2021-07-01 15:15:43 +00:00
|
|
|
import {ActiveDoc} from 'app/server/lib/ActiveDoc';
|
|
|
|
import {ICreate} from 'app/server/lib/ICreate';
|
2021-07-12 16:10:04 +00:00
|
|
|
import {ScopedSession} from 'app/server/lib/BrowserSession';
|
2021-07-01 15:15:43 +00:00
|
|
|
import {NSandboxCreator} from 'app/server/lib/NSandbox';
|
2020-07-23 20:04:40 +00:00
|
|
|
|
|
|
|
// Use raw python - update when pynbox or other solution is set up for core.
|
(core) support python3 in grist-core, and running engine via docker and/or gvisor
Summary:
* Moves essential plugins to grist-core, so that basic imports (e.g. csv) work.
* Adds support for a `GRIST_SANDBOX_FLAVOR` flag that can systematically override how the data engine is run.
- `GRIST_SANDBOX_FLAVOR=pynbox` is "classic" nacl-based sandbox.
- `GRIST_SANDBOX_FLAVOR=docker` runs engines in individual docker containers. It requires an image specified in `sandbox/docker` (alternative images can be named with `GRIST_SANDBOX` flag - need to contain python and engine requirements). It is a simple reference implementation for sandboxing.
- `GRIST_SANDBOX_FLAVOR=unsandboxed` runs whatever local version of python is specified by a `GRIST_SANDBOX` flag directly, with no sandboxing. Engine requirements must be installed, so an absolute path to a python executable in a virtualenv is easiest to manage.
- `GRIST_SANDBOX_FLAVOR=gvisor` runs the data engine via gvisor's runsc. Experimental, with implementation not included in grist-core. Since gvisor runs on Linux only, this flavor supports wrapping the sandboxes in a single shared docker container.
* Tweaks some recent express query parameter code to work in grist-core, which has a slightly different version of express (smoke test doesn't catch this since in Jenkins core is built within a workspace that has node_modules, and wires get crossed - in a dev environment the problem on master can be seen by doing `buildtools/build_core.sh /tmp/any_path_outside_grist`).
The new sandbox options do not have tests yet, nor does this they change the behavior of grist servers today. They are there to clean up and consolidate a collection of patches I've been using that were getting cumbersome, and make it easier to run experiments.
I haven't looked closely at imports beyond core.
Test Plan: tested manually against regular grist and grist-core, including imports
Reviewers: alexmojaki, dsagal
Reviewed By: alexmojaki
Differential Revision: https://phab.getgrist.com/D2942
2021-07-27 23:43:21 +00:00
|
|
|
const sandboxCreator = new NSandboxCreator({defaultFlavor: 'unsandboxed'});
|
2020-07-21 13:20:51 +00:00
|
|
|
|
|
|
|
export const create: ICreate = {
|
2021-07-12 16:10:04 +00:00
|
|
|
adjustSession(scopedSession: ScopedSession): void {
|
|
|
|
const email = process.env.GRIST_DEFAULT_EMAIL || 'anon@getgrist.com';
|
|
|
|
const profile = {email, name: email};
|
|
|
|
scopedSession.getSessionProfile = async () => profile;
|
2020-07-21 13:20:51 +00:00
|
|
|
},
|
2021-07-01 15:15:43 +00:00
|
|
|
Billing() {
|
2020-07-21 13:20:51 +00:00
|
|
|
return {
|
2021-07-01 15:15:43 +00:00
|
|
|
addEndpoints() { /* do nothing */ },
|
2020-07-21 13:20:51 +00:00
|
|
|
addEventHandlers() { /* do nothing */ },
|
2021-07-01 15:15:43 +00:00
|
|
|
addWebhooks() { /* do nothing */ }
|
2020-07-21 13:20:51 +00:00
|
|
|
};
|
|
|
|
},
|
2020-10-06 21:32:56 +00:00
|
|
|
Notifier() {
|
2020-07-21 13:20:51 +00:00
|
|
|
return {
|
|
|
|
get testPending() { return false; }
|
|
|
|
};
|
|
|
|
},
|
|
|
|
Shell() {
|
|
|
|
return {
|
|
|
|
moveItemToTrash() { throw new Error('moveToTrash unavailable'); },
|
|
|
|
showItemInFolder() { throw new Error('showItemInFolder unavailable'); }
|
|
|
|
};
|
|
|
|
},
|
|
|
|
ExternalStorage() { return undefined; },
|
2021-03-18 22:40:02 +00:00
|
|
|
ActiveDoc(docManager, docName, options) { return new ActiveDoc(docManager, docName, options); },
|
2020-07-21 13:20:51 +00:00
|
|
|
NSandbox(options) {
|
2020-07-23 20:04:40 +00:00
|
|
|
return sandboxCreator.create(options);
|
2020-07-21 13:20:51 +00:00
|
|
|
},
|
|
|
|
sessionSecret() {
|
|
|
|
return process.env.GRIST_SESSION_SECRET ||
|
|
|
|
'Phoo2ag1jaiz6Moo2Iese2xoaphahbai3oNg7diemohlah0ohtae9iengafieS2Hae7quungoCi9iaPh';
|
2020-10-30 16:53:23 +00:00
|
|
|
},
|
|
|
|
configurationOptions() {
|
|
|
|
return {};
|
2020-07-21 13:20:51 +00:00
|
|
|
}
|
|
|
|
};
|