mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 14:03:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: add devlog from puter.js

Browse Source
This commit is contained in:
KernelDeimos 2024-10-17 01:19:06 -04:00
parent f0b7214a07
commit 7980aafbd9
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/puter-js/doc/devlog.md Normal file
View File

@ -0,0 +1,49 @@
## 2024-10-14
### Letting Puter Desktop Control Client FS Cache
#### Move Context to `putility`
The Filesystem module for puter.js will need to check `puter.env` to determine
whether it's delegating client FS calls to Puter's API or Puter's Desktop via
postMessage. `env` was already being passed to the Filesystem module via its
constructor but the constructor had no reference to it; having only looked at
the constructor itself and not where its initialized, I didn't realize this
and started working on another way to pass it.
I decided to add Context which will allow us to incrementally migrate all the
modules to a situation where the things available to modules generally is one
piece of information in the code, and doesn't need to be repeated for each
constructor call manually.
### What happens when apps make FS calls to Puter's desktop?
I'm going to describe a problem that I overlooked before I started working on
this. If `env` is `"app"`, then we delegate filesystem calls to Puter's desktop
so that caching is centralized and all apps can benefit from the cache. Okay,
that's great, but... **Puter Desktop has user privileges, not app privileges.**
With this, I see a couple of options:
- Puter desktop makes the call to check ACL
- we don't expose this yet
we need to ensure it doesn't expose the existence of files for which the
actor does not have "see" permission.
- Apps maintain their own cache
In either case, apps need to be able to subscribe to filesystem events for
cache invalidation. This means the file/location relevant to the event needs
an ACL check either way. It seems there is no choice but to allow Puter Desktop
to expose ACL.
I thought about adding this to `/stat` - i.e. Desktop can pass an app ID and
get information about what kind of access the app has - but that would incur
additional database calls for no reason, especially if Desktop really does
have that entry cached already.
This will require a new endpoint then: `/auth/check-app-acl`. I'll put it in
PermissionAPIService for now. It seems a little out of place there but it
also doesn't seem to make sense to create a new service for it.
This method may eventually be deprecated if we find out apps need to be
able to perform ACL checks on behalf of delegate apps, in which case we might
create a more general-purpose `/auth/check-acl` endpoint that can cover
both cases.