Investigate options for running theme code in a sandbox #21
Comments
jacobobryant
added
good first issue
|
It occurred to me that since we're already using netlify, and netlify's backend fns are just wrappers for AWS lambda fns, we could try to use those. For example, platypub could create a backend fn for each (user, theme) combination. e.g. if you deploy a site that's using the default theme, platypub checks to see if you already have a backend fn for the default theme and creates it if not. The backend fn accepts the It would be great if someone wanted to play around with this. e.g. make a backend fn as described above, rewrite the default theme with nbb (this might be a lot of work?), and see how fast it goes. Need to make sure that backend fns are sufficiently isolated. i.e. are two backend fns made with the same Netlify account guaranteed to be unable to access each other's data? |
|
I think this is the answer: https://fly.io/blog/fly-machines/
|
|
We'll need to figure out how to cache npm/deps.edn deps. doing it in a dockerfile might be ok--are there security risks with putting untrusted code in dockerfiles for fly machines? |
and others
A prerequisite for moving to stage three is we need some way to accept untrusted theme code. Cloudflare's recently announced workers for platforms looks perfect, however it's still in closed beta and I doubt they would give us access. We're not in a huge rush to get to stage three yet, so maybe we just wait until that's available for everyone. (How long does Cloudflare usually take to move features from closed to open beta?) If anyone is interested, it wouldn't hurt to explore other options though. I spent a day looking into this and my conclusion was that besides the Cloudflare thing, AWS Lambda would probably be the way to go (in which case it would be especially great for someone else to take this issue because I have little experience with AWS and prefer to keep it that way). I'm open to other things too.
Whatever we use for the sandbox, we need to be able to zip up the theme folder (e.g.
themes/default/), send it to the sandbox, and have it unzip, generate site files, and return them in another zip file. or something like that. And ideally have it be fairly snappy (under 10 seconds is probably acceptable, though the faster the better). If we can let the theme code specify dependencies (such as npm dependencies) and have the sandbox install + cache the dependencies that would be swell. If not, it's probably good enough to start out with if we just have a fixed list of dependencies (like tailwind etc).The text was updated successfully, but these errors were encountered: