TC
/
arozos-mirror
镜像来自 https://github.com/tobychui/arozos


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287
							package agi

import (
	"encoding/json"
	"errors"
	"fmt"
	"net/http"
	"os"
	"path/filepath"

	"github.com/robertkrimen/otto"
	"imuslab.com/arozos/mod/agi/static"
	"imuslab.com/arozos/mod/filesystem"
	"imuslab.com/arozos/mod/filesystem/arozfs"
	"imuslab.com/arozos/mod/info/logger"
	user "imuslab.com/arozos/mod/user"
)

// Inject user based functions into the virtual machine
// Note that the fsh might be nil and scriptPath must be real path of script being executed
// **Use local file system check if fsh == nil**
func (g *Gateway) injectUserFunctions(vm *otto.Otto, fsh *filesystem.FileSystemHandler, scriptPath string, scriptScope string, u *user.User, w http.ResponseWriter, r *http.Request) {
	username := u.Username
	vm.Set("USERNAME", username)
	vm.Set("USERICON", u.GetUserIcon())
	vm.Set("USERQUOTA_TOTAL", u.StorageQuota.TotalStorageQuota)
	vm.Set("USERQUOTA_USED", u.StorageQuota.UsedStorageQuota)
	vm.Set("USER_VROOTS", u.GetAllAccessibleFileSystemHandler())
	vm.Set("USER_MODULES", u.GetUserAccessibleModules())

	//File system and path related
	vm.Set("decodeVirtualPath", func(call otto.FunctionCall) otto.Value {
		logger.PrintAndLog("Agi", "Call to deprecated function decodeVirtualPath", nil)
		return otto.FalseValue()
	})

	vm.Set("decodeAbsoluteVirtualPath", func(call otto.FunctionCall) otto.Value {
		logger.PrintAndLog("Agi", "Call to deprecated function decodeAbsoluteVirtualPath", nil)
		return otto.FalseValue()
	})

	vm.Set("encodeRealPath", func(call otto.FunctionCall) otto.Value {
		logger.PrintAndLog("Agi", "Call to deprecated function encodeRealPath", nil)
		return otto.FalseValue()
	})

	//Check if a given virtual path is readonly
	vm.Set("pathCanWrite", func(call otto.FunctionCall) otto.Value {
		vpath, _ := call.Argument(0).ToString()
		if u.CanWrite(vpath) {
			return otto.TrueValue()
		} else {
			return otto.FalseValue()
		}
	})

	//Permission related
	vm.Set("getUserPermissionGroup", func(call otto.FunctionCall) otto.Value {
		groupinfo := u.GetUserPermissionGroup()
		jsonString, _ := json.Marshal(groupinfo)
		reply, _ := vm.ToValue(string(jsonString))
		return reply
	})

	vm.Set("userIsAdmin", func(call otto.FunctionCall) otto.Value {
		reply, _ := vm.ToValue(u.IsAdmin())
		return reply
	})

	//User Account Related
	/*
		userExists(username);
	*/
	vm.Set("userExists", func(call otto.FunctionCall) otto.Value {
		if u.IsAdmin() {
			//Get username from function paramter
			username, err := call.Argument(0).ToString()
			if err != nil || username == "undefined" {
				g.RaiseError(errors.New("username is undefined"))
				reply, _ := vm.ToValue(nil)
				return reply
			}

			//Check if user exists
			userExists := u.Parent().GetAuthAgent().UserExists(username)
			if userExists {
				return otto.TrueValue()
			} else {
				return otto.FalseValue()
			}

		} else {
			g.RaiseError(errors.New("Permission Denied: userExists require admin permission"))
			return otto.FalseValue()
		}

	})

	/*
		createUser(username, password, defaultGroup);
	*/
	vm.Set("createUser", func(call otto.FunctionCall) otto.Value {
		if u.IsAdmin() {
			//Ok. Create user base on given information
			username, err := call.Argument(0).ToString()
			if err != nil || username == "undefined" {
				g.RaiseError(errors.New("username is undefined"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			password, err := call.Argument(1).ToString()
			if err != nil || password == "undefined" {
				g.RaiseError(errors.New("password is undefined"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			defaultGroup, err := call.Argument(2).ToString()
			if err != nil || defaultGroup == "undefined" {
				g.RaiseError(errors.New("defaultGroup is undefined"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			//Check if username already used
			userExists := u.Parent().GetAuthAgent().UserExists(username)
			if userExists {
				g.RaiseError(errors.New("Username already exists"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			//Check if the given permission group exists
			groupExists := u.Parent().GetPermissionHandler().GroupExists(defaultGroup)
			if !groupExists {
				g.RaiseError(errors.New(defaultGroup + " user-group not exists"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			//Create the user
			err = u.Parent().GetAuthAgent().CreateUserAccount(username, password, []string{defaultGroup})

			if err != nil {
				g.RaiseError(errors.New("User creation failed: " + err.Error()))
				reply, _ := vm.ToValue(false)
				return reply
			}

			return otto.TrueValue()
		} else {
			g.RaiseError(errors.New("Permission Denied: createUser require admin permission"))
			return otto.FalseValue()
		}

