agi.go 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438
  1. package agi
  2. import (
  3. "encoding/json"
  4. "errors"
  5. "io"
  6. "io/ioutil"
  7. "log"
  8. "net/http"
  9. "os"
  10. "path/filepath"
  11. "strings"
  12. "time"
  13. "github.com/robertkrimen/otto"
  14. uuid "github.com/satori/go.uuid"
  15. apt "imuslab.com/arozos/mod/apt"
  16. "imuslab.com/arozos/mod/filesystem"
  17. metadata "imuslab.com/arozos/mod/filesystem/metadata"
  18. "imuslab.com/arozos/mod/iot"
  19. "imuslab.com/arozos/mod/share"
  20. "imuslab.com/arozos/mod/time/nightly"
  21. user "imuslab.com/arozos/mod/user"
  22. )
  23. /*
  24. ArOZ Online Javascript Gateway Interface (AGI)
  25. author: tobychui
  26. This script load plugins written in Javascript and run them in VM inside golang
  27. DO NOT CONFUSE PLUGIN WITH SUBSERVICE :))
  28. */
  29. var (
  30. AgiVersion string = "2.0" //Defination of the agi runtime version. Update this when new function is added
  31. //AGI Internal Error Standard
  32. exitcall = errors.New("Exit")
  33. timelimit = errors.New("Timelimit")
  34. )
  35. type AgiLibIntergface func(*otto.Otto, *user.User) //Define the lib loader interface for AGI Libraries
  36. type AgiPackage struct {
  37. InitRoot string //The initialization of the root for the module that request this package
  38. }
  39. type AgiSysInfo struct {
  40. //System information
  41. BuildVersion string
  42. InternalVersion string
  43. LoadedModule []string
  44. //System Handlers
  45. UserHandler *user.UserHandler
  46. ReservedTables []string
  47. PackageManager *apt.AptPackageManager
  48. ModuleRegisterParser func(string) error
  49. FileSystemRender *metadata.RenderHandler
  50. IotManager *iot.Manager
  51. ShareManager *share.Manager
  52. NightlyManager *nightly.TaskManager
  53. //Scanning Roots
  54. StartupRoot string
  55. ActivateScope []string
  56. TempFolderPath string
  57. }
  58. type Gateway struct {
  59. ReservedTables []string
  60. NightlyScripts []string
  61. AllowAccessPkgs map[string][]AgiPackage
  62. LoadedAGILibrary map[string]AgiLibIntergface
  63. Option *AgiSysInfo
  64. }
  65. func NewGateway(option AgiSysInfo) (*Gateway, error) {
  66. //Handle startup registration of ajgi modules
  67. gatewayObject := Gateway{
  68. ReservedTables: option.ReservedTables,
  69. NightlyScripts: []string{},
  70. AllowAccessPkgs: map[string][]AgiPackage{},
  71. LoadedAGILibrary: map[string]AgiLibIntergface{},
  72. Option: &option,
  73. }
  74. //Start all WebApps Registration
  75. gatewayObject.InitiateAllWebAppModules()
  76. gatewayObject.RegisterNightlyOperations()
  77. //Load all the other libs entry points into the memoary
  78. gatewayObject.ImageLibRegister()
  79. gatewayObject.FileLibRegister()
  80. gatewayObject.HTTPLibRegister()
  81. gatewayObject.ShareLibRegister()
  82. gatewayObject.IoTLibRegister()
  83. gatewayObject.AppdataLibRegister()
  84. return &gatewayObject, nil
  85. }
  86. func (g *Gateway) RegisterNightlyOperations() {
  87. g.Option.NightlyManager.RegisterNightlyTask(func() {
  88. //This function will execute nightly
  89. for _, scriptFile := range g.NightlyScripts {
  90. if isValidAGIScript(scriptFile) {
  91. //Valid script file. Execute it with system
  92. for _, username := range g.Option.UserHandler.GetAuthAgent().ListUsers() {
  93. userinfo, err := g.Option.UserHandler.GetUserInfoFromUsername(username)
  94. if err != nil {
  95. continue
  96. }
  97. if checkUserAccessToScript(userinfo, scriptFile, "") {
  98. //This user can access the module that provide this script.
