Ensure that JavaScript code accessing process.env doesn't immediate…

…ly crash
heroiclabs · Aug 23, 2022 · 339f726 · 339f726
1 parent e81d148
commit 339f726
Show file tree

Hide file tree

Showing 9 changed files with 517 additions and 0 deletions.
diff --git a/go.mod b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/blugelabs/bluge_segment_api v0.2.0
 	github.com/blugelabs/query_string v0.3.0
 	github.com/dop251/goja v0.0.0-20220806120448-1444e6b94559
+	github.com/dop251/goja_nodejs v0.0.0-20220808115320-bac29516aae9
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/golang-jwt/jwt/v4 v4.1.0
 	github.com/gorilla/handlers v1.5.1

diff --git a/go.sum b/go.sum
@@ -143,6 +143,8 @@ github.com/dop251/goja v0.0.0-20220806120448-1444e6b94559 h1:S3U65m9SN2p5CJpT3CD
 github.com/dop251/goja v0.0.0-20220806120448-1444e6b94559/go.mod h1:1jWwHOtOkEqsfX6tYsufUc7BBTuGHH2ekiJabpkN4CA=
 github.com/dop251/goja_nodejs v0.0.0-20210225215109-d91c329300e7/go.mod h1:hn7BA7c8pLvoGndExHudxTDKZ84Pyvv+90pbBjbTz0Y=
 github.com/dop251/goja_nodejs v0.0.0-20211022123610-8dd9abb0616d/go.mod h1:DngW8aVqWbuLRMHItjPUyqdj+HWPvnQe8V8y1nDpIbM=
+github.com/dop251/goja_nodejs v0.0.0-20220808115320-bac29516aae9 h1:7nszERfxMR5Gyw+M21EbrZZyTtVbRhNdRmtW/Vr3hzc=
+github.com/dop251/goja_nodejs v0.0.0-20220808115320-bac29516aae9/go.mod h1:DngW8aVqWbuLRMHItjPUyqdj+HWPvnQe8V8y1nDpIbM=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=

diff --git a/server/runtime_javascript.go b/server/runtime_javascript.go
@@ -28,6 +28,7 @@ import (
 
 	"github.com/dop251/goja"
 	"github.com/dop251/goja/ast"
+	"github.com/dop251/goja_nodejs/process"
 	"github.com/gofrs/uuid"
 	"github.com/heroiclabs/nakama-common/api"
 	"github.com/heroiclabs/nakama-common/rtapi"
@@ -1605,6 +1606,12 @@ func NewRuntimeProviderJS(logger, startupLogger *zap.Logger, db *sql.DB, protojs
 	runtimeProviderJS.newFn = func() *RuntimeJS {
 		runtime := goja.New()
 
+		// Quite a few JavaScript that were originally written with node.js
+		// in mind test for something like `process.env.NODE_ENV === "production"`.
+		// The goja_nodejs libraries provide a subset of the node.js API to
+		// mitigate these issues.
+		process.Enable(runtime)
+
 		runtime.RunProgram(modCache.Modules[modCache.Names[0]].Program)
 		freezeGlobalObject(config, runtime)
 

diff --git a/server/runtime_javascript_test.go b/server/runtime_javascript_test.go
@@ -112,3 +112,13 @@ m.get('a');
 		}
 	})
 }
+
+func TestMinimalProcessEnv(t *testing.T) {
+	vm := goja.New()
+
+	_, err := vm.RunString("if (process.env.NODE_ENV === 'production') { }")
+
+	if err != nil {
+		t.Fatal("Legit code involving process.env failed")
+	}
+}
diff --git a/vendor/github.com/dop251/goja_nodejs/LICENSE b/vendor/github.com/dop251/goja_nodejs/LICENSE
diff --git a/vendor/github.com/dop251/goja_nodejs/process/module.go b/vendor/github.com/dop251/goja_nodejs/process/module.go
diff --git a/vendor/github.com/dop251/goja_nodejs/require/module.go b/vendor/github.com/dop251/goja_nodejs/require/module.go