peterstockings/isolator-js
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: peterstockings:95320487f2c5059e827813d6741679a59f534a06
Branches Tags
peterstockings:master
...
compare: peterstockings:7c635e3ffffe64445add770c46efba9a7959acd4
Branches Tags
peterstockings:master

10 Commits
95320487f2 ... 7c635e3fff

Author SHA1 Message Date
Peter Stockings
7c635e3fff Return execution time 2025-07-25 15:01:43 +10:00
Peter Stockings
ca63a9b610 Ensure mutated environment gets updated 2025-06-21 20:20:55 +10:00
Peter Stockings
7b8089e183 Try to make concurrent requests work 2025-06-14 22:27:31 +10:00
Peter Stockings
f07f76797e Comment out execution logs, result, & environment console logs 2024-06-02 16:56:03 +10:00
Peter Stockings
b64e54e9ab Increase payload limit, to fix error 2023-12-27 21:48:05 +11:00
Peter Stockings
98363066d4 Add FileReader dependecy, so scripts can utilise it 2023-12-23 10:33:02 +11:00
Peter Stockings
c96e58e139 Fix order of arguments for executeUserCode 2023-12-22 18:44:50 +11:00
Peter Stockings
aa92108fbd Add function name as variable accessible from scripts through the name: FUNCTION_NAME 2023-12-22 17:59:01 +11:00
Peter Stockings
7cc8787e10 Add package-lock 2023-12-19 22:54:33 +11:00
Peter Stockings
a09e91adf0 Add dependency on cheerio 2023-12-19 22:44:49 +11:00
3 changed files with 321 additions and 169 deletions
Expand all files Collapse all files