  99. //Execute this script on his account.
  100. log.Println("[AGI_Nightly] WIP (" + scriptFile + ")")
  101. }
  102. }
  103. } else {
  104. //Invalid script. Skipping
  105. log.Println("[AGI_Nightly] Invalid script file: " + scriptFile)
  106. }
  107. }
  108. })
  109. }
  110. func (g *Gateway) InitiateAllWebAppModules() {
  111. startupScripts, _ := filepath.Glob(filepath.ToSlash(filepath.Clean(g.Option.StartupRoot)) + "/*/init.agi")
  112. for _, script := range startupScripts {
  113. scriptContentByte, _ := ioutil.ReadFile(script)
  114. scriptContent := string(scriptContentByte)
  115. log.Println("[AGI] Gateway script loaded (" + script + ")")
  116. //Create a new vm for this request
  117. vm := otto.New()
  118. //Only allow non user based operations
  119. g.injectStandardLibs(vm, script, "./web/")
  120. _, err := vm.Run(scriptContent)
  121. if err != nil {
  122. log.Println("[AGI] Load Failed: " + script + ". Skipping.")
  123. log.Println(err)
  124. continue
  125. }
  126. }
  127. }
  128. func (g *Gateway) RunScript(script string) error {
  129. //Create a new vm for this request
  130. vm := otto.New()
  131. //Only allow non user based operations
  132. g.injectStandardLibs(vm, "", "./web/")
  133. _, err := vm.Run(script)
  134. if err != nil {
  135. log.Println("[AGI] Script Execution Failed: ", err.Error())
  136. return err
  137. }
  138. return nil
  139. }
  140. func (g *Gateway) RegisterLib(libname string, entryPoint AgiLibIntergface) error {
  141. _, ok := g.LoadedAGILibrary[libname]
  142. if ok {
  143. //This lib already registered. Return error
  144. return errors.New("This library name already registered")
  145. } else {
  146. g.LoadedAGILibrary[libname] = entryPoint
  147. }
  148. return nil
  149. }
  150. func (g *Gateway) raiseError(err error) {
  151. log.Println("[AGI] Runtime Error " + err.Error())
  152. //To be implemented
  153. }
  154. //Check if this table is restricted table. Return true if the access is valid
  155. func (g *Gateway) filterDBTable(tablename string, existsCheck bool) bool {
  156. //Check if table is restricted
  157. if stringInSlice(tablename, g.ReservedTables) {
  158. return false
  159. }
  160. //Check if table exists
  161. if existsCheck {
  162. if !g.Option.UserHandler.GetDatabase().TableExists(tablename) {
  163. return false
  164. }
  165. }
  166. return true
  167. }
  168. //Handle request from RESTFUL API
  169. func (g *Gateway) APIHandler(w http.ResponseWriter, r *http.Request, thisuser *user.User) {
  170. scriptContent, err := mv(r, "script", true)
  171. if err != nil {
  172. w.WriteHeader(http.StatusBadRequest)
  173. w.Write([]byte("400 - Bad Request (Missing script content)"))
  174. return
  175. }
  176. g.ExecuteAGIScript(scriptContent, "", "", w, r, thisuser)
  177. }
  178. //Handle user requests
  179. func (g *Gateway) InterfaceHandler(w http.ResponseWriter, r *http.Request, thisuser *user.User) {
  180. //Get user object from the request
  181. startupRoot := g.Option.StartupRoot
  182. startupRoot = filepath.ToSlash(filepath.Clean(startupRoot))
  183. //Get the script files for the plugin
  184. scriptFile, err := mv(r, "script", false)
  185. if err != nil {
  186. sendErrorResponse(w, "Invalid script path")
  187. return
  188. }
  189. scriptFile = specialURIDecode(scriptFile)
  190. //Check if the script path exists
