fix: additional permission check (#135)

* fix: additional permission check

* update

* fix tests

Author: jan-hajek

src/cmd/root.go

@@ -103,19 +103,19 @@ func rootCmd() *cmdBuilder.Cmd {
 }
 
 func guestInfoPart(tableBody *uxBlock.TableBody) {
-	cliDataFilePath, err := constants.CliDataFilePath()
+	cliDataFilePath, _, err := constants.CliDataFilePath()
 	if err != nil {
 		cliDataFilePath = err.Error()
 	}
 	tableBody.AddStringsRow(i18n.T(i18n.StatusInfoCliDataFilePath), cliDataFilePath)
 
-	logFilePath, err := constants.LogFilePath()
+	logFilePath, _, err := constants.LogFilePath()
 	if err != nil {
 		logFilePath = err.Error()
 	}
 	tableBody.AddStringsRow(i18n.T(i18n.StatusInfoLogFilePath), logFilePath)
 
-	wgConfigFilePath, err := constants.WgConfigFilePath()
+	wgConfigFilePath, _, err := constants.WgConfigFilePath()
 	if err != nil {
 		wgConfigFilePath = err.Error()
 	}

src/cmd/statusShowDebugLogs.go

@@ -6,8 +6,11 @@ import (
 	"io"
 	"os"
 
+	"github.com/pkg/errors"
+
 	"github.com/zeropsio/zcli/src/cmdBuilder"
 	"github.com/zeropsio/zcli/src/constants"
+	"github.com/zeropsio/zcli/src/file"
 	"github.com/zeropsio/zcli/src/i18n"
 	"github.com/zeropsio/zcli/src/uxBlock/styles"
 )
@@ -18,15 +21,16 @@ func statusShowDebugLogsCmd() *cmdBuilder.Cmd {
 		Short(i18n.T(i18n.CmdStatusShowDebugLogs)).
 		HelpFlag(i18n.T(i18n.StatusShowDebugLogsHelp)).
 		GuestRunFunc(func(ctx context.Context, cmdData *cmdBuilder.GuestCmdData) error {
-			logFilePath, err := constants.LogFilePath()
+			logFilePath, fileMode, err := constants.LogFilePath()
 			if err != nil {
 				return err
 			}
 
-			f, err := os.OpenFile(logFilePath, os.O_RDONLY, 0777)
+			f, err := file.Open(logFilePath, os.O_RDONLY, fileMode)
 			if err != nil {
 				return err
 			}
+			defer f.Close()
 
 			line := ""
 			var cursor int64 = 0
@@ -43,13 +47,13 @@ func statusShowDebugLogsCmd() *cmdBuilder.Cmd {
 				cursor -= 1
 				_, err = f.Seek(cursor, io.SeekEnd)
 				if err != nil {
-					return err
+					return errors.WithStack(err)
 				}
 
 				char := make([]byte, 1)
 				_, err = f.Read(char)
 				if err != nil {
-					return err
+					return errors.WithStack(err)
 				}
 
 				if cursor != -1 && (char[0] == 10 || char[0] == 13) { // stop if we find a line

src/cmd/vpnDown.go

@@ -10,6 +10,7 @@ import (
 	"github.com/zeropsio/zcli/src/cmdBuilder"
 	"github.com/zeropsio/zcli/src/cmdRunner"
 	"github.com/zeropsio/zcli/src/constants"
+	"github.com/zeropsio/zcli/src/file"
 	"github.com/zeropsio/zcli/src/i18n"
 	"github.com/zeropsio/zcli/src/uxBlock"
 	"github.com/zeropsio/zcli/src/uxBlock/styles"
@@ -31,13 +32,13 @@ func disconnectVpn(ctx context.Context, uxBlocks uxBlock.UxBlocks) error {
 		return errors.New(i18n.T(i18n.VpnWgQuickIsNotInstalled))
 	}
 
-	filePath, err := constants.WgConfigFilePath()
+	filePath, fileMode, err := constants.WgConfigFilePath()
 	if err != nil {
 		return err
 	}
 
