Transcript from the "Granting & Specifying Permissions" Lesson
>> So one of the core tenants of Deno is secure by default. And we've already discussed in the section of the same name that this means that by default, Deno can't do very much. It can't read your file system. It can't make HTTP calls, it's completely sandboxed by default.
[00:00:19] Okay, so and we've already done this, but let's do this again. Let's try and just read from the terminal here. So let's do this. I'm just going to paste this in. And let's just we're just going to try to read everything and as we know, let's collapse this clear this out.
[00:00:38] So Deno run, and as we know this is gonna fail and we have to pass an allow read flag like this. And then we can actually read it and these are all the files in my current directory. And so the flags that we passed, by default give Deno more access than it actually needs.
[00:01:01] And I think somebody ask this question earlier, get multiple folders on your machine. But one of the things that you can do here is like you can pass a descriptor to, the flag. So I could say, okay, you can read everything in the current directory so I'm gonna run this again, and it's gonna tell me that permission was denied.
[00:01:21] Because I'm actually trying to read the parent directory not the current directory. So if I specify the current directory, like this, then the program will actually run but I was to try to read like I don't know the root directory, like this, that does run, nice. So, why?
[00:01:40] Because the directory that the code is trying to read what we need to do is change this, so if the code tries to read this. That should work, and we pass in allow read, is just the current directory, this should fail and it does, right? So you can pass in specificity to your permissions, so that you're not giving it too much access, because once you say allow read, you're just giving it access to your entire system.
[00:02:06] So, it's good to specify the level of access there on what folders Deno can and can't access. And this is more akin to the way that your phone asks you anyway for access to do things. If you're writing code for Deno, especially if you become a package author then we might want to get into territory where Deno really does behave like your phone.
[00:02:32] And it really does ask you about your contacts and your photos, and whether or not it can have permission, and there's an API to do that. So let's take a look here. Here. Let's get rid of our terminal to make this a little bit nicer. Let's get rid of that type script error which I'd I don't like, there's a better way to deal with isolated modules.
[00:02:53] I don't know what it is. Someone will email me and tell me, I'm sure. So what we wanna do here is, we wanna request permission to do this when the program runs. And so instead of having the user pass us their permission, we want to ask for it and see if they'll give it to us.
[00:03:14] So how do we do that? Well, we need to create a permission descriptor to do that. And then it's just an object and then we just need to pass the name, and we wanna read. Yeah, we wanna read the file system. Done. And then, because of the weirdness of TypeScript that gets injected, we actually have to cast it as a constant, although I'm not terribly sure why.
[00:03:36] And then what we wanna do is let's just do status and then. Deno.permissions, and you'll notice that's not there, because it is a experimental, it's an unstable API, and then request the permission, and we're gonna pass in the descriptor. Okay, now, what this is gonna return us is an object, so status is gonna have an object on it.
[00:04:32] If it is equal to granted, then we'll do all of this stuff here. But if it isn't, then we can provide the user with a more friendly error, console.log. This program needs permission to read the current directory, current directory only. Something like that, I don't know. Let's turn on wrap.
[00:05:02] Wrap toggle word wrap, okay. And then let's do this. Alright now, let's run this. Let's run this and find out what happens. So when you deno run app.ts, it' gonna check and it's gonna say permission's doesn't exist, because we need the unstable flag, which we should be used to by now.
[00:05:24] Wanna stay unstable. And now Deno is going to ask us, sorry. When we do this request, this actually returns a promise. So we need to await it. We don't know that, because we can't see it on the object, because it is an unstable API that we're working with.
[00:05:40] So let's try that again. And now you can see it wants to know. Okay, Deno requests read access. Do we want to grant it or not? Now notice, though, that it doesn't tell us read access to what? What do you want to read? So let's just say yeah, well granted access, and then it'll give us that if we ask it again and we say deny, then we get the other right.
[00:06:02] So it's just a nicer Interface for actually getting permissions if you are an author of a Deno module and you want people to have that option. There is another thing that we can do we're here where we can actually test to see whether, or not permission has already been granted, but before we do that, let's talk about specificity.
[00:06:23] So when we passed in read we didn't pass in anything else and so when we give it read access we're basically giving it read access to our whole system which we don't want to do. And so what we can do instead is say we only want to access to the parent directory.
[00:06:39] You're here. And so as part of the descriptor, if we pass that back in and then run it again, this time, it didn't request, read access to. Right? And so now we know it's only accessing this. Yeah. I'm okay with that. I'll go ahead and grant that, that's good.
[00:06:56] That's secure. And so the same is true if we're doing HTTP requests, where we can say not only do we want to do a request, but this is the URL we plan on accessing. And so it's just a really good way to inform the user about exactly what your program is going to do.
[00:07:14] And so they're not too concerned that you're you're getting too many permissions.