diff --git a/cmd/root.go b/cmd/root.go index 72102fa03..44307cd46 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -183,6 +183,7 @@ func init() { rootCmd.Flags().IntP("port", "p", viper.GetInt("port"), "HTTP port Navidrome will listen to") rootCmd.Flags().String("baseurl", viper.GetString("baseurl"), "base URL to configure Navidrome behind a proxy (ex: /music or http://my.server.com)") rootCmd.Flags().String("tlscert", viper.GetString("tlscert"), "optional path to a TLS cert file (enables HTTPS listening)") + rootCmd.Flags().String("unixsocketperm", viper.GetString("unixsocketperm"), "optional file permission for the unix socket") rootCmd.Flags().String("tlskey", viper.GetString("tlskey"), "optional path to a TLS key file (enables HTTPS listening)") rootCmd.Flags().Duration("sessiontimeout", viper.GetDuration("sessiontimeout"), "how long Navidrome will wait before closing web ui idle sessions") @@ -199,6 +200,7 @@ func init() { _ = viper.BindPFlag("address", rootCmd.Flags().Lookup("address")) _ = viper.BindPFlag("port", rootCmd.Flags().Lookup("port")) _ = viper.BindPFlag("tlscert", rootCmd.Flags().Lookup("tlscert")) + _ = viper.BindPFlag("unixsocketperm", rootCmd.Flags().Lookup("unixsocketperm")) _ = viper.BindPFlag("tlskey", rootCmd.Flags().Lookup("tlskey")) _ = viper.BindPFlag("baseurl", rootCmd.Flags().Lookup("baseurl")) diff --git a/conf/configuration.go b/conf/configuration.go index eb0222abe..46c1abb71 100644 --- a/conf/configuration.go +++ b/conf/configuration.go @@ -21,6 +21,7 @@ type configOptions struct { ConfigFile string Address string Port int + UnixSocketPerm string MusicFolder string DataFolder string CacheFolder string @@ -275,6 +276,7 @@ func init() { viper.SetDefault("loglevel", "info") viper.SetDefault("address", "0.0.0.0") viper.SetDefault("port", 4533) + viper.SetDefault("unixsocketperm", "0660") viper.SetDefault("sessiontimeout", consts.DefaultSessionTimeout) viper.SetDefault("scaninterval", -1) viper.SetDefault("scanschedule", "@every 1m") diff --git a/server/server.go b/server/server.go index 889ca6dbb..91dfac985 100644 --- a/server/server.go +++ b/server/server.go @@ -9,6 +9,7 @@ import ( "net/url" "os" "path" + "strconv" "strings" "time" @@ -71,13 +72,9 @@ func (s *Server) Run(ctx context.Context, addr string, port int, tlsCert string, var err error if strings.HasPrefix(addr, "unix:") { socketPath := strings.TrimPrefix(addr, "unix:") - // Remove the socket file if it already exists - if err := os.Remove(socketPath); err != nil && !os.IsNotExist(err) { - return fmt.Errorf("error removing previous unix socket file: %w", err) - } - listener, err = net.Listen("unix", socketPath) + listener, err = createUnixSocketFile(socketPath, conf.Server.UnixSocketPerm) if err != nil { - return fmt.Errorf("error creating unix socket listener: %w", err) + return err } } else { addr = fmt.Sprintf("%s:%d", addr, port) @@ -136,6 +133,28 @@ func (s *Server) Run(ctx context.Context, addr string, port int, tlsCert string, return nil } +func createUnixSocketFile(socketPath string, socketPerm string) (net.Listener, error) { + // Remove the socket file if it already exists + if err := os.Remove(socketPath); err != nil && !os.IsNotExist(err) { + return nil, fmt.Errorf("error removing previous unix socket file: %w", err) + } + // Create listener + listener, err := net.Listen("unix", socketPath) + if err != nil { + return nil, fmt.Errorf("error creating unix socket listener: %w", err) + } + // Converts the socketPerm to uint and updates the permission of the unix socket file + perm, err := strconv.ParseUint(socketPerm, 8, 32) + if err != nil { + return nil, fmt.Errorf("error parsing unix socket file permissions: %w", err) + } + err = os.Chmod(socketPath, os.FileMode(perm)) + if err != nil { + return nil, fmt.Errorf("error updating permission of unix socket file: %w", err) + } + return listener, nil +} + func (s *Server) initRoutes() { s.appRoot = path.Join(conf.Server.BasePath, consts.URLPathUI) diff --git a/server/server_test.go b/server/server_test.go index 4f2c74f83..f9a43a802 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -1,8 +1,11 @@ package server import ( + "io/fs" "net/http" "net/url" + "os" + "path/filepath" "github.com/navidrome/navidrome/conf" . "github.com/onsi/ginkgo/v2" @@ -58,3 +61,49 @@ var _ = Describe("AbsoluteURL", func() { }) }) }) + +var _ = Describe("createUnixSocketFile", func() { + var socketPath string + + BeforeEach(func() { + tempDir, _ := os.MkdirTemp("", "create_unix_socket_file_test") + socketPath = filepath.Join(tempDir, "test.sock") + DeferCleanup(func() { + _ = os.RemoveAll(tempDir) + }) + }) + + When("unixSocketPerm is valid", func() { + It("updates the permission of the unix socket file and returns nil", func() { + _, err := createUnixSocketFile(socketPath, "0777") + fileInfo, _ := os.Stat(socketPath) + actualPermission := fileInfo.Mode().Perm() + + Expect(actualPermission).To(Equal(os.FileMode(0777))) + Expect(err).ToNot(HaveOccurred()) + + }) + }) + + When("unixSocketPerm is invalid", func() { + It("returns an error", func() { + _, err := createUnixSocketFile(socketPath, "invalid") + Expect(err).To(HaveOccurred()) + + }) + }) + + When("file already exists", func() { + It("recreates the file as a socket with the right permissions", func() { + _, err := os.Create(socketPath) + Expect(err).ToNot(HaveOccurred()) + Expect(os.Chmod(socketPath, os.FileMode(0777))).To(Succeed()) + + _, err = createUnixSocketFile(socketPath, "0600") + Expect(err).ToNot(HaveOccurred()) + fileInfo, _ := os.Stat(socketPath) + Expect(fileInfo.Mode().Perm()).To(Equal(os.FileMode(0600))) + Expect(fileInfo.Mode().Type()).To(Equal(fs.ModeSocket)) + }) + }) +})