Change secret file permission to 600

wallet/src/main/scala/org/alephium/wallet/WalletApp.scala

@@ -16,7 +16,7 @@
 
 package org.alephium.wallet
 
-import java.nio.file.Paths
+import java.nio.file.{Files, Path, Paths}
 
 import scala.collection.immutable.ArraySeq
 import scala.concurrent.{ExecutionContext, Future, Promise}
@@ -33,12 +33,14 @@ import org.alephium.protocol.config.GroupConfig
 import org.alephium.util.{AVector, Service}
 import org.alephium.wallet.config.WalletConfig
 import org.alephium.wallet.service.WalletService
+import org.alephium.wallet.storage.SecretStorage
 import org.alephium.wallet.web._
 
 class WalletApp(config: WalletConfig)(implicit
     val executionContext: ExecutionContext
 ) extends Service
     with StrictLogging {
+  WalletApp.checkSecretFilePermission(config.secretDir)
 
   implicit private val groupConfig = new GroupConfig {
     override def groups: Int = config.blockflow.groups
@@ -126,3 +128,11 @@ class WalletApp(config: WalletConfig)(implicit
         }
     }
 }
+
+object WalletApp {
+  def checkSecretFilePermission(walletDir: Path): Unit = {
+    Files.list(walletDir).forEach { path =>
+      SecretStorage.setPermission600(path.toFile)
+    }
+  }
+}

wallet/src/main/scala/org/alephium/wallet/storage/SecretStorage.scala

@@ -171,6 +171,7 @@ object SecretStorage {
         )
         state <- stateFromFile(file, password, path, mnemonicPassphrase)
       } yield {
+        SecretStorage.setPermission600(file)
         new Impl(file, Some(state), path)
       }
     }
@@ -404,4 +405,11 @@ object SecretStorage {
       .left
       .map(_ => SecretFileError)
   }
+
+  def setPermission600(file: File): Unit = {
+    require(file.setReadable(false, false))
+    require(file.setReadable(true, true))
+    require(file.setWritable(false, false))
+    require(file.setWritable(true, true))
+  }
 }