pal-explorer-cli 0.4.0

package/lib/core/extensionWorkerHost.js

@@ -0,0 +1,166 @@
+import { workerData, parentPort } from 'worker_threads';
+import path from 'path';
+import { createRequire } from 'module';
+
+const { extPath, main, permissions, allowedPaths, config, appInfo, extName } = workerData;
+
+// ── Lockdown globals ──────────────────────────────────────────────
+// Remove dangerous globals before extension code runs
+delete globalThis.process.exit;
+delete globalThis.process.kill;
+delete globalThis.process.abort;
+Object.defineProperty(globalThis.process, 'env', {
+  value: Object.freeze({ NODE_ENV: 'production' }),
+  writable: false,
+  configurable: false,
+});
+
+// ── Proxy API to main thread ──────────────────────────────────────
+let apiCallId = 0;
+const pendingApiCalls = new Map();
+
+function callMainThread(method, args) {
+  return new Promise((resolve, reject) => {
+    const id = ++apiCallId;
+    const timer = setTimeout(() => {
+      pendingApiCalls.delete(id);
+      reject(new Error(`API call ${method} timed out`));
+    }, 10000);
+    pendingApiCalls.set(id, { resolve, reject, timer });
+    parentPort.postMessage({ type: 'api-call', id, method, args });
+  });
+}
+
+parentPort.on('message', (msg) => {
+  if (msg.type === 'api-response') {
+    const pending = pendingApiCalls.get(msg.id);
+    if (pending) {
+      clearTimeout(pending.timer);
+      pendingApiCalls.delete(msg.id);
+      if (msg.error) pending.reject(new Error(msg.error));
+      else pending.resolve(msg.result);
+    }
+  } else if (msg.type === 'call') {
+    handleCall(msg);
+  }
+});
+
+// ── Build sandboxed context ───────────────────────────────────────
+const perms = new Set(permissions);
+
+const ctx = {
+  hooks: new HookRegistry(),
+  config: {
+    get(key) { return callMainThread('config.get', { key }); },
+    set(key, value) { return callMainThread('config.set', { key, value }); },
+  },
+  logger: {
+    info: (...args) => parentPort.postMessage({ type: 'log', level: 'log', args: args.map(String) }),
+    warn: (...args) => parentPort.postMessage({ type: 'log', level: 'warn', args: args.map(String) }),
+    error: (...args) => parentPort.postMessage({ type: 'log', level: 'error', args: args.map(String) }),
+  },
+  app: { ...appInfo },
+  store: {
+    get(key) { return callMainThread('store.get', { key }); },
+    set(key, value) { return callMainThread('store.set', { key, value }); },
+    delete(key) { return callMainThread('store.delete', { key }); },
+  },
+};
+
+if (perms.has('identity:read')) {
+  ctx.identity = { get() { return callMainThread('identity.get', {}); } };
+}
+if (perms.has('shares:read')) {
+  ctx.shares = {
+    list() { return callMainThread('shares.list', {}); },
+  };
+}
+if (perms.has('peers:read')) {
+  ctx.peers = { list() { return callMainThread('peers.list', {}); } };
+}
+if (perms.has('net:http')) {
+  ctx.http = (url, opts = {}) => callMainThread('http.fetch', { url, opts: { method: opts.method, headers: opts.headers, body: opts.body } });
+}
+if (perms.has('fs:read')) {
+  ctx.fs = {
+    ...ctx.fs,
+    read(filePath, encoding) { return callMainThread('fs.read', { filePath, encoding }); },
+  };
+}
+if (perms.has('fs:write')) {
+  ctx.fs = {
+    ...ctx.fs,
+    write(filePath, data) { return callMainThread('fs.write', { filePath, data }); },
+  };
+}
+if (perms.has('fs:delete')) {
+  ctx.fs = {
+    ...ctx.fs,
+    delete(filePath) { return callMainThread('fs.delete', { filePath }); },
+  };
+}
+if (perms.has('notifications')) {
+  ctx.notify = {
+    show(title, body) { return callMainThread('notify.show', { title, body }); },
+  };
+}
+
+// ── Hook registry ─────────────────────────────────────────────────
+function HookRegistry() {
+  const handlers = new Map();
+  return {
+    on(event, fn) {
+      if (!handlers.has(event)) handlers.set(event, []);
+      handlers.get(event).push(fn);
+    },
+    _getHandlers(event) {
+      return handlers.get(event) || [];
+    },
+  };
+}
+
+// ── Load and run extension ────────────────────────────────────────
+let extensionModule = null;
+
+async function handleCall(msg) {
+  let result, error;
+  try {
+    switch (msg.method) {
+      case 'activate': {
+        const mainPath = path.join(extPath, main);
+        extensionModule = await import(`file://${mainPath.replace(/\\/g, '/')}`);
+        if (typeof extensionModule.activate === 'function') {
+          await extensionModule.activate(ctx);
+        }
+        result = true;
+        break;
+      }
+      case 'deactivate': {
+        if (extensionModule && typeof extensionModule.deactivate === 'function') {
+          await extensionModule.deactivate();
+        }
+        result = true;
+        break;
+      }
+      case 'hook': {
+        const handlers = ctx.hooks._getHandlers(msg.args.event);
+        for (const fn of handlers) {
+          const hookResult = await fn(msg.args.payload);
+          if (hookResult && hookResult.block) {
+            result = { blocked: true, reason: hookResult.reason || 'Blocked by extension' };
+            parentPort.postMessage({ type: 'response', id: msg.id, result });
+            return;
+          }
+        }
+        result = { blocked: false };
+        break;
+      }
+      default:
+        throw new Error(`Unknown method: ${msg.method}`);
+    }
+  } catch (err) {
+    error = err.message;
+  }
+
+  parentPort.postMessage({ type: 'response', id: msg.id, result, error });
+}