  191. scriptExists := false
  192. scriptScope := "./web/"
  193. for _, thisScope := range g.Option.ActivateScope {
  194. thisScope = filepath.ToSlash(filepath.Clean(thisScope))
  195. if fileExists(thisScope + "/" + scriptFile) {
  196. scriptExists = true
  197. scriptFile = thisScope + "/" + scriptFile
  198. scriptScope = thisScope
  199. }
  200. }
  201. if !scriptExists {
  202. sendErrorResponse(w, "Script not found")
  203. return
  204. }
  205. //Check for user permission on this module
  206. moduleName := getScriptRoot(scriptFile, scriptScope)
  207. if !thisuser.GetModuleAccessPermission(moduleName) {
  208. w.WriteHeader(http.StatusForbidden)
  209. if g.Option.BuildVersion == "development" {
  210. w.Write([]byte("Permission denied: User do not have permission to access " + moduleName))
  211. } else {
  212. w.Write([]byte("403 Forbidden"))
  213. }
  214. return
  215. }
  216. //Check the given file is actually agi script
  217. if !(filepath.Ext(scriptFile) == ".agi" || filepath.Ext(scriptFile) == ".js") {
  218. w.WriteHeader(http.StatusForbidden)
  219. if g.Option.BuildVersion == "development" {
  220. w.Write([]byte("AGI script must have file extension of .agi or .js"))
  221. } else {
  222. w.Write([]byte("403 Forbidden"))
  223. }
  224. return
  225. }
  226. //Get the content of the script
  227. scriptContentByte, _ := ioutil.ReadFile(scriptFile)
  228. scriptContent := string(scriptContentByte)
  229. g.ExecuteAGIScript(scriptContent, scriptFile, scriptScope, w, r, thisuser)
  230. }
  231. /*
  232. Executing the given AGI Script contents. Requires:
  233. scriptContent: The AGI command sequence
  234. scriptFile: The filepath of the script file
  235. scriptScope: The scope of the script file, aka the module base path
  236. w / r : Web request and response writer
  237. thisuser: userObject
  238. */
  239. func (g *Gateway) ExecuteAGIScript(scriptContent string, scriptFile string, scriptScope string, w http.ResponseWriter, r *http.Request, thisuser *user.User) {
  240. //Create a new vm for this request
  241. vm := otto.New()
  242. //Inject standard libs into the vm
  243. g.injectStandardLibs(vm, scriptFile, scriptScope)
  244. g.injectUserFunctions(vm, scriptFile, scriptScope, thisuser, w, r)
  245. //Detect cotent type
  246. contentType := r.Header.Get("Content-type")
  247. if strings.Contains(contentType, "application/json") {
  248. //For shitty people who use Angular
  249. body, _ := ioutil.ReadAll(r.Body)
  250. fields := map[string]interface{}{}
  251. json.Unmarshal(body, &fields)
  252. for k, v := range fields {
  253. vm.Set(k, v)
  254. }
  255. vm.Set("POST_data", string(body))
  256. } else {
  257. r.ParseForm()
  258. //Insert all paramters into the vm
  259. for k, v := range r.PostForm {
  260. if len(v) == 1 {
  261. vm.Set(k, v[0])
  262. } else {
  263. vm.Set(k, v)
  264. }
  265. }
  266. }
  267. _, err := vm.Run(scriptContent)
  268. if err != nil {
  269. scriptpath, _ := filepath.Abs(scriptFile)
  270. g.RenderErrorTemplate(w, err.Error(), scriptpath)
  271. return
  272. }
  273. //Get the return valu from the script
  274. value, err := vm.Get("HTTP_RESP")
  275. if err != nil {
  276. sendTextResponse(w, "")
  277. return
  278. }
  279. valueString, err := value.ToString()
  280. //Get respond header type from the vm
  281. header, _ := vm.Get("HTTP_HEADER")
