Compare commits
	
		
			No commits in common. "553d552047e9b3f03c4d08f782b6346c585c27cf" and "2342f02dfffe7efaf73288a7774af9d45296fbed" have entirely different histories.
		
	
	
		
			553d552047
			...
			2342f02dff
		
	
		|  | @ -4,13 +4,7 @@ Riju is a very fast online playground for every programming language. | |||
| In less than a second, you can start playing with a Python interpreter | ||||
| or compiling [INTERCAL](https://en.wikipedia.org/wiki/INTERCAL) code. | ||||
| 
 | ||||
| Check it out at <https://riju.codes>! Please note that Riju is only | ||||
| available on IPv6-enabled networks due to the higher financial cost of | ||||
| supporting legacy protocols. If your network [does not support | ||||
| IPv6](https://test-ipv6.com/) then please consider asking your network | ||||
| administrator or service provider to do their part in supporting | ||||
| modern internet standards. You can consider accessing Riju through a | ||||
| VPN as a workaround. | ||||
| Check it out at <https://riju.codes>! | ||||
| 
 | ||||
| Service uptime available at <https://radian.statuspage.io/>. | ||||
| 
 | ||||
|  |  | |||
|  | @ -0,0 +1,72 @@ | |||
| import { spawn } from "child_process"; | ||||
| import { promises as fs } from "fs"; | ||||
| import process from "process"; | ||||
| 
 | ||||
| import { readLangConfig } from "../lib/yaml.js"; | ||||
| import { | ||||
|   bash, | ||||
|   getUUID, | ||||
|   privilegedPty, | ||||
|   privilegedSession, | ||||
|   quote, | ||||
| } from "./util.js"; | ||||
| 
 | ||||
| function die(msg) { | ||||
|   console.error(msg); | ||||
|   process.exit(1); | ||||
| } | ||||
| 
 | ||||
| async function main() { | ||||
|   const sandboxScript = await fs.readFile("backend/sandbox.bash", "utf-8"); | ||||
|   const lang = process.env.L; | ||||
|   if (!lang) { | ||||
|     die("environment variable unset: $L"); | ||||
|   } | ||||
|   const langConfig = await readLangConfig(lang); | ||||
|   const uuid = getUUID(); | ||||
|   console.log(`Starting session with UUID ${uuid}`); | ||||
|   const sessionArgs = privilegedSession({ uuid, lang }); | ||||
|   const session = spawn(sessionArgs[0], sessionArgs.slice(1), { | ||||
|     stdio: ["ignore", "pipe", "inherit"], | ||||
|   }); | ||||
|   let buffer = ""; | ||||
|   await new Promise((resolve) => { | ||||
|     session.stdout.on("data", (data) => { | ||||
|       buffer += data.toString(); | ||||
|       let idx; | ||||
|       while ((idx = buffer.indexOf("\n")) !== -1) { | ||||
|         const line = buffer.slice(0, idx); | ||||
|         buffer = buffer.slice(idx + 1); | ||||
|         if (line === "riju: container ready") { | ||||
|           resolve(); | ||||
|         } else { | ||||
|           console.error(line); | ||||
|         } | ||||
|       } | ||||
|     }); | ||||
|   }); | ||||
|   const args = [].concat.apply( | ||||
|     ["riju-pty", "-f"], | ||||
|     privilegedPty( | ||||
|       { uuid }, | ||||
|       bash( | ||||
|         `env L='${lang}' LANG_CONFIG=${quote( | ||||
|           JSON.stringify(langConfig) | ||||
|         )} bash --rcfile <(cat <<< ${quote(sandboxScript)})` | ||||