174
package-lock.json generated
View File

@@ -1,20 +1,26 @@
{
"name": "vm2",
"name": "isolator",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "vm2",
"name": "isolator",
"version": "1.0.0",
"license": "ISC",
"dependencies": {
"cheerio": "^1.0.0-rc.12",
"express": "^4.18.2",
"filereader": "^0.10.3",
"jsdom": "^23.0.1",
"node-fetch": "^3.3.2",
"swagger-jsdoc": "^6.2.8",
"swagger-ui-express": "^5.0.0",
"vm2": "^3.9.19"
},
"engines": {
"node": "16.8.0",
"npm": "10.1.0"
}
},
"node_modules/@apidevtools/json-schema-ref-parser": {
@@ -176,6 +182,11 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
},
"node_modules/boolbase": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz",
"integrity": "sha512-JZOSA7Mo9sNGB8+UjSgzdLtokWAky1zbztM3WRLCbZ70/3cTANmQmOdR7y2g+J0e2WXywy1yS468tY+IruqEww=="
},
"node_modules/brace-expansion": {
"version": "1.1.11",
"resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
@@ -211,6 +222,42 @@
"resolved": "https://registry.npmjs.org/call-me-maybe/-/call-me-maybe-1.0.2.tgz",
"integrity": "sha512-HpX65o1Hnr9HH25ojC1YGs7HCQLq0GCOibSaWER0eNpgJ/Z1MZv2mTc7+xh6WOPxbRVcmgbv4hGU+uSQ/2xFZQ=="
},
"node_modules/cheerio": {
"version": "1.0.0-rc.12",
"resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.12.tgz",
"integrity": "sha512-VqR8m68vM46BNnuZ5NtnGBKIE/DfN0cRIzg9n40EIq9NOv90ayxLBXA8fXC5gquFRGJSTRqBq25Jt2ECLR431Q==",
"dependencies": {
"cheerio-select": "^2.1.0",
"dom-serializer": "^2.0.0",
"domhandler": "^5.0.3",
"domutils": "^3.0.1",
"htmlparser2": "^8.0.1",
"parse5": "^7.0.0",
"parse5-htmlparser2-tree-adapter": "^7.0.0"
},
"engines": {
"node": ">= 6"
},
"funding": {
"url": "https://github.com/cheeriojs/cheerio?sponsor=1"
}
},
"node_modules/cheerio-select": {
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-2.1.0.tgz",
"integrity": "sha512-9v9kG0LvzrlcungtnJtpGNxY+fzECQKhK4EGJX2vByejiMX84MFNQw4UxPJl3bFbTMw+Dfs37XaIkCwTZfLh4g==",
"dependencies": {
"boolbase": "^1.0.0",
"css-select": "^5.1.0",
"css-what": "^6.1.0",
"domelementtype": "^2.3.0",
"domhandler": "^5.0.3",
"domutils": "^3.0.1"
},
"funding": {
"url": "https://github.com/sponsors/fb55"
}
},
"node_modules/combined-stream": {
"version": "1.0.8",
"resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
@@ -267,6 +314,32 @@
"resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
"integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
},
"node_modules/css-select": {
"version": "5.1.0",
"resolved": "https://registry.npmjs.org/css-select/-/css-select-5.1.0.tgz",
"integrity": "sha512-nwoRF1rvRRnnCqqY7updORDsuqKzqYJ28+oSMaJMMgOauh3fvwHqMS7EZpIPqK8GL+g9mKxF1vP/ZjSeNjEVHg==",
"dependencies": {
"boolbase": "^1.0.0",
"css-what": "^6.1.0",
"domhandler": "^5.0.2",
"domutils": "^3.0.1",
"nth-check": "^2.0.1"
},
"funding": {
"url": "https://github.com/sponsors/fb55"
}
},
"node_modules/css-what": {
"version": "6.1.0",
"resolved": "https://registry.npmjs.org/css-what/-/css-what-6.1.0.tgz",
"integrity": "sha512-HTUrgRJ7r4dsZKU6GjmpfRK1O76h97Z8MfS1G0FozR+oF2kG6Vfe8JE6zwrkbxigziPHinCJ+gCPjA9EaBDtRw==",
"engines": {
"node": ">= 6"
},
"funding": {
"url": "https://github.com/sponsors/fb55"
}
},
"node_modules/cssstyle": {
"version": "3.0.0",
"resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-3.0.0.tgz",
@@ -368,6 +441,57 @@
"node": ">=6.0.0"
}
},
"node_modules/dom-serializer": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
"integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
"dependencies": {
"domelementtype": "^2.3.0",
"domhandler": "^5.0.2",
"entities": "^4.2.0"
},
"funding": {
"url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
}
},
"node_modules/domelementtype": {
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
"integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/fb55"
}
]
},
"node_modules/domhandler": {
"version": "5.0.3",
"resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
"integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
"dependencies": {
"domelementtype": "^2.3.0"
},
"engines": {
"node": ">= 4"
},
"funding": {
"url": "https://github.com/fb55/domhandler?sponsor=1"
}
},
"node_modules/domutils": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz",
"integrity": "sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==",
"dependencies": {
"dom-serializer": "^2.0.0",
"domelementtype": "^2.3.0",
"domhandler": "^5.0.3"
},
"funding": {
"url": "https://github.com/fb55/domutils?sponsor=1"
}
},
"node_modules/ee-first": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -489,6 +613,11 @@
"node": "^12.20 || >= 14.13"
}
},
"node_modules/filereader": {
"version": "0.10.3",
"resolved": "https://registry.npmjs.org/filereader/-/filereader-0.10.3.tgz",
"integrity": "sha512-7F8w6GSXuHLN80ukaVOcHgBaiTRHUZr8GeEhNdqfAECcnBoROg4i8hTl+KqtF4yUPffOJVHEFg4iDJb7xIYFng=="
},
"node_modules/finalhandler": {
"version": "1.2.0",
"resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
@@ -671,6 +800,24 @@
"node": ">=18"
}
},
"node_modules/htmlparser2": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
"integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==",
"funding": [
"https://github.com/fb55/htmlparser2?sponsor=1",
{
"type": "github",
"url": "https://github.com/sponsors/fb55"
}
],
"dependencies": {
"domelementtype": "^2.3.0",
"domhandler": "^5.0.3",
"domutils": "^3.0.1",
"entities": "^4.4.0"
}
},
"node_modules/http-errors": {
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz",
@@ -923,6 +1070,17 @@
"url": "https://opencollective.com/node-fetch"
}
},
"node_modules/nth-check": {
"version": "2.1.1",
"resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.1.1.tgz",
"integrity": "sha512-lqjrjmaOoAnWfMmBPL+XNnynZh2+swxiX3WUE0s4yEHI6m+AwrK2UZOimIRl3X/4QctVqS8AiZjFqyOGrMXb/w==",
"dependencies": {
"boolbase": "^1.0.0"
},
"funding": {
"url": "https://github.com/fb55/nth-check?sponsor=1"
}
},
"node_modules/nwsapi": {
"version": "2.2.7",
"resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.7.tgz",
@@ -972,6 +1130,18 @@
"url": "https://github.com/inikulin/parse5?sponsor=1"
}
},
"node_modules/parse5-htmlparser2-tree-adapter": {
"version": "7.0.0",
"resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-7.0.0.tgz",
"integrity": "sha512-B77tOZrqqfUfnVcOrUvfdLbz4pu4RopLD/4vmu3HUPswwTA8OH0EMW9BlWR2B0RCoiZRAHEUu7IxeP1Pd1UU+g==",
"dependencies": {
"domhandler": "^5.0.2",
"parse5": "^7.0.0"
},
"funding": {
"url": "https://github.com/inikulin/parse5?sponsor=1"
}
},
"node_modules/parseurl": {
"version": "1.3.3",
"resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",

