From 366bc0990ff55dfc985d5b3d96f00d12bef67879 Mon Sep 17 00:00:00 2001
From: Romain Lespinasse <romain.lespinasse@gmail.com>
Date: Sat, 23 Mar 2024 23:08:40 +0100
Subject: [PATCH] feat: enable non-root run (#71)

---
 .gitignore                         | 11 +++++-
 Dockerfile                         |  6 ++-
 Makefile                           |  8 +---
 README.adoc                        | 45 ++++++++++++++++++++--
 tests/data/file4.drawio            | 60 ++++++++++++++++++++++++++++++
 tests/expected/export-non-root.log |  1 +
 tests/export.bats                  |  4 ++
 7 files changed, 123 insertions(+), 12 deletions(-)
 create mode 100755 tests/data/file4.drawio
 create mode 100644 tests/expected/export-non-root.log

diff --git a/.gitignore b/.gitignore
index 081155e..98aaf26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,17 @@
+# node
 node_modules/
+package-lock.json
+
+# test runs
 output/
 *.pdf
 *.svg
 *.png
 !tests/expected/*.svg
 !tests/expected/*.png
-package-lock.json
+
+# non-root user runs
+home
+.cache
+.config
+core
diff --git a/Dockerfile b/Dockerfile
index ea4e787..1903219 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,9 +28,11 @@ apt-get install -y fonts-liberation \
 apt-get remove -y wget
 rm -rf /var/lib/apt/lists/*
 
+# Enable all users to write in the WORKDIR folder
+chmod a+w .
 EOF
 
-COPY src/* ./
+COPY --chmod=755 src/* ./
 
 ENV ELECTRON_DISABLE_SECURITY_WARNINGS "true"
 ENV DRAWIO_DISABLE_UPDATE "true"
@@ -39,7 +41,7 @@ ENV DRAWIO_DESKTOP_EXECUTABLE_PATH "/opt/drawio/drawio"
 ENV DRAWIO_DESKTOP_SOURCE_FOLDER "/opt/drawio-desktop"
 ENV DRAWIO_DESKTOP_RUNNER_COMMAND_LINE "/opt/drawio-desktop/runner.sh"
 ENV XVFB_DISPLAY ":42"
-ENV XVFB_OPTIONS ""
+ENV XVFB_OPTIONS "-nolisten unix"
 ENV ELECTRON_ENABLE_LOGGING "false"
 
 ENTRYPOINT [ "/opt/drawio-desktop/entrypoint.sh" ]
diff --git a/Makefile b/Makefile
index cc36c28..a8ca6b5 100644
--- a/Makefile
+++ b/Makefile
@@ -19,12 +19,8 @@ build-multiarch:
 
 cleanup:
 	@rm -rf tests/output
-	@rm -rf tests/data/*.pdf
-	@rm -rf tests/data/**/*.pdf
-	@rm -rf tests/data/*.svg
-	@rm -rf tests/data/**/*.svg
-	@rm -rf tests/data/*.png
-	@rm -rf tests/data/**/*.png
+	@rm -rf tests/data/home
+	@find tests/data \( -name "*.pdf" -o -name "*.svg" -o -name "*.png" \) -delete
 
 RUN_ARGS?=
 DOCKER_OPTIONS?=
diff --git a/README.adoc b/README.adoc
index 6cc236f..d51a275 100644
--- a/README.adoc
+++ b/README.adoc
@@ -30,11 +30,50 @@ NOTE: Want a new font package, modify the `Dockerfile` to install the missing pa
 
 == Running
 
-[source,bash]
+.Default run
+[source,console]
 ----
-docker run -it -w /data -v $(pwd):/data rlespinasse/drawio-desktop-headless
+$ docker run -it -w /data -v $(pwd):/data rlespinasse/drawio-desktop-headless
+Usage: drawio [options] [input file/folder]
+...
 ----
 
+.Run using non-root user
+[source,console]
+----
+$ docker run -it \
+          -u $(id -u):$(id -g) \ <1>
+          -e HOME=/data/home -w /data \ <2>
+          -v $(pwd):/data rlespinasse/drawio-desktop-headless
+Usage: drawio [options] [input file/folder]
+...
+----
+<1> Enable non-root user
+<2> env HOME need to contains the path of the working directory (can be the same)
++
+.If env HOME is not set properly
+[%collapsible]
+====
+[,console]
+----
+Fontconfig error: No writable cache directories
+A JavaScript error occurred in the main process
+Uncaught Exception:
+Error: Failed to get 'userData' path
+    at initDataListener (/opt/drawio/resources/app.asar/node_modules/electron-store/index.js:15:19)
+    at new ElectronStore (/opt/drawio/resources/app.asar/node_modules/electron-store/index.js:48:32)
+    at Object.<anonymous> (/opt/drawio/resources/app.asar/src/main/electron.js:15:15)
+    at Module._compile (node:internal/modules/cjs/loader:1271:14)
+    at Module._extensions..js (node:internal/modules/cjs/loader:1326:10)
+    at Module.load (node:internal/modules/cjs/loader:1126:32)
+    at Module._load (node:internal/modules/cjs/loader:967:12)
+    at l._load (node:electron/js2c/asar_bundle:2:13642)
+    at node:electron/js2c/browser_init:2:120247
+    at node:electron/js2c/browser_init:2:120456
+/opt/drawio-desktop/runner.sh: line 4:    15 Trace/breakpoint trap   (core dumped) "${DRAWIO_DESKTOP_EXECUTABLE_PATH:?}" "$@" --no-sandbox --disable-gpu
+----
+====
+
 === Configuration
 