|       ) | ||||
|     ) | ||||
|   ); | ||||
|   const proc = spawn(args[0], args.slice(1), { | ||||
|     stdio: "inherit", | ||||
|   }); | ||||
|   try { | ||||
|     await new Promise((resolve, reject) => { | ||||
|       proc.on("error", reject); | ||||
|       proc.on("close", resolve); | ||||
|     }); | ||||
|   } finally { | ||||
|     session.kill(); | ||||
|   } | ||||
| } | ||||
| 
 | ||||
| main().catch(die); | ||||
|  | @ -9,7 +9,8 @@ import * as promClient from "prom-client"; | |||
| 
 | ||||
| import * as api from "./api.js"; | ||||
| import { aliases, langsPromise } from "./langs.js"; | ||||
| import { log } from "./util.js"; | ||||
| import * as util from "./util.js"; | ||||
| import { log, privilegedTeardown } from "./util.js"; | ||||
| 
 | ||||
| const host = process.env.HOST || "localhost"; | ||||
| const port = parseInt(process.env.PORT || "") || 6119; | ||||
|  | @ -113,6 +114,10 @@ function addWebsocket(baseApp, httpsServer) { | |||
|   return app; | ||||
| } | ||||
| 
 | ||||
| util.run(privilegedTeardown(), console.error).catch((err) => { | ||||
|   console.error(err); | ||||
| }); | ||||
| 
 | ||||
| if (useTLS) { | ||||
|   const httpsServer = https.createServer( | ||||
|     { | ||||
|  |  | |||
|  | @ -25,10 +25,33 @@ export function logError(err) { | |||
|   } | ||||
| } | ||||
| 
 | ||||
| function computeImageHashes() { | ||||
|   let deployConfig = process.env.RIJU_DEPLOY_CONFIG; | ||||
|   if (!deployConfig) return {}; | ||||
|   deployConfig = JSON.parse(deployConfig); | ||||
|   const imageHashes = {}; | ||||
|   for (const [lang, tag] of Object.entries(deployConfig.langImageTags)) { | ||||
|     const prefix = `lang-${lang}-`; | ||||
|     if (!tag.startsWith(prefix)) { | ||||
|       throw new Error(`malformed tag ${tag}`); | ||||
|     } | ||||
|     const imageHash = tag.slice(prefix.length); | ||||
|     if (imageHash.length !== 40) { | ||||
|       throw new Error(`malformed tag ${tag}`); | ||||
|     } | ||||
|     imageHashes[lang] = imageHash; | ||||
|   } | ||||
|   return imageHashes; | ||||
| } | ||||
| 
 | ||||
| const imageHashes = computeImageHashes(); | ||||
| 
 | ||||
| export function quote(str) { | ||||
|   return "'" + str.replace(/'/g, `'"'"'`) + "'"; | ||||
| } | ||||
| 
 | ||||
| export const rijuSystemPrivileged = "system/out/riju-system-privileged"; | ||||
| 
 | ||||
| export function getUUID() { | ||||
|   return getUUIDOrig().replace(/-/g, ""); | ||||
| } | ||||
|  | @ -67,6 +90,40 @@ export async function run(args, log, options) { | |||
|   }); | ||||
| } | ||||
| 
 | ||||
| export function privilegedList() { | ||||
|   return [rijuSystemPrivileged, "list"]; | ||||
| } | ||||
| 
 | ||||
| export function privilegedPull({ repo, tag }) { | ||||
|   return [rijuSystemPrivileged, "pull", repo, tag]; | ||||
| } | ||||
| 
 | ||||
| export function privilegedSession({ uuid, lang }) { | ||||
|   const cmdline = [rijuSystemPrivileged, "session", uuid, lang]; | ||||
|   if (imageHashes[lang]) { | ||||
|     cmdline.push(imageHashes[lang]); | ||||
|   } | ||||
|   return cmdline; | ||||
