bext_plugin_quickjs/

api.rs

//! JS API surface exposed to QuickJS plugins.
//!
//! Registers `console.*` and `bext.*` globals that bridge to the host's
//! sandbox infrastructure (storage, fetch, config, metrics).

use bext_plugin_api::types::SandboxPermissions;
use rquickjs::{Ctx, Function, Object, Result as JsResult};
use std::path::PathBuf;
use std::sync::{Arc, Mutex};

/// Shared host state accessible from JS callbacks.
pub(crate) struct HostBridge {
    pub plugin_id: String,
    pub permissions: SandboxPermissions,
    pub storage_dir: PathBuf,
    pub config: serde_json::Value,
    pub fetch_limiter: Mutex<FetchLimiter>,
    pub storage_bytes: Mutex<u64>,
}

pub(crate) struct FetchLimiter {
    tokens: u32,
    max_tokens: u32,
    last_refill: std::time::Instant,
}

impl FetchLimiter {
    pub fn new(max_per_minute: u32) -> Self {
        Self {
            tokens: max_per_minute,
            max_tokens: max_per_minute,
            last_refill: std::time::Instant::now(),
        }
    }

    pub fn try_acquire(&mut self) -> bool {
        let elapsed = self.last_refill.elapsed();
        if elapsed >= std::time::Duration::from_secs(60) {
            self.tokens = self.max_tokens;
            self.last_refill = std::time::Instant::now();
        }
        if self.tokens > 0 {
            self.tokens -= 1;
            true
        } else {
            false
        }
    }
}

impl HostBridge {
    pub fn new(
        plugin_id: String,
        permissions: SandboxPermissions,
        storage_root: &std::path::Path,
        config: serde_json::Value,
    ) -> Self {
        let storage_dir = storage_root.join(&plugin_id);
        Self {
            plugin_id,
            permissions: permissions.clone(),
            storage_dir,
            config,
            fetch_limiter: Mutex::new(FetchLimiter::new(permissions.max_fetch_per_minute)),
            storage_bytes: Mutex::new(0),
        }
    }

    fn is_url_allowed(&self, url: &str) -> bool {
        if self.permissions.allowed_urls.is_empty() {
            return false;
        }
        self.permissions
            .allowed_urls
            .iter()
            .any(|p| glob_match(p, url))
    }

    fn try_fetch(&self) -> bool {
        self.fetch_limiter
            .lock()
            .unwrap_or_else(|e| e.into_inner())
            .try_acquire()
    }

    fn check_storage_quota(&self, additional: u64) -> bool {
        let current = self.storage_bytes.lock().unwrap_or_else(|e| e.into_inner());
        *current + additional <= self.permissions.storage_quota_kb * 1024
    }

    fn record_storage(&self, bytes: u64) {
        let mut current = self.storage_bytes.lock().unwrap_or_else(|e| e.into_inner());
        *current += bytes;
    }

    fn sanitize_key(key: &str) -> Option<&str> {
        if key.contains("..") || key.contains('/') || key.contains('\\') || key.contains('\0') {
            None
        } else {
            Some(key)
        }
    }
}

/// Register `console` and `bext` globals on the given JS context.
pub(crate) fn register_globals(ctx: &Ctx<'_>, bridge: Arc<HostBridge>) -> JsResult<()> {
    let globals = ctx.globals();

    // ── console.* ─────────────────────────────────────────────────
    let console = Object::new(ctx.clone())?;
    {
        let id = bridge.plugin_id.clone();
        console.set(
            "log",
            Function::new(ctx.clone(), move |msg: String| {
                tracing::info!(plugin = %id, "{}", msg);
            }),
        )?;
    }
    {
        let id = bridge.plugin_id.clone();
        console.set(
            "warn",
            Function::new(ctx.clone(), move |msg: String| {
                tracing::warn!(plugin = %id, "{}", msg);
            }),
        )?;
    }
    {
        let id = bridge.plugin_id.clone();
        console.set(
            "error",
            Function::new(ctx.clone(), move |msg: String| {
                tracing::error!(plugin = %id, "{}", msg);
            }),
        )?;
    }
    {
        let id = bridge.plugin_id.clone();
        console.set(
            "info",
            Function::new(ctx.clone(), move |msg: String| {
                tracing::info!(plugin = %id, "{}", msg);
            }),
        )?;
    }
    {
        let id = bridge.plugin_id.clone();
        console.set(
            "debug",
            Function::new(ctx.clone(), move |msg: String| {
                tracing::debug!(plugin = %id, "{}", msg);
            }),
        )?;
    }
    globals.set("console", console)?;

    // ── bext.* ────────────────────────────────────────────────────
    let bext = Object::new(ctx.clone())?;

    // bext.config — read-only config object
    {
        let config_str = bridge.config.to_string();
        let config_val: rquickjs::Value = ctx.json_parse(config_str)?;
        bext.set("config", config_val)?;
    }