 [cols="2a,3a,1a",options="header"]
@@ -58,7 +97,7 @@ for days.  A duration of 0 disables the associated timeout.
 
 | **XVFB_OPTIONS**
 | Options for Xvfb
-|
+| `-nolisten unix` (enable non-root run)
 
 | **ELECTRON_DISABLE_SECURITY_WARNINGS**
 | Avoid printing https://github.com/electron/electron/blob/master/docs/tutorial/security.md#electron-security-warnings[electron warning]
diff --git a/tests/data/file4.drawio b/tests/data/file4.drawio
new file mode 100755
index 0000000..ee1e54b
--- /dev/null
+++ b/tests/data/file4.drawio
@@ -0,0 +1,60 @@
+<mxfile host="localhost" modified="2020-05-11T08:11:10.086Z" etag="L2Vw7R6ZwuYNYa1SxQTY" agent="5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Code/1.45.0 Chrome/78.0.3904.130 Electron/7.2.4 Safari/537.36" version="13.0.9" pages="2">
+    <diagram id="KgwwwuPXLq_iXDXmIebJ" name="Page-1">
+        <mxGraphModel dx="562" dy="654" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
+            <root>
+                <object label="" id="0">
+                    <mxCell/>
+                </object>
+                <mxCell id="1" parent="0"/>
+                <UserObject label="Some text" link="https://github.com/rlespinasse/qanda" id="X03gjs-y7KjdQwQyzjE4-2">
+                    <mxCell style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+                        <mxGeometry x="10" y="10" width="120" height="60" as="geometry"/>
+                    </mxCell>
+                </UserObject>
+                <mxCell id="2" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" source="X03gjs-y7KjdQwQyzjE4-4" target="X03gjs-y7KjdQwQyzjE4-2" edge="1">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <UserObject label="Some link" link="https://github.com/rlespinasse/qanda" id="X03gjs-y7KjdQwQyzjE4-4">
+                    <mxCell style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
+                        <mxGeometry x="30" y="170" width="80" height="20" as="geometry"/>
+                    </mxCell>
+                </UserObject>
+            </root>
+        </mxGraphModel>
+    </diagram>
+    <diagram name="Page 2" id="WKCg2NcY1VQb7qcMgWaw">
+        &#xa;        &#xa;&#xa;
+        <mxGraphModel dx="1106" dy="830" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
+            &#xa;            &#xa;&#xa;
+            <root>
+                &#xa;                &#xa;&#xa;
+                <mxCell id="RwZS0F2J_Ui9ka5hwAdE-0"/>
+                &#xa;                &#xa;&#xa;
+                <mxCell id="RwZS0F2J_Ui9ka5hwAdE-1" parent="RwZS0F2J_Ui9ka5hwAdE-0"/>
+                &#xa;                &#xa;&#xa;
+                <UserObject label="Some text" link="https://github.com/rlespinasse/qanda" id="RwZS0F2J_Ui9ka5hwAdE-2">
+                    &#xa;                    &#xa;&#xa;
+                    <mxCell style="rounded=1;whiteSpace=wrap;html=1;" vertex="1" parent="RwZS0F2J_Ui9ka5hwAdE-1">
+                        &#xa;                        &#xa;&#xa;
+                        <mxGeometry x="10" y="10" width="120" height="60" as="geometry"/>
+                        &#xa;                        &#xa;&#xa;
+                    </mxCell>
+                    &#xa;                    &#xa;&#xa;
+                </UserObject>
+                &#xa;                &#xa;&#xa;
+                <UserObject label="Some link" link="https://github.com/rlespinasse/qanda" id="RwZS0F2J_Ui9ka5hwAdE-3">
+                    &#xa;                    &#xa;&#xa;
+                    <mxCell style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="RwZS0F2J_Ui9ka5hwAdE-1">
+                        &#xa;                        &#xa;&#xa;
+                        <mxGeometry x="30" y="90" width="80" height="20" as="geometry"/>
+                        &#xa;                        &#xa;&#xa;
+                    </mxCell>
+                    &#xa;                    &#xa;&#xa;
+                </UserObject>
+                &#xa;                &#xa;&#xa;
+            </root>
+            &#xa;            &#xa;&#xa;
+        </mxGraphModel>
+        &#xa;        &#xa;&#xa;
+    </diagram>
+</mxfile>
diff --git a/tests/expected/export-non-root.log b/tests/expected/export-non-root.log
new file mode 100644
index 0000000..6ecb6b4
--- /dev/null
+++ b/tests/expected/export-non-root.log
@@ -0,0 +1 @@
+file4.drawio -> file4.pdf
diff --git a/tests/export.bats b/tests/export.bats
index e04a42a..124161d 100755
--- a/tests/export.bats
+++ b/tests/export.bats
@@ -16,6 +16,10 @@
   docker_test "" 1 "export-check-thirdrun" "tests/data" -export file3.drawio
 }
 
+@test "Export as non-root" {
+  docker_test "--user $(id --user):$(id --group) --env HOME=/data/home" 0 "export-non-root" "tests/data" -x file4.drawio
+}
+
 @test "Export using unknown argument" {
   docker_test "" 0 "export-file1" "tests/data" --export file1.drawio --wrong-argument
 }