	})

	vm.Set("editUser", func(call otto.FunctionCall) otto.Value {
		if u.IsAdmin() {

		} else {
			g.RaiseError(errors.New("Permission Denied: editUser require admin permission"))
			return otto.FalseValue()
		}
		//libname, err := call.Argument(0).ToString()
		return otto.FalseValue()
	})

	/*
		removeUser(username)
	*/
	vm.Set("removeUser", func(call otto.FunctionCall) otto.Value {
		if u.IsAdmin() {
			//Get username from function paramters
			username, err := call.Argument(0).ToString()
			if err != nil || username == "undefined" {
				g.RaiseError(errors.New("username is undefined"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			//Check if the user exists
			userExists := u.Parent().GetAuthAgent().UserExists(username)
			if !userExists {
				g.RaiseError(errors.New(username + " not exists"))
				reply, _ := vm.ToValue(false)
				return reply
			}

			//User exists. Remove it from the system
			err = u.Parent().GetAuthAgent().UnregisterUser(username)
			if err != nil {
				g.RaiseError(errors.New("User removal failed: " + err.Error()))
				reply, _ := vm.ToValue(false)
				return reply
			}

			return otto.TrueValue()
		} else {
			g.RaiseError(errors.New("Permission Denied: removeUser require admin permission"))
			return otto.FalseValue()
		}
	})

	//Allow real time library includsion into the virtual machine
	vm.Set("requirelib", func(call otto.FunctionCall) otto.Value {
		libname, err := call.Argument(0).ToString()
		if err != nil {
			g.RaiseError(err)
			reply, _ := vm.ToValue(nil)
			return reply
		}

		//Handle special case on high level libraries
		if libname == "websocket" && w != nil && r != nil {
			g.injectWebSocketFunctions(vm, u, w, r)
			return otto.TrueValue()
		} else {
			//Check if the library name exists. If yes, run the initiation script on the vm
			if entryPoint, ok := g.LoadedAGILibrary[libname]; ok {
				entryPoint(&static.AgiLibInjectionPayload{
					VM:         vm,
					User:       u,
					ScriptFsh:  fsh,
					ScriptPath: scriptPath,
					Writer:     w,
					Request:    r,
				})
				return otto.TrueValue()
			} else {
				//Lib not exists
				logger.PrintAndLog("Agi", "Lib not found: "+libname, nil)
				return otto.FalseValue()
			}
		}
	})

	//Execd (Execute & detach) run another script and detach the execution
	vm.Set("execd", func(call otto.FunctionCall) otto.Value {
		//Check if the pkg is already registered
		scriptName, err := call.Argument(0).ToString()
		if err != nil {
			g.RaiseError(err)
			return otto.FalseValue()
		}

		//Carry the payload to the forked process if there are any
		payload, _ := call.Argument(1).ToString()

		//Check if the script file exists
		targetScriptPath := arozfs.ToSlash(filepath.Join(filepath.Dir(scriptPath), scriptName))
		if fsh != nil {
			if !fsh.FileSystemAbstraction.FileExists(targetScriptPath) {
				g.RaiseError(errors.New("[AGI] Target path not exists!"))
				return otto.FalseValue()
			}
		} else {
			if !filesystem.FileExists(targetScriptPath) {
				g.RaiseError(errors.New("[AGI] Target path not exists!"))
				return otto.FalseValue()
			}
		}

		//Run the script
		scriptContent, _ := os.ReadFile(targetScriptPath)
		go func() {
			//Create a new VM to execute the script (also for isolation)
			vm := otto.New()
			//Inject standard libs into the vm
			g.injectStandardLibs(vm, scriptPath, scriptScope)
			g.injectUserFunctions(vm, fsh, scriptPath, scriptScope, u, w, r)

			vm.Set("PARENT_DETACHED", true)
			vm.Set("PARENT_PAYLOAD", payload)
			_, err = vm.Run(string(scriptContent))
			if err != nil {
				//Script execution failed
				logger.PrintAndLog("Agi", fmt.Sprint("Script Execution Failed: ", err.Error()), nil)
				g.RaiseError(err)
			}
		}()

		return otto.TrueValue()
	})

}