Closed davedotluebke closed 4 years ago
Here's an idea:
Have the gitbot
user running a simple webserver for localhost
only and on an obscure port (e.g. 6553
). When it receives a request, then it will make a git commit of the specified file with the specified message. This avoids problems overwriting base game files (nobody can use this to run code as the gitbot, only tell it to make commits, and they can't change protected files as gameserver) and is relatively efficient.
In the upload
function, after a wizard uploads a file, gameserver
makes a POST request to
localhost:6553
containing the file and commit message. gitbot
commits.
IMPORTANT: The webserver code MUST make checks for base files, etc.
The gitbot server is now implemented. Now all we need to do is change the upload function to send a POST request with the requests module to localhost:6553
.
While this is almost working, there are still a couple of strange bugs the upload
and download
code. We need to do some additional testing before closing this issue.
I'm not sure if these are the bugs you are talking about, but here are a few:
[ ] In console.py
, the upload_file()
function does not make a commit if you are replacing a file.
[ ] #140 needs to be implemented. One thing that needs to happen is that gitbot_committer.py
need to receive more information about the player (i.e. admin status). This could be done by generating a player save file but passing it to the gitbot in the POST request.
[ ] In gitbot_comitter.py
we need to add better checks around this. I have started working on this with the function check_if_dir_forbidden
, but need to implement the above point first.
This mostly works now. I'm going to close this issue, permission-specific items and other problems can be opened in their own issues.
When a wizard edits or uploads a file, we'd like to do a git commit on the spot - this would be kicked off by the game server, which is run by the "gameserver" userid.
Then the "gitbot" userid uses crontab to run nightly "git pull; git push" actions to pull in any changes to the core game code and to store all wizard-made changes on the production branch on github. The "gitbot" userid has permission to write to the entire game tree, unlike gameserver which can read all the game tree code but can only write to the domain directories where rank-and-file wizards will make their changes.
We specifically don't want gameserver to have git push access, since we want to limit the damage that a rogue wizard (or just incompetent wizard) can do.
Is it possible to configure git and github such that gameserver can do git commit operations, and gitbot can do git push operations?