Safely running custom User Ruby code (e.g. Shopify Scripts)
Hello everyone! Nervous first-time poster here, and of course, my apologies if there's already a video / thread that covers this.
An advanced topic I'd love to see covered on GoRails (or hear any thoughts and discussion from the community) is the idea of how you might safely execute user-written Ruby code in a (Rails) web application.
Specifically, I'm looking at Shopify Scripts as an example. Shopify offers this tool to allow their larger customers to author small, self-contained scripts (written in Ruby) that can handle and manipulate data to implement advanced workflows. Obviously, you can't just run eval
to do this :)
Why? I work on a Rails web application with Enterprise customers who (as with Shopify) demand an enormous degree of customisation and workflow automation ability. Of course, one could create GUI-based tools to allow customers to build automation workflows, or provide a REST API so they can run their code somewhere else entirely & manipulate data on your app. However, I'm curious about this concept & would love to explore it a little more.
Shopify claims to do this with a library they created called ESS (Github). I'm curious about how you might implement this specifically, but also would love thoughts from the community about this concept of "user custom code" more broadly.
Would be really fascinated to see a video on this concept, and of course, hear what the GoRails community thinks of the concept in general!
I didn't know about this. That is super cool!
The enterprise_script_engine executable ingests the input from stdin as a msgpack encoded payload; then spawns an mruby-engine; uses seccomp to sandbox itself; feeds library, input and finally the Ruby scripts into the engine; returns the output as a msgpack encoded payload to stdout and finally exits.
I will have to try this out sometime. Thankfully you've got Shopify to help lock this down because it sure seems like it could be dangerous!
Thanks for replying Chris! If you do try it out, would love to hear more / see a video on a simple implementation. A basic app idea that comes to mind might be a "learn to code" app allowing users to write their own Ruby code in a sandbox and then checks if their code is correct or not.