klemek/stapler
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 10 Wiki Activity

fix(tokens): restrict chmod to user only

Browse Source
This commit is contained in:
klemek
2026-04-17 01:14:25 +02:00
parent 130deaf320
commit 0a7fec53ab
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/data_dir.py
+4 -1
View File
@@ -40,11 +40,14 @@ class DataDir:
return path_index.is_file()
return False
def set_file(self, path: str, file_name: str, value: str) -> None:
def set_file(
self, path: str, file_name: str, value: str, chmod: int = 0o644
) -> None:
if self.exists(path):
file_path = self.root_path / path / file_name
with file_path.open(mode="w") as file:
file.write(value)
file_path.chmod(chmod)
self.logger.debug("Wrote %s", file_path)
def get_file(self, path: str, file_name: str) -> str | None:
src/registry.py
+1 -1
View File
@@ -41,7 +41,7 @@ class Registry:
def set_token_hash(self, path: str, token_hash: str) -> None:
if self.pages[path].token_hash != token_hash:
self.data_dir.set_file(path, self.TOKEN_FILE, token_hash)
self.data_dir.set_file(path, self.TOKEN_FILE, token_hash, 0o600)
self.pages[path].token_hash = token_hash
self.logger.debug("Updated %s", self.pages[path])
src/token_manager.py
+4
View File
@@ -24,6 +24,9 @@ class TokenManager:
self.logger.warning(
"No salt provided, tokens will be cryptographically weak"
)
if not self.tokens_file.exists():
self.tokens_file.touch()
self.tokens_file.chmod(0o600)
self.token_hashes = self.__load_hashes()
def is_valid(self, token: str) -> bool:
@@ -58,4 +61,5 @@ class TokenManager:
def __save_hashes(self) -> None:
with self.tokens_file.open(mode="w") as file:
file.write("\n".join(self.token_hashes))
self.tokens_file.chmod(0o600)
self.logger.debug("Updated %s", self.tokens_file)