From 525dea1e2a2d8cbe274d00ac797ce4e65e745493 Mon Sep 17 00:00:00 2001
From: Caian Benedicto <caianbene@gmail.com>
Date: Fri, 27 Dec 2024 20:05:53 -0300
Subject: [PATCH] Add checks for socket path and permissions

---
 src/invidious/config.cr | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/src/invidious/config.cr b/src/invidious/config.cr
index b15cf832..6578709e 100644
--- a/src/invidious/config.cr
+++ b/src/invidious/config.cr
@@ -145,7 +145,7 @@ class Config
   property port : Int32 = 3000
   # Host to bind (overridden by command line argument)
   property host_binding : String = "0.0.0.0"
-  # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port - Example: /tmp/invidious.sock,777
+  # Path and permissions to make Invidious listen on a UNIX socket instead of a TCP port
   property socket_binding : SocketBindingConfig? = nil
   # Pool size for HTTP requests to youtube.com and ytimg.com (each domain has a separate pool of `pool_size`)
   property pool_size : Int32 = 100
@@ -258,6 +258,25 @@ class Config
       end
     end
 
+    # Check if the socket configuration is valid
+    if config.socket_binding
+      sb = config.socket_binding.not_nil!
+      if sb.path.ends_with?("/") || File.directory?(sb.path)
+        puts "Config: The socket path " + sb.path + " must not be a directory!"
+        exit(1)
+      end
+      d = File.dirname(sb.path)
+      if !File.directory?(d)
+        puts "Config: Socket directory " + sb.path + " does not exist or is not a directory!"
+        exit(1)
+      end
+      p = sb.permissions.to_i?(base: 8)
+      if !p || p < 0 || p > 0o777
+        puts "Config: Socket permissions must be an octal between 0 and 777!"
+        exit(1)
+      end
+    end
+
     return config
   end
 end