forked from gitea/gitea
1
0
Fork 0
gitea/modules
idk cdd3d4b8d8
Allow the use of alternative net.Listener implementations by downstreams (#25855)
This is a simple PR which moves the `GetListener` function to a
`DefaultGetListener` function, and changes `GetListener` to be a
variable which by default points to the `DefaultGetListener` function.
This allows people who may exist quasi-downstream of Gitea to create
alternate "GetListener" functions, with identical signatures, which
return different implementations of the `net.Listener` interface. This
approach is expressly intended to be non-invasive and have the least
possible impact on the gitea codebase. A previous version of this idea
was rejected before: https://github.com/go-gitea/gitea/issues/15544 but
because of issues like: https://github.com/go-gitea/gitea/issues/22335 I
**really** think that recommending people configure proxies by hand is
exactly the wrong way to do things(This is why there is a Tor Browser.).
This tiny change lets me put proper hidden service configuration into
single `i2p.go` file which lives in `modules/graceful/` and which never
has to be checked in to your codebase or affect your dependencies or
bloat your project in any way, it can live on a branch in my fork and
I'll fast-forward every release and never the twain shall meet.

The main use-case for this is to listen on Peer-to-Peer networks and
Hidden Services directly without error-prone and cumbersome
port-forwarding configuration. For instance, I might implement an
"I2PGetListener" as follows:

```Go
// adapted from i2p.go which is unchecked-in in my modules/graceful/ directory
import "github.com/eyedeekay/onramp"

var garlic = &onramp.Garlic{}

func I2PGetListener(network, address string) (net.Listener, error) {
	// Add a deferral to say that we've tried to grab a listener
	defer GetManager().InformCleanup()
	switch network {
	case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
		return garlic.Listen()
	case "unix", "unixpacket":
// I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
		unixAddr, err := net.ResolveUnixAddr(network, address)
		if err != nil {
			return nil, err
		}
		return GetListenerUnix(network, unixAddr)
	default:
		return nil, net.UnknownNetworkError(network)
	}
}
```

I could then substitute that GetListener function and be 50% of the way
to having a fully-functioning gitea-over-hidden-services instance
without any additional configuration(The other 50% doesn't require any
code-changes on gitea's part).

There are 2 advantages here, one being convenience, first this turns
hidden services into a zero-configuration option for self-hosting gitea,
and second safety, these Go libraries are passing around
hidden-service-only versions of the net.Addr struct, they're using
hidden-service-only versions of the sockets, which are both expressly
designed to never require access to any information outside the hidden
service network, manipulating the application so it reveals information
about the host becomes much more difficult, and some attacks become
nearly impossible. It also opens up TLS-over-Hidden Services support
which is niche right now, of course, but in a future where gitea
instances federate if hidden services want to be part of the federation
they're probably going to need TLS certificates. They don't need to be
painful to set up.

This doesn't fix an open issue, but it might affect:
- https://github.com/go-gitea/gitea/issues/22335 - my `i2p.go` file
actually has a mod that fixes this but it requires adding a handful of
new dependencies to gitea and isn't compatible with the normal way you
guys recommend using a proxy so I don't think it's ready to send to you
as a PR, but if I can find a non-invasive way to fix it I will.
 - https://github.com/go-gitea/gitea/issues/18240

I hereby agree to the Code of Conduct published here:
8b89563bf1/CODE_OF_CONDUCT.md
I have read and understood the recommendations published here:
8b89563bf1/CONTRIBUTING.md

Thank you for your consideration.

---------

Co-authored-by: eyedeekay <idk@mulder>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-24 07:18:17 +00:00
..
actions Fix `ref` for workflows triggered by `pull_request_target` (#25743) 2023-07-07 19:22:03 +00:00
activitypub Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
analyze Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
assetfs Skip unuseful error message in dev mode when watching local filesystem (#25919) 2023-07-17 09:47:55 +00:00
auth Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
avatar Remove nfnt/resize and oliamb/cutter (#25999) 2023-07-20 19:52:42 +08:00
base Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
cache Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
charset Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Add context parameter to some database functions (#26055) 2023-07-22 22:14:27 +08:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
emoji Update emoji set to Unicode 15 (#25595) 2023-06-29 16:29:48 +00:00
eventsource Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
generate Bump github.com/golang-jwt/jwt to v5 (#25975) 2023-07-19 09:57:10 +00:00
git Remove `git.FileBlame` (#25841) 2023-07-12 19:07:29 +02:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Allow the use of alternative net.Listener implementations by downstreams (#25855) 2023-07-24 07:18:17 +00:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
hostmatcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
httpcache Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
httplib Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
indexer Add open/closed field support for issue index (#25708) 2023-07-07 17:10:13 +00:00
issue/template Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
json Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
log Use stderr as fallback if the log file can't be opened (#26074) 2023-07-24 04:57:21 +00:00
markup Disallow dangerous url schemes (#25960) 2023-07-18 15:18:37 +00:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Use a separate admin page to show global stats, remove `actions` stat (#25062) 2023-06-03 22:03:41 +08:00
migration Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
mirror Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
notification Add Adopt repository event and handler (#25497) 2023-06-26 06:59:15 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Add support for different Maven POM encoding (#25873) 2023-07-14 09:39:15 +00:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
process Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2023-07-21 12:14:20 +00:00
queue Update tool dependencies, lock govulncheck and actionlint (#25655) 2023-07-09 11:58:06 +00:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Upgrade go dependencies (#25819) 2023-07-14 11:00:31 +08:00
repository Support copy protected branch from template repository (#25889) 2023-07-21 12:32:47 +08:00
secret Improve decryption failure message (#24573) 2023-05-07 19:29:43 +08:00
session Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
setting Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2023-07-21 12:14:20 +00:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Refactor path & config system (#25330) 2023-06-21 13:50:26 +08:00
storage Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
structs Remove commit status running and warning to align GitHub (#25839) 2023-07-21 16:24:36 +08:00
svg Move public asset files to the proper directory (#25907) 2023-07-18 18:06:43 +02:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
test Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
testlogger Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Do not recognize text files as audio (#23355) 2023-03-07 22:40:41 -05:00
updatechecker Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Less naked returns (#25713) 2023-07-07 05:31:56 +00:00
validation Replace `interface{}` with `any` (#25686) 2023-07-04 18:36:08 +00:00
web Remove redundant "RouteMethods" method (#26024) 2023-07-21 00:43:49 +02:00
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2023-05-24 22:06:27 -04:00