diff --git a/src/main.cpp b/src/main.cpp index 4146edf..3a0e093 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -6,12 +6,14 @@ #include #include #include +#include #include #include #include "Services.h" #include "Modules.h" #include "BashManager.h" using namespace std; +namespace fs=filesystem; void help(char * argv0) { @@ -60,35 +62,106 @@ int createUser(string serviceUsername) return 0; } +string findCertificate(string serviceUsername) +{ + //this method searches for a specific ssl certificate for the service, either in dns or http directories + //it would be under a serviceUsername* folder and named fullchain.perm + //if none is found, it returns the dummy certificate + + //searching is dns_certs_path + string dns_certs_path=getenv("dns_certs_path"); //dns_certs_path is an environment variable + //finding the serviceUsername* directory + string cmd="ls $dns_certs_path/"+serviceUsername+" | grep \"^"+serviceUsername+"\(-[0-9]\{4\}\)\?$"; + string name = BashManager::ExecuteAndReadResult(cmd); + if (!name.empty()){ + //finding the certificate + string cert = dns_certs_path+"/"+name+"/fullchain.pem"; + if (fs::exists(cert)){ + return cert; + } else { + cout << "No certificate in " << dns_certs_path << endl; + } + } else { + cout << "No certificate in " << dns_certs_path << endl; + //searching in http_certs_path + string http_certs_path=getenv(("http_certs_path")); //http_certs_path is an environment variable + //finding the serviceUsername* directory + string cmd="ls $http_certs_path/"+serviceUsername+" | grep \"^"+serviceUsername+"\(-[0-9]\{4\}\)\?$"; + string name = BashManager::ExecuteAndReadResult(cmd); + if (!name.empty()){ + //finding the certificate + string cert = http_certs_path+"/"+name+"/fullchain.pem"; + if (fs::exists(cert)){ + return cert; + } else { + cout << "No certificate in " << http_certs_path << endl; + } + } else { + cout << "Using dummy certificate" << endl; + return getenv("dummy_cert_path"); + } + + } +} + int createEnvService(string serviceUsername) { + //this method creates the environment variables of the service as well as its directories Services services; - //create directories - //filesystem::create_directories() + //environment variables creation string http_dir="/srv/http/"+serviceUsername; string data_dir="/data/"+serviceUsername; string secret_dir="/data/secrets/"+serviceUsername; string docker_dir="/services/"+serviceUsername; string jc_service=serviceUsername; string home="/data/"+serviceUsername; - string net="172.29."+services.FindByUsername(serviceUsername)->GetUserID(); - /* - "HTTP_DIR='/srv/http/$service'" "$dir/.env" + string jc_id=to_string(services.FindByUsername(serviceUsername)->GetUserID()); + string net="172.29."+jc_id; + string jc_cert=findCertificate(serviceUsername); - cert="$(findcert.sh "$service")" || true - if [ -n "$cert" ] ; then - line_in_file "JC_CERT='$cert'" "$dir/.env" - fi*/ + //create a .env file accessible outside the C++ program + string file = "/services/"+serviceUsername+"/.env"; + ofstream outfile(file); + outfile << "http_dir=" << http_dir << endl; + outfile << "data_dir=" << data_dir << endl; + outfile << "secret_dir=" << secret_dir << endl; + outfile << "docker_dir=" << docker_dir << endl; + outfile << "jc_service=" << jc_service << endl; + outfile << "home=" << home << endl; + outfile << "jc_id=" << jc_id << endl; + outfile << "net=" << net << endl; + outfile << "jc_cert=" << jc_cert << endl; - /* - run mkdir -p "$DATA_DIR" "$HTTP_DIR" - run chown $uid "$DATA_DIR" - run chmod 751 "$DATA_DIR" - run chown $uid:www-data -R "$HTTP_DIR" - if [ -d "$SECRET_DIR" ] ; then - run chown $uid "$SECRET_DIR" -R - run chmod 751 "$SECRET_DIR" -R - fi*/ return 0; + //setting the environment variables for all the shell commands called in this C++ programm + setenv("http_dir",http_dir.c_str(),1); + setenv("data_dir",data_dir.c_str(),1); + setenv("secret_dir",secret_dir.c_str(),1); + setenv("docker_dir",docker_dir.c_str(),1); + setenv("jc_service",jc_service.c_str(),1); + setenv("home",home.c_str(),1); + setenv("jc_id",jc_id.c_str(),1); + setenv("net",net.c_str(),1); + setenv("jc_cert",jc_cert.c_str(),1); + + //create the directories + //data_dir + fs::create_directories(data_dir); + if (chown(data_dir.c_str(), (unsigned int)stoi(jc_id),(unsigned int)stoi(jc_id)) != 0) { + cerr << "Error changing ownership of" << data_dir << endl; + return -1; + } + fs::permissions(data_dir,fs::perms::owner_all|fs::perms::group_read|fs::perms::group_exec|fs::perms::others_exec,fs::perm_options::replace); + //http_dir + fs::create_directories(http_dir); + string cmd="chown "+ jc_id +":www-data -R "+http_dir; + BashManager::Execute(cmd); + //secret_dir + if (chown(secret_dir.c_str(), (unsigned int)stoi(jc_id),(unsigned int)stoi(jc_id)) != 0) { + cerr << "Error changing ownership of" << secret_dir << endl; + return -1; + } + fs::permissions(secret_dir,fs::perms::owner_all|fs::perms::group_read|fs::perms::group_exec|fs::perms::others_exec,fs::perm_options::replace); + return 0; } int removeEnvService() @@ -197,7 +270,7 @@ int main(int argc, char *argv[]) return -1; } else { //check that data is mounted on the server - if (!(filesystem::exists("/data/mounted"))) { + if (!(fs::exists("/data/mounted"))) { cerr << "Error. The data is not mounted on the server" << endl; return -1; } else { diff --git a/testenv/services/test.sh8s.sh/deploy_user.sh b/testenv/services/test.sh8s.sh/deploy_user.sh index 33d20c1..baddc29 100755 --- a/testenv/services/test.sh8s.sh/deploy_user.sh +++ b/testenv/services/test.sh8s.sh/deploy_user.sh @@ -1,4 +1,4 @@ #!/bin/bash set -euo pipefail #git_update.sh -r -d "$HTTP_DIR" "$GIT_SOURCE_REPO" -touch done2 +