How to isolate(sandbox) part of the application on nodejs?

Hi, decided to start a pet project for learning and fun, something like cms as
To develop decided to take nodejs and vue

The problem arose as to isolate untrusted code from trusted code from customers.
For example

<template>
 <component :is="component" v-for="component in page" />
</template>

the <script>
export default {
 async serverPrefetch() {
 //Get the list of components for the page
 const data = axois.get('/page/' + this.userId)

 //Return components by downloading them from your user folder
 this.page = data.map(component => {
 return () => import('~/UNTRUSTED_CODE/'+ this.userId +'/components/' + component + '.vue')
})
},
}
</script>


That is, the user can edit the files inside your folder /UNTRUSTED_CODE/$userId/
And since I want to do server rendering, it turns out that I need to do on the server, untrusted code,
which can read files, to make white(true), in General it is a hole

Is there any way to isolate this code from the main application?
That is what would have when reading the files are read only folder this user.
That the user could not read other sources, for example the code above.
That would be memory overflow or infinite recursion hasn't been all app.

Trusted code should be such as to interact with untrusted

I googled about the sandbox kind of vm2, but they are unreliable, with Docker experience I have no
What are approaches to this?

Thank you!
April 4th 20 at 13:26
1 answer
April 4th 20 at 13:28
Is there any way to isolate this code from the main application?
That is what would have when reading the files are read only folder this user.
That the user could not read other sources, for example the code above.
That would be memory overflow or infinite recursion hasn't been all app.


Run in a separate process with limited privileges. But anyway - to make a real sandbox is very difficult.

Another question - as you want - all to do.
If it's a cms so that the user can control the content and not code.
If the user really need to manage the code - the path and custom servers your way. Can make preset Docker files for example where the whole environment is already deployed and just copied the extra user files or something, how knowledge and imagination enough.

Although, if you can write a real sandbox to run there individual files nodejs - it will be a project significantly steeper some kind of cms.

Find more questions by tags Node.jsWebpackDockerDevOps