notfire/Iceshrimp.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[backend/asp] Allow customizing the unix socket permissions that are set on startup (ISH-671)

Browse source
This commit is contained in:
Laura Hausmann 2025-01-08 12:04:53 +01:00
parent ce6784b4c4
commit 62493dbe19
No known key found for this signature in database
GPG key ID: D044E84C5BE01605
3 changed files with 31 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Iceshrimp.Backend/Core/Configuration/Config.cs
View file

@ -33,13 +33,14 @@ public sealed class Config
public string Version => _versionInfo.Version;
public string UserAgent => $"Iceshrimp.NET/{Version} (+https://{WebDomain}/)";
[Range(1, 65535)] public int ListenPort { get; init; } = 3000;
[Required] public string ListenHost { get; init; } = "localhost";
public string? ListenSocket { get; init; }
[Required] public string WebDomain { get; init; } = null!;
[Required] public string AccountDomain { get; init; } = null!;
[Range(1, 100000)] public int CharacterLimit { get; init; } = 8192;
public string? RedirectIndexTo { get; init; }
[Range(1, 65535)] public int ListenPort { get; init; } = 3000;
[Required] public string ListenHost { get; init; } = "localhost";
public string? ListenSocket { get; init; }
public string ListenSocketPerms { get; init; } = "660";
[Required] public string WebDomain { get; init; } = null!;
[Required] public string AccountDomain { get; init; } = null!;
[Range(1, 100000)] public int CharacterLimit { get; init; } = 8192;
public string? RedirectIndexTo { get; init; }
public string? AdditionalDomains
{

28
Iceshrimp.Backend/Core/Extensions/WebApplicationExtensions.cs
View file

@ -302,8 +302,8 @@ public static class WebApplicationExtensions
public static void SetKestrelUnixSocketPermissions(this WebApplication app)
{
var config = app.Configuration.GetSection("Instance").Get<Config.InstanceSection>() ??
throw new Exception("Failed to read instance config");
var config = app.Configuration.GetSection("Instance").Get<Config.InstanceSection>()
?? throw new Exception("Failed to read instance config");
if (config.ListenSocket == null) return;
using var scope = app.Services.CreateScope();
var logger = scope.ServiceProvider.GetRequiredService<ILoggerFactory>()
@ -312,14 +312,30 @@ public static class WebApplicationExtensions
if (!OperatingSystem.IsLinux() && !OperatingSystem.IsMacOS() && !OperatingSystem.IsFreeBSD())
throw new Exception("Can't set unix socket permissions on a non-UNIX system");
var perms = "660";
var exitCode = chmod(config.ListenSocket, Convert.ToInt32(perms, 8));
int perms;
try
{
perms = Convert.ToInt32(config.ListenSocketPerms, 8);
}
catch
{
logger.LogError("Failed to set Kestrel unix socket permissions to {SocketPerms}: failed to parse octal digits",
config.ListenSocketPerms);
Environment.Exit(1);
return;
}
var exitCode = chmod(config.ListenSocket, perms);
if (exitCode < 0)
{
logger.LogError("Failed to set Kestrel unix socket permissions to {SocketPerms}, return code: {ExitCode}",
perms, exitCode);
config.ListenSocketPerms, exitCode);
}
else
logger.LogInformation("Kestrel unix socket permissions were set to {SocketPerms}", perms);
{
logger.LogInformation("Kestrel unix socket permissions were set to {SocketPerms}",
config.ListenSocketPerms);
}
return;

1
Iceshrimp.Backend/configuration.ini
View file

@ -4,6 +4,7 @@ ListenHost = localhost
;; If you want to have the application listen on a unix socket instead, uncomment the line below. Make sure to configure filesystem permissions correctly!
;;ListenSocket = /var/run/iceshrimp/iceshrimp.net.sock
;;ListenSocketPerms = 660
;; Caution: changing these settings after initial setup *will* break federation
WebDomain = shrimp.example.org