Defensive

stever · stever · commit a87481feef94 · 2026-06-16T08:31:37.000+01:00
diff --git a/apps/gif-service/src/compile-isolated.ts b/apps/gif-service/src/compile-isolated.ts
@@ -0,0 +1,50 @@
+import { fork } from 'node:child_process';
+import { fileURLToPath } from 'node:url';
+import { CompileError } from './errors.js';
+
+// Run the worker under tsx (the service itself runs via tsx, so it's installed).
+const WORKER_PATH = fileURLToPath(new URL('./compile-worker.ts', import.meta.url));
+const COMPILE_TIMEOUT_MS = parseInt(process.env.COMPILE_TIMEOUT_MS ?? '20000', 10);
+
+/**
+ * Compile in a forked child and SIGKILL it if it overruns. This is the only way
+ * to bound an in-process WASM compiler: a synchronous hang blocks the event
+ * loop, so a main-thread timer can't interrupt it, but killing a separate
+ * process always works. The service is single-client and sequential, so one
+ * child per request is fine.
+ */
+export function compileProjectIsolated(lang: string, code: string): Promise<Buffer> {
+    return new Promise((resolve, reject) => {
+        const child = fork(WORKER_PATH, { execArgv: ['--import', 'tsx'] });
+        let settled = false;
+
+        const finish = (action: () => void): void => {
+            if (settled) return;
+            settled = true;
+            clearTimeout(timer);
+            child.kill('SIGKILL');
+            action();
+        };
+
+        const timer = setTimeout(
+            () => finish(() => reject(new CompileError(`Compilation timed out after ${COMPILE_TIMEOUT_MS}ms`))),
+            COMPILE_TIMEOUT_MS,
+        );
+
+        child.on('message', (m: any) =>
+            finish(() => {
+                if (m?.ok) {
+                    resolve(Buffer.from(m.tapB64, 'base64'));
+                } else {
+                    reject(m?.compile ? new CompileError(m.error) : new Error(m?.error ?? 'compile failed'));
+                }
+            }),
+        );
+        child.on('error', (err) => finish(() => reject(err)));
+        child.on('exit', (codeNum) =>
+            finish(() => reject(new Error(`compile worker exited unexpectedly (code ${codeNum})`))),
+        );
+
+        child.send({ lang, code });
+    });
+}
diff --git a/apps/gif-service/src/compile-worker.ts b/apps/gif-service/src/compile-worker.ts
@@ -0,0 +1,27 @@
+import { compileProject } from './compile.js';
+import { CompileError } from './errors.js';
+
+// Child process for one compile. The parent (compile-isolated.ts) forks this per
+// request and SIGKILLs it on timeout, so a synchronous hang in a WASM compiler
+// dies with the child instead of wedging the service's event loop.
+interface CompileRequest {
+    lang: string;
+    code: string;
+}
+
+process.on('message', async (msg: CompileRequest) => {
+    try {
+        const tap = await compileProject(msg.lang, msg.code);
+        // Small payloads; base64 over IPC avoids Buffer-serialisation quirks.
+        process.send!({ ok: true, tapB64: tap.toString('base64') }, () => process.exit(0));
+    } catch (err) {
+        process.send!(
+            {
+                ok: false,
+                compile: err instanceof CompileError,
+                error: err instanceof Error ? err.message : String(err),
+            },
+            () => process.exit(0),
+        );
+    }
+});
diff --git a/apps/gif-service/src/routes/project.ts b/apps/gif-service/src/routes/project.ts
@@ -1,7 +1,7 @@
 import { Router, Request, Response } from 'express';
 import { GIFGenerator } from '../gif-generator.js';
 import { fetchProject } from '../hasura.js';
-import { compileProject } from '../compile.js';
+import { compileProjectIsolated } from '../compile-isolated.js';
 import { CompileError } from '../errors.js';
 
