process: move POSIX credential accessors into node_credentials.cc

Expose the POSIX credential accessors through
`internalBinding('credentials')` instead of setting them on the
process or bootstrapper object from C++ directly. Also moves
`SafeGetEnv` from `internalBinding('util')` to
`internalBinding('credentials')` since it's closely related to
the credentials.

In the JS land, instead of wrapping the bindings then writing
to the process object directly in main_thread_only.js, return
the wrapped functions back to bootstrap/node.js where they get
written to the process object conditionally for clarity.

Refs: https://github.com/nodejs/node/issues/24961

PR-URL: https://github.com/nodejs/node/pull/25066
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 19 insertions, 0 deletions

diff --git a/test/parallel/test-safe-get-env.js b/test/parallel/test-safe-get-env.js
new file mode 100644
index 0000000000..0bee9971db
--- /dev/null
+++ b/test/parallel/test-safe-get-env.js
@@ -0,0 +1,19 @@
+'use strict';
+// Flags: --expose_internals
+
+require('../common');
+const assert = require('assert');
+const { internalBinding } = require('internal/test/binding');
+const { safeGetenv } = internalBinding('credentials');
+
+// FIXME(joyeecheung): this test is not entirely useful. To properly
+// test this we could create a mismatch between the effective/real
+// group/user id of a Node.js process and see if the environment variables
+// are no longer available - but that might be tricky to set up reliably.
+
+for (const oneEnv in process.env) {
+  assert.strictEqual(
+    safeGetenv(oneEnv),
+    process.env[oneEnv]
+  );
+}