 	// create empty file if not exists, only thing wg-quick needs is a proper file name
-	f, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE, 0666)
+	f, err := file.Open(filePath, os.O_RDWR|os.O_CREATE, fileMode)
 	if err != nil {
 		return err
 	}

src/cmd/vpnUp.go

@@ -16,6 +16,7 @@ import (
 	"github.com/zeropsio/zcli/src/cmdRunner"
 	"github.com/zeropsio/zcli/src/constants"
 	"github.com/zeropsio/zcli/src/entity"
+	"github.com/zeropsio/zcli/src/file"
 	"github.com/zeropsio/zcli/src/i18n"
 	"github.com/zeropsio/zcli/src/nettools"
 	"github.com/zeropsio/zcli/src/uxBlock"
@@ -92,12 +93,12 @@ func vpnUpCmd() *cmdBuilder.Cmd {
 				return err
 			}
 
-			filePath, err := constants.WgConfigFilePath()
+			filePath, fileMode, err := constants.WgConfigFilePath()
 			if err != nil {
 				return err
 			}
 
-			f, err := os.Create(filePath)
+			f, err := file.Open(filePath, os.O_RDWR|os.O_CREATE, fileMode)
 			if err != nil {
 				return err
 			}

src/cmdBuilder/executeRootCmd.go

@@ -9,6 +9,9 @@ import (
 
 	"github.com/mattn/go-isatty"
 	"github.com/pkg/errors"
+	"golang.org/x/term"
+	"gopkg.in/yaml.v3"
+
 	"github.com/zeropsio/zcli/src/cliStorage"
 	"github.com/zeropsio/zcli/src/constants"
 	"github.com/zeropsio/zcli/src/errorsx"
@@ -20,8 +23,6 @@ import (
 	"github.com/zeropsio/zcli/src/uxBlock"
 	"github.com/zeropsio/zcli/src/uxBlock/styles"
 	"github.com/zeropsio/zerops-go/apiError"
-	"golang.org/x/term"
-	"gopkg.in/yaml.v3"
 )
 
 func ExecuteRootCmd(rootCmd *Cmd) (err error) {
@@ -121,13 +122,14 @@ func createLoggers(isTerminal bool) (*logger.Handler, *logger.Handler) {
 		IsTerminal: isTerminal,
 	})
 
-	loggerFilePath, err := constants.LogFilePath()
+	loggerFilePath, fileMode, err := constants.LogFilePath()
 	if err != nil {
 		outputLogger.Warning(styles.WarningLine(err.Error()))
 	}
 
 	debugFileLogger := logger.NewDebugFileLogger(logger.DebugFileConfig{
 		FilePath: loggerFilePath,
+		FileMode: fileMode,
 	})
 
 	return outputLogger, debugFileLogger
@@ -145,13 +147,14 @@ func regSignals(contextCancel func()) {
 }
 
 func createCliStorage() (*cliStorage.Handler, error) {
-	filePath, err := constants.CliDataFilePath()
+	filePath, fileMode, err := constants.CliDataFilePath()
 	if err != nil {
 		return nil, err
 	}
 	s, err := storage.New[cliStorage.Data](
 		storage.Config{
 			FilePath: filePath,
+			FileMode: fileMode,
 		},
 	)
 	return &cliStorage.Handler{Handler: s}, err

src/constants/darwin.go

@@ -13,6 +13,8 @@ func getDataFilePathsReceivers() []pathReceiver {
 		receiverFromEnv(CliDataFilePathEnvVar),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, CliDataFileName),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, CliDataFileName),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+CliDataFileName),
+		receiverFromOsTemp("zerops." + CliDataFileName),
 	}
 }
 
@@ -22,6 +24,8 @@ func getLogFilePathReceivers() []pathReceiver {
 		receiverFromPath(path.Join("/usr/local/var/log/", ZeropsLogFile)),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, ZeropsLogFile),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, ZeropsLogFile),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+ZeropsLogFile),
+		receiverFromOsTemp("zerops." + ZeropsLogFile),
 	}
 }
 
