Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Initial Implementation #1

Merged
merged 2 commits into from
May 8, 2024
Merged

Initial Implementation #1

merged 2 commits into from
May 8, 2024

Conversation

maxmcd
Copy link
Member

@maxmcd maxmcd commented Apr 15, 2024

No description provided.

@maxmcd maxmcd requested review from tmcw and removed request for tmcw April 15, 2024 22:56
tmcw
tmcw reviewed Apr 15, 2024
View reviewed changes
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
tmcw
tmcw approved these changes Apr 16, 2024
View reviewed changes
src/DenoHTTPWorker.ts Outdated
};

class DenoHTTPWorker {
private _httpSession: http2.ClientHttp2Session;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are both TypeScript and JavaScript versions of private properties - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes/Private_properties - TypeScript's are just forbidding your own code from accessing the "private" variable whereas JavaScript's make it really private - probably we should prefer JavaScript private.

@maxmcd maxmcd force-pushed the initial branch 2 times, most recently from 453cce8 to 95f52c2 Compare April 18, 2024 22:43
@maxmcd
Copy link
Member Author

maxmcd commented Apr 30, 2024

@tmcw requesting re-review on this one.

A note on a change since your last review:
After the initial version and Andre's comment about security on the listener I tried to find a way to ensure that the Deno server could be connected to by the host, but then would not serve requests to someone else trying to connect.

Deno actually makes this pretty easy. You can do the following and only accept a single connection:

const server = Deno.listen({
  hostname: "0.0.0.0",
  port: 0,
});

// Accept the first connection and serve HTTP.
const conn = await server.accept();
const httpConn = Deno.serveHttp(conn);
for await (const requestEvent of httpConn) {
  // Handle the HTTP request event.
}

// Close the server to reject all future connections.
server.close();

The issue here is that using the Deno.serveHttp prints a deprecation notice because it is planned for removal. I've asked about alternatives, but it seems there's no way to do this with non-deprecated APIs at the moment.

This would not be a big deal, but Deno prints a warning in the logs:

warning: Use of deprecated "Deno.serveHttp()" API. This API will be removed in Deno 2. Run again with DENO_VERBOSE_WARNINGS=1 to get more details.

This can be disabled with --quiet, but that would disable all warnings that might be helpful for users.

I guess we could clean it from the logs ourself. I'm going to explore using unix sockets as an alternative because it might skip this issue and provide additional security, but fyi this is the state of the lib for now.

@maxmcd maxmcd requested a review from tmcw April 30, 2024 17:57
tmcw
tmcw reviewed Apr 30, 2024
View reviewed changes
Copy link
Member

@tmcw tmcw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will read the rest of this in a bit, but pushing comments now just to keep the ball rolling

deno-bootstrap/index.ts
Comment on lines +21 to +16
const handler = await import(importURL);
if (!handler.default) {
throw new Error("No default export found in script.");
}
if (typeof handler.default !== "function") {
throw new Error("Default export is not a function.");
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'd still have a guest.ts or similar, right, because we have different rules for exports there - the first import is taken and it doesn't have to be default.

Copy link
Member Author

@maxmcd maxmcd May 1, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok yes, I was going to ask you about this. Correct we'd still have guest.ts. I just wrote up something that worked, but wasn't sure what might be best here. I'll extend it to support the first export as well? Or just leave it as-is because at this layer it's just whatever works for us?

src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
tmcw
tmcw reviewed Apr 30, 2024
View reviewed changes
src/DenoHTTPWorker.ts Outdated Show resolved Hide resolved
@maxmcd maxmcd merged commit 8581fff into main May 8, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmcw tmcw tmcw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maxmcd @tmcw