IntenseWebs/boringproxy
3
0
Fork 0
mirror of https://github.com/boringproxy/boringproxy.git synced 2024-07-04 11:22:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update notes and todo

Browse Source
This commit is contained in:
Anders Pitman 2020-10-26 11:11:14 -06:00
parent 7f595c2b0d
commit 8e8045cde7
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
notes.md
View File

@ -2,10 +2,11 @@
* Community forum
* GUI client
* Custom SSH keys
* Auto-DNS
* DNS verification before creating tunnels. Necessary for secure multi-user
setups.
* Rely on CNAMEs (ie username.boringproxy.io) or TXT records (ie
boringproxy-account=user@example.com)?
* libdns integration
* Add 3rd-party tokens for controlling DNS
* Maybe add a DNS/Domains page and require users to add domains there before
@ -24,6 +25,11 @@
* Create tunnels by full URL; not just domains. Allows things like sharing
specific files and having multiple servers behind a single domain.
* Allow multiple upstreams for load balancing/HA.
* Custom SSH keys
* Partially implemented but commented out. It's tricky to manage them,
especially using the authorized_keys file. I think a lot of use cases are
handled by allowing the key for each tunnel to be downloaded manually,
which is already implemented.
# Tunnel variations

33
todo.md
View File

@ -1,23 +1,38 @@
# 31 Oct 2020 Launch List
- [ ] I think it's possible to create tokens for arbitrary user, even if you're not that user.
- [ ] Responses to unauthorized requests are leaking information about the current tunnels through the genereated CSS.
- [ ] General security review.
- [ ] Invalid database is wiping out tunnels
- [ ] Improve SSH key download UI.
- [ ] Improve token list UI.
- [ ] Finish website
- [ ] Demo instance
- [ ] Demo video
- [ ] Demo auto email signup
- [ ] Post on /r/selfhosted
# Eventually
* On unknown page, redirect to referer if possible
* Apparently multiple tunnels can bind to a single server port. Looks like
maybe only the first one is used to actually tunnel to the clients?
* Responses to unauthorized requests are leaking information about the current
tunnels through the genereated CSS.
* CSS-only delete buttons don't show up as targets for links like Vimium
* Wrapping labels in buttons and adding a bit of CSS seems to do the trick.
* Eh buttons aren't actually doing anything apparently (when hit by
keyboard).
* See if WebSockets tunnel correctly
* Pretty sure we need to be mutex-locking the cancelFunc calls
* Getting new certs isn't working behind Cloudflare. Might be able to fix by
using the HTTP challenge and allowing HTTP on the Cloudflare side.
* I think it's possible to create tokens for arbitrary user, even if you're not
that user.
* Invalid database is wiping out tunnels
* We might need some sort of a transaction or atomicity system on the db to
prevent things like 2 people setting the user at the same time and one losing
their changes.
# Maybe
* OpenSSH server only picks up the first copy of each key. Will probably need
to manually combine them for custom keys.
* Send public key back to clients, so they can automatically try to find the
matching private key.
* We might need some sort of a transaction or atomicity system on the db to
prevent things like 2 people setting the user at the same time and one losing
their changes.