sr-71/config.go

package main

import (
	"context"
	"os"
	"os/signal"
	"os/user"
	"strconv"
	"strings"
	"syscall"

	"tildegit.org/tjp/sliderule/logging"
)

type config struct {
	hostname string

	geminiRoot string
	gopherRoot string

	tlsKeyFile  string
	tlsCertFile string

	privilegedUsers []string

	fingerResponses map[string]string

	geminiAutoAtom bool
}

func configure() config {
	privileged := strings.Split(os.Getenv("PRIVILEGED_FINGERPRINTS"), ",")

	fingers := map[string]string{}
	for _, pair := range os.Environ() {
		key, val, _ := strings.Cut(pair, "=")
		if !strings.HasPrefix(key, "FINGER_") {
			continue
		}
		fingers[strings.ToLower(key[7:])] = val
	}

	autoatom, err := strconv.ParseBool(os.Getenv("GEMINI_AUTOATOM"))
	if err != nil {
		autoatom = false
	}

	return config{
		hostname:    os.Getenv("HOST_NAME"),
		geminiRoot:  os.Getenv("GEMINI_ROOT"),
		gopherRoot:  os.Getenv("GOPHER_ROOT"),
		tlsKeyFile:  os.Getenv("TLS_KEY_FILE"),
		tlsCertFile: os.Getenv("TLS_CERT_FILE"),

		privilegedUsers: privileged,

		fingerResponses: fingers,

		geminiAutoAtom: autoatom,
	}
}

func dropPrivileges() (bool, error) {
	me, err := user.Current()
	if err != nil {
		return false, err
	}

	if me.Uid != "0" {
		return false, nil
	}

	nobody, err := user.Lookup("nobody")
	if err != nil {
		return false, err
	}
	uid, err := strconv.Atoi(nobody.Uid)
	if err != nil {
		return false, err
	}

	if err := syscall.Setuid(uid); err != nil {
		return false, err
	}
	return true, nil
}

func serverContext() (context.Context, logging.Logger, logging.Logger, logging.Logger, logging.Logger) {
	debug, info, warn, err := logging.DefaultLoggers()
	ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGHUP)
	ctx = context.WithValue(ctx, "debuglog", debug) //nolint:staticcheck
	ctx = context.WithValue(ctx, "infolog", info)   //nolint:staticcheck
	ctx = context.WithValue(ctx, "warnlog", warn)   //nolint:staticcheck
	ctx = context.WithValue(ctx, "errorlog", err)   //nolint:staticcheck

	return ctx, debug, info, warn, err
}