adamf/web_server
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix file permissions
Some checks failed
Deploy with Docker Compose / deploy (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Adam French
2026-03-09 16:20:47 +00:00
parent 8e50537333
commit 99ddd7d494
2 changed files with 10 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
backend/handlers/handle_message_upload.go
View File

@@ -66,26 +66,11 @@ func (store *Store) UploadMessageFile(ctx *gin.Context) {
} }
filename := hex.EncodeToString(b) + ext filename := hex.EncodeToString(b) + ext
uploadDir := "/backend/uploads"
if err := os.MkdirAll(uploadDir, 0755); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create upload directory"})
return
}
// Ensure directory is world-readable so nginx can serve files
if err := os.Chmod(uploadDir, 0755); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create upload directory"})
return
}
dest := filepath.Join(uploadDir, filename) dest := filepath.Join(uploadDir, filename)
if err := ctx.SaveUploadedFile(file, dest); err != nil { if err := ctx.SaveUploadedFile(file, dest); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save file"}) ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to save file"})
return return
} }
if err := os.Chmod(dest, 0644); err != nil {
ctx.JSON(http.StatusInternalServerError, gin.H{"error": "failed to set file permissions"})
return
}
ctx.JSON(http.StatusOK, gin.H{"url": "/uploads/" + filename}) ctx.JSON(http.StatusOK, gin.H{"url": "/uploads/" + filename})
} }

24
nginx/entrypoint.sh
View File

@@ -3,23 +3,19 @@ set -e
# Check if dev mode, certificate exists, or setup mode # Check if dev mode, certificate exists, or setup mode
if [ "$DEV_MODE" = "true" ]; then if [ "$DEV_MODE" = "true" ]; then
echo "Dev mode. Using HTTP-only nginx config." echo "Dev mode. Using HTTP-only nginx config."
envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \ envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
< /etc/nginx/nginx_dev.conf.template \ </etc/nginx/nginx_dev.conf.template \
> /etc/nginx/nginx.conf >/etc/nginx/nginx.conf
elif [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then elif [ -f "/etc/letsencrypt/live/$DOMAIN/fullchain.pem" ] && [ -f "/etc/letsencrypt/live/$DOMAIN/privkey.pem" ]; then
echo "Certificates found. Using production nginx config." echo "Certificates found. Using production nginx config."
envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \ envsubst '${DOMAIN} ${BACKEND_HOST} ${BACKEND_PORT} ${BACKEND_ENDPOINT} ${ICECAST_HOST} ${ICECAST_PORT} ${GITEA_HOST} ${GITEA_PORT}' \
< /etc/nginx/nginx.conf.template \ </etc/nginx/nginx.conf.template \
> /etc/nginx/nginx.conf >/etc/nginx/nginx.conf
else else
echo "Certificates NOT found. Using setup nginx config." echo "Certificates NOT found. Using setup nginx config."
envsubst '${DOMAIN}' < /etc/nginx/nginx_setup.conf.template > /etc/nginx/nginx.conf envsubst '${DOMAIN}' </etc/nginx/nginx_setup.conf.template >/etc/nginx/nginx.conf
fi fi
# Ensure uploads directory and files are readable by nginx worker processes
chmod 755 /uploads 2>/dev/null || true
chmod -R a+rX /uploads 2>/dev/null || true
# Start nginx # Start nginx
nginx -g 'daemon off;' nginx -g 'daemon off;'