3
package.json
View File

@@ -14,8 +14,11 @@
"keywords": [],
"author": "",
"license": "ISC",
"type": "module",
"dependencies": {
"cheerio": "^1.0.0-rc.12",
"express": "^4.18.2",
"filereader": "^0.10.3",
"jsdom": "^23.0.1",
"node-fetch": "^3.3.2",
"swagger-jsdoc": "^6.2.8",

277
server.js
View File

@@ -1,40 +1,14 @@
const express = require("express");
const bodyParser = require("body-parser");
const { VM } = require("vm2");
const { JSDOM } = require("jsdom");
// speedy-functions.js
import express from "express";
import { VM, VMScript } from "vm2";
import { JSDOM } from "jsdom";
import cheerio from "cheerio";
import FileReader from "filereader";
const app = express();
const port = 5000;
app.use(bodyParser.json());
app.use((req, res, next) => {
res.header("Access-Control-Allow-Origin", "*");
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
next();
});
const TIMEOUT_MS = 5000; // Set timeout to 5000 milliseconds (5 seconds)
async function executeUserCode(
code,
requestObject,
environment = {},
timeout = TIMEOUT_MS
) {
const logs = [];
const States = {
SUCCESS: "SUCCESS",
NOT_A_FUNCTION: "NOT_A_FUNCTION",
SCRIPT_ERROR: "ERROR",
TIMEOUT: "TIMEOUT",
};
const HTTP_STATUS_CODES = {
// ────── 1. one-time constants ──────────────────────────────────────────
const PORT = +(process.env.PORT ?? 5000);
const TIMEOUT_MS = 5_000;
const HTTP_STATUS_CODES = Object.freeze({
OK: 200,
BAD_REQUEST: 400,
UNAUTHORIZED: 401,
@@ -44,143 +18,148 @@ async function executeUserCode(
BAD_GATEWAY: 502,
SERVICE_UNAVAILABLE: 503,
GATEWAY_TIMEOUT: 504,
};
});
const Response = (
body = "",
headers = {},
status = HTTP_STATUS_CODES.OK
) => ({
const States = Object.freeze({
SUCCESS: "SUCCESS",
NOT_A_FUNCTION: "NOT_A_FUNCTION",
SCRIPT_ERROR: "ERROR",
TIMEOUT: "TIMEOUT",
});
// convenience helpers
const Response = (body = "", headers = {}, status = HTTP_STATUS_CODES.OK) => ({
body,
status,
headers,
});
const JsonResponse = (body = {}, headers = {}, status = HTTP_STATUS_CODES.OK) =>
Response(
JSON.stringify(body),
{ "Content-Type": "application/json", ...headers },
status
);
const HtmlResponse = (body = "", headers = {}, status = HTTP_STATUS_CODES.OK) =>
Response(body, { "Content-Type": "text/html", ...headers }, status);
const TextResponse = (body = "", headers = {}, status = HTTP_STATUS_CODES.OK) =>
Response(body, { "Content-Type": "text/plain", ...headers }, status);
const JsonResponse = (
body = {},
headers = {},
status = HTTP_STATUS_CODES.OK
) => ({
status,
body: JSON.stringify(body),
headers: {
"Content-Type": "application/json",
...headers,
},
});
// ────── 2. one-time imports ────────────────────────────────────────────
const fetch = (await import("node-fetch")).default;
const HtmlResponse = (
body = "",
headers = {},
status = HTTP_STATUS_CODES.OK
) => ({
status,
body,
headers: {
"Content-Type": "text/html",
...headers,
},
});
const TextResponse = (
body = "",
headers = {},
status = HTTP_STATUS_CODES.OK
) => ({
status,
body,
headers: {
"Content-Type": "text/plain",
...headers,
},
});
const Result = (status, result, environment) => {
console.log(`Status: ${status}`);
console.log(`Result: ${JSON.stringify(result, null, 2)}`);
console.log(`Logs: ${JSON.stringify(logs, null, 2)}`);
console.log(`Environment (post): ${JSON.stringify(environment, null, 2)}`);
console.log(`\n`);
return {
status,
result,
logs,
environment,
};
// ────── 3. tiny script cache (precompiled) ─────────────────────────────
const scriptCache = new Map(); // code-string -> VMScript
const cachedScript = (code) => {
if (!scriptCache.has(code)) {
scriptCache.set(code, new VMScript(code));
}
return scriptCache.get(code);
};
// Dynamically import node-fetch
const fetch = await import("node-fetch").then((module) => module.default);
const vm = new VM({
timeout,
