diff --git a/README.md b/README.md
index 19c34c8..331be9a 100644
--- a/README.md
+++ b/README.md
@@ -152,6 +152,7 @@ You can specify configuration options either via a config file (default: `config
| `server.listen_ipv4` /
`WAKAPI_LISTEN_IPV4` | `127.0.0.1` | IPv4 network address to listen on (leave blank to disable IPv4) |
| `server.listen_ipv6` /
`WAKAPI_LISTEN_IPV6` | `::1` | IPv6 network address to listen on (leave blank to disable IPv6) |
| `server.listen_socket` /
`WAKAPI_LISTEN_SOCKET` | - | UNIX socket to listen on (leave blank to disable UNIX socket) |
+| `server.listen_socket_mode` /
`WAKAPI_LISTEN_SOCKET_MODE` | `0666` | Permission mode to create UNIX socket with |
| `server.timeout_sec` /
`WAKAPI_TIMEOUT_SEC` | `30` | Request timeout in seconds |
| `server.tls_cert_path` /
`WAKAPI_TLS_CERT_PATH` | - | Path of SSL server certificate (leave blank to not use HTTPS) |
| `server.tls_key_path` /
`WAKAPI_TLS_KEY_PATH` | - | Path of SSL server private key (leave blank to not use HTTPS) |
@@ -307,6 +308,7 @@ However, if you want to expose your wakapi instance to the public anyway, you ne
### Unit tests
+
Unit tests are supposed to test business logic on a fine-grained level. They are implemented as part of the application, using Go's [testing](https://pkg.go.dev/testing?utm_source=godoc) package alongside [stretchr/testify](https://pkg.go.dev/github.com/stretchr/testify).
#### How to run
diff --git a/config.default.yml b/config.default.yml
index e2ba27b..e380130 100644
--- a/config.default.yml
+++ b/config.default.yml
@@ -6,6 +6,7 @@ server:
listen_ipv4: 127.0.0.1 # leave blank to disable ipv4
listen_ipv6: ::1 # leave blank to disable ipv6
listen_socket: # leave blank to disable unix sockets
+ listen_socket_mode: 0666 # permission mode to create unix socket with
timeout_sec: 30 # request timeout
tls_cert_path: # leave blank to not use https
tls_key_path: # leave blank to not use https
diff --git a/config/config.go b/config/config.go
index b4cd241..8b27ae0 100644
--- a/config/config.go
+++ b/config/config.go
@@ -114,15 +114,16 @@ type dbConfig struct {
}
type serverConfig struct {
- Port int `default:"3000" env:"WAKAPI_PORT"`
- ListenIpV4 string `yaml:"listen_ipv4" default:"127.0.0.1" env:"WAKAPI_LISTEN_IPV4"`
- ListenIpV6 string `yaml:"listen_ipv6" default:"::1" env:"WAKAPI_LISTEN_IPV6"`
- ListenSocket string `yaml:"listen_socket" default:"" env:"WAKAPI_LISTEN_SOCKET"`
- TimeoutSec int `yaml:"timeout_sec" default:"30" env:"WAKAPI_TIMEOUT_SEC"`
- BasePath string `yaml:"base_path" default:"/" env:"WAKAPI_BASE_PATH"`
- PublicUrl string `yaml:"public_url" default:"http://localhost:3000" env:"WAKAPI_PUBLIC_URL"`
- TlsCertPath string `yaml:"tls_cert_path" default:"" env:"WAKAPI_TLS_CERT_PATH"`
- TlsKeyPath string `yaml:"tls_key_path" default:"" env:"WAKAPI_TLS_KEY_PATH"`
+ Port int `default:"3000" env:"WAKAPI_PORT"`
+ ListenIpV4 string `yaml:"listen_ipv4" default:"127.0.0.1" env:"WAKAPI_LISTEN_IPV4"`
+ ListenIpV6 string `yaml:"listen_ipv6" default:"::1" env:"WAKAPI_LISTEN_IPV6"`
+ ListenSocket string `yaml:"listen_socket" default:"" env:"WAKAPI_LISTEN_SOCKET"`
+ ListenSocketMode uint32 `yaml:"listen_socket_mode" default:"0666" env:"WAKAPI_LISTEN_SOCKET_MODE"`
+ TimeoutSec int `yaml:"timeout_sec" default:"30" env:"WAKAPI_TIMEOUT_SEC"`
+ BasePath string `yaml:"base_path" default:"/" env:"WAKAPI_BASE_PATH"`
+ PublicUrl string `yaml:"public_url" default:"http://localhost:3000" env:"WAKAPI_PUBLIC_URL"`
+ TlsCertPath string `yaml:"tls_cert_path" default:"" env:"WAKAPI_TLS_CERT_PATH"`
+ TlsKeyPath string `yaml:"tls_key_path" default:"" env:"WAKAPI_TLS_KEY_PATH"`
}
type subscriptionsConfig struct {
diff --git a/main.go b/main.go
index 428528c..607059c 100644
--- a/main.go
+++ b/main.go
@@ -360,6 +360,9 @@ func listen(handler http.Handler) {
if err != nil {
logbuch.Fatal(err.Error())
}
+ if err := os.Chmod(config.Server.ListenSocket, os.FileMode(config.Server.ListenSocketMode)); err != nil {
+ logbuch.Warn("failed to set user permissions for unix socket, %v", err)
+ }
if err := sSocket.ServeTLS(unixListener, config.Server.TlsCertPath, config.Server.TlsKeyPath); err != nil {
logbuch.Fatal(err.Error())
}
@@ -389,6 +392,9 @@ func listen(handler http.Handler) {
if err != nil {
logbuch.Fatal(err.Error())
}
+ if err := os.Chmod(config.Server.ListenSocket, os.FileMode(config.Server.ListenSocketMode)); err != nil {
+ logbuch.Warn("failed to set user permissions for unix socket, %v", err)
+ }
if err := sSocket.Serve(unixListener); err != nil {
logbuch.Fatal(err.Error())
}