 const router = Router();
@@ -56,7 +56,7 @@ async function handle(format: Format, req: Request, res: Response): Promise<void
 
         let tap: Buffer;
         try {
-            tap = await compileProject(project.lang, project.code);
+            tap = await compileProjectIsolated(project.lang, project.code);
         } catch (err) {
             if (err instanceof CompileError) {
                 res.status(400).json({ error: 'Project failed to compile', detail: err.message });
diff --git a/apps/gif-service/src/routes/source.ts b/apps/gif-service/src/routes/source.ts
@@ -1,6 +1,6 @@
 import { Router, Request, Response } from 'express';
 import { GIFGenerator } from '../gif-generator.js';
-import { compileProject } from '../compile.js';
+import { compileProjectIsolated } from '../compile-isolated.js';
 import { CompileError } from '../errors.js';
 
 const router = Router();
@@ -41,7 +41,7 @@ async function handle(format: Format, req: Request, res: Response): Promise<void
 
         let tap: Buffer;
         try {
-            tap = await compileProject(source.lang, source.code);
+            tap = await compileProjectIsolated(source.lang, source.code);
         } catch (err) {
             if (err instanceof CompileError) {
                 res.status(400).json({ error: 'Compilation failed', detail: err.message });
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -42,13 +42,28 @@ services:
       - graphql-engine
       - serve
 
+  # Untrusted-input compilers. Cap resources and drop privileges. Not read_only:
+  # these compilers write intermediate files; confirm a writable path per image
+  # before tightening further.
   z88dk:
     image: ghcr.io/stever/zxcoder-api-z88dk
     restart: always
+    mem_limit: 512m
+    cpus: 1.0
+    pids_limit: 256
+    cap_drop: [ALL]
+    security_opt:
+      - no-new-privileges:true
 
   zxbasic:
     image: ghcr.io/stever/zxcoder-api-zxbasic
     restart: always
+    mem_limit: 512m
+    cpus: 1.0
+    pids_limit: 256
+    cap_drop: [ALL]
+    security_opt:
+      - no-new-privileges:true
 
   # Headless emulator: compiles a program to .tap and renders it running to
   # GIF/MP4. Renders inline BASIC, or a public project looked up from Hasura
@@ -64,6 +79,36 @@ services:
       - hasura
     environment:
       HASURA_URL: http://hasura:8080/v1/graphql
+    # Untrusted execution: cap CPU/mem/processes and drop privileges. Root FS is
+    # read-only with a writable tmpfs for the temp mp4/f32le files it creates.
+    # NOTE: verify `user: node` + `read_only` on first deploy — the image must
+    # let the node user read /app and tsx must cache under /tmp.
+    mem_limit: 1g
+    cpus: 2.0
+    pids_limit: 512
+    user: node
+    read_only: true
+    tmpfs:
+      - /tmp
+    cap_drop: [ALL]
+    security_opt:
+      - no-new-privileges:true
+    healthcheck:
+      test: ["CMD", "node", "-e", "fetch('http://localhost:5001/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+      start_period: 20s
+    # NETWORK ISOLATION (prod): gif-service + zxbasic + z88dk need no inbound
+    # internet, only intra-stack traffic (gif-service -> hasura; hasura ->
+    # zxbasic/z88dk). In the prod compose put them on an `internal: true`
+    # network that also carries hasura. Not wired here to avoid breaking dev
+    # connectivity that can't be validated in this repo.
+    #
+    # AUTO-RESTART ON HANG: plain `restart: always` restarts on exit, NOT on an
+    # unhealthy healthcheck. To recover a wedged event loop automatically, run
+    # an autoheal sidecar (or Swarm). With compile now isolated in a killable
+    # child and the render wall-clock guard, the remaining wedge risk is small.
 
   # GoToSocial: the bot's federated identity, served at social.zxplay.org but
   # presenting handles as @user@zxplay.org via the account-domain webfinger trick.
