diff --git a/notes.md b/notes.md index 24f277e..b43caa5 100644 --- a/notes.md +++ b/notes.md @@ -2,10 +2,11 @@ * Community forum * GUI client -* Custom SSH keys * Auto-DNS * DNS verification before creating tunnels. Necessary for secure multi-user setups. + * Rely on CNAMEs (ie username.boringproxy.io) or TXT records (ie + boringproxy-account=user@example.com)? * libdns integration * Add 3rd-party tokens for controlling DNS * Maybe add a DNS/Domains page and require users to add domains there before @@ -24,6 +25,11 @@ * Create tunnels by full URL; not just domains. Allows things like sharing specific files and having multiple servers behind a single domain. * Allow multiple upstreams for load balancing/HA. +* Custom SSH keys + * Partially implemented but commented out. It's tricky to manage them, + especially using the authorized_keys file. I think a lot of use cases are + handled by allowing the key for each tunnel to be downloaded manually, + which is already implemented. # Tunnel variations diff --git a/todo.md b/todo.md index e583e22..7f14be5 100644 --- a/todo.md +++ b/todo.md @@ -1,23 +1,38 @@ +# 31 Oct 2020 Launch List + +- [ ] I think it's possible to create tokens for arbitrary user, even if you're not that user. +- [ ] Responses to unauthorized requests are leaking information about the current tunnels through the genereated CSS. +- [ ] General security review. +- [ ] Invalid database is wiping out tunnels +- [ ] Improve SSH key download UI. +- [ ] Improve token list UI. +- [ ] Finish website +- [ ] Demo instance +- [ ] Demo video +- [ ] Demo auto email signup +- [ ] Post on /r/selfhosted + + +# Eventually + * On unknown page, redirect to referer if possible * Apparently multiple tunnels can bind to a single server port. Looks like maybe only the first one is used to actually tunnel to the clients? -* Responses to unauthorized requests are leaking information about the current - tunnels through the genereated CSS. * CSS-only delete buttons don't show up as targets for links like Vimium * Wrapping labels in buttons and adding a bit of CSS seems to do the trick. * Eh buttons aren't actually doing anything apparently (when hit by keyboard). * See if WebSockets tunnel correctly -* Pretty sure we need to be mutex-locking the cancelFunc calls * Getting new certs isn't working behind Cloudflare. Might be able to fix by using the HTTP challenge and allowing HTTP on the Cloudflare side. -* I think it's possible to create tokens for arbitrary user, even if you're not - that user. -* Invalid database is wiping out tunnels +* We might need some sort of a transaction or atomicity system on the db to + prevent things like 2 people setting the user at the same time and one losing + their changes. + + +# Maybe + * OpenSSH server only picks up the first copy of each key. Will probably need to manually combine them for custom keys. * Send public key back to clients, so they can automatically try to find the matching private key. -* We might need some sort of a transaction or atomicity system on the db to - prevent things like 2 people setting the user at the same time and one losing - their changes.