From 50b49ffab66da1c12f6660aebcf805ff7b97cd0f Mon Sep 17 00:00:00 2001 From: andreymal Date: Thu, 8 Jul 2021 08:13:01 +0000 Subject: [PATCH] Add support of Unix socket (#912) Reviewed-on: https://kolaente.dev/vikunja/api/pulls/912 Reviewed-by: konrad Co-authored-by: andreymal Co-committed-by: andreymal --- config.yml.sample | 4 ++++ pkg/cmd/web.go | 34 ++++++++++++++++++++++++++++++++++ pkg/config/config.go | 3 +++ pkg/utils/umask_unix.go | 25 +++++++++++++++++++++++++ pkg/utils/umask_windows.go | 24 ++++++++++++++++++++++++ 5 files changed, 90 insertions(+) create mode 100644 pkg/utils/umask_unix.go create mode 100644 pkg/utils/umask_windows.go diff --git a/config.yml.sample b/config.yml.sample index f185d1c10..91eca7770 100644 --- a/config.yml.sample +++ b/config.yml.sample @@ -5,6 +5,10 @@ service: JWTSecret: "" # The interface on which to run the webserver interface: ":3456" + # Path to Unix socket. If set, it will be created and used instead of tcp + unixsocket: + # Permission bits for the Unix socket. Note that octal values must be prefixed by "0o", e.g. 0o660 + unixsocketmode: # The URL of the frontend, used to send password reset emails. frontendurl: "" # The base path on the file system where the binary and assets are. diff --git a/pkg/cmd/web.go b/pkg/cmd/web.go index 883345c2a..c42262209 100644 --- a/pkg/cmd/web.go +++ b/pkg/cmd/web.go @@ -18,6 +18,7 @@ package cmd import ( "context" + "net" "os" "os/signal" "time" @@ -29,7 +30,9 @@ import ( "code.vikunja.io/api/pkg/log" "code.vikunja.io/api/pkg/routes" "code.vikunja.io/api/pkg/swagger" + "code.vikunja.io/api/pkg/utils" "code.vikunja.io/api/pkg/version" + "github.com/labstack/echo/v4" "github.com/spf13/cobra" ) @@ -37,6 +40,31 @@ func init() { rootCmd.AddCommand(webCmd) } +func setupUnixSocket(e *echo.Echo) error { + path := config.ServiceUnixSocket.GetString() + + // Remove old unix socket that may have remained after a crash + if err := os.Remove(path); err != nil && !os.IsNotExist(err) { + return err + } + + if config.ServiceUnixSocketMode.Get() != nil { + // Use Umask instead of Chmod to prevent insecure race condition + // (no-op on Windows) + mode := config.ServiceUnixSocketMode.GetInt() + oldmask := utils.Umask(0o777 &^ mode) + defer utils.Umask(oldmask) + } + + l, err := net.Listen("unix", path) + if err != nil { + return err + } + + e.Listener = l + return nil +} + var webCmd = &cobra.Command{ Use: "web", Short: "Starts the rest api web server", @@ -56,6 +84,12 @@ var webCmd = &cobra.Command{ routes.RegisterRoutes(e) // Start server go func() { + // Listen unix socket if needed (ServiceInterface will be ignored) + if config.ServiceUnixSocket.GetString() != "" { + if err := setupUnixSocket(e); err != nil { + e.Logger.Fatal(err) + } + } if err := e.Start(config.ServiceInterface.GetString()); err != nil { e.Logger.Info("shutting down...") } diff --git a/pkg/config/config.go b/pkg/config/config.go index d7df8e96b..3d0a17df0 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -38,6 +38,8 @@ const ( // #nosec ServiceJWTSecret Key = `service.JWTSecret` ServiceInterface Key = `service.interface` + ServiceUnixSocket Key = `service.unixsocket` + ServiceUnixSocketMode Key = `service.unixsocketmode` ServiceFrontendurl Key = `service.frontendurl` ServiceEnableCaldav Key = `service.enablecaldav` ServiceRootpath Key = `service.rootpath` @@ -224,6 +226,7 @@ func InitDefaultConfig() { // Service ServiceJWTSecret.setDefault(random) ServiceInterface.setDefault(":3456") + ServiceUnixSocket.setDefault("") ServiceFrontendurl.setDefault("") ServiceEnableCaldav.setDefault(true) diff --git a/pkg/utils/umask_unix.go b/pkg/utils/umask_unix.go new file mode 100644 index 000000000..d43c8a6de --- /dev/null +++ b/pkg/utils/umask_unix.go @@ -0,0 +1,25 @@ +// Vikunja is a to-do list application to facilitate your life. +// Copyright 2018-2021 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public Licensee as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public Licensee for more details. +// +// You should have received a copy of the GNU Affero General Public Licensee +// along with this program. If not, see . + +// +build !windows + +package utils + +import "golang.org/x/sys/unix" + +func Umask(mask int) int { + return unix.Umask(mask) +} diff --git a/pkg/utils/umask_windows.go b/pkg/utils/umask_windows.go new file mode 100644 index 000000000..a2689a0e3 --- /dev/null +++ b/pkg/utils/umask_windows.go @@ -0,0 +1,24 @@ +// Vikunja is a to-do list application to facilitate your life. +// Copyright 2018-2021 Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public Licensee as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public Licensee for more details. +// +// You should have received a copy of the GNU Affero General Public Licensee +// along with this program. If not, see . + +// +build windows + +package utils + +// Windows doesn't provide the umask syscall, so there is a no-op stub. +func Umask(mask int) int { + return 077 +}