Simon/romm
1
0
Fork 0
mirror of https://github.com/rommapp/romm.git synced 2026-06-27 22:35:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/bugfix-launchbox-metadata-issue
romm/docker/init_scripts/docker-entrypoint.sh
Georges-Antoine Assi 619e03ab32 fix: stop serving private user assets via unauthenticated nginx static route 
The default Docker image symlinked /romm/assets into the nginx static web
root (/assets/romm/assets), where it was served by an unauthenticated
`location /assets { try_files ... }` block. /romm/assets holds private user
data (save files, save states, screenshots, avatars) that is meant to be
accessible only through the authenticated /api/raw/assets/{path} route
(Scope.ASSETS_READ). The static symlink bypassed that protection, letting any
unauthenticated caller read another user's files given a (guessable) path.
Avatar URLs leaked the hex user ID through the same static route, making path
construction straightforward.

Fix:
- Drop the /romm/assets symlink from the Docker image build and both
  entrypoint scripts; only /romm/resources (public cover art, screenshots,
  manuals) remains statically served.
- Point the frontend avatar URLs at the authenticated /api/raw/assets/ route
  instead of /assets/romm/assets/. Browser <img> loads authenticate via the
  existing session cookie.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-05 17:34:30 -04:00

78 lines
2.4 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
# Load environment variables from variants with a _FILE suffix.
# The following logic reads variables with a _FILE suffix and
# loads the contents of the file specified in the variable
# into the variable without the suffix.
for var_name in $(printenv | cut -d= -f1 | grep "_FILE$" || true); do
# If variable is empty, skip.
if [[ -z ${!var_name} ]]; then
continue
fi
var_name_no_suffix=${var_name%"_FILE"}
# If the variable without the suffix is already set, raise an error.
if [[ -n ${!var_name_no_suffix} ]]; then
echo "ERROR: Both ${var_name_no_suffix} and ${var_name} are set (but are exclusive)" >&2
exit 1
fi
file_path="${!var_name}"
# If file does not exist, raise an error.
if [[ ! -f ${file_path} ]]; then
echo "ERROR: File ${file_path} from ${var_name} does not exist" >&2
exit 1
fi
echo "Setting ${var_name_no_suffix} from ${var_name} at ${file_path}"
export "${var_name_no_suffix}"="$(cat "${file_path}")"
# Unset the _FILE variable.
unset "${var_name}"
done
# Set default values for environment variables used by nginx templates.
# Nginx uses `envsubst` to load environment variables into configuration files, but it does not
# support the default value syntax `${VAR:-default}`.
export ROMM_BASE_PATH=${ROMM_BASE_PATH:-/romm}
export ROMM_PORT=${ROMM_PORT:-8080}
# Disable nginx access logs when log level is WARNING, ERROR, or CRITICAL
loglevel="${LOGLEVEL:-INFO}"
loglevel="${loglevel^^}"
case "${loglevel}" in
WARNING | WARN | ERROR | CRITICAL)
export NGINX_ACCESS_LOG="access_log off;"
;;
*)
export NGINX_ACCESS_LOG=""
;;
esac
# Set IPV6_LISTEN based on IPV4_ONLY
if [[ ${IPV4_ONLY} == "true" ]]; then
export IPV6_LISTEN="#listen [::]:${ROMM_PORT};"
else
export IPV6_LISTEN="listen [::]:${ROMM_PORT};"
fi
# Replace environment variables used in nginx configuration templates.
/docker-entrypoint.d/20-envsubst-on-templates.sh >/dev/null
# Fix symbolic links used by nginx for resources,
# if they don't point to the correct location,
# set by the ROMM_BASE_PATH environment variable.
if [[ -L /var/www/html/assets/romm/resources ]]; then
target=$(readlink "/var/www/html/assets/romm/resources")
# If the target is not the same as ${ROMM_BASE_PATH}/resources, recreate the symbolic link.
if [[ ${target} != "${ROMM_BASE_PATH}/resources" ]]; then
rm "/var/www/html/assets/romm/resources"
ln -s "${ROMM_BASE_PATH}/resources" "/var/www/html/assets/romm/resources"
fi
fi
exec "$@"
Reference in New Issue View Git Blame Copy Permalink