From 040587701ee0c8eb2cac0b0f478dc00dd178de8d Mon Sep 17 00:00:00 2001 From: Robin Malley Date: Sun, 26 Jun 2022 23:09:28 +0000 Subject: [PATCH] Rewrite config for kore 4.2.0 Kore 4.2.0 has a new format for the configuration file. --- conf/smr.conf.in | 239 +++++++++++++++++++++++++++++++---------------- 1 file changed, 161 insertions(+), 78 deletions(-) diff --git a/conf/smr.conf.in b/conf/smr.conf.in index 5d44c41..07ee357 100644 --- a/conf/smr.conf.in +++ b/conf/smr.conf.in @@ -6,14 +6,21 @@ server tls { } seccomp_tracing yes + +privsep worker { + runas <{get chuser }> + + root <{get kore_chroot }> + +} +privsep keymgr { + runas <{get chuser }> + + root . +} + load ./smr.so -root <{get kore_chroot}> -runas <{get chuser }> - -keymgr_runas <{get chuser }> - -keymgr_root . workers 1 http_body_max 8388608 @@ -38,90 +45,166 @@ domain * { #I run kore behind a lighttpd reverse proxy, so this is a bit useless to me accesslog /dev/null - route / home - route /_css/style.css asset_serve_style_css - route /_css/suggest_tags.css asset_serve_suggest_tags_css - route /_css/milligram.css asset_serve_milligram_css - route /_css/milligram.min.css.map asset_serve_milligram_min_css_map - route /_faq asset_serve_faq_html - route /_js/suggest_tags.js asset_serve_suggest_tags_js - route /_js/bookmark.js asset_serve_bookmark_js - route /_js/intervine_deletion.js asset_serve_intervine_deletion_js - route /favicon.ico asset_serve_favicon_ico - route /_paste post_story - route /_edit edit_story - route /_bio edit_bio - route /_login login - route /_logout logout - route ^/_claim claim - route /_download download - route /_preview preview - route /_search search - route /_archive archive - route /_api api - route /_delete delete - # Leading ^ is needed for dynamic routes, kore says the route is dynamic if it does not start with '/' - route ^/[^_].* read_story + route / { + handler home + methods get + } - params get /_edit { - validate story v_storyid + route /_css/style.css { + handler asset_serve_style_css + methods get } - params get /_download { - validate story v_storyid - validate pwd v_hex_128 + + route /_css/suggest_tags.css { + handler asset_serve_style_css + methods get } - params post /_edit { - validate title v_any - validate story v_storyid - validate text v_any - validate pasteas v_subdomain - validate markup v_markup - validate tags v_any - validate unlisted v_checkbox + + route /_css/milligram.css { + handler asset_serve_milligram_css + methods get } - params post /_paste { - validate title v_any - validate text v_any - validate pasteas v_subdomain - validate markup v_markup - validate tags v_any - validate unlisted v_checkbox + + route /_css/milligram.min.css.map { + handler asset_serve_milligram_min_css_map + methods get } - params post /_preview { - validate title v_any - validate text v_any - validate pasteas v_subdomain - validate markup v_markup - validate tags v_any - validate unlisted v_checkbox + + route /_faq { + handler asset_serve_faq_html + methods get } - params get /_search { - validate q v_any + + route /_js/suggest_tags.js { + handler asset_serve_suggest_tags_js + methods get } - params get /_archive { - validate t v_time + + route /_js/bookmark.js { + handler asset_serve_bookmark_js + methods get } - params get ^/[^_].* { - validate comments v_bool - validate pwd v_hex_128 + + route /_js/intervine_deletion.js { + handler asset_serve_intervine_deletion_js + methods get } - params post ^/[^_].* { - validate text v_any - validate postas v_subdomain - validate pwd v_hex_128 + + route /favicon.ico { + handler asset_serve_favicon_ico + methods get } - params post /_login { - validate user v_subdomain - validate pass v_any + + route /_paste { + handler post_story + methods get post + + validate post title v_any + validate post text v_any + validate post pasteas v_subdomain + validate post markup v_markup + validate post tags v_any + validate post unlisted v_checkbox } - params post ^/_claim { - validate user v_subdomain + + route /_edit { + handler edit_story + methods get post + + validate qs:get story v_storyid + + validate post title v_any + validate post story v_storyid + validate post text v_any + validate post pasteas v_subdomain + validate post markup v_markup + validate post tags v_any + validate post unlisted v_checkbox } - params get /_api { - validate call v_any - validate data v_any + + route /_bio { + handler edit_bio + methods get } - params post /_delete { - validate story v_storyid + + route /_login { + handler login + methods get post + + validate qs:get user v_subdomain + validate qs:get pass v_any + } + + route /_logout { + handler logout + methods get + } + + route ^/_claim { + handler claim + methods get post + + validate post user v_subdomain + } + + route /_download { + handler download + methods get + + validate qs:get story v_storyid + validate qs:get pwd v_hex_128 + } + + route /_preview { + handler preview + methods post + + validate post title v_any + validate post text v_any + validate post pasteas v_subdomain + validate post markup v_markup + validate post tags v_any + validate post unlisted v_checkbox + } + + route /_search { + handler search + methods get + + validate qs:get q v_any + } + + route /_archive { + handler archive + methods get + + validate qs:get t v_time + } + + route /_api { + handler api + methods get + + validate qs:get call v_any + validate qs:get data v_any + } + + route /_delete { + handler delete + methods post + + validate post story v_storyid + } + # Leading ^ is needed for dynamic routes, kore says the route is dynamic if it does not start with '/' + route ^/[^_].* { + handler read_story + methods get post + + validate qs:get comments v_bool + validate qs:get pwd v_hex_128 + + validate post text v_any + validate post postas v_subdomain + validate post pwd v_hex_128 } }