Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: use config block list instead of allow list #247

Merged
merged 4 commits into from
Jun 3, 2024
Merged

chore: use config block list instead of allow list #247

merged 4 commits into from
Jun 3, 2024

Conversation

fortuna
Copy link
Contributor

@fortuna fortuna commented Jun 3, 2024

With this change, instead of allow listing specific config fields, we block the ones that should be set by the application developer instead. This should address Psiphon's concern about treating the config as a black box.

I also figured out a trick to make the Go docs work: instead of setting the build tag restrictions on all files, I only add to one, which is required to build the entire package. This allows the documentation to be generated without setting the build tag.

@fortuna fortuna requested a review from jyyi1 June 3, 2024 21:32
jyyi1
jyyi1 approved these changes Jun 3, 2024
View reviewed changes
Copy link
Contributor

@jyyi1 jyyi1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks good, with some small questions.

x/psiphon/psiphon.go
}
for key, value := range configMap {
switch key {
case "DisableLocalHTTPProxy", "DisableLocalSocksProxy":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are still digging into a specific field in the config. Not sure whether this is breaking the "black-box" or not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because those fields are incompatible with the Outline SDK. The key change in this PR is from specifying what fields to allow to specifying what fields to now allow. So Psiphon config - disallowed fields is a black box now.

x/psiphon/psiphon.go
if b != true {
return nil, fmt.Errorf("field %v must be true if set", key)
}
case "DataRootDirectory":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why don't we allow customers to specify their own DataRootDirectory?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because that must be specified via the DialerConfig.DataRootDirectory. This makes it clear what they should be setting vs what is provided by Psiphon.

@fortuna fortuna merged commit e5749b0 into main Jun 3, 2024
6 checks passed
@fortuna fortuna deleted the fortuna-psiphon branch June 3, 2024 22:08
fortuna added a commit that referenced this pull request Jun 3, 2024
@fortuna
chore: use config block list instead of allow list (#247)
ca4a1a5 
change to field blocklist

Fix doc

Tweak

Minor cleanup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jyyi1 jyyi1 jyyi1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fortuna @jyyi1