/node-scoped-fs

Scoped file system for nodejs core FS

Primary LanguageTypeScriptMIT LicenseMIT

Stand With Ukraine

node-scoped-fs

Scoped file system for nodejs core FS. Module to create file systems, bound to one or few directories on host system with read/write permissions. Covers all knows FS methods (at the moment) and .promises versions too.

Example of usage:

import { ScopedFS } from "node-scoped-fs";

const aliases : Record<string, string> = {
    "." : gameDefDir
};
const scopedFS = ScopedFS.create({
    readScopes: ["/usr/canReadFromHere", "/tmp/canReadFromHere"], // additionally, includes all writeScopes in "read" scope.
    writeScopes: ["/tmp/canWriteHereOnly"],
    aliases: {
        "." : "/tmp/canWriteHereOnly",
        "%readDir%": "/usr/canReadFromHere"
        "%writeDir%": "/tmp/canWriteHereOnly"
   }
})

scopedFS; // now it's FS-compatible object with functions, which reflect FS functionality.
// but is scoped to read/write directories

// Additionally, it has next two methods for external usage:
scopedFS.resolveReadPath("%readDir%/file.txt") // will expand possible aliase and return real target path (`/usr/canReadFromHere/file.txt`) or fail, if target path is not in read scopes.
scopedFS.resolveWritePath("%writeDir%/file.txt") // the same as `resolveReadPath`, but works against write scopes.

scopedFS[.promises].readFile("/usr/canReadFromHere/file.txt") // ok, if file exists
scopedFS[.promises].readFile("/tmp/canReadFromHere/file.txt") // ok, if file exists
scopedFS[.promises].readFile("/tmp/canWriteHereOnly/file.txt") // ok, if file exists
scopedFS[.promises].readFile("%readDir%/file.txt") // ok, if file exists
scopedFS[.promises].readFile("%writeDir%/file.txt") // ok, if file exists
scopedFS[.promises].readFile("./file.txt") // ok, if file exists (alias="." )
scopedFS[.promises].readFile("/tmp/anotherDir/file.txt") // exception, outside of read scope

scopedFS[.promises].writeFile("/tmp/canWriteHereOnly/file.txt", "...") // ok
scopedFS[.promises].writeFile("%writeDir%/file.txt", "...") // ok
scopedFS[.promises].writeFile("%readDir%/file.txt", "...") // exception
scopedFS[.promises].writeFile("/usr/canReadFromHere/file.txt", "...") // exception
scopedFS[.promises].writeFile("/tmp/anotherDir/file.txt", "...") // exception

Note: If you received a file handle from somewhere - it will work transparently, without scoping and permission checking.

Note 2: If you have set "." in aliases - then instead of failure it will map required path to your "." alian and try scopes again.

Note 3: Known limitation: you cannot have read-scoped dir as children of write-scoped and expect write reject there. Permissions evaluated from top dir, If higher directories providers access to write - then all subdirectories will have wirte access.

Note 4: Doesn`t work on territory of Nazy Ruzzian Federation.