Thread exec and mailer_send through ctx instead of importing directly
- actions.mjs no longer imports exec from helpers; uses ctx.exec instead - index.mjs builds ctx via make_ctx(), which injects dry-run stubs for exec and mailer_send when --dry-run is active - Handlers now run fully (including permission checks) in dry-run mode; only the actual side effects are stubbed out Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -2,7 +2,7 @@
|
|||||||
// policy: "auto-accept" | "auto-deny" | "queue"
|
// policy: "auto-accept" | "auto-deny" | "queue"
|
||||||
|
|
||||||
|
|
||||||
import { resolve_path, exec } from './helpers.mjs';
|
import { resolve_path } from './helpers.mjs';
|
||||||
import { check_can_approve } from './auth.mjs';
|
import { check_can_approve } from './auth.mjs';
|
||||||
|
|
||||||
export const actions = {
|
export const actions = {
|
||||||
@@ -24,7 +24,7 @@ export const actions = {
|
|||||||
description: "Open a file in the editor",
|
description: "Open a file in the editor",
|
||||||
params: [{ name: "filename", required: true, type: "path" }],
|
params: [{ name: "filename", required: true, type: "path" }],
|
||||||
policy: "auto-accept",
|
policy: "auto-accept",
|
||||||
handler: ({ filename }) => {
|
handler: ({ filename }, { exec }) => {
|
||||||
const resolved = resolve_path(filename);
|
const resolved = resolve_path(filename);
|
||||||
exec('subl3', [resolved]);
|
exec('subl3', [resolved]);
|
||||||
return { opened: resolved };
|
return { opened: resolved };
|
||||||
@@ -48,7 +48,7 @@ export const actions = {
|
|||||||
description: "Open a URL in the web browser",
|
description: "Open a URL in the web browser",
|
||||||
params: [{ name: "url", required: true, type: "string" }],
|
params: [{ name: "url", required: true, type: "string" }],
|
||||||
policy: "queue",
|
policy: "queue",
|
||||||
handler: ({ url }) => {
|
handler: ({ url }, { exec }) => {
|
||||||
const parsed = new URL(url);
|
const parsed = new URL(url);
|
||||||
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
|
||||||
throw new Error(`Disallowed protocol: ${parsed.protocol}`);
|
throw new Error(`Disallowed protocol: ${parsed.protocol}`);
|
||||||
@@ -62,7 +62,7 @@ export const actions = {
|
|||||||
description: "Open a terminal in a given directory",
|
description: "Open a terminal in a given directory",
|
||||||
params: [{ name: "path", required: false, type: "path" }],
|
params: [{ name: "path", required: false, type: "path" }],
|
||||||
policy: 'queue',
|
policy: 'queue',
|
||||||
handler: ({ path }) => {
|
handler: ({ path }, { exec }) => {
|
||||||
const resolved = resolve_path(path ?? 'workspace');
|
const resolved = resolve_path(path ?? 'workspace');
|
||||||
exec('konsole', ['--workdir', resolved, '-e', 'bash']);
|
exec('konsole', ['--workdir', resolved, '-e', 'bash']);
|
||||||
return { opened: resolved };
|
return { opened: resolved };
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import { enqueue, get_entry, list_pending, resolve } from './queue.mjs';
|
|||||||
import { load_secrets } from './secrets.mjs';
|
import { load_secrets } from './secrets.mjs';
|
||||||
import { create_auth_middleware, check_can_approve } from './auth.mjs';
|
import { create_auth_middleware, check_can_approve } from './auth.mjs';
|
||||||
import { create_mailer } from './mailer.mjs';
|
import { create_mailer } from './mailer.mjs';
|
||||||
|
import { exec as real_exec } from './helpers.mjs';
|
||||||
import { load_mail_perms } from './mail_perms.mjs';
|
import { load_mail_perms } from './mail_perms.mjs';
|
||||||
|
|
||||||
function get_arg(argv, flag) {
|
function get_arg(argv, flag) {
|
||||||
@@ -44,7 +45,7 @@ if (!mail_perms_path) {
|
|||||||
console.warn('Warning: --mail-perms not set; mail permissions will not persist across restarts');
|
console.warn('Warning: --mail-perms not set; mail permissions will not persist across restarts');
|
||||||
}
|
}
|
||||||
|
|
||||||
const mailer_send = create_mailer(smtp);
|
const real_mailer_send = create_mailer(smtp);
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
app.use(express.json({
|
app.use(express.json({
|
||||||
@@ -62,13 +63,17 @@ app.use((req, _res, next) => {
|
|||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
||||||
async function run_action(def, action, params, ctx) {
|
function make_ctx(caller) {
|
||||||
if (DRY_RUN) {
|
const exec = DRY_RUN
|
||||||
console.log(`[${ts()}] [DRY-RUN] action: ${action}`);
|
? (bin, args) => console.log(`[${ts()}] [DRY-RUN] exec: ${bin} ${JSON.stringify(args)}`)
|
||||||
console.log(`[${ts()}] [DRY-RUN] caller: ${ctx.caller}`);
|
: real_exec;
|
||||||
console.log(`[${ts()}] [DRY-RUN] params: ${JSON.stringify(params, null, 2)}`);
|
const mailer_send = DRY_RUN
|
||||||
return { dry_run: true, action, params };
|
? async (to, subject) => console.log(`[${ts()}] [DRY-RUN] send-mail: to=${to} subject=${JSON.stringify(subject)}`)
|
||||||
|
: real_mailer_send;
|
||||||
|
return { caller, users, mail_perm_store, exec, mailer_send };
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async function run_action(def, params, ctx) {
|
||||||
return def.handler(params, ctx);
|
return def.handler(params, ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -104,11 +109,11 @@ app.post('/action', async (req, res) => {
|
|||||||
return res.status(403).json({ status: 'denied', reason: 'Policy: auto-deny' });
|
return res.status(403).json({ status: 'denied', reason: 'Policy: auto-deny' });
|
||||||
}
|
}
|
||||||
|
|
||||||
const ctx = { caller: req.conduit_user, users, mail_perm_store, mailer_send };
|
const ctx = make_ctx(req.conduit_user);
|
||||||
|
|
||||||
if (def.policy === 'auto-accept') {
|
if (def.policy === 'auto-accept') {
|
||||||
try {
|
try {
|
||||||
const result = await run_action(def, action, params, ctx);
|
const result = await run_action(def, params, ctx);
|
||||||
return res.json({ status: 'accepted', result });
|
return res.json({ status: 'accepted', result });
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
return res.status(500).json({ status: 'error', error: err.message });
|
return res.status(500).json({ status: 'error', error: err.message });
|
||||||
@@ -142,10 +147,10 @@ app.post('/queue/:id/approve', async (req, res) => {
|
|||||||
entry.resolved_by = req.conduit_user;
|
entry.resolved_by = req.conduit_user;
|
||||||
resolve(req.params.id, 'approved');
|
resolve(req.params.id, 'approved');
|
||||||
|
|
||||||
const ctx = { caller: entry.submitted_by, users, mail_perm_store, mailer_send };
|
const ctx = make_ctx(entry.submitted_by);
|
||||||
const def = actions[entry.action];
|
const def = actions[entry.action];
|
||||||
try {
|
try {
|
||||||
const result = await run_action(def, entry.action, entry.params, ctx);
|
const result = await run_action(def, entry.params, ctx);
|
||||||
res.json({ status: 'approved', result });
|
res.json({ status: 'approved', result });
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
res.status(500).json({ status: 'error', error: err.message });
|
res.status(500).json({ status: 'error', error: err.message });
|
||||||
|
|||||||
Reference in New Issue
Block a user