forked from mirror/gitea
cdd3d4b8d8
This is a simple PR which moves the `GetListener` function to a `DefaultGetListener` function, and changes `GetListener` to be a variable which by default points to the `DefaultGetListener` function. This allows people who may exist quasi-downstream of Gitea to create alternate "GetListener" functions, with identical signatures, which return different implementations of the `net.Listener` interface. This approach is expressly intended to be non-invasive and have the least possible impact on the gitea codebase. A previous version of this idea was rejected before: https://github.com/go-gitea/gitea/issues/15544 but because of issues like: https://github.com/go-gitea/gitea/issues/22335 I **really** think that recommending people configure proxies by hand is exactly the wrong way to do things(This is why there is a Tor Browser.). This tiny change lets me put proper hidden service configuration into single `i2p.go` file which lives in `modules/graceful/` and which never has to be checked in to your codebase or affect your dependencies or bloat your project in any way, it can live on a branch in my fork and I'll fast-forward every release and never the twain shall meet. The main use-case for this is to listen on Peer-to-Peer networks and Hidden Services directly without error-prone and cumbersome port-forwarding configuration. For instance, I might implement an "I2PGetListener" as follows: ```Go // adapted from i2p.go which is unchecked-in in my modules/graceful/ directory import "github.com/eyedeekay/onramp" var garlic = &onramp.Garlic{} func I2PGetListener(network, address string) (net.Listener, error) { // Add a deferral to say that we've tried to grab a listener defer GetManager().InformCleanup() switch network { case "tcp", "tcp4", "tcp6", "i2p", "i2pt": return garlic.Listen() case "unix", "unixpacket": // I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally unixAddr, err := net.ResolveUnixAddr(network, address) if err != nil { return nil, err } return GetListenerUnix(network, unixAddr) default: return nil, net.UnknownNetworkError(network) } } ``` I could then substitute that GetListener function and be 50% of the way to having a fully-functioning gitea-over-hidden-services instance without any additional configuration(The other 50% doesn't require any code-changes on gitea's part). There are 2 advantages here, one being convenience, first this turns hidden services into a zero-configuration option for self-hosting gitea, and second safety, these Go libraries are passing around hidden-service-only versions of the net.Addr struct, they're using hidden-service-only versions of the sockets, which are both expressly designed to never require access to any information outside the hidden service network, manipulating the application so it reveals information about the host becomes much more difficult, and some attacks become nearly impossible. It also opens up TLS-over-Hidden Services support which is niche right now, of course, but in a future where gitea instances federate if hidden services want to be part of the federation they're probably going to need TLS certificates. They don't need to be painful to set up. This doesn't fix an open issue, but it might affect: - https://github.com/go-gitea/gitea/issues/22335 - my `i2p.go` file actually has a mod that fixes this but it requires adding a handful of new dependencies to gitea and isn't compatible with the normal way you guys recommend using a proxy so I don't think it's ready to send to you as a PR, but if I can find a non-invasive way to fix it I will. - https://github.com/go-gitea/gitea/issues/18240 I hereby agree to the Code of Conduct published here: |
||
|---|---|---|
| .. | ||
| actions | ||
| activitypub | ||
| analyze | ||
| assetfs | ||
| auth | ||
| avatar | ||
| base | ||
| cache | ||
| charset | ||
| container | ||
| context | ||
| csv | ||
| doctor | ||
| emoji | ||
| eventsource | ||
| generate | ||
| git | ||
| gitgraph | ||
| graceful | ||
| hcaptcha | ||
| highlight | ||
| hostmatcher | ||
| html | ||
| httpcache | ||
| httplib | ||
| indexer | ||
| issue/template | ||
| json | ||
| label | ||
| lfs | ||
| log | ||
| markup | ||
| mcaptcha | ||
| metrics | ||
| migration | ||
| mirror | ||
| nosql | ||
| notification | ||
| options | ||
| packages | ||
| paginator | ||
| pprof | ||
| private | ||
| process | ||
| proxy | ||
| proxyprotocol | ||
| public | ||
| queue | ||
| recaptcha | ||
| references | ||
| regexplru | ||
| repository | ||
| secret | ||
| session | ||
| setting | ||
| sitemap | ||
| ssh | ||
| storage | ||
| structs | ||
| svg | ||
| sync | ||
| system | ||
| templates | ||
| test | ||
| testlogger | ||
| timeutil | ||
| translation | ||
| turnstile | ||
| typesniffer | ||
| updatechecker | ||
| upload | ||
| uri | ||
| user | ||
| util | ||
| validation | ||
| web | ||
| webhook | ||