    // bext.storage.get/set/delete
    let storage = Object::new(ctx.clone())?;
    {
        let b = bridge.clone();
        storage.set(
            "get",
            Function::new(
                ctx.clone(),
                move |key: String| -> rquickjs::Result<Option<String>> {
                    let key = HostBridge::sanitize_key(&key).ok_or_else(|| {
                        rquickjs::Error::new_from_js("string", "invalid storage key")
                    })?;
                    let path = b.storage_dir.join(key);
                    match std::fs::read_to_string(&path) {
                        Ok(val) => Ok(Some(val)),
                        Err(_) => Ok(None),
                    }
                },
            ),
        )?;
    }
    {
        let b = bridge.clone();
        storage.set(
            "set",
            Function::new(
                ctx.clone(),
                move |key: String, value: String| -> rquickjs::Result<bool> {
                    let key = HostBridge::sanitize_key(&key).ok_or_else(|| {
                        rquickjs::Error::new_from_js("string", "invalid storage key")
                    })?;
                    let bytes = value.len() as u64;
                    if !b.check_storage_quota(bytes) {
                        return Ok(false);
                    }
                    let _ = std::fs::create_dir_all(&b.storage_dir);
                    match std::fs::write(b.storage_dir.join(key), value.as_bytes()) {
                        Ok(()) => {
                            b.record_storage(bytes);
                            Ok(true)
                        }
                        Err(_) => Ok(false),
                    }
                },
            ),
        )?;
    }
    {
        let b = bridge.clone();
        storage.set(
            "delete",
            Function::new(ctx.clone(), move |key: String| -> rquickjs::Result<bool> {
                let key = HostBridge::sanitize_key(&key)
                    .ok_or_else(|| rquickjs::Error::new_from_js("string", "invalid storage key"))?;
                Ok(std::fs::remove_file(b.storage_dir.join(key)).is_ok())
            }),
        )?;
    }
    bext.set("storage", storage)?;

    // bext.fetch(url, options?) — blocking HTTP fetch
    // Returns a JSON string `{"status":200,"body":"..."}` to avoid rquickjs lifetime issues.
    // Parse in JS: `let resp = JSON.parse(bext.fetch(url, opts))`
    {
        /// Maximum response body size (1 MB).
        const MAX_RESPONSE_BYTES: u64 = 1_048_576;

        let b = bridge.clone();
        bext.set("fetch", Function::new(ctx.clone(), move |url: String, method: Option<String>, body: Option<String>| -> rquickjs::Result<String> {
            // SSRF prevention: block private/internal IPs
            if is_private_url(&url) {
                return Err(rquickjs::Error::new_from_js("string", "blocked: private/internal URL"));
            }
            // URL allowlist check
            if !b.is_url_allowed(&url) {
                return Err(rquickjs::Error::new_from_js("string", "URL not in allowlist"));
            }
            // Rate limit
            if !b.try_fetch() {
                return Err(rquickjs::Error::new_from_js("string", "rate limit exceeded"));
            }

            let method = method.unwrap_or_else(|| "GET".into());

            let request = match method.to_uppercase().as_str() {
                "GET" => ureq::get(&url),
                "POST" => ureq::post(&url),
                "PUT" => ureq::put(&url),
                "DELETE" => ureq::delete(&url),
                "PATCH" => ureq::patch(&url),
                "HEAD" => ureq::head(&url),
                _ => return Err(rquickjs::Error::new_from_js("string", "unsupported method")),
            }
            .timeout(std::time::Duration::from_secs(5));

            let response = if let Some(ref b) = body {
                request.send_string(b)
            } else {
                request.call()
            };

            let read_body_limited = |resp: ureq::Response| -> std::result::Result<String, String> {
                use std::io::Read;
                let mut reader = resp.into_reader().take(MAX_RESPONSE_BYTES + 1);
                let mut buf = Vec::new();
                match reader.read_to_end(&mut buf) {
                    Ok(_) => {
                        if buf.len() as u64 > MAX_RESPONSE_BYTES {
                            return Err(format!(
                                "response body exceeds {} byte limit",
                                MAX_RESPONSE_BYTES
                            ));
                        }
                        Ok(String::from_utf8(buf)
                            .unwrap_or_else(|e| String::from_utf8_lossy(e.as_bytes()).to_string()))
                    }
                    Err(_) => Ok(String::new()),
                }
            };

            match response {
                Ok(resp) => {
                    let status = resp.status();
                    let resp_body = match read_body_limited(resp) {
                        Ok(body) => body,
                        Err(e) => {
                            tracing::warn!(error = %e, "fetch response body error");
                            return Err(rquickjs::Error::new_from_js("string", "response body too large or unreadable"));
                        }
                    };
                    Ok(serde_json::json!({"status": status, "body": resp_body}).to_string())
                }
                Err(ureq::Error::Status(code, resp)) => {
                    let resp_body = match read_body_limited(resp) {
                        Ok(body) => body,
                        Err(e) => {
                            tracing::warn!(error = %e, "fetch response body error");
                            return Err(rquickjs::Error::new_from_js("string", "response body too large or unreadable"));
                        }
                    };
                    Ok(serde_json::json!({"status": code, "body": resp_body}).to_string())
                }
                Err(e) => {
                    tracing::warn!(plugin = %b.plugin_id, url = %url, error = %e, "fetch failed");
                    Err(rquickjs::Error::new_from_js("string", "fetch request failed"))
                }
            }
        }))?;
    }

