From c1082e841e87e8e4a075f8275981e8b8f9b1c38a Mon Sep 17 00:00:00 2001
From: shocknet-justin <justin@shock.network>
Date: Fri, 29 Aug 2025 15:26:33 -0400
Subject: [PATCH] db chmod

---
 src/services/storage/db/db.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/services/storage/db/db.ts b/src/services/storage/db/db.ts
index d86731cb..3c2a954a 100644
--- a/src/services/storage/db/db.ts
+++ b/src/services/storage/db/db.ts
@@ -27,6 +27,7 @@ import { UserOffer } from "../entity/UserOffer.js"
 import { ManagementGrant } from "../entity/ManagementGrant.js"
 import { ChannelEvent } from "../entity/ChannelEvent.js"
 import { AppUserDevice } from "../entity/AppUserDevice.js"
+import * as fs from 'fs'
 
 
 export type DbSettings = {
@@ -92,6 +93,12 @@ export const newMetricsDb = async (settings: DbSettings, metricsMigrations: Func
         entities: Object.values(MetricsDbEntities),
         migrations: metricsMigrations
     }).initialize();
+    
+    // Secure the DB file permissions
+    if (fs.existsSync(settings.metricsDatabaseFile)) {
+        fs.chmodSync(settings.metricsDatabaseFile, 0o600);
+    }
+    
     const log = getLogger({});
     const pendingMigrations = await source.showMigrations()
     if (pendingMigrations) {
@@ -112,6 +119,12 @@ export default async (settings: DbSettings, migrations: Function[]): Promise<{ s
         //synchronize: true,
         migrations
     }).initialize()
+    
+    // Secure the DB file permissions
+    if (fs.existsSync(settings.databaseFile)) {
+        fs.chmodSync(settings.databaseFile, 0o600);
+    }
+    
     const log = getLogger({})
     const pendingMigrations = await source.showMigrations()
     if (pendingMigrations) {