Calling an external REST function

[jaroslavpsenicka]

Hi all, just wonder whether I may call an external REST function from the function block, via fetch.

This may be advantageous for us, where we have a legacy system doing all sort of calculations - when we expose these calculations as REST services, we may orchestrate them using the rule engine. Later on, we may gradually rewrite these into decision tables and functions.

[ivanmiletic]

Hi @jaroslavpsenicka , at the moment no (not yet officially released), but we are working on new type of node called CustomNode, it will allow you to code any node/block and use it during graph evaluation.

Take a look at this comment: #124 (reply in thread)

Also, in Open Source you can code it, in our BRMS it will be exposed as HTTP/REST integration.

For your use case, GoRules will indeed be capable of orchestrating calls to other services during evaluation.

[egandro]

I hope that will never ever ever happen :)

I consider not blocking fetch/get/fopen/... of the v8 as security risk.

(Probably an opt-in would be ok at compile time or via enviornment variables)

Zen rule files can become a major security risk - als code can download anything from the internet and use eval() to do nasty things.

[stefan-gorules]

We have moved away from V8 to QuickJS a few releases back. And as you've correctly pointed out, there are some security implications that we'd need to consider before enabling such as support.

Our function nodes are currently very limited, and they cannot:

1. Fetch from external sources
2. Modify file system
3. Interact with any system resources whatsoever

It will very likely remain this way or we might make it configurable at some point. What you are able to do now however, is utilise custom nodes in order to achieve fetch functionality inside GoRules ZEN.

EDIT:
The security implications are much lower after few quick checks. The only way you can cause issues is if you run:

const someData = await fetch("...");
eval(someData);

And there are obvious reasons why this should never be done in general. Instead, it might make more sense to prevent usage of eval rather than block implementation of fetch in the future.

[stefan-gorules]

Hi @jaroslavpsenicka, this is something that is supported with Function v2, but we will have to document usages.

We'll provide an update soon.

[Gabrieltay]

Hi @jaroslavpsenicka , this function is supported already
https://gorules.io/docs/user-manual/decision-modeling/decisions/functions#asynchronous-functions

@stefan-gorules, while this works, I am wonder if I can use the Promise.catch for this? So that I can capture the error and produce a different output

import http from 'http';

export const handler = async (input) => {
  let data = {};
  http.get('https://api.example.com/data').then(response => { data = response.data }).catch(err => { data = { err} });

  return data;
};