Closed JamesTGrant closed 1 week ago
erebe
commented
1 month ago Thanks for proposing your contribution🙏
I think it will be a bit too much for wstunnel to implement. I would assume people willing to do that would install a real reverse proxy in front of wstunnel to be free to do whatever they need%want
erebe
commented
1 week ago Hi back,
It has been implemented in the new release. You have now a new flag --restrict-config to pass a config file and tat is automatically reloaded if needed.
Check out the details in https://github.com/erebe/wstunnel/releases/tag/v9.4.1
JamesTGrant
commented
6 days ago Amazing - thank you!
Hi there,
This is a brilliant project. Thank you for your work. I wonder if you'd welcome a feature?
I would like to add the following functionality to the server: I would like the server to be able read from a file when a client connects The file would be a list of strings - I suggest a simple json list The file path to be specified by --restrict-http-upgrade-path-prefix-file
On client connection: 1 - compare the string provided in the URL by the client against that provided by --restrict-http-upgrade-path-prefix (as today). 2- if not present then compare the string provided by the client against the strings in the file provided at --restrict-http-upgrade-path-prefix-file. On a match, allow the client connection to continue. if no match found then don't allow the client connection to continue.
This allows a higher layer 'ticketing' system to create 'short lived' authentication strings and keep wstunnel server instances long-lived. I think this would allow a simple if crude way to provide a time-based 'valid-for' window to be able to pass a client a --http-upgrade-path-prefix string which need not be known to the server at server launch.
Would you be interested in a PR implementing this feature? I'm very happy to do the coding for it if you'd like!