i2p: Don't enable proxies on external zone

- Only web interface (protected by sign-on) should be available on external interfaces. - Proxies should only be available on internal interfaces. Otherwise, they will become open proxies on the Internet which might have implications for the FreedomBox user. - Update description to convey that we are not opening SOCKS proxy but only HTTP, HTTPS and IRC proxies. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
2026-05-27 10:44:33 +00:00 · 2019-04-29 15:38:43 -07:00 · 2019-04-29 15:38:43 -07:00 · c13e9a4227
commit c13e9a4227
parent 8267c1156b
2 changed files with 21 additions and 13 deletions
--- a/plinth/modules/i2p/init.py
+++ b/plinth/modules/i2p/init.py
@ -55,6 +55,7 @@ clients = clients
 group = ('i2p', _('Manage I2P application'))

 service = None
+proxies_service = None

 manual_page = 'I2P'

@ -71,8 +72,6 @@ tunnels_to_manage = {
    'Irc2P': 'i2p-irc-freedombox'
 }

-service_ports = ['http', 'https'] + list(tunnels_to_manage.values())
-

 def init():
    """Intialize the module."""
@ -80,13 +79,17 @@ def init():
    menu.add_urlname(name, 'i2p', 'i2p:index', short_description)
    register_group(group)

-    global service
+    global service, proxies_service
    setup_helper = globals()['setup_helper']
    if setup_helper.get_state() != 'needs-setup':
-        service = service_module.Service(
-            managed_services[0], name, ports=service_ports, is_external=True,
-            is_enabled=is_enabled, enable=enable, disable=disable,
-            is_running=is_running)
+        service = service_module.Service(managed_services[0], name, ports=[
+            'http', 'https'
+        ], is_external=True, is_enabled=is_enabled, enable=enable,
+                                         disable=disable,
+                                         is_running=is_running)
+        proxies_service = service_module.Service(
+            'i2p-proxies', name, ports=tunnels_to_manage.values(),
+            is_external=False, is_enabled=is_enabled, is_running=is_running)

        if is_enabled():
            add_shortcut()
@ -114,14 +117,19 @@ def setup(helper, old_version=None):
            '--value', '0.0.0.0'
        ])
    helper.call('post', enable)
-    global service
+    global service, proxies_service
    if service is None:
-        service = service_module.Service(
-            managed_services[0], name, ports=service_ports, is_external=True,
-            is_enabled=is_enabled, enable=enable, disable=disable,
-            is_running=is_running)
+        service = service_module.Service(managed_services[0], name, ports=[
+            'http', 'https'
+        ], is_external=True, is_enabled=is_enabled, enable=enable,
+                                         disable=disable,
+                                         is_running=is_running)
+        proxies_service = service_module.Service(
+            'i2p-proxies', name, ports=tunnels_to_manage.values(),
+            is_external=False, is_enabled=is_enabled, is_running=is_running)

    helper.call('post', service.notify_enabled, None, True)
+    helper.call('post', proxies_service.notify_enabled, None, True)
    helper.call('post', add_shortcut)


--- a/plinth/modules/i2p/views.py
+++ b/plinth/modules/i2p/views.py
@ -88,7 +88,7 @@ class TunnelsView(ServiceBaseView):
        _('I2P lets you browse the Internet and hidden services (eepsites) '
          'anonymously. For this, your browser, preferably a Tor Browser, '
          'needs to be configured for a proxy.'),
-        _('By default HTTP, HTTPS and SOCKS5 proxies are available. Additional '
+        _('By default HTTP, HTTPS and IRC proxies are available. Additional '
          'proxies and tunnels may be configured using the tunnel '
          'configuration interface.'),
    ]