    // bext._metricImpl(name, value, tags) — internal, always receives 3 args
    {
        let b = bridge.clone();
        bext.set(
            "_metricImpl",
            Function::new(
                ctx.clone(),
                move |name: String, value: f64, tags: String| {
                    tracing::info!(
                        target: "bext::plugin_metric",
                        plugin = %b.plugin_id,
                        metric = %name,
                        value = value,
                        tags = %tags,
                        "plugin_metric"
                    );
                },
            ),
        )?;
    }

    globals.set("bext", bext)?;

    // bext.metric(name, value, tags?) — JS wrapper that defaults tags to "{}"
    // Must run after `bext` is attached to globals.
    ctx.eval::<(), _>(
        b"bext.metric = function(name, value, tags) { bext._metricImpl(name, value, tags || '{}'); };"
    )?;

    Ok(())
}

fn glob_match(pattern: &str, input: &str) -> bool {
    let parts: Vec<&str> = pattern.split('*').collect();
    if parts.len() == 1 {
        return pattern == input;
    }
    let mut pos = 0;
    if !parts[0].is_empty() {
        if !input.starts_with(parts[0]) {
            return false;
        }
        pos = parts[0].len();
    }
    for part in &parts[1..parts.len() - 1] {
        if part.is_empty() {
            continue;
        }
        match input[pos..].find(part) {
            Some(idx) => pos += idx + part.len(),
            None => return false,
        }
    }
    let last = parts[parts.len() - 1];
    if !last.is_empty() {
        input[pos..].ends_with(last)
    } else {
        true
    }
}

/// Check if a URL targets a private/internal IP address (SSRF prevention).
///
/// Blocks loopback (127.0.0.0/8, ::1), private ranges (10/8, 172.16/12, 192.168/16),
/// link-local (169.254/16, fe80::/10), unique-local IPv6 (fc00::/7), and
/// IPv4-mapped IPv6 addresses that resolve to private IPs.
///
/// **TOCTOU note**: There is an inherent time-of-check/time-of-use gap between
/// DNS resolution here and the subsequent HTTP request (which resolves DNS
/// again). A malicious DNS server could return a public IP on the first lookup
/// and a private IP on the second (DNS rebinding). To mitigate this, we resolve
/// ALL returned A/AAAA records and reject if ANY is private. This narrows the
/// window but does not fully eliminate it. For complete protection, the HTTP
/// client should be configured to connect to the resolved IP directly.
fn is_private_url(url_str: &str) -> bool {
    let parsed = match url::Url::parse(url_str) {
        Ok(u) => u,
        Err(_) => return true, // Unparseable → blocked
    };
    let host = match parsed.host_str() {
        Some(h) => h,
        None => return true,
    };

    // Block "localhost" variants
    let host_lower = host.to_lowercase();
    if host_lower == "localhost" || host_lower.ends_with(".localhost") {
        return true;
    }

    // Try parsing as IP directly
    if let Ok(ip) = host.parse::<std::net::IpAddr>() {
        return is_private_ip(ip);
    }

    // Strip IPv6 brackets
    let stripped = host.trim_start_matches('[').trim_end_matches(']');
    if let Ok(ip) = stripped.parse::<std::net::IpAddr>() {
        return is_private_ip(ip);
    }

    // DNS resolution — resolve hostname and check ALL returned IPs.
    // We collect all addresses to ensure we check every record, not just the first.
    // If ANY resolved address is private, the URL is blocked.
    if let Ok(addrs) = std::net::ToSocketAddrs::to_socket_addrs(&(host, 80)) {
        let all_addrs: Vec<_> = addrs.collect();
        // If DNS returned no records, block the request (suspicious)
        if all_addrs.is_empty() {
            return true;
        }
        for addr in &all_addrs {
            if is_private_ip(addr.ip()) {
                return true;
            }
        }
    }

    false
}

fn is_private_ip(ip: std::net::IpAddr) -> bool {
    match ip {
        std::net::IpAddr::V4(v4) => {
            v4.is_loopback()
                || v4.is_private()
                || v4.is_link_local()
                || v4.is_unspecified()
                || v4.is_broadcast()
        }
        std::net::IpAddr::V6(v6) => {
            v6.is_loopback()
                || v6.is_unspecified()
                || (v6.octets()[0] == 0xfe && (v6.octets()[1] & 0xc0) == 0x80) // fe80::/10 link-local
                || (v6.octets()[0] & 0xfe == 0xfc) // fc00::/7 unique-local
                || v6.to_ipv4_mapped().is_some_and(|v4| {
                    v4.is_loopback() || v4.is_private() || v4.is_link_local() || v4.is_unspecified()
                })
        }
    }
}