search

ssbc / ssb-config

standard configuration for ssb
MIT License
23 stars 18 forks source link

scopes are broken in 3.4.0 #63

Closed dominictarr closed 4 years ago

dominictarr commented 4 years ago

The recent PR https://github.com/ssbc/ssb-config/pull/53 broke scopes. It looks a bit like there was some mistunderstanding about the purpose of scopes, so if people don't understand problems scopes are solving that's a deeper problem, so I want to check this.

Firstly I notice that the output @mixmix posted included a scope ['device', 'local', 'public'] for an ip address in the 192... range. This is an address you can connect to from on the same local network, but not from the public internet, that's why it's local scope. you can connect to it from the device as well so including it in that scope is clutter but won't break anything.

Also here: https://github.com/ssbc/ssb-config/blob/1ae161bbaed1eafdc46c1f72c756f543f91245f6/util/incoming-connections.js#L27-L35

It simplifies the 3 scopes into 2 scopes, but reporting private addresses as public confuses ssb-invites, ssb-tunnel, and ssb-device-address because they need truly public addresses.

unfortunately it's really hard to write tests for this so it's understandable that there was a breaking change, and there is documentation but probably could be clearer

mixmix commented 4 years ago

I've understood the idea of scopes. It's go ta lot more clear since "private" (an alias for local) was pruned from the scopes.

I see device as a special sub-type of internal which needs to be very carefully handled because it might be noauth.

My bad merging that code which set 192 range as public

dominictarr commented 4 years ago

oh what is the situation where you want something in multiple scopes? if we are gonna bind every interface individually why are putting them in multilpe scopes at once

mixmix commented 4 years ago

The docs say :

If scope is an array, then the server will bind to all the selected ports. default is ["device", "local", "public"]

This for me was an indication that (given it's the default) that it's sensible / safe. I would something in multiple scopes (e.g. local, public) if I want to enable ssb-client's to be able to connect on the same network, or from over the internet. But it seems like that would be a pretty uncommon usecase.

On reflection I'm generally surprised if device is in the same scope as anything else? I don't know how or why you would ever do that

dominictarr commented 4 years ago

I think that makes sense as a way to handle legacy configurations i.e. host: ..., port: ... if you are binding each interface then you can just bind localhost as device and 192.... as local