nyxnor / onionjuggler Goto Github PK
View Code? Open in Web Editor NEWManage your Onion Services via CLI or TUI on Unix-like operating system with a POSIX compliant shell.
License: MIT License
Manage your Onion Services via CLI or TUI on Unix-like operating system with a POSIX compliant shell.
License: MIT License
https://github.com/nyxnor/onionservice/blob/5a4f4991fdc6fa8f74e7120a9c4d9cf51cbe7940/.onionrc#L185
Issue
Restart or reload-or-restart tor in the background and giving a "Reloaded tor successfully!" after 2 seconds could be misleading because if the restart or to reload-or-restart process gets stuck in the background, the success message is shown anyway after 2 seconds.
Describe the solution you'd like
In my opinion, it would be better to inform the user that tor is restarting or doing the reload-or-restart that it would take a moment with a solution to what he/she has to do if a restart or reload-or-restart process gets stuck.
Additional remarks
Pull request may follow
Is your feature request related to a problem? Please describe.
See SC2045 and shell pitfalls
Describe the solution you'd like
Not sure, the DataDirectory
is not owned by the user, it is owned by the tor user for security reasons. Because of this, I haven't found a reasonable substitute that can be used.
Describe alternatives you've considered
ls
loops to find
.Describe the bug
libqrencode
, but calls the command qrencode
. This means that the requirement will become libqrencode
but the command will remain as qrencode
, this currently fails on setup because it does command -v libqrencode
and I should refer to the qrencode
with a case statement./usr/sbin/
as on debian, but on /usr/local/sbin
. I had to hardcode the path of the webserver because on debian, command -v nginx does not output anything as the process is on a restricted system folder. command -v nginx works on openbsd, so I would first try with command -v then if-else to the next individual tests if failed before./etc/nginx/nginx.conf
has to be modified to include the directory with include /etc/nginx/modules-enabled/*.conf;
- ABANDONED, will substitue for httpd on OpenBSDsha256
. It is used to show backup hash sum. It comes already installed on openbsd and debian but they have a different command name. best fix is to test if it exists and fallback to the second option and then fall to not using it.Terminal output
Screenshots
Please complete the following specifications:
OpenBSD 7.0
Ksh v5.2.14 99/07/13.2
more info
the /etc/onionjuggler.conf
:
privilege_command="doas"
tor_user="_tor"
tor_service="tor"
pkg_mngr_install="pkg_add"
requirements="tor grep sed openssl basez git libqrencode pandoc lynx tar pyt-stem nginx dialog"
Is your feature request related to a problem? Please describe.
These options were not included before because they are non essential and common users don't need. It is only necessary for high traffic onion services.
https://2019.www.torproject.org/docs/tor-manual-dev.html.en
Discarded HiddenServiceNonAnonymousMode and HiddenServiceSingleHopMode because I don't like it.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
Describe the bug
To Reproduce
Expected behavior
Terminal output
Screenshots
Please complete the following specifications:
Additional context
Is your feature request related to a problem? Please describe.
Looking at nasez and many other projects written in C, there is a configure
shell script file (standard). It can decide where the manual goes, where the binary (in our case, shell script, no bin) goes, where the docs goes.
Describe the solution you'd like
I want option parser to be more elaborate on this configure script, so user can decide where the manual goes (if it goes to /usr/local/man/man1 or any other location), and if script goes to /usr/local/bin by default or any other location.
This helps a lot because instead of just making the tor paths custom, I can make the project onionjuggler path custom.
Is your feature request related to a problem? Please describe.
I want to inform first, lets see if it is easy to do so, it is an error check at the beginning of the scripts with variable expansion.
the bug is that if folder contains trailing /
at the end, the path to the file inside that folder will have two consecutive //
which will fail.
Another option is auto correcting that.... but on the variable on the script itself, not altering the config file, this would be the optimal solution.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
This will avoid tor failing if the configuration if invalid, I wanted to do this anyway as a sudoedit or doasedit for the TUI, but the priority right now is where it is more used, on the CLI.
-f FILE
Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found)--verify-config
Verify the configuration file is valid.
So design is:
Copy torrc
to "${TMPDIR:-/tmp}"
, make the changes there.
"${exec_cmd_alt_user}" cp "${tor_conf}" "${TMPDIR:-/tmp}"
Modify scripts to alter the the torrc on the tmp dir.
Verify it with:
"${exec_cmd_alt_user}" -u "${tor_user}" -f "${TMPDIR:-/tmp}/torrc" --verify-config
If valid, reload, if not, abort with error message.
OnionService (project) can be easily misunderstood with onion services (hidden services), because of this, the name must change and must differentiate. Also, it has to be related to the utilitites. If you are reading this, you can provide good names also.
