Merge pull request #36 from hyperf/perm

fix: check permission

Author: Reasno

.travis.yml

@@ -4,12 +4,10 @@ sudo: required
 
 matrix:
   include:
-    - php: 7.2
-      env: SW_VERSION="4.5.2"
     - php: 7.3
-      env: SW_VERSION="4.5.2"
+      env: SW_VERSION="4.6.4"
     - php: 7.4
-      env: SW_VERSION="4.5.2"
+      env: SW_VERSION="4.6.4"
 
 services:
   - mongodb

go.mod

@@ -6,6 +6,7 @@ require (
 	github.com/fatih/pool v3.0.0+incompatible
 	github.com/oklog/run v1.1.0
 	github.com/pkg/errors v0.9.1
-	go.mongodb.org/mongo-driver v1.3.3
 	github.com/spiral/goridge/v2 v2.4.4
+	go.mongodb.org/mongo-driver v1.3.3
+	golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2
 )

pkg/config/config_test.go

@@ -55,7 +55,7 @@ func testHas(t *testing.T) {
 }
 
 func TestAll(t *testing.T) {
-	gotask.SetGo2PHPAddress("/tmp/test.sock")
+	gotask.SetGo2PHPAddress("../../tests/test.sock")
 	for i := 0; i < 50; i++ {
 		t.Run("testAll", func(t *testing.T) {
 			t.Parallel()

pkg/gotask/server.go

@@ -8,6 +8,7 @@ import (
 	"net/rpc"
 	"os"
 	"os/signal"
+	"path"
 	"syscall"
 	"time"
 
@@ -79,14 +80,16 @@ func Run() error {
 
 	if *address != "" {
 		network, addr := parseAddr(*address)
-		if err := clearAddr(network, addr); err != nil {
-			return errors.Wrap(err, "Cannot remove existing unix socket")
+		cleanup, err := checkAddr(network, addr)
+		if err != nil {
+			return errors.Wrap(err, "cannot remove existing unix socket")
 		}
+		defer cleanup()
+
 		ln, err := net.Listen(network, addr)
 		if err != nil {
-			return errors.Wrap(err, "Unable to listen")
+			return errors.Wrap(err, "unable to listen")
 		}
-		defer clearAddr(network, addr)
 
 		g.Add(func() error {
 			for {
@@ -135,16 +138,6 @@ func Run() error {
 	return g.Run()
 }
 
-func clearAddr(network string, addr string) error {
-	if network != "unix" {
-		return nil
-	}
-	if _, err := os.Stat(addr); os.IsNotExist(err) {
-		return nil
-	}
-	return os.Remove(addr)
-}
-
 // Add an actor (function) to the group. Each actor must be pre-emptable by an
 // interrupt function. That is, if interrupt is invoked, execute should return.
 // Also, it must be safe to call interrupt even after execute has returned.
@@ -154,3 +147,47 @@ func clearAddr(network string, addr string) error {
 func Add(execute func() error, interrupt func(error)) {
 	g.Add(execute, interrupt)
 }
+
+func checkAddr(network, addr string) (func(), error) {
+	if network != "unix" {
+		return func() {}, nil
+	}
+	if _, err := os.Stat(addr); !os.IsNotExist(err) {
+		return func() {}, os.Remove(addr)
+	}
+	if err := os.MkdirAll(path.Dir(addr), os.ModePerm); err != nil {
+		return func() {}, err
+	}
+	if ok, err := isWritable(path.Dir(addr)); err != nil || !ok {
+		return func() {}, errors.Wrap(err, "socket directory is not writable")
+	}
+	return func() { os.Remove(addr) }, nil
+}
+
+func isWritable(path string) (isWritable bool, err error) {
+	info, err := os.Stat(path)
+	if err != nil {
+		return false, err
+	}
+
+	if !info.IsDir() {
+		return false, fmt.Errorf("%s isn't a directory", path)
+	}
+
+	// Check if the user bit is enabled in file permission
+	if info.Mode().Perm()&(1<<(uint(7))) == 0 {
+		return false, fmt.Errorf("write permission bit is not set on this %s for user", path)
+	}
+
+	var stat syscall.Stat_t
+	if err = syscall.Stat(path, &stat); err != nil {
+		return false, err
+	}
+
+	err = nil
+	if uint32(os.Geteuid()) != stat.Uid {
+		return false, errors.Errorf("user doesn't have permission to write to %s", path)
+	}
+
+	return true, nil
+}

