Page MenuHomePhabricator

[keyserver] Listen on all addresses in dev mode
ClosedPublic

Authored by ashoat on Dec 21 2022, 7:39 AM.
Tags
None
Referenced Files
F3514084: D5973.id19953.diff
Sun, Dec 22, 3:31 AM
F3513803: D5973.id19984.diff
Sun, Dec 22, 2:12 AM
F3513032: D5973.diff
Sat, Dec 21, 9:51 PM
Unknown Object (File)
Sat, Dec 14, 7:15 AM
Unknown Object (File)
Mon, Dec 2, 4:34 PM
Unknown Object (File)
Fri, Nov 22, 5:33 AM
Unknown Object (File)
Fri, Nov 22, 5:33 AM
Unknown Object (File)
Fri, Nov 22, 5:33 AM
Subscribers

Details

Summary

When we were using Apache as a proxy, we only needed the keyserver to listen on localhost. That's because Apache was the only thing connected to Node, and Apache would always connect on localhost.

Now that clients are connecting directly to Node, we need to tell Node to listen on other addresses. Without this change, it's not possible to connect an external device to a keyserver running on a dev machine.

The reason we didn't catch this in D5846 was because the test plan was insufficient. In the future, we need to be even stricter with test plans.

Test Plan

Make sure a physical iOS device is able to connect to the keyserver running on my laptop using port 3000

Diff Detail

Repository
rCOMM Comm
Branch
ashoat/physicaldevice
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

ashoat retitled this revision from [keyserver] Listen to all ports in dev mode to [keyserver] Listen on all addresses in dev mode.Dec 21 2022, 7:39 AM
keyserver/src/keyserver.js
167

looks like undefined will default to "0.0.0.0" for the socket addr, which will bind to all interfaces.

Seems like our desired logic would just be:

server.listen(parseInt(process.env.PORT, 10) || 3000);

Unless there's a compelling reason to limit the interfaces for docker.

keyserver/src/keyserver.js
167

I don't see why we would get rid of process.env.COMM_LISTEN_ADDR.

Unless there's a compelling reason to limit the interfaces for docker.

I think it's generally a good idea for security?

jon added inline comments.
keyserver/src/keyserver.js
167

I think it's generally a good idea for security?

Probably, but only certain ports are exposed. I guess I don't feel strongly enough.

This revision is now accepted and ready to land.Dec 21 2022, 1:55 PM