For now, I thought of this names:
OnionManager
- managing onionsOnionOps
- operations with onion servicesOnionChef
- analogy to cooking onions and being the onion service chef.Describe the bug
131 occurences on the cli, instead, just call the script as root
check readability and writability of tor_conf and tor_data_dir
To Reproduce
Expected behavior
Terminal output
Screenshots
Please complete the following specifications:
Additional context
when editing in the TUI
Describe the bug
after running onionjuggler-cli restore-torrc
it does restore the latest torrc but put all the HiddenService
lines together, it does not break anything but I want order, blocks separated by empty lines
see https://github.com/perusio/nginx_ensite/blob/master/Makefile
for signing a release, commiting manual pages etc
Is your feature request related to a problem? Please describe.
I am using 4 lines for XMPP, but could not use onionjuggler because the current limit is two. I want to make it unlimited.
Describe the solution you'd like
the solution is change the format to assign ports.
VIRTPORT
VIRTPORT-TARGET
VIRTPORT-TARGETPORT
VIRTPORT-TARGETADDRESS:TARGETPORT
different HiddenServicePort can be separated by commas ,
or spaces
.
So use:
--port "VIRTPORT[-[ADDR:]PORT] VIRTPORT[-[ADDR:]PORT] VIRTPORT[-[ADDR:]PORT]"
Describe alternatives you've considered
Additional context
It would be good to copy from more reviewed projects to be understandable and clear on the printed messages to stdout, because of this:
Is your feature request related to a problem? Please describe.
Currently it is using unix as the default socket if none specified and virtport 80.
This was purposefully chosen because with unix socket names being unique, there was no repeated target, which happens on tcp if no specific target if specified the second time using the same virtual port.
Describe the solution you'd like
Use tcp as default
Do not use default virtport.
Describe alternatives you've considered
Additional context
it has almost nothing to do with HiddenService configuration lines, except it verify it if wrong.
Anyway, it will still be possible to install, but will be hosted on a separate repo to be more focused.
Is your feature request related to a problem? Please describe.
If socket is empty, it will default to unix socket.
If port is empty, will default to 80 because that works with unix socket as each sock file has a different name.
That is not gonna work with tcp because each local port must be different.
Address will be localhost, but port I don't know yet what to do to be as simple as possible.
Describe the solution you'd like
Random available high number local ports for the tcp target, virtual port will still be 80.
Describe alternatives you've considered
Investigate how OnionShare with socket.io handles ports
Describe the solution you'd like
I want getopts to parse cli arguments. It will be cleaner.
Describe alternatives you've considered
Additional context
Have no time to do this right now, but it is a medium priority goal.
Issue
If I'm not wrong, the format of the content of the public key, which is stored on the machine running the Onion Service (server), is the following:
<auth-type>:<key-type>:<base32-encoded-public-key>
Example: descriptor:x25519:N2NU7BSRL6YODZCYPN4CREB54TYLKGIE2KYOQWLFYC23ZJVCE5DQ
Because grep is searching for :descriptor:x25519:
, it will not list the file's content.
Describe the solution you'd like
Change the above linked row to the following:
printf %s"# Content: $(sudo -u "${TOR_USER}" grep "descriptor:x25519:" "${DATA_DIR_SERVICES}"/"${SERVICE}"/authorized_clients/"${AUTH}")\n"
Additional remarks
Would you please double-check if I didn't confuse something?
Pull request may follow.
find "${tor_data_dir}" -type d -exec chmod 700 {} \;
find "${tor_data_dir}" -type f -exec chmod 600 {} \;
find "${tor_conf_dir}" -type d -exec chmod 755 {} \;
find "${tor_conf_dir}" -type f -exec chmod 644 {} \;
Is your feature request related to a problem? Please describe.
Not every web server config fits every usage, maintain the default one and optionally let the user specify the path to his own config file and use that instead.
Is your feature request related to a problem? Please describe.
Those are the most used shells and known to me that have completion (more to come if someone helps), I want that to be improved.
Describe the solution you'd like
Bash completion official package and debian guide
Zsh completion example https://github.com/cheat/cheat/blob/master/scripts/cheat.zsh
Additional context
Low priority, it will be very useful but not intrinsic required.
My doubt is / How can I:
Env var should be distinguishable according to posix and this stackoverflow answer. The .onionrc is a lib and "exports" vars to other scripts.
Issue
It seems (I use whiptail instead of dialog) that the "2" representing two entries is hardcoded in this line of code. However, someone may have only one or several entries.
