All threads / Safely running custom User Ruby code (e.g. Shopify Scripts)
Ask A Question


You’re not receiving notifications from this thread.

Safely running custom User Ruby code (e.g. Shopify Scripts)

Keegan Bakker asked in Ruby

Hello everyone! Nervous first-time poster here, and of course, my apologies if there's already a video / thread that covers this.

An advanced topic I'd love to see covered on GoRails (or hear any thoughts and discussion from the community) is the idea of how you might safely execute user-written Ruby code in a (Rails) web application.

Specifically, I'm looking at Shopify Scripts as an example. Shopify offers this tool to allow their larger customers to author small, self-contained scripts (written in Ruby) that can handle and manipulate data to implement advanced workflows. Obviously, you can't just run eval to do this :)

Why? I work on a Rails web application with Enterprise customers who (as with Shopify) demand an enormous degree of customisation and workflow automation ability. Of course, one could create GUI-based tools to allow customers to build automation workflows, or provide a REST API so they can run their code somewhere else entirely & manipulate data on your app. However, I'm curious about this concept & would love to explore it a little more.

Shopify claims to do this with a library they created called ESS (Github). I'm curious about how you might implement this specifically, but also would love thoughts from the community about this concept of "user custom code" more broadly.

Would be really fascinated to see a video on this concept, and of course, hear what the GoRails community thinks of the concept in general!

I didn't know about this. That is super cool!

The enterprise_script_engine executable ingests the input from stdin as a msgpack encoded payload; then spawns an mruby-engine; uses seccomp to sandbox itself; feeds library, input and finally the Ruby scripts into the engine; returns the output as a msgpack encoded payload to stdout and finally exits.

I will have to try this out sometime. Thankfully you've got Shopify to help lock this down because it sure seems like it could be dangerous!

Thanks for replying Chris! If you do try it out, would love to hear more / see a video on a simple implementation. A basic app idea that comes to mind might be a "learn to code" app allowing users to write their own Ruby code in a sandbox and then checks if their code is correct or not.

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 69,840+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2023 GoRails, LLC. All rights reserved.