Skip to content

Add localhost-only connection middleware to but-server #12001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Byron merged 3 commits into from
Jan 24, 2026
Merged

Add localhost-only connection middleware to but-server #12001

Byron merged 3 commits into from
Jan 24, 2026
+72 −6

Conversation

Copy link
Contributor

Copilot AI commented Jan 24, 2026
edited
Loading

but-server now rejects non-localhost connections with HTTP 403 Forbidden.

Implementation

  • Added Axum middleware using ConnectInfo<SocketAddr> to validate connection origin via is_loopback() (supports IPv4 and IPv6)
  • Positioned before CORS layer to ensure security checks run first
  • Rejected connections logged via tracing::warn for security monitoring
  • Updated axum::serve() to use into_make_service_with_connect_info::<SocketAddr>()
async fn localhost_only_middleware(
    ConnectInfo(addr): ConnectInfo<SocketAddr>,
    req: axum::extract::Request<Body>,
    next: Next,
) -> Result<impl IntoResponse, StatusCode> {
    if addr.ip().is_loopback() {
        Ok(next.run(req).await)
    } else {
        tracing::warn!("Rejected non-localhost connection from: {}", addr);
        Err(StatusCode::FORBIDDEN)
    }
}

Defense-in-depth

Provides protection even if bind address is inadvertently changed from 127.0.0.1 to 0.0.0.0.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • esm.ubuntu.com
    • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https libgit2/deps/xdiff -I libgit2/deps/pcre -sys�� -sys-21e0336783b-I nu/bin/gcc-ld/ldlibgit2/src/util stup/toolchains/-I son ug/build/libssh2-O0 k/gitbutler/gitb-ffunction-sections ug/build/openssl-fdata-sections ug/b�� -sys-21e0336783b-gdwarf-4 include stup/toolchains/-m64 son -sys-3f7fe3bc8ec/usr/lib/php wildcard_imports-mindepth -sys-1d8c88fdf851 (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Make but-server check the origin of all incoming connection to only accept the local host. Maybe axum has a middleware for that?

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@vercel
Copy link

vercel bot commented Jan 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Review Updated (UTC)
gitbutler-web Ignored Ignored Preview Jan 24, 2026 3:09pm

Request Review

Copilot AI changed the title [WIP] Restrict incoming connections to localhost only Add localhost-only connection middleware to but-server Jan 24, 2026
Copilot AI requested a review from Byron January 24, 2026 13:48
@Byron
Add localhost-only middleware to but-server and security docs.
8aae0de 
Co-authored-by: Byron <63622+Byron@users.noreply.github.com>
@Byron Byron force-pushed the copilot/check-origin-for-connections branch from 2ceef18 to 8fe4fd6 Compare January 24, 2026 14:59
@Byron Byron marked this pull request as ready for review January 24, 2026 15:00
@github-actions github-actions bot added the rust Pull requests that update Rust code label Jan 24, 2026
Copilot AI review requested due to automatic review settings January 24, 2026 15:00
@Byron Byron force-pushed the copilot/check-origin-for-connections branch from 8fe4fd6 to d7e42bd Compare January 24, 2026 15:03
Copilot AI reviewed Jan 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a localhost-only connection guard to but-server and tightens its CORS configuration, along with documentation describing the security model.

Changes:

  • Introduced an Axum middleware (localhost_only_middleware) that rejects any non-loopback client IP with HTTP 403, and wired it via into_make_service_with_connect_info::<SocketAddr>().
  • Updated the CORS configuration to allow only http://localhost origins (with optional port) instead of Any.
  • Added crates/but-server/SECURITY.md describing the localhost-only behavior, configuration, and logging of rejected connections.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
crates/but-server/src/lib.rs Adds localhost-only middleware, adjusts CORS to a localhost-only origin predicate, and updates server startup to use into_make_service_with_connect_info so the middleware can inspect peer addresses.
crates/but-server/SECURITY.md Documents the localhost-only connection policy, CORS behavior, configuration, and logging of rejected connections for but-server.

@Byron
Apply suggestions from Copilot code review
2487a4e 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@Byron Byron enabled auto-merge January 24, 2026 15:10
@Byron Byron merged commit f8f8df7 into master Jan 24, 2026
23 checks passed
@Byron Byron deleted the copilot/check-origin-for-connections branch January 24, 2026 15:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Byron Byron Awaiting requested review from Byron

Assignees

@Byron Byron

Copilot code review Copilot

Labels

rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Byron