Add to README.
This commit is contained in:
24
README.md
24
README.md
@@ -82,7 +82,7 @@ login, and attempt to prompt you for your password.
|
||||
- [`matrix-commander-rs`](https://github.com/8go/matrix-commander-rs)
|
||||
- [Matrix](https://matrix.org/)
|
||||
- Your Matrix user
|
||||
- A Matrix bot user (just a normal user with a noticeable username like `notification-bot`)
|
||||
- A Matrix bot user (just a normal user with a noticeable username like `gpg-bot`)
|
||||
- A private Matrix channel between you and the bot (preferably encrypted).
|
||||
- A Matrix client app for mobile, e.g. [Element](https://element.io/)
|
||||
- A proxy server with HTTPS support (E.g. [`caddy`](https://caddyserver.com/))
|
||||
@@ -92,6 +92,26 @@ For development contributors only:
|
||||
|
||||
## Installation instructions
|
||||
|
||||
Configure the domain used for login links. This should be a subdomain you
|
||||
control, e.g. `gpg.yourdomain.com`:
|
||||
|
||||
```{bash}
|
||||
mkdir -p "$HOME/.config/web-pinentry"
|
||||
echo "gpg.yourdomain.com" >> "$HOME/.config/web-pinentry/domain"
|
||||
```
|
||||
|
||||
Install and setup a reverse proxy with HTTPS support, e.g. `caddy`:
|
||||
|
||||
- Install `caddy` / `nginx` / `apache` or any other reverse proxy with HTTPS support.
|
||||
- Configure the reverse proxy to forward requests from your chosen domain to
|
||||
127.0.0.1:7563, where `web-pinentry` will be running its HTTP server. For example, with `caddy`:
|
||||
|
||||
```{caddyfile}
|
||||
gpg.yourdomain.com {
|
||||
reverse_proxy 127.0.0.1:7563
|
||||
}
|
||||
```
|
||||
|
||||
Building and installing the `web-pinentry` program:
|
||||
|
||||
```{bash}
|
||||
@@ -140,7 +160,7 @@ Testing that you can receive messages from the bot:
|
||||
matrix-commander-rs --message 'Hello world!'
|
||||
```
|
||||
|
||||
The above should trigger a notification on your phone via the Matrix client app
|
||||
The above should trigger a message notification on your phone via the Matrix client app
|
||||
you have installed.
|
||||
|
||||
You might notice the message come with a warning about the bot's client.
|
||||
|
||||
21
src/main.rs
21
src/main.rs
@@ -1,5 +1,5 @@
|
||||
use std::env;
|
||||
use std::fs::File;
|
||||
use std::fs::{self, File};
|
||||
use std::io::{self, BufRead, BufReader, Read, Write};
|
||||
use std::net::{IpAddr, Ipv4Addr, SocketAddr, TcpListener, TcpStream};
|
||||
use std::process;
|
||||
@@ -127,8 +127,23 @@ fn random_path_segment() -> io::Result<String> {
|
||||
.collect())
|
||||
}
|
||||
|
||||
fn advertised_domain() -> io::Result<String> {
|
||||
let home = env::var("HOME").map_err(|error| io::Error::new(io::ErrorKind::NotFound, error))?;
|
||||
let domain = fs::read_to_string(format!("{home}/.config/web-pinentry/domain"))?;
|
||||
let domain = domain.trim();
|
||||
|
||||
if domain.is_empty() {
|
||||
return Err(io::Error::new(
|
||||
io::ErrorKind::InvalidData,
|
||||
"domain file is empty",
|
||||
));
|
||||
}
|
||||
|
||||
Ok(domain.to_string())
|
||||
}
|
||||
|
||||
fn advertised_url(route_path: &str) -> io::Result<String> {
|
||||
Ok(format!("https://gpg.seanhealy.ie{route_path}"))
|
||||
Ok(format!("https://{}{route_path}", advertised_domain()?))
|
||||
}
|
||||
|
||||
fn send_url_message(url: &str) -> io::Result<()> {
|
||||
@@ -148,7 +163,7 @@ fn send_url_message(url: &str) -> io::Result<()> {
|
||||
|
||||
/**
|
||||
* Allow any connections from docker or 127.0.0.1.
|
||||
* Docker IPs looks like: 172.17.x.x or 172.18.x.x.
|
||||
* Docker IPs looks like: 172.17.x.x, 172.18.x.x. etc.
|
||||
*/
|
||||
fn is_allowed_client(address: SocketAddr) -> bool {
|
||||
matches!(address.ip(), IpAddr::V4(ip) if ip == Ipv4Addr::LOCALHOST ||
|
||||
|
||||
Reference in New Issue
Block a user