  282. headerString, _ := header.ToString()
  283. if headerString != "" {
  284. w.Header().Set("Content-Type", headerString)
  285. }
  286. w.Write([]byte(valueString))
  287. }
  288. /*
  289. Execute AGI script with given user information
  290. Pass in http.Request pointer to enable serverless GET / POST request
  291. */
  292. func (g *Gateway) ExecuteAGIScriptAsUser(scriptFile string, targetUser *user.User, r *http.Request) (string, error) {
  293. //Create a new vm for this request
  294. vm := otto.New()
  295. //Inject standard libs into the vm
  296. g.injectStandardLibs(vm, scriptFile, "")
  297. g.injectUserFunctions(vm, scriptFile, "", targetUser, nil, nil)
  298. if r != nil {
  299. //Inject serverless script to enable access to GET / POST paramters
  300. g.injectServerlessFunctions(vm, scriptFile, "", targetUser, r)
  301. }
  302. //Inject interrupt Channel
  303. vm.Interrupt = make(chan func(), 1)
  304. //Create a panic recovery logic
  305. defer func() {
  306. if caught := recover(); caught != nil {
  307. if caught == timelimit {
  308. log.Println("[AGI] Execution timeout: " + scriptFile)
  309. return
  310. } else if caught == exitcall {
  311. //Exit gracefully
  312. return
  313. } else {
  314. panic(caught)
  315. }
  316. }
  317. }()
  318. //Create a max runtime of 5 minutes
  319. go func() {
  320. time.Sleep(300 * time.Second) // Stop after 300 seconds
  321. vm.Interrupt <- func() {
  322. panic(timelimit)
  323. }
  324. }()
  325. //Try to read the script content
  326. scriptContent, err := ioutil.ReadFile(scriptFile)
  327. if err != nil {
  328. return "", err
  329. }
  330. _, err = vm.Run(scriptContent)
  331. if err != nil {
  332. return "", err
  333. }
  334. //Get the return value from the script
  335. value, err := vm.Get("HTTP_RESP")
  336. if err != nil {
  337. return "", err
  338. }
  339. valueString, err := value.ToString()
  340. return valueString, nil
  341. }
  342. /*
  343. Get user specific tmp filepath for buffering remote file. Return filepath and closer
  344. tempFilepath, closerFunction := g.getUserSpecificTempFilePath(u, "myfile.txt")
  345. //Do something with it, after done
  346. closerFunction();
  347. */
  348. func (g *Gateway) getUserSpecificTempFilePath(u *user.User, filename string) (string, func()) {
  349. uuid := uuid.NewV4().String()
  350. tmpFileLocation := filepath.Join(g.Option.TempFolderPath, "agiBuff", u.Username, uuid, filepath.Base(filename))
  351. os.MkdirAll(filepath.Dir(tmpFileLocation), 0775)
  352. return tmpFileLocation, func() {
  353. os.RemoveAll(filepath.Dir(tmpFileLocation))
  354. }
  355. }
  356. /*
  357. Buffer remote reosurces to local by fsh and rpath. Return buffer filepath on local device and its closer function
  358. */
  359. func (g *Gateway) bufferRemoteResourcesToLocal(fsh *filesystem.FileSystemHandler, u *user.User, rpath string) (string, func(), error) {
  360. buffFile, closerFunc := g.getUserSpecificTempFilePath(u, rpath)
  361. f, err := fsh.FileSystemAbstraction.ReadStream(rpath)
  362. if err != nil {
  363. return "", nil, err
  364. }
  365. defer f.Close()
  366. dest, err := os.OpenFile(buffFile, os.O_CREATE|os.O_RDWR, 0775)
  367. if err != nil {
  368. return "", nil, err
  369. }
  370. io.Copy(dest, f)
  371. dest.Close()
  372. return buffFile, func() {
  373. closerFunc()
  374. }, nil
  375. }