Running pengines non sandboxed

#1

I know I can run pengines non-sandboxed, but not sure how to do it.

(yes, know about tthe security implications, handled).

#2

I did something like that previously as follows:

:- multifile pengines:authentication_hook/3.

pengines:authentication_hook(_Request, todo_db_app, User) :-
    logged_in(User), !.
pengines:authentication_hook(_Request, todo_db_app, _User) :-
    throw(http_reply(forbidden(/))).

:- multifile pengines:not_sandboxed/2.

pengines:not_sandboxed(_User, todo_db_app).

:- multifile pengines:prepare_goal/3.

pengines:prepare_goal(G, G, _Opts) :-
    functor(G, Func, Arity),
    memberchk(Func-Arity, [add_todo-2,
                           list_todos-1,
                           remove_todo-1,
                           update_todo-1,
                           remove_completed-0]).
pengines:prepare_goal(_, fail, _).
#3

Thanks! I’ll do this against localhost origin means logged in.

#4

To remove sandboxing, either enable forced login (config-available/auth_http_always.pl), use (a variant) of ide.pl for using SWISH as a local secondary IDE or, if you want a public service with some additional features, write a library providing these features and declare the API as safe.
Also make sure it is safe :slight_smile:

P.s. The Docker for SWISH is quite far behind. Badly needs a version update.

1 Like
#5

Update: Tagged latest SWISH with version 1.2.0 and pushed a new Docker image.

1 Like
#6

not running swish. This is an independent service on back end (wrapper for Large Knowledge Collider)