This would replace the current modules mechanism and allow language-agnostic sandbox customization beyond the defaults in a secure manner.
data/funny_pack_private/luafy/sandbox_requests.json - Global for all scripts within the namespace
Example scope:
web_requests
match_url Regex string
per_day Integer, -1 for infinite
max_size Integer, maximum outgoing or incoming request size in bytes, -1 for infinite
required Whether to disable all Luafy scripts in the namespace if this isn't authorized
reason Short explanation to end-users & server administrators why you need this scope
config/luafy/sandbox.json
{
"funny_pack_private": {
"hash": "au56soh273628...", // hash of the scopes config, if this doesn't match, the namespace is disabled and an error is printed in console. This hash is automatically populated by the mod once
"web_requests": true
},
"i_made_this": true
}
true at the root of the scopes object for a specific namespace would authorize any sandbox change made by the namespace, this is dangerous and should only be used by people developing scripts themselves, platforms shouldn't allow packs that recommend setting this. A warning is printed to console when a namespace has this set
If a namespace fails to get a required scope, an error is posted in the server console
If multiple datapacks try to change the scopes for the same namespace, all involved datapacks are disabled and an error is printed to console
If multiple datapacks try to register scripts in a namespace that has sandbox changes, all involved datapacks are disabled and an error is printed to console
If a namespace outside of a datapack tries to call sandbox-exception namespace scripts, that fails. The only way this is supported is through the use of another namespace within the same pack that doesn't have sandbox exceptions.
This would replace the current
modules
mechanism and allow language-agnostic sandbox customization beyond the defaults in a secure manner.data/funny_pack_private/luafy/sandbox_requests.json
- Global for all scripts within the namespace Example scope:web_requests
match_url
Regex stringper_day
Integer,-1
for infinitemax_size
Integer, maximum outgoing or incoming request size in bytes,-1
for infiniterequired
Whether to disable all Luafy scripts in the namespace if this isn't authorizedreason
Short explanation to end-users & server administrators why you need this scopeconfig/luafy/sandbox.json
true
at the root of the scopes object for a specific namespace would authorize any sandbox change made by the namespace, this is dangerous and should only be used by people developing scripts themselves, platforms shouldn't allow packs that recommend setting this. A warning is printed to console when a namespace has this setIf a namespace fails to get a required scope, an error is posted in the server console
If multiple datapacks try to change the scopes for the same namespace, all involved datapacks are disabled and an error is printed to console
If multiple datapacks try to register scripts in a namespace that has sandbox changes, all involved datapacks are disabled and an error is printed to console
If a namespace outside of a datapack tries to call sandbox-exception namespace scripts, that fails. The only way this is supported is through the use of another namespace within the same pack that doesn't have sandbox exceptions.