pkg/gotask/server_test.go

@@ -1,28 +1,40 @@
 package gotask
 
 import (
+	"io/ioutil"
 	"log"
 	"os"
 	"testing"
 )
 
 func TestClearAddr(t *testing.T) {
-	if err := clearAddr("unix", "/tmp/non-exist.sock"); err != nil {
-		t.Errorf("clearAddr should not return error for non-exist files")
+	dir, _ := ioutil.TempDir("", "")
+	defer os.Remove(dir)
+
+	if _, err := checkAddr("unix", dir+"/non-exist.sock"); err != nil {
+		t.Errorf("checkAddr should not return error for non-exist files")
 	}
-	if err := clearAddr("tcp", "127.0.0.1:6000"); err != nil {
-		t.Errorf("clearAddr should not return error for tcp ports")
+	if _, err := checkAddr("tcp", "127.0.0.1:6000"); err != nil {
+		t.Errorf("checkAddr should not return error for tcp ports")
 	}
 	file, err := os.Create("/tmp/temp.sock")
 	if err != nil {
 		log.Fatal(err)
 	}
 	defer file.Close()
-	if err := clearAddr("unix", "/tmp/temp.sock"); err != nil {
-		t.Errorf("clearAddr should be able to clear unix socket")
+	if _, err := checkAddr("unix", "/tmp/temp.sock"); err != nil {
+		t.Errorf("checkAddr should be able to clear unix socket")
 	}
 	_, err = os.Stat("/tmp/temp.sock")
 	if !os.IsNotExist(err) {
 		t.Errorf("unix socket are not cleared, %v", err)
 	}
+
+	if _, err := checkAddr("unix", dir+"/path/to/dir/temp.sock"); err != nil {
+		t.Errorf("checkAddr should be able to create directory if not exist")
+	}
+
+	if _, err := checkAddr("unix", "/private/temp.sock"); err == nil {
+		t.Error("unix socket shouldn't be created")
+	}
 }

pkg/log/log_test.go

@@ -17,7 +17,7 @@ func testInfo(t *testing.T) {
 
 func TestAll(t *testing.T) {
 	t.Parallel()
-	gotask.SetGo2PHPAddress("/tmp/test.sock")
+	gotask.SetGo2PHPAddress("../../tests/test.sock")
 	for i := 0; i < 50; i++ {
 		t.Run("testAll", func(t *testing.T) {
 			t.Parallel()

src/ConfigProvider.php

@@ -71,8 +71,14 @@ public function __invoke(): array
 
     public static function address()
     {
+        if (defined(BASE_PATH)) {
+            $root = BASE_PATH . '/runtime';
+        } else {
+            $root = '/tmp';
+        }
+
         $appName = env('APP_NAME');
         $socketName = $appName . '_' . uniqid();
-        return "/tmp/{$socketName}.sock";
+        return $root . "/{$socketName}.sock";
     }
 }

tests/Cases/AbstractTestCase.php

@@ -28,7 +28,7 @@
  */
 abstract class AbstractTestCase extends TestCase
 {
-    const UNIX_SOCKET = '/tmp/test.sock';
+    const UNIX_SOCKET = __DIR__ . '/test.sock';
 
     public function setUp(): void
     {

tests/Cases/CoroutineSocketTest.php

@@ -24,7 +24,7 @@
  */
 class CoroutineSocketTest extends AbstractTestCase
 {
-    const UNIX_SOCKET = '/tmp/test.sock';
+    const UNIX_SOCKET = __DIR__ . '/test.sock';
 
     /**
      * @var Process

tests/TestServer.php

@@ -27,7 +27,7 @@
 require __DIR__ . '/../vendor/autoload.php';
 define('BASE_PATH', __DIR__);
 
-const ADDR = '/tmp/test.sock';
+const ADDR = __DIR__ . '/test.sock';
 @unlink(ADDR);
 $container = new Container(new DefinitionSource([], new ScanConfig()));
 $container->set(ConfigInterface::class, new Config([