Hugging Face's logo

Spaces:
AZILS
/
puter-deploy
Sleeping

App Files Community
puter-deploy / src /puter-js /doc /devlog.md
gionuibk's picture
gionuibk
Upload folder using huggingface_hub
61d39e2 verified
preview code
|
raw
history blame contribute delete
2.44 kB

2024-10-14

Letting Puter Desktop Control Client FS Cache

Move Context to putility

The Filesystem module for puter.js will need to check puter.env to determine whether it's delegating client FS calls to Puter's API or Puter's Desktop via postMessage. env was already being passed to the Filesystem module via its constructor but the constructor had no reference to it; having only looked at the constructor itself and not where its initialized, I didn't realize this and started working on another way to pass it.

I decided to add Context which will allow us to incrementally migrate all the modules to a situation where the things available to modules generally is one piece of information in the code, and doesn't need to be repeated for each constructor call manually.

What happens when apps make FS calls to Puter's desktop?

I'm going to describe a problem that I overlooked before I started working on this. If env is "app", then we delegate filesystem calls to Puter's desktop so that caching is centralized and all apps can benefit from the cache. Okay, that's great, but... Puter Desktop has user privileges, not app privileges.

With this, I see a couple of options:

  • Puter desktop makes the call to check ACL
    • we don't expose this yet we need to ensure it doesn't expose the existence of files for which the actor does not have "see" permission.
  • Apps maintain their own cache

In either case, apps need to be able to subscribe to filesystem events for cache invalidation. This means the file/location relevant to the event needs an ACL check either way. It seems there is no choice but to allow Puter Desktop to expose ACL.

I thought about adding this to /stat - i.e. Desktop can pass an app ID and get information about what kind of access the app has - but that would incur additional database calls for no reason, especially if Desktop really does have that entry cached already.

This will require a new endpoint then: /auth/check-app-acl. I'll put it in PermissionAPIService for now. It seems a little out of place there but it also doesn't seem to make sense to create a new service for it. This method may eventually be deprecated if we find out apps need to be able to perform ACL checks on behalf of delegate apps, in which case we might create a more general-purpose /auth/check-acl endpoint that can cover both cases.