feat: dependencies

dependencies/python-requirements.txt

@@ -0,0 +1,3 @@
+jinja2
+requests
+httpx

internal/core/runner/nodejs/nodejs.go

@@ -127,6 +127,7 @@ func (p *NodeJsRunner) Run(
 			script_path,
 			strconv.Itoa(static.SANDBOX_USER_UID),
 			strconv.Itoa(static.SANDBOX_GROUP_ID),
+			options.Json(),
 		)
 		cmd.Env = []string{}
 

internal/core/runner/nodejs/nodejs.h

@@ -74,7 +74,7 @@ typedef struct { void *data; GoInt len; GoInt cap; } GoSlice;
 extern "C" {
 #endif
 
-extern void DifySeccomp(GoInt uid, GoInt gid);
+extern void DifySeccomp(GoInt uid, GoInt gid, GoUint8 enable_network);
 
 #ifdef __cplusplus
 }

internal/core/runner/nodejs/prescript.js

@@ -7,5 +7,7 @@ const difySeccomp = lib.func('void DifySeccomp(int, int)')
 const uid = parseInt(argv[2])
 const gid = parseInt(argv[3])
 
-difySeccomp(uid, gid)
+const options = JSON.parse(argv[4])
+
+difySeccomp(uid, gid, options['enable_network'])
 

internal/core/runner/python/prescript.py

@@ -30,7 +30,9 @@ if __name__ == "__main__":
     if not uid or not gid:
         sys.exit(-1)
 
-    sandbox(uid, gid)
+    options = json.loads(sys.argv[4])
+
+    sandbox(uid, gid, options.get("enable_network", False))
 
     # setup sys.excepthook
     def excepthook(type, value, tb):

internal/core/runner/python/python.go

@@ -13,7 +13,6 @@ import (
 	"github.com/langgenius/dify-sandbox/internal/core/runner"
 	"github.com/langgenius/dify-sandbox/internal/core/runner/types"
 	"github.com/langgenius/dify-sandbox/internal/static"
-	"github.com/langgenius/dify-sandbox/internal/utils/log"
 )
 
 type PythonRunner struct {
@@ -23,26 +22,6 @@ type PythonRunner struct {
 //go:embed prescript.py
 var python_sandbox_fs []byte
 
-//go:embed python.so
-var python_lib []byte
-
-func init() {
-	log.Info("initializing python runner environment...")
-	// remove /tmp/sandbox-python
-	os.RemoveAll("/tmp/sandbox-python")
-	os.Remove("/tmp/sandbox-python")
-
-	err := os.MkdirAll("/tmp/sandbox-python", 0755)
-	if err != nil {
-		log.Panic("failed to create /tmp/sandbox-python")
-	}
-	err = os.WriteFile("/tmp/sandbox-python/python.so", python_lib, 0755)
-	if err != nil {
-		log.Panic("failed to write /tmp/sandbox-python/python.so")
-	}
-	log.Info("python runner environment initialized")
-}
-
 var (
 	PYTHON_REQUIRED_FS = []string{
 		"/tmp/sandbox-python/python.so",
@@ -81,6 +60,7 @@ func (p *PythonRunner) Run(
 			untrusted_code_path,
 			strconv.Itoa(static.SANDBOX_USER_UID),
 			strconv.Itoa(static.SANDBOX_GROUP_ID),
+			options.Json(),
 		)
 		cmd.Env = []string{}
 

internal/core/runner/python/python.h

@@ -74,7 +74,7 @@ typedef struct { void *data; GoInt len; GoInt cap; } GoSlice;
 extern "C" {
 #endif
 
-extern void DifySeccomp(GoInt uid, GoInt gid);
+extern void DifySeccomp(GoInt uid, GoInt gid, GoUint8 enable_network);
 
