Skip to content

Commit 2637797

Browse files
FrandoFrando
committed
docs
1 parent 7d2fc51 commit 2637797

File tree

2 files changed

+29
-2
lines changed

2 files changed

+29
-2
lines changed

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,24 @@ You can now browse the website on port 3001.
7979

8080
# Advanced features
8181

82+
## Limiting access
83+
84+
You can limit access to a dumbpipe listener through a keys file, similar to the `authorized_keys` file that SSH uses.
85+
You can put the file wherever you want, e.g. at `~/.dumbpipe/authorized_keys`. For the file to be used, and thus
86+
access to be limited, specify the file path with the `--authorized-keys` (or `-a`) when launching dumbpipe.
87+
When authorization is set, only connections from nodes listed in the file will be accepted.
88+
89+
Here's an example file:
90+
```
91+
# dumbpipe authorized nodes
92+
148449487b53bb90382927634114457ef90d2a63127200fd8816a8dffb9d48c6 some-server
93+
3827f5124d03d10f2f344d319a88c64c198c4db1335560ea6aad41ce2fb7c311 devbox
94+
```
95+
96+
The file must contain a list of hex-encoded node ids, seperated by newlines.
97+
The node ids may be followed by a comment, separated by a space from the encoded node id.
98+
Lines starting with `#` are ignored and can be used as comments.
99+
82100
## Custom ALPNs
83101

84102
Dumbpipe has an expert feature to specify a custom [ALPN](https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation) string. You can use it to interact with

src/main.rs

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,14 @@ fn parse_alpn(alpn: &str) -> Result<Vec<u8>> {
132132
#[derive(Parser, Debug)]
133133
pub struct CommonAcceptArgs {
134134
/// Optionally limit access to node ids listed in this file.
135-
#[clap(short = 'a', long)]
135+
///
136+
/// When set, only node ids listed in the file will be allowed to connect.
137+
/// Other connections will be rejected.
138+
///
139+
/// The file must contain one hex-encoded node id per line. The node id may be followed
140+
/// by a comment, separated with a space. Lines starting with `#` are ignored and may
141+
/// be used as comments.
142+
#[clap(short = 'a', long, value_name = "FILE")]
136143
pub authorized_keys: Option<PathBuf>,
137144
}
138145

@@ -595,7 +602,9 @@ impl AuthorizedKeys {
595602
})
596603
})
597604
.collect();
598-
Ok(Self(Arc::new(keys?)))
605+
let keys = keys?;
606+
info!("authorization is enabled: {} nodes authorized.", keys.len());
607+
Ok(Self(Arc::new(keys)))
599608
}
600609

601610
fn authorize(&self, connection: &Connection) -> Result<()> {

0 commit comments

Comments
 (0)