Loading node environment & functions from a file.

This has many problems which are discussed in TryGhost#448.
wbyoung · Jul 1, 2015 · 79756a4 · 79756a4
1 parent f8cd018
commit 79756a4
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 34 deletions.
diff --git a/src/database.cc b/src/database.cc
@@ -367,9 +367,7 @@ NAN_METHOD(Database::RegisterFunction) {
 
     REQUIRE_ARGUMENTS(2);
     REQUIRE_ARGUMENT_STRING(0, functionName);
-    REQUIRE_ARGUMENT_FUNCTION(1, callback);
-
-    std::string str = "(" + std::string(*String::Utf8Value(callback->ToString())) + ")";
+    REQUIRE_ARGUMENT_STRING(1, module);
 
     Isolate *isolate = v8::Isolate::New();
     isolate->Enter();
@@ -379,14 +377,16 @@ NAN_METHOD(Database::RegisterFunction) {
         HandleScope handle_scope(isolate);
         Local<Context> context = Context::New(isolate);
         Context::Scope context_scope(context);
+        Environment *env = CreateEnvironment(isolate, uv_default_loop(), context,
+            2, (const char *[]){ "node", *module },
+            0, (const char *[]){});
+        LoadEnvironment(env);
 
         Local<Object> global = NanGetCurrentContext()->Global();
-        Local<Function> eval = Local<Function>::Cast(global->Get(NanNew<String>("eval")));
-
-        // Local<String> str = String::Concat(String::Concat(NanNew<String>("("), callback->ToString()), NanNew<String>(")"));
-        Local<Value> argv[] = { NanNew<String>(str.c_str(), str.length()) };
-        // Local<Function> function = Local<Function>::Cast(TRY_CATCH_CALL(global, eval, 1, argv));
-        Local<Function> function = Local<Function>::Cast(eval->Call(global, 1, argv));
+        Local<Object> process = Local<Object>::Cast(global->Get(NanNew<String>("process")));
+        Local<Object> mainModule = Local<Object>::Cast(process->Get(NanNew<String>("mainModule")));
+        Local<Object> exports = Local<Object>::Cast(mainModule->Get(NanNew<String>("exports")));
+        Local<Function> function = Local<Function>::Cast(exports->Get(NanNew<String>(*functionName)));
 
         FunctionEnvironment *fn = new FunctionEnvironment(isolate, *functionName, function);
         sqlite3_create_function(
@@ -461,7 +461,7 @@ void Database::FunctionExecute(FunctionEnvironment *fn, sqlite3_context *context
         }
 
         TryCatch trycatch;
-        Local<Value> result = cb->Call(NanGetCurrentContext()->Global(), argc, argv.data());
+        Local<Value> result = cb->Call(NanNew(NanUndefined()), argc, argv.data());
 
         // process the result
         if (trycatch.HasCaught()) {

diff --git a/test/support/user_functions.js b/test/support/user_functions.js
@@ -0,0 +1,39 @@
+exports.MY_UPPERCASE = function(value) {
+    return value.toUpperCase();
+};
+
+exports.MY_STRING_JOIN = function(value1, value2) {
+    return [value1, value2].join(' ');
+};
+
+exports.MY_Add = function(value1, value2) {
+    return value1 + value2;
+};
+
+exports.MY_REGEX = function(regex, value) {
+    return !!value.match(new RegExp(regex));
+};
+
+exports.MY_REGEX_VALUE = function(regex, value) {
+    return /match things/i;
+};
+
+exports.MY_ERROR = function(value) {
+    throw new Error('This function always throws');
+};
+
+exports.MY_UNHANDLED_TYPE = function(value) {
+    return {};
+};
+
+exports.MY_NOTHING = function(value) {
+
+};
+
+exports.MY_INVALID_SCOPING = function(value) {
+    return db; // not accessible
+};
+
+exports.MY_REQUIRE = function(value) {
+    require('./helper');
+};
diff --git a/test/user_functions.test.js b/test/user_functions.test.js
@@ -1,35 +1,22 @@
 var sqlite3 = require('..');
 var assert = require('assert');
+var path = require('path');
 
 describe('user functions', function() {
     var db;
     before(function(done) { db = new sqlite3.Database(':memory:', done); });
 
     it('should allow registration of user functions', function() {
-        db.registerFunction('MY_UPPERCASE', function(value) {
-            return value.toUpperCase();
-        });
-        db.registerFunction('MY_STRING_JOIN', function(value1, value2) {
-            return [value1, value2].join(' ');
-        });
-        db.registerFunction('MY_Add', function(value1, value2) {
-            return value1 + value2;
-        });
-        db.registerFunction('MY_REGEX', function(regex, value) {
-            return !!value.match(new RegExp(regex));
-        });
-        db.registerFunction('MY_REGEX_VALUE', function(regex, value) {
-            return /match things/i;
-        });
-        db.registerFunction('MY_ERROR', function(value) {
-            throw new Error('This function always throws');
-        });
-        db.registerFunction('MY_UNHANDLED_TYPE', function(value) {
-            return {};
-        });
-        db.registerFunction('MY_NOTHING', function(value) {
-
-        });
+        db.registerFunction('MY_UPPERCASE', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_STRING_JOIN', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_Add', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_REGEX', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_REGEX_VALUE', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_ERROR', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_UNHANDLED_TYPE', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_NOTHING', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_INVALID_SCOPING', path.join(__dirname, 'support/user_functions.js'));
+        db.registerFunction('MY_REQUIRE', path.join(__dirname, 'support/user_functions.js'));
     });
 
     it('should process user functions with one arg', function(done) {
@@ -103,5 +90,22 @@ describe('user functions', function() {
         });
     });
 
+    it('does not allow access to external scope', function(done) {
+        db.all('SELECT MY_INVALID_SCOPING() AS val', function(err, rows) {
+            assert.equal(err.message, 'SQLITE_ERROR: Uncaught ReferenceError: db is not defined');
+            assert.equal(rows, undefined);
+            done();
+        });
+    });
+
+    it('allows use of require', function(done) {
+        db.all('SELECT MY_REQUIRE() AS val', function(err, rows) {
+            if (err) throw err;
+            assert.equal(rows.length, 1);
+            assert.equal(rows[0].val, undefined);
+            done();
+        });
+    });
+
     after(function(done) { db.close(done); });
 });