 #ifdef __cplusplus
 }

internal/core/runner/python/setup.go

@@ -0,0 +1,72 @@
+package python
+
+import (
+	_ "embed"
+	"os"
+	"os/exec"
+	"path"
+
+	"github.com/langgenius/dify-sandbox/internal/core/runner"
+	"github.com/langgenius/dify-sandbox/internal/utils/log"
+)
+
+//go:embed python.so
+var python_lib []byte
+
+func init() {
+	log.Info("initializing python runner environment...")
+	// remove /tmp/sandbox-python
+	os.RemoveAll("/tmp/sandbox-python")
+	os.Remove("/tmp/sandbox-python")
+
+	err := os.MkdirAll("/tmp/sandbox-python", 0755)
+	if err != nil {
+		log.Panic("failed to create /tmp/sandbox-python")
+	}
+	err = os.WriteFile("/tmp/sandbox-python/python.so", python_lib, 0755)
+	if err != nil {
+		log.Panic("failed to write /tmp/sandbox-python/python.so")
+	}
+	log.Info("python runner environment initialized")
+}
+
+func InstallDependencies(requirements string) error {
+	if requirements == "" {
+		return nil
+	}
+
+	runner := runner.TempDirRunner{}
+	return runner.WithTempDir([]string{}, func(root_path string) error {
+		// create a requirements file
+		err := os.WriteFile(path.Join(root_path, "requirements.txt"), []byte(requirements), 0644)
+		if err != nil {
+			log.Panic("failed to create requirements.txt")
+		}
+
+		// install dependencies
+		cmd := exec.Command("pip3", "install", "-r", "requirements.txt")
+
+		reader, err := cmd.StdoutPipe()
+		if err != nil {
+			log.Panic("failed to get stdout pipe of pip3")
+		}
+		defer reader.Close()
+
+		err = cmd.Start()
+		if err != nil {
+			log.Panic("failed to start pip3")
+		}
+		defer cmd.Wait()
+
+		for {
+			buf := make([]byte, 1024)
+			n, err := reader.Read(buf)
+			if err != nil {
+				break
+			}
+			log.Info(string(buf[:n]))
+		}
+
+		return nil
+	})
+}

internal/core/runner/types/runner_options.go

@@ -1,5 +1,12 @@
 package types
 
+import "encoding/json"
+
 type RunnerOptions struct {
-	EnableNetwork bool
+	EnableNetwork bool `json:"enable_network"`
+}
+
+func (r *RunnerOptions) Json() string {
+	b, _ := json.Marshal(r)
+	return string(b)
 }

internal/server/server.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/langgenius/dify-sandbox/internal/controller"
+	"github.com/langgenius/dify-sandbox/internal/core/runner/python"
 	"github.com/langgenius/dify-sandbox/internal/static"
 	"github.com/langgenius/dify-sandbox/internal/utils/log"
 )
@@ -16,6 +17,12 @@ func initConfig() {
 		log.Panic("failed to init config: %v", err)
 	}
 	log.Info("config init success")
+
+	err = static.SetupRunnerDependencies()
+	if err != nil {
+		log.Panic("failed to setup runner dependencies: %v", err)
+	}
+	log.Info("runner dependencies init success")
 }
 
 func initServer() {
@@ -30,7 +37,18 @@ func initServer() {
 	r.Run(fmt.Sprintf(":%d", config.App.Port))
 }
 
+func initDependencies() {
+	log.Info("installing python dependencies...")
+	dependenices := static.GetRunnerDependencies()
+	err := python.InstallDependencies(dependenices.PythonRequirements)
+	if err != nil {
+		log.Panic("failed to install python dependencies: %v", err)
+	}
+	log.Info("python dependencies installed")
+}
+
 func Run() {
 	initConfig()
+	initDependencies()
 	initServer()
 }

internal/static/config.go

@@ -88,3 +88,24 @@ func InitConfig(path string) error {
 func GetDifySandboxGlobalConfigurations() types.DifySandboxGlobalConfigurations {
 	return difySandboxGlobalConfigurations
 }
+
+type RunnerDependencies struct {
+	PythonRequirements string
+}
+
+var runnerDependencies RunnerDependencies
+
+func GetRunnerDependencies() RunnerDependencies {
+	return runnerDependencies
+}
+
+func SetupRunnerDependencies() error {
+	file, err := os.ReadFile("dependencies/python-requirements.txt")
+	if err != nil {
+		return err
+	}
+
+	runnerDependencies.PythonRequirements = string(file)
+
+	return nil
+}