txt"))
+        .expect(true);
 
-    new UnitTest("POST GitHub:/ (dummy) &rarr; test/file.txt (from remote)")
-    .actual(fileExists("test/file.txt"))
-    .expect(true);
+        new UnitTest("POST GitHub:/ (dummy) &not; test/file-2.txt (non-whitelisted)")
+        .actual(fileExists("test/file-2.txt"))
+        .expect(false);
 
-    new UnitTest("POST GitHub:/ (dummy) &not; non-existing.txt")
-    .actual(fileExists("non-existing.txt"))
-    .expect(false);
-    
-    setTimeout(() => {
+        new UnitTest("POST GitHub:/ (dummy) &not; EMPTY.md (non-whitelisted)")
+        .actual(fileExists("EMPTY.md"))
+        .expect(false);
+        
         new UnitTest("POST GitHub:/ (dummy) &not; README.md override")
-        .actual(require("fs").readFileSync(README_FILE_PATH).toString().trim() !== README_OVERRIDE_DATA)
+        .actual(
+            require("fs")
+            .readFileSync(getFilePath("README.md"))
+            .toString()
+            .trim()
+            !== README_OVERRIDE_DATA
+        )
         .expect(true);
-    }, 750);    // TODO: Improve (reliability)
-
+        
+        r();
+    }, 750));   // TODO: Improve reliability (wait for emit files visibility)
+    
     return res;
 })
 .expect({
diff --git a/packages/rjs-server/src/Instance.ts b/packages/rjs-server/src/Instance.ts
@@ -13,28 +13,33 @@ import _config from "./_config.json";
 export function createInstance(
     env?: Partial<IHandlerEnv>,
     options?: TJSON,
+    deployPaths?: string[],
     clusterSize?: IClusterConstraints
 ): Promise<Instance> {
     return new Promise((resolve) => {
-        const instance: Instance = new Instance(env, options, clusterSize).on(
-            "online",
-            () => resolve(instance)
-        );
+        const instance: Instance = new Instance(
+            env,
+            options,
+            deployPaths,
+            clusterSize
+        ).on("online", () => resolve(instance));
     });
 }
 
 export class Instance extends Cluster<ISerialRequest, ISerialResponse> {
     constructor(
         env?: Partial<IHandlerEnv>,
         options?: TJSON,
+        deployPaths?: string[],
         clusterConstraints?: IClusterConstraints
     ) {
         super(
             {
                 modulePath: join(__dirname, "adapter"),
                 options: {
                     env,
-                    options
+                    options,
+                    deployPaths
                 }
             },
             {
diff --git a/packages/rjs-server/src/Server.ts b/packages/rjs-server/src/Server.ts
@@ -36,13 +36,16 @@ export interface IServerEnv extends IHandlerEnv {
 export function createServer(
     env: IServerEnv,
     options?: TJSON,
+    deployPaths?: string[],
     clusterSize?: IClusterConstraints
 ): Promise<Server> {
     return new Promise((resolve) => {
-        const server: Server = new Server(env, options, clusterSize).on(
-            "online",
-            () => resolve(server)
-        );
+        const server: Server = new Server(
+            env,
+            options,
+            deployPaths,
+            clusterSize
+        ).on("online", () => resolve(server));
     });
 }
 
@@ -57,7 +60,7 @@ export class Server extends EventEmitter {
                 if (!param) return null;
                 if (param instanceof Buffer) return param;
 
-                const potentialPath: string = resolve(param);
+                const potentialPath: string = resolve(cwd, param);
                 if (!existsSync(potentialPath)) return param;
 
                 return readFileSync(potentialPath);
@@ -90,6 +93,7 @@ export class Server extends EventEmitter {
     constructor(
         env: IServerEnv,
         options?: TJSON,
+        deployPaths?: string[],
         clusterSize?: IClusterConstraints
     ) {
         super();
@@ -102,6 +106,7 @@ export class Server extends EventEmitter {
         this.instance = new Instance(
             env,
             options,
+            deployPaths,
             this.env.dev
                 ? {
                       processes: 1,
diff --git a/packages/rjs-server/src/adapter.ts b/packages/rjs-server/src/adapter.ts
@@ -3,8 +3,16 @@ import { ISerialRequest, ISerialResponse } from "./.shared/global.interfaces";
 
 import { IHandlerEnv, Handler } from "@rapidjs.org/rjs-handler";
 
-export default function (coreOptions: { env: IHandlerEnv; options: TJSON }) {
-    const handler: Handler = new Handler(coreOptions.env, coreOptions.options);
+export default function (coreOptions: {
+    env: IHandlerEnv;
+    options: TJSON;
+    deployPaths: string[];
+}) {
+    const handler: Handler = new Handler(
+        coreOptions.env,
+        coreOptions.options,
+        coreOptions.deployPaths
+    );
     // TODO: Await for preretrieval done if not dev mode
 
     return async (sReq: ISerialRequest): Promise<ISerialResponse> => {
diff --git a/packages/rjs/README.md b/packages/rjs/README.md
@@ -1,6 +1,6 @@
 <p align="center">
   <a href="https://rapidjs.org" target="_blank">
-    <img src="https://rapidjs.org/assets/img/repo-preview.jpg" alt="https://rapidjs.org" width="830">
+    <img src="https://rapidjs.org/assets/img/repo-preview.png" alt="https://rapidjs.org" width="830">
   </a>
   <h1 align="center">rJS</h1>
 </p>
diff --git a/packages/rjs/src/FileServer.ts b/packages/rjs/src/FileServer.ts
diff --git a/packages/rjs/src/_config.json b/packages/rjs/src/_config.json
diff --git a/packages/rjs/src/cli/registry/_serve.ts b/packages/rjs/src/cli/registry/_serve.ts
diff --git a/packages/rjs/src/cli/registry/detached/serve.ts b/packages/rjs/src/cli/registry/detached/serve.ts
