From 972f106cb006ea5990883bc74742f8a519809625 Mon Sep 17 00:00:00 2001
From: crschnick <crschnick@xpipe.io>
Date: Sun, 14 Jul 2024 08:17:53 +0000
Subject: [PATCH] Restrict auth file permission

---
 app/src/main/java/io/xpipe/app/beacon/AppBeaconServer.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/src/main/java/io/xpipe/app/beacon/AppBeaconServer.java b/app/src/main/java/io/xpipe/app/beacon/AppBeaconServer.java
index 7e6cb7f1..2d654c0f 100644
--- a/app/src/main/java/io/xpipe/app/beacon/AppBeaconServer.java
+++ b/app/src/main/java/io/xpipe/app/beacon/AppBeaconServer.java
@@ -6,6 +6,7 @@ import io.xpipe.app.issue.TrackEvent;
 import io.xpipe.app.util.MarkdownHelper;
 import io.xpipe.beacon.BeaconConfig;
 import io.xpipe.beacon.BeaconInterface;
+import io.xpipe.core.process.OsType;
 import io.xpipe.core.util.XPipeInstallation;
 
 import com.sun.net.httpserver.HttpExchange;
@@ -17,6 +18,7 @@ import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.nio.file.attribute.PosixFilePermissions;
 import java.util.*;
 import java.util.concurrent.Executors;
 import java.util.regex.Pattern;
@@ -110,6 +112,9 @@ public class AppBeaconServer {
         var file = XPipeInstallation.getLocalBeaconAuthFile();
         var id = UUID.randomUUID().toString();
         Files.writeString(file, id);
+        if (OsType.getLocal() != OsType.WINDOWS) {
+            Files.setPosixFilePermissions(file, PosixFilePermissions.fromString("rw-rw----"));
+        }
         localAuthSecret = id;
     }