mirror of
https://github.com/boringproxy/boringproxy.git
synced 2024-07-04 11:22:57 -05:00
Update notes and todo
This commit is contained in:
parent
7f595c2b0d
commit
8e8045cde7
8
notes.md
8
notes.md
|
@ -2,10 +2,11 @@
|
|||
|
||||
* Community forum
|
||||
* GUI client
|
||||
* Custom SSH keys
|
||||
* Auto-DNS
|
||||
* DNS verification before creating tunnels. Necessary for secure multi-user
|
||||
setups.
|
||||
* Rely on CNAMEs (ie username.boringproxy.io) or TXT records (ie
|
||||
boringproxy-account=user@example.com)?
|
||||
* libdns integration
|
||||
* Add 3rd-party tokens for controlling DNS
|
||||
* Maybe add a DNS/Domains page and require users to add domains there before
|
||||
|
@ -24,6 +25,11 @@
|
|||
* Create tunnels by full URL; not just domains. Allows things like sharing
|
||||
specific files and having multiple servers behind a single domain.
|
||||
* Allow multiple upstreams for load balancing/HA.
|
||||
* Custom SSH keys
|
||||
* Partially implemented but commented out. It's tricky to manage them,
|
||||
especially using the authorized_keys file. I think a lot of use cases are
|
||||
handled by allowing the key for each tunnel to be downloaded manually,
|
||||
which is already implemented.
|
||||
|
||||
|
||||
# Tunnel variations
|
||||
|
|
33
todo.md
33
todo.md
|
@ -1,23 +1,38 @@
|
|||
# 31 Oct 2020 Launch List
|
||||
|
||||
- [ ] I think it's possible to create tokens for arbitrary user, even if you're not that user.
|
||||
- [ ] Responses to unauthorized requests are leaking information about the current tunnels through the genereated CSS.
|
||||
- [ ] General security review.
|
||||
- [ ] Invalid database is wiping out tunnels
|
||||
- [ ] Improve SSH key download UI.
|
||||
- [ ] Improve token list UI.
|
||||
- [ ] Finish website
|
||||
- [ ] Demo instance
|
||||
- [ ] Demo video
|
||||
- [ ] Demo auto email signup
|
||||
- [ ] Post on /r/selfhosted
|
||||
|
||||
|
||||
# Eventually
|
||||
|
||||
* On unknown page, redirect to referer if possible
|
||||
* Apparently multiple tunnels can bind to a single server port. Looks like
|
||||
maybe only the first one is used to actually tunnel to the clients?
|
||||
* Responses to unauthorized requests are leaking information about the current
|
||||
tunnels through the genereated CSS.
|
||||
* CSS-only delete buttons don't show up as targets for links like Vimium
|
||||
* Wrapping labels in buttons and adding a bit of CSS seems to do the trick.
|
||||
* Eh buttons aren't actually doing anything apparently (when hit by
|
||||
keyboard).
|
||||
* See if WebSockets tunnel correctly
|
||||
* Pretty sure we need to be mutex-locking the cancelFunc calls
|
||||
* Getting new certs isn't working behind Cloudflare. Might be able to fix by
|
||||
using the HTTP challenge and allowing HTTP on the Cloudflare side.
|
||||
* I think it's possible to create tokens for arbitrary user, even if you're not
|
||||
that user.
|
||||
* Invalid database is wiping out tunnels
|
||||
* We might need some sort of a transaction or atomicity system on the db to
|
||||
prevent things like 2 people setting the user at the same time and one losing
|
||||
their changes.
|
||||
|
||||
|
||||
# Maybe
|
||||
|
||||
* OpenSSH server only picks up the first copy of each key. Will probably need
|
||||
to manually combine them for custom keys.
|
||||
* Send public key back to clients, so they can automatically try to find the
|
||||
matching private key.
|
||||
* We might need some sort of a transaction or atomicity system on the db to
|
||||
prevent things like 2 people setting the user at the same time and one losing
|
||||
their changes.
|
||||
|
|
Loading…
Reference in New Issue
Block a user