Open hsartoris-bard opened 1 year ago
I think this is reasonable in theory. Perhaps :unix-socket
instead of :socket
as an option, so it's not confused with other types of sockets. Also, have you tested to ensure that the inclusion of this library doesn't cause issues when using it under operating systems that don't have sockets (e.g. Windows)? I'd also suggest not automatically deleting the socket file on startup - that feels potentially dangerous. Instead, raise an error.
I was under the impression that there was now unix socket support on Windows, but indeed it appears not to work.
:socket
to :unix-socket
:http?
default false when :unix-socket
is set, except when :host
or :port
are setLet me know if there's anything else you'd like to see!
Whoops, wasn't my intention to check in the *warn-on-reflection*
line - I can remove that, or resolve the singular reflection warning.
Summary
These changes take advantage of
jetty-unixsocket
to allow serving on a socket, as in the following example:Rationale
Unix sockets are simpler to implement access controls to than TCP sockets, as you can simply use file permissions. They are supported by common reverse proxies such as Apache and NGINX, and are thus reasonable for exposing a service through a proxy that may be handling authentication, without making that service available to all users on the host machine.
Possible enhancements:
:http?
default false when:socket
is set, unless:host
or:port
are explicitly configured.jetty-unixsocket
library. It is not an overwhelmingly heavy dependency, though.Note: it has proved nontrivial to get a test working, as clj-http does not support sockets, and the Clojure implementations that I've found do not seem to work as intended out of the box. I have verified that this implementation is operational manually, and I am willing to work through the process of getting a test working as long as you're interested in incorporating this functionality.