Add ability to drop privileges after binding to port

emgauwa-core/src/main.rs

@@ -1,9 +1,11 @@
 use actix_cors::Cors;
+use std::net::TcpListener;
 use std::str::FromStr;
 
 use actix_web::middleware::TrailingSlash;
 use actix_web::{middleware, web, App, HttpServer};
 use emgauwa_lib::handlers;
+use emgauwa_lib::utils::drop_privileges;
 use log::{trace, LevelFilter};
 use simple_logger::SimpleLogger;
 
@@ -22,6 +24,18 @@ async fn main() -> std::io::Result<()> {
 		.init()
 		.expect("Error initializing logger.");
 
+	let listener = TcpListener::bind(format!("{}:{}", settings.host, settings.port))
+		.expect("Error creating listener");
+
+	if !settings.user.is_empty() && !settings.group.is_empty() {
+		log::info!(
+			"Dropping privileges to {}:{}",
+			settings.user,
+			settings.group
+		);
+		drop_privileges(&settings.user, &settings.group).expect("Error dropping privileges");
+	}
+
 	let pool = emgauwa_lib::db::init(&settings.database).await;
 
 	log::info!("Starting server on {}:{}", settings.host, settings.port);
@@ -55,7 +69,7 @@ async fn main() -> std::io::Result<()> {
 			.service(handlers::v1::schedules::delete)
 			.service(handlers::v1::ws::controllers::index)
 	})
-	.bind(format!("{}:{}", settings.host, settings.port))?
+	.listen(listener)?
 	.run()
 	.await
 }

emgauwa-core/src/settings.rs

@@ -14,9 +14,14 @@ pub struct Logging {
 #[allow(unused)]
 pub struct Settings {
 	pub database: String,
-	pub port: u16,
+
 	pub host: String,
+	pub port: u16,
 	pub origins: Vec<String>,
+
+	pub user: String,
+	pub group: String,
+
 	pub logging: Logging,
 }
 
@@ -24,9 +29,14 @@ impl Default for Settings {
 	fn default() -> Self {
 		Settings {
 			database: String::from("sqlite://emgauwa-core.sqlite"),
-			port: constants::DEFAULT_PORT,
+
 			host: String::from("127.0.0.1"),
+			port: constants::DEFAULT_PORT,
 			origins: Vec::new(),
+
+			user: String::from(""),
+			group: String::from(""),
+
 			logging: Logging::default(),
 		}
 	}