what does it mean to succeed

chee · Nov 17, 2020 · 9dcfe3a · 9dcfe3a
1 parent 9f35617
commit 9dcfe3a
Show file tree

Hide file tree

Showing 6 changed files with 94 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,5 @@
 node_modules/
 succeed/target/
+own/target/
+bin/succeed
+bin/own
diff --git a/index.js b/index.js
@@ -3,12 +3,17 @@ let execa = require("execa")
 let net = require("net")
 let fs = require("fs").promises
 let crypto = require("crypto")
+let path = require("path")
 
 async function getSnoot(name) {
 	let {stdout: snootid} = await execa("id", ["-u", name]).catch(() => ({}))
 	return snootid
 }
 
+async function own(name, scope) {
+	return execa(path.join(__dirname, "bin", "own"), [name, scope])
+}
+
 async function authenticate(request, response, name, scope) {
 	let snootid = await getSnoot(name)
 
@@ -46,7 +51,7 @@ async function listen(request, response, name, scope) {
 
 	fs.unlink(sockPath).catch(() => ({}))
 	let timeout
-	let server = net.createServer(function(client) {
+	let server = net.createServer(function (client) {
 		let data = ""
 		client.on("data", d => {
 			data += d.toString()
@@ -56,9 +61,10 @@ async function listen(request, response, name, scope) {
 				clearTimeout(timeout)
 				let token = `${name}.${crypto.randomBytes(22).toString("base64")}`
 				await fs.writeFile(`/snoots/auth/sessions/${name}.${scope}`, token)
+				await own(name, scope)
 				response.setHeader(
 					"Set-Cookie",
-					`session=${token}; Domain=${scope}.snoot.club; Secure; Path=/`
+					`session=${token}; Domain=snoot.club; Secure; Path=/`
 				)
 				send(response, 200, "Thanks ! Enjoy your cookie")
 			} else {
@@ -72,19 +78,15 @@ async function listen(request, response, name, scope) {
 		})
 	})
 	timeout = setTimeout(() => {
-		server.close(function() {
+		server.close(function () {
 			send(response, 408, "That took too long! please try again")
 		})
 	}, 60000)
 	server.listen(sockPath)
 }
 
 async function notfound(request, response) {
-	return send(
-		response,
-		404,
-		"go to https://auth.snoot.club/your_snoot_name"
-	)
+	return send(response, 404, "go to https://auth.snoot.club/your_snoot_name")
 }
 
 module.exports = (request, response) => {

diff --git a/own/Cargo.lock b/own/Cargo.lock
diff --git a/own/Cargo.toml b/own/Cargo.toml
@@ -0,0 +1,10 @@
+[package]
+name = "own"
+version = "0.1.0"
+authors = ["chee <chee@snoot.club>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+nix = "0.19"
diff --git a/own/build.sh b/own/build.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+cargo build --release
+mv target/release/own ../bin
+sudo chmod 4750 ../bin/own
+sudo chown root:snootauth ../bin/own
diff --git a/own/src/main.rs b/own/src/main.rs
@@ -0,0 +1,22 @@
+use nix::unistd::{chown, User, Group};
+use std::env;
+use std::fs::File;
+use std::os::unix::fs::PermissionsExt;
+use std::path::PathBuf;
+
+fn main() -> std::io::Result<()> {
+    let args: Vec<String> = env::args().collect();
+    let snoot = args.get(1).expect("own <snoot> <scope>");
+    let scope = args.get(2).expect("own <snoot> <scope>");
+    let scope_user = User::from_name(scope).expect("no scope").expect("hoohoo");
+    let auth_group = Group::from_name("snootauth").expect("there should be a unix group called snootauth").expect("hoohoo");
+
+    let path = PathBuf::from(format!("/snoots/auth/sessions/{}.{}", snoot, scope));
+    let file = File::open(&path)?;
+    let metadata = file.metadata()?;
+    let mut permissions = metadata.permissions();
+    permissions.set_mode(0o400);
+    chown(&path, Some(scope_user.uid), Some(auth_group.gid)).expect("cloudnt set files permission");
+
+    Ok(())
+}