Dynamically-generate static files

[filips123]

Is your feature request related to a problem? Please describe.

ZeroNet only supports serving static site files which can add dynamic functionalities with client-side JavaScript. However, there are some cases where client-side generated files are not possible. Some of these cases can be command line browsers, programmatic HTTP requests, usage of ZeroNet as package index for PyPI, NPM, Packagist, Docker...

Describe the solution you'd like

There should be support for files that are generated on the backend (like normal client-server architecture). This could be made using BackgroundProcessing plugin, which would be listed on specific URLs (routes) and return dynamically-generated content (like modern MVC frameworks).

@HelloZeroNet @imachug What do you think?

[ghost]

So... I think the main thing with this is going to be security and how we make sure these zites aren't doing malicious things on your computer as well as restricting their access to your computer. I believe Python has very poor support for sandboxing-type stuff like this, unfortunately.

BackgroundProcessing tries to achieve this, and to the best of ivanq's skillful ability. But.... it also hasn't been audited by anybody else or been heavily tested.

[filips123]

@krixano Yes, BackgroundProcessing needs to be updated to allow route handling and also tested and audited.

[purplesyringa]

I have worked on BackgroundProcessing for a while but nobody really tested it. I'd appreciate if someone with good testing skills tried escaping the sandbox. If you find some important issues, feel free to send a message to imachug@gmail.com.

[HelloZeroNet]

Sandboxing a language is hard. JS runtimes in the browsers are created as a secure and sandboxed environment and exploits are still present. The CPython runtime never ment to be sandboxed, so I think it would be extremley hard to make it as secure as JS runtimes in the browser.

Maybe we could implement a simple templating engine to list content from database and add limited set of commands to modify the json files. This way would be possible to create JS-less messaging boards or blogs.

[filips123]

@HelloZeroNet What about using existing sandboxing tools, like WebAssembly System Interface (WASI). It is still work-in-progress, but it will provide a way to run any program in any language (that complies to WebAssembly) in a sandboxed environment. You could use Wasmer for this.

This would not only make local scrips more secure (sandboxed) but also enable you to write them in any language (Python, Node.js, Rust, C...).

[ghost]

Maybe we could implement a simple templating engine to list content from database and add limited set of commands to modify the json files. This way would be possible to create JS-less messaging boards or blogs.

I was actually thinking about this!

Can webassembly be ran in the background without a browser? I mean, we could technically integrate nodejs, but that's getting kinda blech-y, lol.

[HelloZeroNet]

Wasmer looks interesting and it do work without any browser. (tested on linux, windows not supported for the python module yet) If we could somehow call the zeroframe api functions (directly or via websocket), then it may work.

[purplesyringa]

@filips123 I'll try to make some experiments soon.

[filips123]

If we could somehow call the zeroframe api functions (directly or via websocket), then it may work.

This could be done with importing Python ZeroFrame functions/classes to WASM VM. However, I don't know if this is already supported in Python package.