coop-cloud-chaos-patchs
/
go-ssb-room
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Apply suggestions from code review 

Co-authored-by: Alexander Cobleigh <cblgh@cblgh.org>
Co-authored-by: André Staltz <andre@staltz.com>
This commit is contained in:
Henry 2021-04-20 17:13:50 +02:00 committed by Henry
parent bcc2570a50
commit 1a6d027292
4 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/README.md
View File

@ -22,10 +22,10 @@ A summary can be seen in the following chart:
We currently assume a standard HTTPS server in front of go-ssb-room to facilitate TLS termination and certificate management. This should be possible with most modern HTTP servers since it's a pretty standard practice, known as [reverse proxying](https://en.wikipedia.org/wiki/Reverse_proxy).
Two bits of rational:
Two bits of rationale:
1) People usually want to have more then one site on their server. Put differently we could have LetsEncrypt inside the go-ssb-room server but it would have to listen on port :443, blocking the use of other domains on the same IP.
2) Listening on :443 can be pretty annoying (you might need root priviliges or similar capabilities).
1) People usually want to have more than one site on their server. Put differently, we could have [LetsEncrypt](https://letsencrypt.org/) inside the go-ssb-room server but it would have to listen on port :443—blocking the use of other domains on the same IP.
2) Listening on :443 can be pretty annoying (you might need root privileges or similar capabilities).
go-ssb-room needs three headers to function properly, which need to be forwarded by the webserver.
@ -33,4 +33,4 @@ go-ssb-room needs three headers to function properly, which need to be forwarded
* `X-Forwarded-Proto` to ensure that TLS is used (and redirect if necessary)
* `X-Forwarded-For` the remote TCP/IP address of the client accessing the room (used for rate limiting)
[nginx-example.conf](./nginx-example.conf) contains an [nginx](https://nginx.org) config that we use for `hermies.club`. To get a wildcard TLS certificate you can follow the steps in [this](https://medium.com/@alitou/getting-a-wildcard-ssl-certificate-using-certbot-and-deploy-on-nginx-15b8ffa34157) article which uses the [certbot](https://certbot.eff.org/) utility.
[nginx-example.conf](./nginx-example.conf) contains an [nginx](https://nginx.org) config that we use for [hermies.club](https://hermies.club). To get a wildcard TLS certificate you can follow the steps in [this article](https://medium.com/@alitou/getting-a-wildcard-ssl-certificate-using-certbot-and-deploy-on-nginx-15b8ffa34157), which uses the [certbot](https://certbot.eff.org/) utility.

3
internal/network/interface.go
View File

@ -97,7 +97,8 @@ type Network interface {
GetConnTracker() ConnTracker
// WebsockHandler returns a "middleware" like thing that is able to upgrade a websocket request to a muxrpc connection and authenticate using shs.
// WebsockHandler returns a "middleware" like thing that is able to upgrade a
// websocket request to a muxrpc connection and authenticate using shs.
// It calls the next handler if it fails to upgrade the connection to websocket.
// However, it will error on the request and not call the passed handler
// if the websocket upgrade is successfull.

6
internal/network/websocket.go
View File

@ -16,7 +16,8 @@ import (
"go.cryptoscope.co/muxrpc/v2"
)
// WebsockHandler returns a "middleware" like thing that is able to upgrade a websocket request to a muxrpc connection and authenticate using shs.
// WebsockHandler returns a "middleware" like thing that is able to upgrade a
// websocket request to a muxrpc connection and authenticate using shs.
// It calls the next handler if it fails to upgrade the connection to websocket.
// However, it will error on the request and not call the passed handler
// if the websocket upgrade is successfull.
@ -29,7 +30,8 @@ func (n *node) WebsockHandler(next http.Handler) http.Handler {
return true
},
// 99% of the traffic will be ciphertext which is impossible to distingish from randomness and thus also hard to compress
// 99% of the traffic will be ciphertext which is impossible to distinguish
// from randomness and thus also hard to compress
EnableCompression: false,
// if upgrading fails, just call the next handler and ignore the error

2
muxrpc/handlers/gossip/ping.go
View File

@ -82,8 +82,6 @@ func sillyPingPong(ctx context.Context, peerSrc *muxrpc.ByteSource, peerSnk *mux
return
}
// when := time.Time(ping)
// fmt.Printf("got ping: %s - age: %s\n", when.String(), time.Since(when))
}
return