blsmedia/bot
2
0
Fork 0
Code Activity

🔒 Use isolated-vm

Browse Source
This commit is contained in:
Baptiste Arnaud
2024-05-22 11:42:31 +02:00
parent 15b2901f8a
commit 3d496e1eec
13 changed files with 291 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
apps/builder/next.config.mjs
View File

@@ -49,21 +49,14 @@ const nextConfig = {
},
experimental: {
outputFileTracingRoot: join(__dirname, '../../'),
serverComponentsExternalPackages: ['isolated-vm'],
},
webpack: (config, { nextRuntime }) => {
if (nextRuntime === 'nodejs') return config
webpack: (config, { isServer }) => {
if (isServer) return config
if (nextRuntime === 'edge') {
config.resolve.alias['minio'] = false
config.resolve.alias['got'] = false
config.resolve.alias['qrcode'] = false
return config
}
// These packages are imports from the integrations definition files that can be ignored for the client.
config.resolve.alias['minio'] = false
config.resolve.alias['got'] = false
config.resolve.alias['openai'] = false
config.resolve.alias['qrcode'] = false
config.resolve.alias['isolated-vm'] = false
return config
},
headers: async () => {

9
apps/builder/package.json
View File

@@ -13,7 +13,6 @@
"format:check": "prettier --check ./src --ignore-path ../../.prettierignore"
},
"dependencies": {
"@typebot.io/theme": "workspace:*",
"@braintree/sanitize-url": "7.0.1",
"@chakra-ui/anatomy": "2.1.1",
"@chakra-ui/react": "2.7.1",
@@ -45,6 +44,7 @@
"@typebot.io/env": "workspace:*",
"@typebot.io/js": "workspace:*",
"@typebot.io/nextjs": "workspace:*",
"@typebot.io/theme": "workspace:*",
"@udecode/cn": "29.0.1",
"@udecode/plate-basic-marks": "30.5.3",
"@udecode/plate-common": "30.4.5",
@@ -68,9 +68,10 @@
"framer-motion": "10.3.0",
"google-auth-library": "8.9.0",
"google-spreadsheet": "4.1.1",
"ky": "1.2.3",
"immer": "10.0.2",
"isolated-vm": "4.7.2",
"jsonwebtoken": "9.0.1",
"ky": "1.2.3",
"libphonenumber-js": "1.10.37",
"micro": "10.0.1",
"micro-cors": "0.1.1",
@@ -123,13 +124,13 @@
"@types/qs": "6.9.7",
"@types/react": "18.2.15",
"@types/tinycolor2": "1.4.3",
"dotenv": "16.4.5",
"dotenv-cli": "7.4.1",
"eslint": "8.44.0",
"eslint-config-custom": "workspace:*",
"next-runtime-env": "1.6.2",
"superjson": "1.12.4",
"typescript": "5.4.5",
"zod": "3.22.4",
"dotenv": "16.4.5"
"zod": "3.22.4"
}
}

19
apps/docs/editor/blocks/logic/script.mdx
View File

@@ -22,7 +22,7 @@ You need to write `console.log({{My variable}})` instead of `console.log("{{My v
If you want to set a variable value with Javascript, the [Set variable block](./set-variable) is more appropriate for most cases.
However, if you'd like to set variables with the script blocks, you can use the `setVariable` function in your script:
However, if you'd like to set variables in a Script block, you can use the `setVariable` function in your script:
```js
if({{My variable}} === 'foo') {
@@ -34,6 +34,23 @@ if({{My variable}} === 'foo') {
The `setVariable` function is only available in script executed on the server, so it won't work if the `Execute on client?` is checked.
## Limitations on scripts executed on server
Because the script is executed on a isolated and secured environment, there are some limitations.
- Global functions like `console.log`, `setTimeout`, `setInterval`, etc. are not available
- The `fetch` function behavior is slightly different from the native `fetch` function. You just have to skip the `await response.text()` or `await response.json()` part.
```js
const response = await fetch('https://jsonplaceholder.typicode.com/todos/1')
// const data = await response.text() 👈 You can remove this line, it is executed by default under the hood.
```
So `response` will always have the `string` type even if the the request returns a JSON object. If you know that the response is a JSON object, you can parse it using `JSON.parse(response)`.
- You can't use `import` or `require` to import external libraries
- You don't have access to browser APIs like `window`, `document`, `localStorage`, etc. If you need to use browser APIs, you should check the `Execute on client?` option so that the script is executed on the user's browser.
## Examples
### Reload page

15
apps/viewer/next.config.mjs
View File

@@ -50,21 +50,14 @@ const nextConfig = {
output: 'standalone',
experimental: {
outputFileTracingRoot: join(__dirname, '../../'),
serverComponentsExternalPackages: ['isolated-vm'],
},
webpack: (config, { nextRuntime }) => {
if (nextRuntime === 'nodejs') return config
webpack: (config, { isServer }) => {
if (isServer) return config
if (nextRuntime === 'edge') {
config.resolve.alias['minio'] = false
config.resolve.alias['got'] = false
config.resolve.alias['qrcode'] = false
return config
}
// These packages are imports from the integrations definition files that can be ignored for the client.
config.resolve.alias['minio'] = false
config.resolve.alias['got'] = false
config.resolve.alias['openai'] = false
config.resolve.alias['qrcode'] = false
config.resolve.alias['isolated-vm'] = false
return config
},
async redirects() {

10
apps/viewer/package.json
View File

@@ -26,6 +26,7 @@
"cors": "2.8.5",
"google-spreadsheet": "4.1.1",
"got": "12.6.0",
"isolated-vm": "4.7.2",
"ky": "1.2.3",
"next": "14.1.0",
"nextjs-cors": "2.1.2",
@@ -37,7 +38,6 @@
"stripe": "12.13.0"
},
"devDependencies": {
"dotenv": "16.4.5",
"@faire/mjml-react": "3.3.0",
"@paralleldrive/cuid2": "2.2.1",
"@playwright/test": "1.43.1",
@@ -46,6 +46,8 @@
"@typebot.io/forge": "workspace:*",
"@typebot.io/forge-repository": "workspace:*",
"@typebot.io/lib": "workspace:*",
"@typebot.io/playwright": "workspace:*",
"@typebot.io/results": "workspace:*",
"@typebot.io/schemas": "workspace:*",
"@typebot.io/tsconfig": "workspace:*",
"@typebot.io/variables": "workspace:*",
@@ -55,8 +57,8 @@
"@types/papaparse": "5.3.7",
"@types/qs": "6.9.7",
"@types/react": "18.2.15",
"dotenv-cli": "7.4.1",
"dotenv": "16.4.5",
"dotenv-cli": "7.4.1",
"eslint": "8.44.0",
"eslint-config-custom": "workspace:*",
"google-auth-library": "8.9.0",
@@ -64,8 +66,6 @@
"papaparse": "5.4.1",
"superjson": "1.12.4",
"typescript": "5.4.5",
"zod": "3.22.4",
"@typebot.io/playwright": "workspace:*",
"@typebot.io/results": "workspace:*"
"zod": "3.22.4"
}
}