Run the custom policy in a worker for security

2025-12-19 06:24:21 +01:00 · 2024-05-15 20:19:49 -05:00
parent 6a1b8b0943
commit 9e9ab40886
8 changed files with 53 additions and 7 deletions
--- a/src/workers/policy.ts
+++ b/src/workers/policy.ts
@@ -0,0 +1,23 @@
+import * as Comlink from 'comlink';
+
+import { Conf } from '@/config.ts';
+import type { CustomPolicy } from '@/workers/policy.worker.ts';
+
+const policyDir = new URL('../../data/policy', import.meta.url).pathname;
+
+export const policyWorker = Comlink.wrap<CustomPolicy>(
+  new Worker(
+    new URL('./policy.worker.ts', import.meta.url),
+    {
+      type: 'module',
+      deno: {
+        permissions: {
+          read: [Conf.policy, policyDir],
+          write: [policyDir],
+          net: 'inherit',
+          env: false,
+        },
+      },
+    },
+  ),
+);