V8Js

From DreamFactory
Jump to: navigation, search

V8Js is a popular PHP extension that uses Google's V8 engine to execute Javascript code in a secure sandbox from within PHP. The executed code can be restricted using a time limit and/or memory limit. This provides the possibility to execute untrusted code with confidence. Please see example scripts for V8js for more information.

Note: While the scripts are written in Javascript, not all functionality available in browser-based Javascript is available in V8Js, particular things related to the DOM, window, or console. Go here for more information.

Requirements

V8Js is a PHP extension that currently is not part of the PHP standard distribution. It is, however, included in all DreamFactory Bitnami installers, including the IaaS and PaaS environments. If you are installing DreamFactory by other means, methods for compiling the extension can be found here or more externally here in the individual README files.

Additional Functions Available

In addition to standard Javascript functions, the following functions are also available for use in V8Js scripts.

  • print("some string") - Useful in debugging or logging from a script, the output of the call is written to the DreamFactory log.
  • var_dump(object) - Another debugging or logging function, this dumps the content of the object into the DreamFactory log as well.
  • sleep(seconds) - Pauses execution for the number of seconds passed in. Take care, as V8Js executes in a limited time, delaying processing obviously delays API handling.
  • require('script_name.js') - As in Javascript, this allows you to pull in other scripts. Scripts can currently be pulled from the <install directory>/storage/scripting/ simply by using the name of the script, i.e. 'test.js'.
  • exit() - This function halts the script, and currently blows up the PHP execution as well, so don't use it! Use throw('error string'); instead.

Accessing Resources

DreamFactory passes in two additional objects for use in the scripts. In V8Js, these resources are represented as Javascript objects and can be accessed as normal. See the examples below.

Using the event resource...

// Stop execution if verbs other than GET are used in Custom Scripting Service
if (event.request.method !== "GET") {
    throw "Only HTTP GET is allowed on this endpoint."; // will result in a 500 back to client with the given message.
}
 
// Stop execution and return a specific status code
if (event.resource !== "test") {
    event.response.status_code = 400;
    event.response.content = {"error": "Invalid resource requested."};
    return;
}
 
// defaults to 200 status code
event.response.content = {"test": "value"};


Using the platform resource...

result = platform.api.post("http://example.com/my_api", JSON.stringify({"name":"test"}), options);

Including Other Scripts

The script 'test.js' is located in the storage/scripting/ directory on a DreamFactory instance and simply defines an array, i.e. "exports.a = ['one', 'two','three'];

test = require('test.js');
var_dump(test.a);