@@ -33,5 +37,7 @@ func getWgConfigFilePathReceivers() []pathReceiver {
 		receiverFromPath(path.Join("/opt/homebrew/etc/wireguard/", WgConfigFile)),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, WgConfigFile),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, WgConfigFile),
+		receiverFromOsFunc(os.UserHomeDir, WgConfigFile),
+		receiverFromOsTemp("zerops." + WgConfigFile),
 	}
 }

src/constants/linux.go

@@ -13,6 +13,8 @@ func getDataFilePathsReceivers() []pathReceiver {
 		receiverFromEnv(CliDataFilePathEnvVar),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, CliDataFileName),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, CliDataFileName),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+CliDataFileName),
+		receiverFromOsTemp("zerops." + CliDataFileName),
 	}
 }
 
@@ -22,6 +24,8 @@ func getLogFilePathReceivers() []pathReceiver {
 		receiverFromPath(path.Join("/var/log/", ZeropsLogFile)),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, ZeropsLogFile),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, ZeropsLogFile),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+ZeropsLogFile),
+		receiverFromOsTemp("zerops." + ZeropsLogFile),
 	}
 }
 
@@ -33,5 +37,7 @@ func getWgConfigFilePathReceivers() []pathReceiver {
 		receiverFromPath(path.Join("/opt/homebrew/etc/wireguard/", WgConfigFile)),
 		receiverFromOsFunc(os.UserConfigDir, ZeropsDir, WgConfigFile),
 		receiverFromOsFunc(os.UserHomeDir, ZeropsDir, WgConfigFile),
+		receiverFromOsFunc(os.UserHomeDir, WgConfigFile),
+		receiverFromOsTemp("zerops." + WgConfigFile),
 	}
 }

src/constants/windows.go

@@ -16,6 +16,8 @@ func getDataFilePathsReceivers() []pathReceiver {
 		receiverFromEnv(CliDataFilePathEnvVar),
 		receiverFromOsFunc(os.UserConfigDir, "Zerops", CliDataFileName),
 		receiverFromOsFunc(os.UserHomeDir, "Zerops", CliDataFileName),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+CliDataFileName),
+		receiverFromOsTemp("zerops." + CliDataFileName),
 	}
 }
 
@@ -24,6 +26,8 @@ func getLogFilePathReceivers() []pathReceiver {
 		receiverFromEnv(CliLogFilePathEnvVar),
 		receiverFromOsFunc(os.UserConfigDir, "Zerops", ZeropsLogFile),
 		receiverFromOsFunc(os.UserHomeDir, "Zerops", ZeropsLogFile),
+		receiverFromOsFunc(os.UserHomeDir, "zerops."+ZeropsLogFile),
+		receiverFromOsTemp("zerops." + ZeropsLogFile),
 	}
 }
 
@@ -32,5 +36,7 @@ func getWgConfigFilePathReceivers() []pathReceiver {
 		receiverFromEnv(CliWgConfigPathEnvVar),
 		receiverFromOsFunc(os.UserConfigDir, "Zerops", WgConfigFile),
 		receiverFromOsFunc(os.UserHomeDir, "Zerops", WgConfigFile),
+		receiverFromOsFunc(os.UserHomeDir, WgConfigFile),
+		receiverFromOsTemp("zerops." + WgConfigFile),
 	}
 }

src/constants/zerops.go

@@ -7,6 +7,8 @@ import (
 	"strings"
 
 	"github.com/pkg/errors"
+
+	"github.com/zeropsio/zcli/src/file"
 	"github.com/zeropsio/zcli/src/i18n"
 )
 
@@ -22,64 +24,69 @@ const (
 	CliTerminalMode       = "ZEROPS_CLI_TERMINAL_MODE"
 )
 
-type pathReceiver func() (path string, err error)
+type pathReceiver func(fileMode os.FileMode) (path string, err error)
 
-func CliDataFilePath() (string, error) {
-	return checkReceivers(getDataFilePathsReceivers(), i18n.UnableToWriteCliData)
+func CliDataFilePath() (string, os.FileMode, error) {
+	return checkReceivers(getDataFilePathsReceivers(), 0600, i18n.UnableToWriteCliData)
 }
 
-func LogFilePath() (string, error) {
-	return checkReceivers(getLogFilePathReceivers(), i18n.UnableToWriteLogFile)
+func LogFilePath() (string, os.FileMode, error) {
+	return checkReceivers(getLogFilePathReceivers(), 0666, i18n.UnableToWriteLogFile)
 }
 
