From 58fe475274edc706949bdcb72fc4eedbe97a4b57 Mon Sep 17 00:00:00 2001 From: Satyam Singh Date: Sat, 14 Jan 2023 14:57:47 +0530 Subject: [PATCH 1/2] Add staging validation --- server/src/main.rs | 1 + server/src/option.rs | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/server/src/main.rs b/server/src/main.rs index 652f018c6..f8838e589 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -64,6 +64,7 @@ async fn main() -> anyhow::Result<()> { env_logger::init(); CONFIG.validate(); let storage = CONFIG.storage().get_object_store(); + CONFIG.validate_staging(); CONFIG.validate_storage(&*storage).await; let metadata = storage::resolve_parseable_metadata().await?; banner::print(&CONFIG, metadata); diff --git a/server/src/option.rs b/server/src/option.rs index 3f4b4e2a0..757e19dc5 100644 --- a/server/src/option.rs +++ b/server/src/option.rs @@ -19,6 +19,7 @@ use clap::error::ErrorKind; use clap::{command, value_parser, Arg, Args, Command, FromArgMatches}; +use std::fs; use std::path::{Path, PathBuf}; use std::sync::Arc; @@ -112,6 +113,15 @@ impl Config { } } + pub fn validate_staging(&self) { + let staging_path = self.staging_dir(); + let Ok(md) = fs::metadata(staging_path) else { panic!("Could not read metadata for staging dir") }; + let permissions = md.permissions(); + if permissions.readonly() { + panic!("Staging directory {} is unwritable", staging_path.display()) + } + } + pub fn storage(&self) -> Arc { self.storage.clone() } From 60a41b21429f0d679429a2f9b56f12784b4c9879 Mon Sep 17 00:00:00 2001 From: Satyam Singh Date: Sat, 14 Jan 2023 15:53:42 +0530 Subject: [PATCH 2/2] Add permission validation to localfs --- server/src/main.rs | 2 +- server/src/option.rs | 10 +++------- server/src/storage/localfs.rs | 6 ++++-- server/src/utils.rs | 11 +++++++++++ 4 files changed, 19 insertions(+), 10 deletions(-) diff --git a/server/src/main.rs b/server/src/main.rs index f8838e589..464b39307 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -64,7 +64,7 @@ async fn main() -> anyhow::Result<()> { env_logger::init(); CONFIG.validate(); let storage = CONFIG.storage().get_object_store(); - CONFIG.validate_staging(); + CONFIG.validate_staging()?; CONFIG.validate_storage(&*storage).await; let metadata = storage::resolve_parseable_metadata().await?; banner::print(&CONFIG, metadata); diff --git a/server/src/option.rs b/server/src/option.rs index 757e19dc5..0025517b8 100644 --- a/server/src/option.rs +++ b/server/src/option.rs @@ -19,7 +19,6 @@ use clap::error::ErrorKind; use clap::{command, value_parser, Arg, Args, Command, FromArgMatches}; -use std::fs; use std::path::{Path, PathBuf}; use std::sync::Arc; @@ -27,6 +26,7 @@ use crate::storage::{ FSConfig, ObjectStorage, ObjectStorageError, ObjectStorageProvider, S3Config, LOCAL_SYNC_INTERVAL, }; +use crate::utils::validate_path_is_writeable; lazy_static::lazy_static! { #[derive(Debug)] @@ -113,13 +113,9 @@ impl Config { } } - pub fn validate_staging(&self) { + pub fn validate_staging(&self) -> anyhow::Result<()> { let staging_path = self.staging_dir(); - let Ok(md) = fs::metadata(staging_path) else { panic!("Could not read metadata for staging dir") }; - let permissions = md.permissions(); - if permissions.readonly() { - panic!("Staging directory {} is unwritable", staging_path.display()) - } + validate_path_is_writeable(staging_path) } pub fn storage(&self) -> Arc { diff --git a/server/src/storage/localfs.rs b/server/src/storage/localfs.rs index 20daa2c18..277db8601 100644 --- a/server/src/storage/localfs.rs +++ b/server/src/storage/localfs.rs @@ -36,7 +36,7 @@ use relative_path::RelativePath; use tokio::fs; use tokio_stream::wrappers::ReadDirStream; -use crate::{option::validation, query::Query}; +use crate::{option::validation, query::Query, utils::validate_path_is_writeable}; use super::{LogStream, ObjectStorage, ObjectStorageError, ObjectStorageProvider}; @@ -117,7 +117,9 @@ impl ObjectStorage for LocalFS { } async fn check(&self) -> Result<(), ObjectStorageError> { - Ok(fs::create_dir_all(&self.root).await?) + fs::create_dir_all(&self.root).await?; + validate_path_is_writeable(&self.root) + .map_err(|e| ObjectStorageError::UnhandledError(e.into())) } async fn delete_stream(&self, stream_name: &str) -> Result<(), ObjectStorageError> { diff --git a/server/src/utils.rs b/server/src/utils.rs index 3636a8b09..bc5fe2fa7 100644 --- a/server/src/utils.rs +++ b/server/src/utils.rs @@ -16,6 +16,8 @@ * */ +use std::path::Path; + use chrono::{DateTime, NaiveDate, Timelike, Utc}; use serde_json::{json, Value}; @@ -122,6 +124,15 @@ pub fn capitalize_ascii(s: &str) -> String { s[0..1].to_uppercase() + &s[1..] } +pub fn validate_path_is_writeable(path: &Path) -> anyhow::Result<()> { + let Ok(md) = std::fs::metadata(path) else { anyhow::bail!("Could not read metadata for staging dir") }; + let permissions = md.permissions(); + if permissions.readonly() { + anyhow::bail!("Staging directory {} is unwritable", path.display()) + } + Ok(()) +} + pub mod uid { use ulid::Ulid;