Describe the solution you'd like
For the above reasons, I propose to replace "2" with "$i". To be sure that the list is not getting too long and is fitting to a little LCD display, the entire code could look like that:
if [ $i -gt 11 ]; then i=11; fi
CHOICE_SERVICE="$(dialog --clear --backtitle "${BACKTITLE}" --title "${TITLE}" --"${DIALOG_TYPE}" "${MENU}" \
"$((i+8))" 80 ${i} ${SERVICE_LIST} 2>&1 >/dev/tty)"
Additional remarks
I didn't submit a pull request yet because I don't use dialog, and I'm not entirely sure it reacts like whiptail.
My doubt is / How can I:
Is this helpful? Possibly, less commands to deal with and view their compatibility with the posix spec.
Pass sedcheck on sed scripts
sed ':/p' file
instead of sed ':' file
SED emulating UNIX commands by Aurelio Jargas
--------------------------- www.aurelio.net/en
verde at aurelio.net
Here's the list of some UNIX commands that can be emulated
using SED. Please, if know about others, contribute!
UNIX | SED
-------------+----------------------------------------------------------------
cat | sed ':'
cat -s | sed '1s/^$//p;/./,/^$/!d'
tac | sed '1!G;h;$!d'
grep | sed '/patt/!d'
grep -v | sed '/patt/d'
head | sed '10q'
head -1 | sed 'q'
tail | sed -e ':a' -e '$q;N;11,$D;ba'
tail -1 | sed '$!d'
tail -f | sed -u '/./!d'
cut -c 10 | sed 's/\(.\)\{10\}.*/\1/'
cut -d: -f4 | sed 's/\(\([^:]*\):\)\{4\}.*/\2/'
tr A-Z a-z | sed 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'
tr a-z A-Z | sed 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'
tr -s ' ' | sed 's/ \+/ /g'
tr -d '\012' | sed 'H;$!d;g;s/\n//g'
wc -l | sed -n '$='
uniq | sed 'N;/^\(.*\)\n\1$/!P;D'
rev | sed '/\n/!G;s/\(.\)\(.*\n\)/&\2\1/;//D;s/.//'
basename | sed 's,.*/,,'
dirname | sed 's,[^/]*$,,'
xargs | sed -e ':a' -e '$!N;s/\n/ /;ta'
paste -sd: | sed -e ':a' -e '$!N;s/\n/:/;ta'
cat -n | sed '=' | sed '$!N;s/\n/ /'
grep -n | sed -n '/patt/{=;p;}' | sed '$!N;s/\n/:/'
cp orig new | sed 'w new' orig
hostname -s | hostname | sed 's/\..*//'
I am no longer satisfied with grepping 7 lines starting from match:
onionjuggler/bin/onionjuggler-cli
Line 437 in 9ee4ff8
I used 7 as an arbitrary number and I could choose any other arbitrary number. But the solution is to read the file until the configuration is not HiddenService anymore or it is HiddenServiceDir of another service.
The other problem is the sed deleting lines. Before, every line was unique with HiddenServiceDir and HiddenServicePort, but HiddenServiceVersion is the same for every onion service, this means that when deleting a service, it would be deleting every version line from every service.
Describe the bug
m4 is not installed by default and Vi is not a command there, so better check that
Problem with current web servers
Problems:
apache{2}
is not a command on openbsd, it is a file on /etc/rc.d/apache2
, meaning it has to be controlled with the service manager, in this case, rcctl
. To add more, the command is called httpd2
for apache (/usr/local/sbin/httpd2), see /etc/rc.d/apache2.Solution?
Describe the solution you'd like
Default on openbsd is httpd
(/usr/sbin/httpd), so it is to be done.
Describe the bug
The solution I found was to disable interrupt signal, but this locks me out if something is broken on the code.
Insatisfied.
To Reproduce
Expected behavior
Terminal output
Screenshots
Please complete the following specifications:
Additional context
My doubt is / How can I:
Shouldn't there be a placeholder (like TRAGTE) in the link above which will be replaced by the onion domain?
Currently, with that configuration, I cannot successfully share a folder. However, the cause may be another problem. I'm checking that right now.
My doubt is / How can I:
@radio24 Have you encountered any problems/incompatibilities translating from whiptail
to dialog
? If no, I can make the menu also become a whiptail, else, might have to study to make them compatible in the code.
Is your feature request related to a problem? Please describe.
There is the option to gen key pair, use priv key for client or use pub key for server.
But there is no option to just place existing file directly to folder.
Describe the solution you'd like
I want to specify file as an option to be included
Describe alternatives you've considered
Additional context
This can be done on auth-server
and auth-client
.
