registry

Loom Module Registry

The WebSocket init message includes a module name chosen by the client. Without validation, a malicious client could invoke arbitrary Erlang modules via dynamic dispatch. This registry acts as an allowlist — only modules explicitly registered during compilation can be dispatched to, closing the arbitrary-execution hole.

Types

ModuleEntry

</>

Each entry tracks both the module path (for dispatch validation) and the source template path (for debugging and recompilation). Storing both avoids a second lookup to map between module names and their source files.

pub type ModuleEntry {
  ModuleEntry(module: String, source: String)
}

Constructors

ModuleEntry(module: String, source: String)

Values

clear

</>

pub fn clear() -> Result(Nil, String)

A full recompilation starts fresh to avoid stale entries from renamed or deleted templates lingering in the registry. Clearing first and re-registering during compilation guarantees the registry exactly matches the current template set.

is_valid_module

</>

pub fn is_valid_module(module: String) -> Bool

The WebSocket handler calls this before starting an actor to ensure the client-requested module was actually compiled by the framework. Rejecting unknown modules here prevents arbitrary code execution via the dynamic dispatch path.

list_modules

</>

pub fn list_modules() -> List(ModuleEntry)

The compiler and diagnostic tools need to inspect the full registry contents — for example, to rebuild all known modules or display the list of live templates in development tooling.

register_module

</>

pub fn register_module(
  module: String,
  source: String,
) -> Result(Nil, String)

The compiler calls this after successfully generating a live template module. Adding the module to the registry at compile time ensures the allowlist is always in sync with the actual set of generated modules, without requiring a separate configuration step.

unregister_module

</>

pub fn unregister_module(module: String) -> Result(Nil, String)

When a template file is deleted, its compiled module should no longer be dispatchable. Removing it from the registry ensures stale module names can’t be exploited after the template source is gone.