thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 10:51:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Harden systemd services, restrict file permissions further, add username blocklist and prevent more vulnerabilities

Browse Source
This commit is contained in:
thiloho
2024-12-08 14:33:33 +01:00
parent 46b8cb033c
commit 18210d501b
8 changed files with 73 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web-app/src/routes/(anonymous)/login/+page.server.ts
View File

@@ -18,7 +18,7 @@ export const actions: Actions = {
return response;
}
cookies.set("session_token", response.data.token, { path: "/", maxAge: 86400 });
cookies.set("session_token", response.data.token, { path: "/", maxAge: 43200 });
return response;
}
};

5
web-app/src/routes/(authenticated)/website/[websiteId]/publish/+page.server.ts
View File

@@ -269,14 +269,15 @@ const generateStaticFiles = async (
};
const setPermissions = async (dir: string) => {
await chmod(dir, 0o777);
const mode = dev ? 0o777 : process.env.ORIGIN ? 0o770 : 0o777;
await chmod(dir, mode);
const entries = await readdir(dir, { withFileTypes: true });
for (const entry of entries) {
const fullPath = join(dir, entry.name);
if (entry.isDirectory()) {
await setPermissions(fullPath);
} else {
await chmod(fullPath, 0o777);
await chmod(fullPath, mode);
}
}
};