let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sessions): preserve 0600 permissions on sessions.json writes

Browse Source
This commit is contained in:
Yurii Chukhlib
2026-01-16 19:44:14 +01:00
committed by Peter Steinberger
parent 106e308953
commit cf72b9db3c
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/config/sessions/store.ts
View File

@@ -135,8 +135,10 @@ async function saveSessionStoreUnlocked(
const tmp = `${storePath}.${process.pid}.${crypto.randomUUID()}.tmp`; const tmp = `${storePath}.${process.pid}.${crypto.randomUUID()}.tmp`;
try { try {
await fs.promises.writeFile(tmp, json, "utf-8"); await fs.promises.writeFile(tmp, json, { mode: 0o600, encoding: "utf-8" });
await fs.promises.rename(tmp, storePath); await fs.promises.rename(tmp, storePath);
// Ensure permissions are set even if rename loses them
await fs.promises.chmod(storePath, 0o600);
} catch (err) { } catch (err) {
const code = const code =
err && typeof err === "object" && "code" in err err && typeof err === "object" && "code" in err
@@ -148,7 +150,8 @@ async function saveSessionStoreUnlocked(
// Best-effort: try a direct write (recreating the parent dir), otherwise ignore. // Best-effort: try a direct write (recreating the parent dir), otherwise ignore.
try { try {
await fs.promises.mkdir(path.dirname(storePath), { recursive: true }); await fs.promises.mkdir(path.dirname(storePath), { recursive: true });
await fs.promises.writeFile(storePath, json, "utf-8"); await fs.promises.writeFile(storePath, json, { mode: 0o600, encoding: "utf-8" });
await fs.promises.chmod(storePath, 0o600);
} catch (err2) { } catch (err2) {
const code2 = const code2 =
err2 && typeof err2 === "object" && "code" in err2 err2 && typeof err2 === "object" && "code" in err2