-
Notifications
You must be signed in to change notification settings - Fork 0
/
snoots.js
131 lines (110 loc) · 3.1 KB
/
snoots.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
let fs = require("fs-extra")
let createResolver = require("./create-path-resolver.js")
let unix = require("./unix.js")
let shell = require("./shell.js")
let skeletons = require("./skeletons.js")
let {shout} = require("./loggo.js")
let rootResolver = createResolver("/www/snoot.club")
let resolver = rootResolver("snoots")
let validNameRegex = /^[a-z][a-z0-9]{0,30}$/
let validateName = snoot =>
validNameRegex.test(snoot)
let applicationResolver = (snoot, ...paths) =>
resolver(snoot, "application", ...paths)
let repoResolver = (snoot, ...paths) =>
resolver(snoot, "repo", ...paths)
let websiteResolver = (snoot, ...paths) =>
resolver(snoot, "application", "website", ...paths)
async function getAuthorizedKeys (snoot) {
let snootResolver = resolver(snoot)
let sshDirectoryResolver = snootResolver(".ssh")
let authorizedKeysPath = sshDirectoryResolver("authorized_keys").path
return fs.readFile(authorizedKeysPath, "utf-8")
}
async function fixSshPermissions (snoot) {
let snootResolver = resolver(snoot)
let sshDirectoryResolver = snootResolver(".ssh")
let authorizedKeysPath = sshDirectoryResolver("authorized_keys").path
let snootOwnedPaths = [
sshDirectoryResolver.path,
authorizedKeysPath,
snootResolver.path
]
let snootId = await unix.getUserId(snoot)
let commonId = await unix.getCommonGid()
for (let path of snootOwnedPaths) {
await fs.chmod(path, 0o750)
}
await fs.chmod(authorizedKeysPath, 0o644)
for (let path of snootOwnedPaths) {
await fs.chown(path, snootId, commonId)
}
}
async function createUnixAccount (snoot) {
return unix.createUser({
user: snoot,
groups: [unix.commonGroupName, unix.lowerGroupName],
homeDirectory: createResolver("/")("snoots", snoot).path
})
}
async function createBareRepo (snoot) {
let snootRepoResolver = repoResolver(snoot)
await shell.run(`git init --bare ${snootRepoResolver.path}`)
await unix.chown({
user: await unix.getUserId(snoot),
group: await unix.getCommonGid(),
path: snootRepoResolver.path,
recurse: true
})
}
async function createBaseApplication (snoot, data) {
await skeletons.write({
resolver: resolver(snoot),
uid: await unix.getUserId(snoot),
gid: await unix.getCommonGid(),
render: compile => compile(snoot, data),
getPermissions ({filePath, fileType}) {
if (fileType == skeletons.fileTypes.file) {
let rwxr_xr_x = 0o755
let postReceive = repoResolver(snoot, "hooks", "post-receive").path
if (filePath == postReceive) {
return {
mode: rwxr_xr_x
}
}
}
}
})
}
async function getNames () {
let files = await fs.readdir(resolver.path)
return files.filter(name =>
validateName(name)
)
}
async function checkExists (snoot) {
let names = await getNames()
return names.includes(snoot)
}
async function demandExistence (snoot) {
let names = await getNames()
if (!names.includes(snoot)) {
shout(`no such snoot: ${snoot}`)
process.exit(47)
}
}
module.exports = {
rootResolver,
resolver,
applicationResolver,
websiteResolver,
createUnixAccount,
createBaseApplication,
fixSshPermissions,
checkExists,
validateName,
getNames,
demandExistence,
createBareRepo,
getAuthorizedKeys
}