beenull/runtipi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix(worker): apply file permissions on start

Browse source
This commit is contained in:
Nicolas Meienberger 2023-11-27 09:40:43 +01:00
parent 91a361add1
commit abff9a4d5a
3 changed files with 5 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
packages/worker/src/index.ts
View file

@ -4,7 +4,7 @@ import path from 'node:path';
import Redis from 'ioredis';
import dotenv from 'dotenv';
import { Queue } from 'bullmq';
import { copySystemFiles, generateSystemEnvFile, generateTlsCertificates } from '@/lib/system';
import { copySystemFiles, ensureFilePermissions, generateSystemEnvFile, generateTlsCertificates } from '@/lib/system';
import { runPostgresMigrations } from '@/lib/migrations';
import { startWorker } from './watcher/watcher';
import { logger } from '@/lib/logger';
@ -30,6 +30,9 @@ const main = async () => {
logger.info('Generating TLS certificates...');
await generateTlsCertificates({ domain: envMap.get('LOCAL_DOMAIN') });
logger.info('Ensuring file permissions...');
await ensureFilePermissions();
logger.info('Starting queue...');
const queue = new Queue('events', { connection: { host: envMap.get('REDIS_HOST'), port: 6379, password: envMap.get('REDIS_PASSWORD') } });
logger.info('Obliterating queue...');

24
packages/worker/src/lib/fs/fs.helpers.ts
View file

@ -1,24 +0,0 @@
/* eslint-disable no-await-in-loop */
/* eslint-disable no-restricted-syntax */
import { execAsync, pathExists } from '@runtipi/shared';
import path from 'path';
import { ROOT_FOLDER } from '@/config/constants';
export const ensureFilePermissions = async () => {
const filesAndFolders = [path.join(ROOT_FOLDER, 'state'), path.join(ROOT_FOLDER, 'traefik')];
const files600 = [path.join(ROOT_FOLDER, 'traefik', 'shared', 'acme.json')];
// Give permission to read and write to all files and folders for the current user
for (const fileOrFolder of filesAndFolders) {
if (await pathExists(fileOrFolder)) {
await execAsync(`chmod -R a+rwx ${fileOrFolder}`).catch(() => {});
}
}
for (const fileOrFolder of files600) {
if (await pathExists(fileOrFolder)) {
await execAsync(`chmod 600 ${fileOrFolder}`).catch(() => {});
}
}
};

11
packages/worker/src/lib/system/system.helpers.ts
View file

@ -259,16 +259,7 @@ export const generateTlsCertificates = async (data: { domain?: string }) => {
};
export const ensureFilePermissions = async () => {
const filesAndFolders = [
path.join(ROOT_FOLDER, 'apps'),
path.join(ROOT_FOLDER, 'logs'),
path.join(ROOT_FOLDER, 'repos'),
path.join(ROOT_FOLDER, 'state'),
path.join(ROOT_FOLDER, 'traefik'),
path.join(ROOT_FOLDER, '.env'),
path.join(ROOT_FOLDER, 'VERSION'),
path.join(ROOT_FOLDER, 'docker-compose.yml'),
];
const filesAndFolders = [path.join(ROOT_FOLDER, 'state'), path.join(ROOT_FOLDER, 'traefik')];
const files600 = [path.join(ROOT_FOLDER, 'traefik', 'shared', 'acme.json')];