headless-sync minor security improvements

This commit is contained in:
Nystik
2026-06-02 17:42:47 +02:00
parent caaf6b3144
commit b90752e0ad
2 changed files with 20 additions and 8 deletions

View File

@@ -83,15 +83,23 @@ function isAuthenticated(dataDir) {
return false;
}
function writeSecret(file, contents) {
fs.writeFileSync(file, contents, { encoding: "utf-8", mode: 0o600 });
try {
fs.chmodSync(file, 0o600);
} catch {}
}
function saveInternal(dataDir, tokenData) {
const internalFile = getInternalTokenFile(dataDir);
const dir = path.dirname(internalFile);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
}
fs.writeFileSync(internalFile, JSON.stringify(tokenData, null, 2), "utf-8");
writeSecret(internalFile, JSON.stringify(tokenData, null, 2));
}
function syncToObCli(dataDir, token) {
@@ -101,10 +109,10 @@ function syncToObCli(dataDir, token) {
const dir = path.dirname(obAuthFile);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
}
fs.writeFileSync(obAuthFile, token, "utf-8");
writeSecret(obAuthFile, token);
} catch {}
}