Describe the bug
currently ONIONJUGGLER_PWD
is added to the path by using a shell rc, example is ~/.bashrc
, but that only works if it is the same user running onionjuggler-cli
.
The .onionrc
is a dot file, which fits a user mode to save on the home folder ~/
, but would be better to be system wide if it used a configuration inside the /etc
folder, for example, /etc/onionjuggler.conf
.
It is a bug for systems with multiple users requiring the command.
The ONIONJUGGLER_PWD
was being saved inside the files on the old days, but it leaked the user custom path, so that is not a solution. My proposed solution is copying the files to a directory in path, for example /usr/local/bin/onionjuggler-cli
and /usr/local/bin/oninjuggler-tui
and /etc/onionjuggler.conf
. Every time install/setup.sh --setup
is ran, it will cp the repository files to the path to test with the new changes.
Describe the bug
Ctrl+C does not quit on whiptail, only on dialog.
Additional context
I need that to be menu options:
Is your feature request related to a problem? Please describe.
currently you can only paste the address.onion, but it is possible to sed the http from the front and remove it.
Issue
CLIENT_COUNT
is always set to 1
. This means that if [ -n "${CLIENT_COUNT}" ]; then
(for example here) will never executed.
Describe the solution you'd like
To remove the specific line of code If there is no other reason for CLIENT_COUNT=$((CLIENT_COUNT+1))
Is your feature request related to a problem? Please describe.
Systemd dominates Linux world and all BSDs I've seen don't use it, and I don't want a single point of failure. See alternatives.
Describe the solution you'd like
Currently affects restart/reloading tor and creating the vanguard service.
Describe alternatives you've considered
Additional context
See this guide to manage multiple service managers
My doubt is / How can I:
Keep an eye on stem git and changelog, because the next version will drop python2.x support as it is being drepecated by python.org
Is your feature request related to a problem? Please describe.
The one hosted on https://github.com/nyxnor/scripts/blob/master/getopts.sh was enhanced based from what I learn on onionjuggler, now onionjuggler should update from that template.
Describe the solution you'd like
Describe alternatives you've considered
Additional context
Is your feature request related to a problem? Please describe.
By default, as the tools provided are for persistent services because
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt#n1849
Once created the new Onion Service will remain active until either the
Onion Service is removed via "DEL_ONION", the server terminates, or the
control connection that originated the "ADD_ONION" command is closed.
It is possible to override disabling the Onion Service on control
connection close by specifying the "Detach" flag.
Also because I don't mess with tor control except for the Vanguards addon.
Describe the solution you'd like
Use the control port at its finest.
Describe alternatives you've considered
tor-ctrl by Adrelanos
Tested and it works, it requires socat
and xxd
, socat I can maybe change to netcat but xxd is linux only? bad for portability but can I do the same with only hexdump?
Also, this has not high priority because if this is done one day, would be a script just for it.
Additional context
Is your feature request related to a problem? Please describe.
I followed the posix manuals for each command, but reviewing it again and again just to be sure.
The problem is that even if I envoke the posix shell, it will call the programs that are not limited by posix, so the review is by reading rather than running commands.
Describe the solution you'd like
read the manuals on docs/CONTRIBUTING.md, especially grep
and sed
which are the most used and compare to their occurrences on the code.
Describe alternatives you've considered
Read Shell & Utilities: Detailed Toc
Another alternative is create a directory and include in front of path, them limit the commands to posix if possible.
Additional context
See how important POSIX scripts are for your system:
file /usr/bin/* | grep "shell script"
file /usr/bin/* | grep -c "shell script"
file /usr/bin/* | grep -c "POSIX shell script"
Describe the solution you'd like
Design some onion juggling other onions.
Is your feature request related to a problem? Please describe.
As seen the OnionJuggler implementation on TorBox, enphasizing some parts are crucial. This has to be done to all the options on the cli.
Describe alternatives you've considered
Some colors I already have established their usage:
green
is when everything is alright
yellow
is information that may need some action, like pressing enter to return to the tui, but it can serve as an warning, not and error per se
red
is only for error msgs and deleting important things
rest of colors must be defined:
magenta
- it is kinda purple and remind me of onions, will use that when referring for onions
cyan
just looks cool, idk
blue
success on commands, but between the commands, not at end like green
bold
- emphasize but when?
underline
- emphasize but when?
Describe the bug
scp is outdated, sftp is upadate and developed specifically for ssh.
Is your feature request related to a problem? Please describe.
Sudo works but it is not hardened, I want the best. BSDs prefer doas, so should I.
Describe the solution you'd like
Additional context
At the moment, there are many occurrences.
grep -c sudo onionservice-cli
122
$ grep -c sudo onionservice-tui
19
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.