feat: ➕ add runner crate for user stuff

NJUPT-SAST · Feb 13, 2024 · df1ad08 · df1ad08
1 parent bafccaf
commit df1ad08
Show file tree

Hide file tree

Showing 10 changed files with 133 additions and 59 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,2 @@
 /firedbg
 /target
-/docs/manpages/*
-!/docs/manpages/*.adoc
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -14,5 +14,8 @@
   },
   "[rust]": {
     "editor.defaultFormatter": "dprint.dprint"
-  }
+  },
+  "rust-analyzer.linkedProjects": [
+    "./Cargo.toml"
+  ]
 }
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,10 +1,17 @@
-workspace = { members = ["xtask"] }
-[package]
-name = "rsjudge"
+[workspace]
+members = ["crates/rsjudge-runner", "xtask"]
+
+[workspace.package]
 version = "0.1.0"
 authors = ["NJUPT-SAST"]
-edition = "2021"
 license = "Apache-2.0"
+
+[package]
+name = "rsjudge"
+version.workspace = true
+authors.workspace = true
+edition = "2021"
+license.workspace = true
 description = "An online judge sandbox server in Rust."
 
 [package.metadata.deb]
@@ -74,6 +81,7 @@ uzers = "0.11.3"
 
 # Optional dependencies
 axum = { version = "0.7.4", optional = true }
+rsjudge-runner = { version = "0.1.0", path = "crates/rsjudge-runner" }
 tonic = { version = "0.11.0", optional = true }
 utoipa = { version = "4.2.0", features = ["axum_extras"], optional = true }
 utoipa-swagger-ui = { version = "6.0.0", features = ["axum"], optional = true }

diff --git a/crates/rsjudge-runner/Cargo.toml b/crates/rsjudge-runner/Cargo.toml
@@ -0,0 +1,14 @@
+[package]
+name = "rsjudge-runner"
+version.workspace = true
+authors.workspace = true
+edition = "2021"
+license.workspace = true
+description = "Command runner for rsjudge"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+anyhow = "1.0.79"
+nix = { version = "0.27.1", features = ["user"] }
+uzers = "0.11.3"
diff --git a/crates/rsjudge-runner/examples/demo.rs b/crates/rsjudge-runner/examples/demo.rs
@@ -0,0 +1,14 @@
+use std::process::Command;
+
+use rsjudge_runner::{
+    user::{builder, runner},
+    RunAs,
+};
+fn main() -> anyhow::Result<()> {
+    let builder_output = Command::new("id").run_as(builder()?).output()?;
+    println!("{}", String::from_utf8_lossy(&builder_output.stdout));
+
+    let runner_output = Command::new("id").run_as(runner()?).output()?;
+    println!("{}", String::from_utf8_lossy(&runner_output.stdout));
+    Ok(())
+}
diff --git a/crates/rsjudge-runner/src/lib.rs b/crates/rsjudge-runner/src/lib.rs
@@ -0,0 +1,25 @@
+use std::{os::unix::process::CommandExt as _, process::Command};
+
+use nix::unistd::setgroups;
+use uzers::User;
+
+pub mod user;
+pub trait RunAs {
+    fn run_as(&mut self, user: &User) -> &mut Command;
+}
+
+impl RunAs for Command {
+    fn run_as(&mut self, user: &User) -> &mut Command {
+        let uid = user.uid();
+        let gid = user.primary_group_id();
+
+        self.uid(uid).gid(gid);
+        unsafe {
+            self.pre_exec(move || {
+                setgroups(&[gid.into()])?;
+                Ok(())
+            })
+        };
+        self
+    }
+}
diff --git a/crates/rsjudge-runner/src/user.rs b/crates/rsjudge-runner/src/user.rs
@@ -0,0 +1,54 @@
+use std::sync::OnceLock;
+
+use anyhow::anyhow;
+use uzers::{get_user_by_name, User};
+
+static SUPERVISOR_LOCK: OnceLock<Option<User>> = OnceLock::new();
+static BUILDER_LOCK: OnceLock<Option<User>> = OnceLock::new();
+static RUNNER_LOCK: OnceLock<Option<User>> = OnceLock::new();
+
+pub fn supervisor() -> anyhow::Result<&'static User> {
+    SUPERVISOR_LOCK
+        .get_or_init(|| get_user_by_name("rsjudge-supervisor"))
+        .as_ref()
+        .ok_or_else(|| anyhow!("No such user: rsjudge-supervisor"))
+}
+
+pub fn builder() -> anyhow::Result<&'static User> {
+    BUILDER_LOCK
+        .get_or_init(|| get_user_by_name("rsjudge-builder"))
+        .as_ref()
+        .ok_or_else(|| anyhow!("No such user: rsjudge-builder"))
+}
+
+pub fn runner() -> anyhow::Result<&'static User> {
+    RUNNER_LOCK
+        .get_or_init(|| get_user_by_name("rsjudge-runner"))
+        .as_ref()
+        .ok_or_else(|| anyhow!("No such user: rsjudge-runner"))
+}
+
+#[cfg(all(test, unix))]
+mod tests {
+    use std::{os::unix::process::CommandExt, process::Command};
+
+    use super::*;
+
+    #[test]
+    #[ignore = "Requires additional users."]
+    fn test_uid() -> anyhow::Result<()> {
+        let builder = builder()?;
+        let builder_output = Command::new("id")
+            .uid(builder.uid())
+            .gid(builder.primary_group_id())
+            .output()?;
+        println!("{}", String::from_utf8_lossy(&builder_output.stdout));
+        let runner = runner()?;
+        let runner_output = Command::new("id")
+            .uid(runner.uid())
+            .gid(runner.primary_group_id())
+            .output()?;
+        println!("{}", String::from_utf8_lossy(&runner_output.stdout));
+        Ok(())
+    }
+}
diff --git a/src/main.rs b/src/main.rs
@@ -1,12 +1,8 @@
 use clap::Parser;
 
 use crate::cli::Args;
-
 mod cli;
 
-/// For future use.
-pub mod user;
-
 fn main() -> anyhow::Result<()> {
     let args = Args::try_parse()?;
     println!("{:?}", args);

diff --git a/src/user.rs b/src/user.rs