running daemon as coder user instead of root

Author: jmstriegel

coder-base/apps/auth/app.js

@@ -32,6 +32,7 @@ var device_settings = {
     coder_color: '#3e3e3e'
 };
 
+var setpipass = '/home/coder/coder-dist/coder-base/sudo_scripts/setpipass';
 
 exports.settings={};
 //These are dynamically updated by the runtime
@@ -345,7 +346,7 @@ exports.api_addpassword_handler = function( req, res ) {
     //device_settings.device_name = devicename;
     var erroutput = "";
     var output = "";
-    var setpass = spawn( '/usr/bin/sudo', ['/usr/bin/passwd', 'pi'] );
+    var setpass = spawn( '/usr/bin/sudo', [setpipass] );
     setpass.stdout.on( 'data', function( d ) {
         output += d;
     });
@@ -429,7 +430,7 @@ exports.api_changepassword_handler = function( req, res ) {
     //device_settings.device_name = devicename;
     var erroutput = "";
     var output = "";
-    var setpass = spawn( '/usr/bin/sudo', ['/usr/bin/passwd', 'pi'] );
+    var setpass = spawn( '/usr/bin/sudo', [setpipass] );
     setpass.stdout.on( 'data', function( d ) {
         output += d;
     });

coder-base/apps/eyeball/meta.json

@@ -1,6 +1,6 @@
 {
     "created": "2013-03-15",
-    "modified": "2013-06-26",
+    "modified": "2013-07-08",
     "color": "#f39c12",
     "author": "Justin Windle",
     "name": "Eyeball",

coder-base/apps/hello_coder/meta.json

@@ -1,6 +1,6 @@
 {
     "created": "2013-05-08",
-    "modified": "2013-06-26",
+    "modified": "2013-07-08",
     "color": "#d977d4",
     "author": "Jason Striegel",
     "name": "Hello Coder",

coder-base/config.js

@@ -1,8 +1,10 @@
 
 exports.listenIP = null; //Defaults to *
-exports.listenPort = '443'; //the SSL port things run on
-exports.httpListenPort = '80'; //this will all be redirected to SSL
+exports.listenPort = '8081'; //the SSL port things run on
+exports.httpListenPort = '8080'; //this will all be redirected to SSL
 exports.cacheApps = true;
+exports.httpVisiblePort = '80'; //forwarded http port the user sees
+exports.httpsVisiblePort = '443'; //forwarded https port the user sees
 
 
 //SSL Info

coder-base/server.js

@@ -69,7 +69,7 @@ var apphandler = function( req, res, appdir ) {
     auth = require(appdir + "auth" + "/app");
     user = auth.isAuthenticated(req, res);
     if ( !user && publicAllowed.indexOf( appname ) < 0) {
-        res.redirect("https://" + getHost(req) + ":" + config.listenPort  + '/app/auth' ); 
+        res.redirect("https://" + getHost(req) + ":" + config.httpsVisiblePort  + '/app/auth' ); 
         return;
     }
 
@@ -262,8 +262,8 @@ var redirectapp = express();
 params.extend( redirectapp );
 redirectapp.engine( 'html', cons.mustache );
 redirectapp.all( /.*/, function( req, res ) {
-    util.log( 'redirect: ' + getHost(req) + " " + config.listenPort + " " + req.url );
-    res.redirect("https://" + getHost(req) + ":" + config.listenPort  + req.url); 
+    util.log( 'redirect: ' + getHost(req) + " " + config.httpsVisiblePort + " " + req.url );
+    res.redirect("https://" + getHost(req) + ":" + config.httpsVisiblePort  + req.url); 
 });
 
 startSSL();

coder-base/sudo_scripts/setpipass

@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/bin/passwd pi

raspbian-addons/etc/default/coder-daemon

@@ -1,5 +1,5 @@
 # The init.d script will only run if this variable non-empty.
-CODER_USER="root"             # !!!CHANGE THIS!!!!
+CODER_USER="coder"             # !!!should not be root!!!!
 
 # Should we run at startup?
 RUN_AT_STARTUP="YES"

raspbian-addons/etc/init.d/coder-daemon

@@ -18,8 +18,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DESC="Coder Server"
 NAME="coder-daemon"
 DAEMON=/usr/bin/nodejs
-DAEMON_ARGS="/home/pi/coder/coder-base/server.js"
-DAEMON_PATH="/home/pi/coder/coder-base/"
+DAEMON_ARGS="/home/coder/coder-dist/coder-base/server.js"
+DAEMON_PATH="/home/coder/coder-dist/coder-base/"
 PIDFILE=/var/run/$NAME.pid
 UMASK=022                     # Change this to 0 if running deluged as its own user
 PKGNAME=coder-daemon

raspbian-addons/etc/init.d/pull-coder-reset

@@ -17,8 +17,8 @@ logger="logger -t $prog"
 reset_file="/boot/reset.txt"
 source_wpa_conf="/etc/wpa_supplicant/wpa_supplicant.conf.reset"
 dest_wpa_conf="/etc/wpa_supplicant/wpa_supplicant.conf"
-source_device_json="/home/pi/coder/coder-base/device.json.reset"
-dest_device_json="/home/pi/coder/coder-base/device.json"
+source_device_json="/home/coder/coder-dist/coder-base/device.json.reset"
+dest_device_json="/home/coder/coder-dist/coder-base/device.json"
 
 # copy from source to dest if source exists
 if [ -f $reset_file ]; then
@@ -27,7 +27,7 @@ if [ -f $reset_file ]; then
 	chmod 600 $dest_wpa_conf
 	echo "-----RESET DEVICE.JSON-----" | $logger
 	cp $source_device_json $dest_device_json
-	chown pi $dest_device_json
+	chown coder $dest_device_json
 	chmod 600 $dest_device_json
 	rm -f $reset_file
 fi

raspbian-addons/etc/iptables.up.rules

@@ -0,0 +1,17 @@
+# Generated by iptables-save v1.4.14 on Mon Jul  8 15:57:20 2013
+*nat
+:PREROUTING ACCEPT [99:5850]
+:INPUT ACCEPT [113:6746]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8081
+-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
+COMMIT
+# Completed on Mon Jul  8 15:57:20 2013
+# Generated by iptables-save v1.4.14 on Mon Jul  8 15:57:20 2013
+*filter
+:INPUT ACCEPT [1237:98511]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [672:465045]
+COMMIT
+# Completed on Mon Jul  8 15:57:20 2013

raspbian-addons/etc/network/if-pre-up.d/iptables

@@ -0,0 +1,4 @@
+#!/bin/sh
+#restore iptables on boot
+
+iptables-restore < /etc/iptables.up.rules