IntenseWebs/boringproxy
3
0
Fork 0
mirror of https://github.com/boringproxy/boringproxy.git synced 2024-07-07 04:42:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update notes and todo

Browse Source
This commit is contained in:
Anders Pitman 2020-10-26 11:11:14 -06:00
parent 7f595c2b0d
commit 8e8045cde7
2 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
notes.md
View File

@ -2,10 +2,11 @@
* Community forum * Community forum
* GUI client * GUI client
* Custom SSH keys
* Auto-DNS * Auto-DNS
* DNS verification before creating tunnels. Necessary for secure multi-user * DNS verification before creating tunnels. Necessary for secure multi-user
setups. setups.
* Rely on CNAMEs (ie username.boringproxy.io) or TXT records (ie
boringproxy-account=user@example.com)?
* libdns integration * libdns integration
* Add 3rd-party tokens for controlling DNS * Add 3rd-party tokens for controlling DNS
* Maybe add a DNS/Domains page and require users to add domains there before * Maybe add a DNS/Domains page and require users to add domains there before
@ -24,6 +25,11 @@
* Create tunnels by full URL; not just domains. Allows things like sharing * Create tunnels by full URL; not just domains. Allows things like sharing
specific files and having multiple servers behind a single domain. specific files and having multiple servers behind a single domain.
* Allow multiple upstreams for load balancing/HA. * Allow multiple upstreams for load balancing/HA.
* Custom SSH keys
* Partially implemented but commented out. It's tricky to manage them,
especially using the authorized_keys file. I think a lot of use cases are
handled by allowing the key for each tunnel to be downloaded manually,
which is already implemented.
# Tunnel variations # Tunnel variations

33
todo.md
View File

@ -1,23 +1,38 @@
# 31 Oct 2020 Launch List
- [ ] I think it's possible to create tokens for arbitrary user, even if you're not that user.
- [ ] Responses to unauthorized requests are leaking information about the current tunnels through the genereated CSS.
- [ ] General security review.
- [ ] Invalid database is wiping out tunnels
- [ ] Improve SSH key download UI.
- [ ] Improve token list UI.
- [ ] Finish website
- [ ] Demo instance
- [ ] Demo video
- [ ] Demo auto email signup
- [ ] Post on /r/selfhosted
# Eventually
* On unknown page, redirect to referer if possible * On unknown page, redirect to referer if possible
* Apparently multiple tunnels can bind to a single server port. Looks like * Apparently multiple tunnels can bind to a single server port. Looks like
maybe only the first one is used to actually tunnel to the clients? maybe only the first one is used to actually tunnel to the clients?
* Responses to unauthorized requests are leaking information about the current
tunnels through the genereated CSS.
* CSS-only delete buttons don't show up as targets for links like Vimium * CSS-only delete buttons don't show up as targets for links like Vimium
* Wrapping labels in buttons and adding a bit of CSS seems to do the trick. * Wrapping labels in buttons and adding a bit of CSS seems to do the trick.
* Eh buttons aren't actually doing anything apparently (when hit by * Eh buttons aren't actually doing anything apparently (when hit by
keyboard). keyboard).
* See if WebSockets tunnel correctly * See if WebSockets tunnel correctly
* Pretty sure we need to be mutex-locking the cancelFunc calls
* Getting new certs isn't working behind Cloudflare. Might be able to fix by * Getting new certs isn't working behind Cloudflare. Might be able to fix by
using the HTTP challenge and allowing HTTP on the Cloudflare side. using the HTTP challenge and allowing HTTP on the Cloudflare side.
* I think it's possible to create tokens for arbitrary user, even if you're not * We might need some sort of a transaction or atomicity system on the db to
that user. prevent things like 2 people setting the user at the same time and one losing
* Invalid database is wiping out tunnels their changes.
# Maybe
* OpenSSH server only picks up the first copy of each key. Will probably need * OpenSSH server only picks up the first copy of each key. Will probably need
to manually combine them for custom keys. to manually combine them for custom keys.
* Send public key back to clients, so they can automatically try to find the * Send public key back to clients, so they can automatically try to find the
matching private key. matching private key.
* We might need some sort of a transaction or atomicity system on the db to
prevent things like 2 people setting the user at the same time and one losing
their changes.