Skip to content

Commit

Permalink
fixed UI upgrade if admin is running on privileged port (<1024) (#2986)
Browse files Browse the repository at this point in the history
  • Loading branch information
@foxriver76
foxriver76 authored Dec 8, 2024
1 parent f37e12a commit 6c3a388
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 15 deletions.
7 changes: 5 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,13 @@
## __WORK IN PROGRESS__
-->

## 7.0.5 (2024-12-07)
## __WORK IN PROGRESS__ - Lucy
* (@foxriver76) fixed UI upgrade if admin is running on privileged port (<1024)

## 7.0.5 (2024-12-07) - Lucy
* (@foxriver76) fixed UI upgrade for non-systemd systems

## 7.0.4 (2024-12-04)
## 7.0.4 (2024-12-04) - Lucy
* (@Apollon77) Fixes async usage of extendObject
* (@Apollon77) Makes setObject async save
* (@foxriver76) deprecated `set(Foreign)ObjectAsync` as the non async methods are now working correctly with promises
Expand Down
34 changes: 21 additions & 13 deletions packages/controller/src/lib/upgradeManager.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,14 +97,12 @@ class UpgradeManager {
this.logger = this.setupLogger();
this.gid = args.gid;
this.uid = args.uid;

this.applyUser();
}

/**
* To prevent commands (including npm) running as root, we apply the passed in gid and uid
*/
private applyUser(): void {
applyUser(): void {
if (!process.setuid || !process.setgid) {
const errMessage = 'Cannot ensure user and group ids on this system, because no POSIX platform';
this.log(errMessage, true);
Expand Down Expand Up @@ -236,12 +234,12 @@ class UpgradeManager {
*
* @param params Web server configuration
*/
startWebServer(params: WebServerParameters): void {
async startWebServer(params: WebServerParameters): Promise<void> {
const { useHttps } = params;
if (useHttps) {
this.startSecureWebServer(params);
await this.startSecureWebServer(params);
} else {
this.startInsecureWebServer(params);
await this.startInsecureWebServer(params);
}
}

Expand Down Expand Up @@ -300,7 +298,7 @@ class UpgradeManager {
*
* @param params Web server configuration
*/
startInsecureWebServer(params: InsecureWebServerParameters): void {
async startInsecureWebServer(params: InsecureWebServerParameters): Promise<void> {
const { port } = params;

this.server = http.createServer((_req, res) => {
Expand All @@ -309,17 +307,21 @@ class UpgradeManager {

this.monitorSockets(this.server);

this.server.listen(port, () => {
this.log(`Server is running on http://localhost:${port}`);
await new Promise<void>(resolve => {
this.server!.listen(port, () => {
resolve();
});
});

this.log(`Server is running on http://localhost:${port}`);
}

/**
* Start a secure web server for admin communication
*
* @param params Web server configuration
*/
startSecureWebServer(params: SecureWebServerParameters): void {
async startSecureWebServer(params: SecureWebServerParameters): Promise<void> {
const { port, certPublic, certPrivate } = params;

this.server = https.createServer({ key: certPrivate, cert: certPublic }, (_req, res) => {
Expand All @@ -328,9 +330,13 @@ class UpgradeManager {

this.monitorSockets(this.server);

this.server.listen(port, () => {
this.log(`Server is running on https://localhost:${port}`);
await new Promise<void>(resolve => {
this.server!.listen(port, () => {
resolve();
});
});

this.log(`Server is running on https://localhost:${port}`);
}

/**
Expand Down Expand Up @@ -443,7 +449,9 @@ async function main(): Promise<void> {
await upgradeManager.stopController();
upgradeManager.log('Successfully stopped js-controller');

upgradeManager.startWebServer(webServerParameters);
await upgradeManager.startWebServer(webServerParameters);
// do this after web server is started, else we cannot bind on privileged ports after using setgid
upgradeManager.applyUser();

try {
await upgradeManager.npmInstall();
Expand Down

0 comments on commit 6c3a388

Please sign in to comment.