sandbox: {
// ────── 4. shared VM options (lightweight to clone) ────────────────────
const baseSandbox = {
fetch,
parseHTML: async (html) => {
const dom = new JSDOM(html);
return dom.window.document;
},
console: {
log: (...args) => {
logs.push(args);
console.log(...args);
},
error: (...args) => {
logs.push(args);
console.error(...args);
},
},
requestObject,
environment,
parseHTML: (html) => new JSDOM(html).window.document,
JSDOM,
cheerio,
HTTP_STATUS_CODES,
Response,
JsonResponse,
HtmlResponse,
TextResponse,
},
require: {
external: true,
},
});
FileReader,
};
try {
// If the user code is a function that needs to be invoked
const userFunction = vm.run(code);
if (typeof userFunction === "function") {
console.log(`Function: ${code}`);
let requestObjectString = JSON.stringify(requestObject, null, 2);
console.log(`Request: ${requestObjectString}`);
console.log(
`Environment (pre): ${JSON.stringify(environment, null, 2)})`
function createVm(logs, requestObject, env, funcName) {
return new VM({
timeout: TIMEOUT_MS,
sandbox: {
...baseSandbox,
console: {
log: (...args) => (
logs.push(args), /* bubble to host */ console.log(...args)
),
error: (...args) => (logs.push(args), console.error(...args)),
},
requestObject,
environment: env,
FUNCTION_NAME: funcName,
},
require: { external: true },
});
}
// ────── 5. evaluator ───────────────────────────────────────────────────
async function executeUserCode(
code,
requestObject,
env = {},
funcName = "userFunc"
) {
const logs = [];
const startTime = process.hrtime();
const vm = createVm(
logs,
requestObject,
JSON.parse(JSON.stringify(env)),
funcName
);
// Call the user function with request object
let result = await userFunction(requestObject);
return Result(States.SUCCESS, result, environment);
} else {
return Result(States.NOT_A_FUNCTION, null, environment);
try {
const userFn = vm.run(cachedScript(code));
if (typeof userFn !== "function") {
return {
status: States.NOT_A_FUNCTION,
result: null,
logs,
environment: vm.sandbox.environment,
};
}
const result = await Promise.resolve(
userFn(requestObject, vm.sandbox.environment)
);
const endTime = process.hrtime(startTime);
const executionTime = (endTime[0] * 1e9 + endTime[1]) / 1e6; // in milliseconds
return {
status: States.SUCCESS,
result,
logs,
environment: vm.sandbox.environment,
execution_time: executionTime,
};
} catch (err) {
if (err.message === "Script execution timed out.") {
return Result(States.TIMEOUT, null, environment);
} else {
return Result(States.SCRIPT_ERROR, err.message || err, environment);
}
const status = /timed out/i.test(err.message)
? States.TIMEOUT
: States.SCRIPT_ERROR;
const endTime = process.hrtime(startTime);
const executionTime = (endTime[0] * 1e9 + endTime[1]) / 1e6; // in milliseconds
return {
status,
result: err.message ?? err,
logs,
environment: vm.sandbox.environment,
execution_time: executionTime,
};
}
}
app.post("/execute", async (req, res) => {
const { code, request, environment } = req.body;
const timeout = req.query.timeout || TIMEOUT_MS;
const result = await executeUserCode(code, request, environment, timeout);
res.send(result);
// ────── 6. API surface ────────────────────────────────────────────────
const app = express();
app.use(express.json({ limit: "50mb" }));
app.use((_, res, next) => {
res.set({
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Headers":
"Origin, X-Requested-With, Content-Type, Accept",
});
next();
});
app.listen(port, () => {
console.log(`Server listening on port: ${port}`);
app.post("/execute", async ({ body }, res) => {
const { code = "", request = {}, environment = {}, name } = body;
const payload = await executeUserCode(code, request, environment, name);
res.json(payload);
});
app.listen(PORT, () => console.log(`⚡ server ready on :${PORT}`));