Skip to content

Latest commit

 

History

History
62 lines (50 loc) · 2.23 KB

README.md

File metadata and controls

62 lines (50 loc) · 2.23 KB

Go Sandbox Service

A containerized service that exposes a gRPC server streaming endpoint for running an arbitrary Go code in a sandbox.

The arbitrary code runs inside multiple sandboxes using isolate.

sandbox arch

Sandbox:

  • Multiple sandboxes are created to handle concurrent requests. One sandbox serves one request at a time and keeps other requests waiting till the sandbox is available again.
  • Network calls / File creation(size) are restricted.
  • Files created inside a specific sandbox are not visible to any other sandboxes.
  • Sandboxes are cleaned up periodically.

See the full implementation in action: https://goplayground.dev

Running locally

  1. Build image

    make build
  2. Run gRPC service (server streaming)

    # starts service in localhost:8080
    make run
  3. Make RPC call to execute arbitrary code

    You get real-time output from the executing code through the streaming endpoint, mirroring local execution.

    go-sandbox-example.mov

    Request sample:

    session_id can be used to bind a sandbox to a session(execution), e.g for authenticated users. If not provided, the code will run in random sandboxes.

    {
      "code": "package main\n\nimport (\n\t\"fmt\"\n\t\"time\"\n)\n\nfunc main() {\n\tfor i := 0; i < 3; i++ {\n\t\ttime.Sleep(time.Second)\n\t\tfmt.Println(\"Hello\", i)\n\t}\n\n}\n",
      "session_id": "user_1" // optional
    }

    Response Stream:

    Success:

    {
      "output": "Hello",            // stdout/stderr from executed Go code
      "exec_err": "",               // server error
      "is_error": false,            // true for server error
      "timestamp": "1712415917223"  // stdout/err timestamp
    }

    Error:

    {
      "output": "main.go:10:8: undefined: time.Slseep",
      "exec_err": "",
      "is_error": false,
      "timestamp": "1712416529383"
    }