Our app has a few database/calculation heavy functions that we would rather run on our very beefy gateway server than on our clients.
I recently learned about
importlib and was playing around with using a Gateway message handler to try to run any arbitrary function via the gateway by giving the payload the function name and arguments for the function. I had two questions about this -
Security wise is this opening any vulnerabilities to me? My form submittal buttons now do a
system.util.sendMessageto my abstract gateway message handler feeding the function name and arguments. I think it should be safe but I also never seen anyone do this and I get the feeling it might be for good reason.
How can I actually feed the arguments to the function? Right now I am hardcoding them as such in my gateway handler, which is only set up to handle a few functions
import importlib import system.util logger = system.util.getLogger("Logger") logger.info("Payload") logger.info(str(payload)) form = payload['form'] data = payload['data'] data['user'] = payload['user'] library = 'forms.'+form module = importlib.import_module(library) action = payload['action'] if action == 'create': module.create(data)
But if I wanted to be able to do it for any arbitrary function with both positional and keyword arguments, how could I feed them to a function?