-func WgConfigFilePath() (string, error) {
-	return checkReceivers(getWgConfigFilePathReceivers(), i18n.UnableToWriteLogFile)
+func WgConfigFilePath() (string, os.FileMode, error) {
+	return checkReceivers(getWgConfigFilePathReceivers(), 0600, i18n.UnableToWriteLogFile)
 }
 
-func checkReceivers(pathReceivers []pathReceiver, errorText string) (string, error) {
-	path := findFirstWritablePath(pathReceivers)
+func checkReceivers(pathReceivers []pathReceiver, fileMode os.FileMode, errorText string) (string, os.FileMode, error) {
+	path := findFirstWritablePath(pathReceivers, fileMode)
 	if path == "" {
 		paths := make([]string, 0, len(pathReceivers))
 		for _, p := range pathReceivers {
-			_, err := p()
+			_, err := p(fileMode)
 			paths = append(paths, err.Error())
 		}
-		return "", errors.New(i18n.T(errorText, "\n"+strings.Join(paths, "\n")+"\n"))
+		return "", 0, errors.New(i18n.T(errorText, "\n"+strings.Join(paths, "\n")+"\n"))
 	}
-	return path, nil
+	return path, fileMode, nil
 }
 
 func receiverFromPath(path string) pathReceiver {
-	return func() (string, error) {
-		return checkPath(path)
+	return func(fileMode os.FileMode) (string, error) {
+		return checkPath(path, fileMode)
 	}
 }
 
 func receiverFromEnv(envName string) pathReceiver {
-	return func() (string, error) {
+	return func(fileMode os.FileMode) (string, error) {
 		env := os.Getenv(envName)
 		if env == "" {
 			return "", errors.Errorf("env %s is empty", envName)
 		}
-		return checkPath(env)
+		return checkPath(env, fileMode)
 	}
 }
 
 func receiverFromOsFunc(osFunc func() (string, error), elem ...string) pathReceiver {
-	return func() (string, error) {
+	return func(fileMode os.FileMode) (string, error) {
 		dir, err := osFunc()
 		if err != nil {
 			return "", err
 		}
-		elem = append([]string{dir}, elem...)
 
-		return filepath.Join(elem...), nil
+		return checkPath(filepath.Join(append([]string{dir}, elem...)...), fileMode)
+	}
+}
+
+func receiverFromOsTemp(elem ...string) pathReceiver {
+	return func(fileMode os.FileMode) (string, error) {
+		return checkPath(filepath.Join(append([]string{os.TempDir()}, elem...)...), fileMode)
 	}
 }
 
-func findFirstWritablePath(paths []pathReceiver) string {
+func findFirstWritablePath(paths []pathReceiver, fileMode os.FileMode) string {
 	for _, p := range paths {
-		path, err := p()
+		path, err := p(fileMode)
 		if err == nil {
 			return path
 		}
@@ -88,14 +95,14 @@ func findFirstWritablePath(paths []pathReceiver) string {
 	return ""
 }
 
-func checkPath(filePath string) (string, error) {
+func checkPath(filePath string, fileMode os.FileMode) (string, error) {
 	dir := path.Dir(filePath)
 
-	if err := os.MkdirAll(dir, 0775); err != nil {
+	if err := os.MkdirAll(dir, 0755); err != nil {
 		return "", err
 	}
 
-	f, err := os.OpenFile(filePath, os.O_APPEND|os.O_CREATE|os.O_RDWR, 0666)
+	f, err := file.Open(filePath, os.O_RDWR|os.O_CREATE, fileMode)
 	if err != nil {
 		return "", err
 	}

src/file/file.go

@@ -0,0 +1,20 @@
+package file
+
+import (
+	"os"
+
+	"github.com/pkg/errors"
+)
+
+func Open(filePath string, flag int, fileMode os.FileMode) (*os.File, error) {
+	f, err := os.OpenFile(filePath, flag, fileMode)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+	err = os.Chmod(filePath, fileMode)
+	if err != nil {
+		return nil, errors.WithStack(err)
+	}
+
+	return f, nil
+}