fix(package): sentinèlla: base64 logic

2025-10-03 19:02:33 +00:00
parent 7fd3ba46c9
commit 76e09ce5c3
4 changed files with 53 additions and 24 deletions
--- a/package/sentinèlla/default.nix
+++ b/package/sentinèlla/default.nix
@@ -1,10 +1,25 @@
-{ writeShellScriptBin, socat, dash }:
-writeShellScriptBin "server-health" ''
-  set +a
-  LOOP_FILE=${./probe-loop.sh}
-  socat() { ${socat}/bin/socat $@ }
-  dash()  { ${dash}/bin/dash   $@ }
-  set -a
+{ symlinkJoin, writeShellApplication, socat, dash, hectic, curl }:
+let
+  # TODO: writeDashApplication
+  probe = writeShellApplication {
+    name = "probe";
+    runtimeInputs = [ socat dash probe-loop ];
+    text = builtins.readFile ./probe.sh;
+  };

-  ${dash}/bin/dash ${./probe.sh}
-''
+  probe-loop = writeShellApplication {
+    name = "probe-loop";
+    runtimeInputs = [ ];
+    text = builtins.readFile ./probe-loop.sh;
+  };
+
+  sentinel = writeShellApplication {
+    name = "sentinel";
+    runtimeInputs = [ hectic.shellplot curl ];
+    text = builtins.readFile ./sentinel.sh;
+  };
+in
+symlinkJoin {
+  name = "sentinèlla";
+  paths = [ probe sentinel ];
+}
--- a/package/sentinèlla/probe-loop.sh
+++ b/package/sentinèlla/probe-loop.sh
@@ -1,4 +1,4 @@
-#!/bin/dash
+#!/usr/bin/env dash

 # router.sh — POSIX sh HTTP backend (for socat)
 # usage: socat -T5 -t5 TCP-LISTEN:${port},reuseaddr,fork EXEC:"sh ${currentfile}"
@@ -6,9 +6,10 @@
 #   GET /status  -> check $URLS (0/0 if unset)
 #   GET /disk    -> check $VOLUMES (all if unset)
 # Env:
-#   URLS="http://..."     # default: none
-#   VOLUMES="/ /home"     # default: all from df -P
+#   URLS="http://..."                # default: none
+#   VOLUMES="/ /home"                # default: all from df -P
 #   TIMEOUT=5
+#   AUTH_FILE="/path/htpasswd-like"  # lines: user:pass

 base64() {
  local mod
@@ -55,9 +56,10 @@ base64() {
          b=buildbin($1)
          l=length(b)
 	  lack = (6 - l % 6) % 6
-          b = sprintf("%s%0*d", b, lack, 0)
+	  for(i=1;i<=lack;i+=1) {
+	    b = sprintf("%s0", b)
+          }
 	  r = base64(b)
-	  print lack
 	  for(i=1;i<=lack/2;i+=1) {
 	    r = sprintf("%s=", r)
          }
@@ -135,8 +137,16 @@ route_disk() {
    }
 }

+AUTH_TOKENS=""
+if [ -n "$AUTH_FILE" ] && [ -r "$AUTH_FILE" ]; then
+  while IFS= read -r up || [ -n "$up" ]; do
+    [ -n "$up" ] || continue
+    AUTH_TOKENS="$AUTH_TOKENS $(base64 encode "$up" | tail -n1)"
+  done <"$AUTH_FILE"
+fi
+
 require_auth=false
-[ -n "$USER" ] && [ -n "$PASS" ] && require_auth=true
+[ -n "$AUTH_TOKENS" ] && require_auth=true

 # --- read request & headers ---
 IFS= read -r req || exit 0
@@ -166,9 +176,12 @@ unauth() {
  printf '%s' "$body"
 }

-if $require_auth && ! $auth_ok; then
-  unauth
-  exit 0
+auth_ok=false
+if $require_auth; then
+  for t in $AUTH_TOKENS; do
+    [ "$tok" = "$t" ] && auth_ok=true && break
+  done
+  $auth_ok || { unauth; exit 0; }
 fi

 tmp=$(mktemp) || exit 1
--- a/package/sentinèlla/probe.sh
+++ b/package/sentinèlla/probe.sh
@@ -1,3 +1,6 @@
-#!/bin/dash
+#!/usr/bin/env dash
+set -euo pipefail
+socat -V >/dev/null
+dash -c 'echo ok' >/dev/null

-socat -T5 -t5 TCP-LISTEN:"${PORT:-5988}",reuseaddr,fork EXEC:"dash $LOOP_FILE"
+socat -T5 -t5 TCP-LISTEN:"${PORT:-5988}",reuseaddr,fork EXEC:"dash ${LOOP_FILE:-probe-loop}"