mirror of
https://github.com/Finsys/dockhand.git
synced 2026-06-17 19:09:33 +03:00
Adjust uploaded files permission
This commit is contained in:
Ivan Kara
committed by
Jarek Krochmalski
Jarek Krochmalski
parent
28a6211457
commit
ccfda4c054
@@ -3844,19 +3844,25 @@ export async function getContainerTop(id: string, envId?: number | null): Promis
|
||||
export async function execInContainer(
|
||||
containerId: string,
|
||||
cmd: string[],
|
||||
envId?: number | null
|
||||
envId?: number | null,
|
||||
user?: string | null
|
||||
): Promise<string> {
|
||||
// Create exec instance
|
||||
const execBody: any = {
|
||||
Cmd: cmd,
|
||||
AttachStdout: true,
|
||||
AttachStderr: true,
|
||||
Tty: false
|
||||
};
|
||||
|
||||
if (user) {
|
||||
execBody.User = user;
|
||||
}
|
||||
|
||||
const execCreate = await dockerJsonRequest<{ Id: string }>(
|
||||
`/containers/${containerId}/exec`,
|
||||
{
|
||||
method: 'POST',
|
||||
body: JSON.stringify({
|
||||
Cmd: cmd,
|
||||
AttachStdout: true,
|
||||
AttachStderr: true,
|
||||
Tty: false
|
||||
})
|
||||
body: JSON.stringify(execBody)
|
||||
},
|
||||
envId
|
||||
);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { json } from '@sveltejs/kit';
|
||||
import { putContainerArchive } from '$lib/server/docker';
|
||||
import { putContainerArchive, inspectContainer, execInContainer } from '$lib/server/docker';
|
||||
import { authorize } from '$lib/server/authorize';
|
||||
import { validateDockerIdParam } from '$lib/server/docker-validation';
|
||||
import type { RequestHandler } from './$types';
|
||||
@@ -111,6 +111,15 @@ export const POST: RequestHandler = async ({ params, url, request, cookies }) =>
|
||||
return json({ error: 'No files provided' }, { status: 400 });
|
||||
}
|
||||
|
||||
// We'll inspect the container once to determine its default user
|
||||
let defaultUser: string | undefined;
|
||||
try {
|
||||
const inspectData = await inspectContainer(params.id, envIdNum);
|
||||
defaultUser = inspectData.Config.User || undefined;
|
||||
} catch (e) {
|
||||
console.warn('Failed to inspect container for user info', e);
|
||||
}
|
||||
|
||||
// For simplicity, we'll upload files one at a time
|
||||
// A more sophisticated implementation could pack multiple files into one tar
|
||||
const uploaded: string[] = [];
|
||||
@@ -128,6 +137,22 @@ export const POST: RequestHandler = async ({ params, url, request, cookies }) =>
|
||||
envId ? parseInt(envId) : undefined
|
||||
);
|
||||
|
||||
// chown the uploaded file
|
||||
if (defaultUser) {
|
||||
const targetPath = path.endsWith('/') ? `${path}${file.name}` : `${path}/${file.name}`;
|
||||
const ownerGroup = defaultUser.includes(':') ? defaultUser : `${defaultUser}:${defaultUser}`;
|
||||
try {
|
||||
await execInContainer(
|
||||
params.id,
|
||||
['chown', '-R', ownerGroup, targetPath],
|
||||
envId ? parseInt(envId) : undefined,
|
||||
'root'
|
||||
);
|
||||
} catch (e) {
|
||||
console.warn('Failed to set ownership on', targetPath, e);
|
||||
}
|
||||
}
|
||||
|
||||
uploaded.push(file.name);
|
||||
} catch (err: any) {
|
||||
errors.push(`${file.name}: ${err.message}`);
|
||||
|
||||
Reference in New Issue
Block a user