From 9dcfe3a1b76f69751955084257488bcac83e6f49 Mon Sep 17 00:00:00 2001
From: chee <chee@snoot.club>
Date: Tue, 17 Nov 2020 19:22:02 +0000
Subject: [PATCH] what does it mean to succeed

---
 .gitignore      |  3 +++
 index.js        | 18 ++++++++++--------
 own/Cargo.lock  | 44 ++++++++++++++++++++++++++++++++++++++++++++
 own/Cargo.toml  | 10 ++++++++++
 own/build.sh    |  5 +++++
 own/src/main.rs | 22 ++++++++++++++++++++++
 6 files changed, 94 insertions(+), 8 deletions(-)
 create mode 100644 own/Cargo.lock
 create mode 100644 own/Cargo.toml
 create mode 100755 own/build.sh
 create mode 100644 own/src/main.rs

diff --git a/.gitignore b/.gitignore
index d014a71..bb9c6f1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,5 @@
 node_modules/
 succeed/target/
+own/target/
+bin/succeed
+bin/own
diff --git a/index.js b/index.js
index 650801e..61b4ed9 100644
--- a/index.js
+++ b/index.js
@@ -3,12 +3,17 @@ let execa = require("execa")
 let net = require("net")
 let fs = require("fs").promises
 let crypto = require("crypto")
+let path = require("path")
 
 async function getSnoot(name) {
 	let {stdout: snootid} = await execa("id", ["-u", name]).catch(() => ({}))
 	return snootid
 }
 
+async function own(name, scope) {
+	return execa(path.join(__dirname, "bin", "own"), [name, scope])
+}
+
 async function authenticate(request, response, name, scope) {
 	let snootid = await getSnoot(name)
 
@@ -46,7 +51,7 @@ async function listen(request, response, name, scope) {
 
 	fs.unlink(sockPath).catch(() => ({}))
 	let timeout
-	let server = net.createServer(function(client) {
+	let server = net.createServer(function (client) {
 		let data = ""
 		client.on("data", d => {
 			data += d.toString()
@@ -56,9 +61,10 @@ async function listen(request, response, name, scope) {
 				clearTimeout(timeout)
 				let token = `${name}.${crypto.randomBytes(22).toString("base64")}`
 				await fs.writeFile(`/snoots/auth/sessions/${name}.${scope}`, token)
+				await own(name, scope)
 				response.setHeader(
 					"Set-Cookie",
-					`session=${token}; Domain=${scope}.snoot.club; Secure; Path=/`
+					`session=${token}; Domain=snoot.club; Secure; Path=/`
 				)
 				send(response, 200, "Thanks ! Enjoy your cookie")
 			} else {
@@ -72,7 +78,7 @@ async function listen(request, response, name, scope) {
 		})
 	})
 	timeout = setTimeout(() => {
-		server.close(function() {
+		server.close(function () {
 			send(response, 408, "That took too long! please try again")
 		})
 	}, 60000)
@@ -80,11 +86,7 @@ async function listen(request, response, name, scope) {
 }
 
 async function notfound(request, response) {
-	return send(
-		response,
-		404,
-		"go to https://auth.snoot.club/your_snoot_name"
-	)
+	return send(response, 404, "go to https://auth.snoot.club/your_snoot_name")
 }
 
 module.exports = (request, response) => {
diff --git a/own/Cargo.lock b/own/Cargo.lock
new file mode 100644
index 0000000..70200f9
--- /dev/null
+++ b/own/Cargo.lock
@@ -0,0 +1,44 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+[[package]]
+name = "bitflags"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
+
+[[package]]
+name = "cc"
+version = "1.0.62"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1770ced377336a88a67c473594ccc14eca6f4559217c34f64aac8f83d641b40"
+
+[[package]]
+name = "cfg-if"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
+
+[[package]]
+name = "libc"
+version = "0.2.80"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4d58d1b70b004888f764dfbf6a26a3b0342a1632d33968e4a179d8011c760614"
+
+[[package]]
+name = "nix"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85db2feff6bf70ebc3a4793191517d5f0331100a2f10f9bf93b5e5214f32b7b7"
+dependencies = [
+ "bitflags",
+ "cc",
+ "cfg-if",
+ "libc",
+]
+
+[[package]]
+name = "own"
+version = "0.1.0"
+dependencies = [
+ "nix",
+]
diff --git a/own/Cargo.toml b/own/Cargo.toml
new file mode 100644
index 0000000..207744d
--- /dev/null
+++ b/own/Cargo.toml
@@ -0,0 +1,10 @@
+[package]
+name = "own"
+version = "0.1.0"
+authors = ["chee <chee@snoot.club>"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+nix = "0.19"
diff --git a/own/build.sh b/own/build.sh
new file mode 100755
index 0000000..54d59dc
--- /dev/null
+++ b/own/build.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+cargo build --release
+mv target/release/own ../bin
+sudo chmod 4750 ../bin/own
+sudo chown root:snootauth ../bin/own
diff --git a/own/src/main.rs b/own/src/main.rs
new file mode 100644
index 0000000..7956cb3
--- /dev/null
+++ b/own/src/main.rs
@@ -0,0 +1,22 @@
+use nix::unistd::{chown, User, Group};
+use std::env;
+use std::fs::File;
+use std::os::unix::fs::PermissionsExt;
+use std::path::PathBuf;
+
+fn main() -> std::io::Result<()> {
+    let args: Vec<String> = env::args().collect();
+    let snoot = args.get(1).expect("own <snoot> <scope>");
+    let scope = args.get(2).expect("own <snoot> <scope>");
+    let scope_user = User::from_name(scope).expect("no scope").expect("hoohoo");
+    let auth_group = Group::from_name("snootauth").expect("there should be a unix group called snootauth").expect("hoohoo");
+
+    let path = PathBuf::from(format!("/snoots/auth/sessions/{}.{}", snoot, scope));
+    let file = File::open(&path)?;
+    let metadata = file.metadata()?;
+    let mut permissions = metadata.permissions();
+    permissions.set_mode(0o400);
+    chown(&path, Some(scope_user.uid), Some(auth_group.gid)).expect("cloudnt set files permission");
+
+    Ok(())
+}