| } | ||||
| 
 | ||||
| export function privilegedExec({ uuid }, args) { | ||||
|   return [rijuSystemPrivileged, "exec", uuid].concat(args); | ||||
| } | ||||
| 
 | ||||
| export function privilegedPty({ uuid }, args) { | ||||
|   return [rijuSystemPrivileged, "pty", uuid].concat(args); | ||||
| } | ||||
| 
 | ||||
| export function privilegedTeardown(options) { | ||||
|   options = options || {}; | ||||
|   const { uuid } = options; | ||||
|   const cmdline = [rijuSystemPrivileged, "teardown"]; | ||||
|   if (uuid) { | ||||
|     cmdline.push(uuid); | ||||
|   } | ||||
|   return cmdline; | ||||
| } | ||||
| 
 | ||||
| export function bash(cmdline, opts) { | ||||
|   const stty = opts && opts.stty; | ||||
|   if (!cmdline.match(/[;|&(){}=\n]/)) { | ||||
|  |  | |||
|  | @ -1,5 +1,3 @@ | |||
| ARG REGISTRY_PREFIX | ||||
| 
 | ||||
| # EOL: April 2027 | ||||
| FROM ubuntu:22.04 AS build | ||||
| 
 | ||||
|  | @ -17,7 +15,7 @@ COPY frontend/src ./frontend/src/ | |||
| RUN make frontend | ||||
| 
 | ||||
| COPY system ./system/ | ||||
| RUN make system | ||||
| RUN make system UNPRIVILEGED=1 | ||||
| 
 | ||||
| COPY frontend/pages ./frontend/pages/ | ||||
| COPY frontend/styles ./frontend/styles/ | ||||
|  | @ -25,11 +23,12 @@ COPY lib ./lib/ | |||
| COPY backend ./backend/ | ||||
| COPY langs ./langs/ | ||||
| 
 | ||||
| FROM ${REGISTRY_PREFIX}runtime:latest | ||||
| FROM riju:runtime | ||||
| 
 | ||||
| ENTRYPOINT ["/usr/local/sbin/my_init", "--quiet", "--skip-runit","--"] | ||||
| RUN useradd -p '!' -m -l -s /usr/bin/bash riju | ||||
| COPY --chown=riju:riju --from=build /src ./ | ||||
| RUN chown root:riju system/out/*-privileged && chmod a=,g=rx,u=rwxs system/out/*-privileged | ||||
| 
 | ||||
| USER riju | ||||
| CMD make server 2>&1 | ts | ||||
|  |  | |||
|  | @ -1,9 +1,3 @@ | |||
| --- | ||||
| kind: Namespace | ||||
| apiVersion: v1 | ||||
| metadata: | ||||
|   name: docker-build | ||||
| 
 | ||||
| --- | ||||
| kind: Namespace | ||||
| apiVersion: v1 | ||||
|  |  | |||
|  | @ -15,11 +15,10 @@ spec: | |||
|         app: riju-server | ||||
|     spec: | ||||
|       imagePullSecrets: | ||||
|         - name: docker-registry-auth | ||||
|         - name: docker-registry-login | ||||
|       containers: | ||||
|         - name: server | ||||
|           image: "localhost:30999/app:latest" | ||||
|           imagePullPolicy: Always | ||||
|           image: "localhost:30999/riju:app" | ||||
|           resources: {} | ||||
|           readinessProbe: | ||||
|             httpGet: | ||||
|  |  | |||
|  | @ -2,8 +2,8 @@ | |||
| kind: Ingress | ||||
| apiVersion: networking.k8s.io/v1 | ||||
| metadata: | ||||
|   namespace: riju-server | ||||
|   name: riju-server | ||||
|   namespace: riju-proxy | ||||
|   name: riju-proxy | ||||
|   annotations: | ||||
|     cert-manager.io/cluster-issuer: letsencrypt-prod | ||||
| spec: | ||||
|  | @ -22,4 +22,4 @@ spec: | |||
|   tls: | ||||
|     - hosts: | ||||
|       - "{{ .networking.domain }}" | ||||
|       secretName: riju-server-tls | ||||
|       secretName: riju-proxy-tls | ||||
		Loading…
	
		Reference in New Issue