From 79b448adf31d549e592cd1a6bb1f2138b56026ef Mon Sep 17 00:00:00 2001 From: Nicolas Meienberger Date: Mon, 27 Nov 2023 09:40:43 +0100 Subject: [PATCH] fix(worker): apply file permissions on start --- packages/worker/src/index.ts | 5 +++- packages/worker/src/lib/fs/fs.helpers.ts | 24 ------------------- .../worker/src/lib/system/system.helpers.ts | 11 +-------- 3 files changed, 5 insertions(+), 35 deletions(-) delete mode 100644 packages/worker/src/lib/fs/fs.helpers.ts diff --git a/packages/worker/src/index.ts b/packages/worker/src/index.ts index 6e9ff058..5c56afb1 100644 --- a/packages/worker/src/index.ts +++ b/packages/worker/src/index.ts @@ -4,7 +4,7 @@ import path from 'node:path'; import Redis from 'ioredis'; import dotenv from 'dotenv'; import { Queue } from 'bullmq'; -import { copySystemFiles, generateSystemEnvFile, generateTlsCertificates } from '@/lib/system'; +import { copySystemFiles, ensureFilePermissions, generateSystemEnvFile, generateTlsCertificates } from '@/lib/system'; import { runPostgresMigrations } from '@/lib/migrations'; import { startWorker } from './watcher/watcher'; import { logger } from '@/lib/logger'; @@ -30,6 +30,9 @@ const main = async () => { logger.info('Generating TLS certificates...'); await generateTlsCertificates({ domain: envMap.get('LOCAL_DOMAIN') }); + logger.info('Ensuring file permissions...'); + await ensureFilePermissions(); + logger.info('Starting queue...'); const queue = new Queue('events', { connection: { host: envMap.get('REDIS_HOST'), port: 6379, password: envMap.get('REDIS_PASSWORD') } }); logger.info('Obliterating queue...'); diff --git a/packages/worker/src/lib/fs/fs.helpers.ts b/packages/worker/src/lib/fs/fs.helpers.ts deleted file mode 100644 index 2d8174ab..00000000 --- a/packages/worker/src/lib/fs/fs.helpers.ts +++ /dev/null @@ -1,24 +0,0 @@ -/* eslint-disable no-await-in-loop */ -/* eslint-disable no-restricted-syntax */ -import { execAsync, pathExists } from '@runtipi/shared'; -import path from 'path'; -import { ROOT_FOLDER } from '@/config/constants'; - -export const ensureFilePermissions = async () => { - const filesAndFolders = [path.join(ROOT_FOLDER, 'state'), path.join(ROOT_FOLDER, 'traefik')]; - - const files600 = [path.join(ROOT_FOLDER, 'traefik', 'shared', 'acme.json')]; - - // Give permission to read and write to all files and folders for the current user - for (const fileOrFolder of filesAndFolders) { - if (await pathExists(fileOrFolder)) { - await execAsync(`chmod -R a+rwx ${fileOrFolder}`).catch(() => {}); - } - } - - for (const fileOrFolder of files600) { - if (await pathExists(fileOrFolder)) { - await execAsync(`chmod 600 ${fileOrFolder}`).catch(() => {}); - } - } -}; diff --git a/packages/worker/src/lib/system/system.helpers.ts b/packages/worker/src/lib/system/system.helpers.ts index 23320e6e..b1a96fb2 100644 --- a/packages/worker/src/lib/system/system.helpers.ts +++ b/packages/worker/src/lib/system/system.helpers.ts @@ -259,16 +259,7 @@ export const generateTlsCertificates = async (data: { domain?: string }) => { }; export const ensureFilePermissions = async () => { - const filesAndFolders = [ - path.join(ROOT_FOLDER, 'apps'), - path.join(ROOT_FOLDER, 'logs'), - path.join(ROOT_FOLDER, 'repos'), - path.join(ROOT_FOLDER, 'state'), - path.join(ROOT_FOLDER, 'traefik'), - path.join(ROOT_FOLDER, '.env'), - path.join(ROOT_FOLDER, 'VERSION'), - path.join(ROOT_FOLDER, 'docker-compose.yml'), - ]; + const filesAndFolders = [path.join(ROOT_FOLDER, 'state'), path.join(ROOT_FOLDER, 'traefik')]; const files600 = [path.join(ROOT_FOLDER, 'traefik', 'shared', 'acme.json')];