From 1728772810793f1569588cd10b72aa57e1199777 Mon Sep 17 00:00:00 2001 From: Jon Eugster Date: Thu, 8 Aug 2024 22:29:55 +0200 Subject: [PATCH] improve option to run without bubblewrap #20 #28 --- README.md | 7 ++++-- server/bubblewrap.sh | 52 +++++++++++++++++++++++++------------------- server/index.mjs | 31 +++++++++++++++++++++----- 3 files changed, 60 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index aeca5fbe..f2373499 100644 --- a/README.md +++ b/README.md @@ -15,8 +15,11 @@ PRs are welcome as well. To add new themes, please read [Adding Themes](client/public/themes/README.md). ## Security -Providing the use access to a Lean instance running on the server is a severe security risk. That is why we start the Lean server -using [Bubblewrap](https://github.com/containers/bubblewrap). +Providing the use access to a Lean instance running on the server is a severe security risk. +That is why we start the Lean server using [Bubblewrap](https://github.com/containers/bubblewrap). + +If bubblewrap is not installed, the server will start without a container and produce a warning. +You can also opt-out of using bubblewrap by setting `NODE_ENV=development`. ## Build Instructions diff --git a/server/bubblewrap.sh b/server/bubblewrap.sh index 278f42ae..fb2d3416 100755 --- a/server/bubblewrap.sh +++ b/server/bubblewrap.sh @@ -2,25 +2,33 @@ ELAN_HOME=$(cd $1 && lake env printenv ELAN_HOME) -(exec bwrap\ - --ro-bind $1 /project \ - --ro-bind $ELAN_HOME /elan \ - --ro-bind /usr /usr \ - --dev /dev \ - --proc /proc \ - --symlink usr/lib /lib\ - --symlink usr/lib64 /lib64\ - --symlink usr/bin /bin\ - --symlink usr/sbin /sbin\ - --clearenv \ - --setenv PATH "/elan/bin:/bin" \ - --setenv ELAN_HOME "/elan" \ - --unshare-user \ - --unshare-pid \ - --unshare-net \ - --unshare-uts \ - --unshare-cgroup \ - --die-with-parent \ - --chdir "/project/" \ - lake serve -- -) +if command -v bwrap >/dev/null 2>&1; then + (exec bwrap\ + --ro-bind $1 /project \ + --ro-bind $ELAN_HOME /elan \ + --ro-bind /usr /usr \ + --dev /dev \ + --proc /proc \ + --symlink usr/lib /lib\ + --symlink usr/lib64 /lib64\ + --symlink usr/bin /bin\ + --symlink usr/sbin /sbin\ + --clearenv \ + --setenv PATH "/elan/bin:/bin" \ + --setenv ELAN_HOME "/elan" \ + --unshare-user \ + --unshare-pid \ + --unshare-net \ + --unshare-uts \ + --unshare-cgroup \ + --die-with-parent \ + --chdir "/project/" \ + lean --server + ) +else + echo "bwrap is not installed. Running without container." >&2 + (exec + cd $1 + lean --server + ) +fi diff --git a/server/index.mjs b/server/index.mjs index 03b8f1a0..e7dfd46e 100644 --- a/server/index.mjs +++ b/server/index.mjs @@ -72,6 +72,18 @@ if (crtFile && keyFile) { const wss = new WebSocketServer({ server }) +function checkCommandExists(command) { + return new Promise((resolve, reject) => { + exec(`command -v ${command}`, (error) => { + if (error) { + resolve(false); // Command does not exist + } else { + resolve(true); // Command exists + } + }); + }); +} + function startServerProcess(project) { let projectPath = __dirname + `/../Projects/` + project @@ -81,18 +93,25 @@ function startServerProcess(project) { serverProcess = cp.spawn("./bubblewrap.sh", [projectPath], { cwd: __dirname }) } else { console.warn("Running without Bubblewrap container!") - serverProcess = cp.spawn("lake", ["serve", "--"], { cwd: projectPath }) + serverProcess = cp.spawn("lean", ["--server"], { cwd: projectPath }) } + // serverProcess.stdout.on('data', (data) => { + // console.log(`Lean Server: ${data}`); + // }); + + serverProcess.stderr.on('data', data => + console.error(`Lean Server: ${data}`) + ) + serverProcess.on('error', error => console.error(`Launching Lean Server failed: ${error}`) ) - if (serverProcess.stderr !== null) { - serverProcess.stderr.on('data', data => - console.error(`Lean Server: ${data}`) - ) - } + serverProcess.on('close', (code) => { + console.log(`child process exited with code ${code}`); + }); + return serverProcess }