Pablo Pablo - 3 months ago 8
Node.js Question

Limit scope in Node JS

I want to let users create custom plugins for one of my apps Programmed in Node JS.

I thought of using some method similar than dynamic libraries, but using Node Modules. The problem is don't want the users to be able to do harmful things like making inappropriate use of the network or accessing the file system.

Is there any way you can limit the NODE Native API for an specific module?

Answer

One of the solutions would be to recompile node without unwanted API calls.

Another way to achieve this is to monkey patch unwanted calls and unwanted modules after the process starts.

> var fs = require("fs");
> fs.openSync("/etc/passwd", 0);
12
> fs.openSync = function(){}
> var fs = require("fs");
> fs.openSync("/etc/passwd", 0);
'Not allowed'

You have to also monkey patch in the same way require.reload and think about how else this can be circumvented.