Send ports forwarded to control server #2392
Conversation
internal/portforward/loop.go
Outdated
| err := l.service.SetPortsForwarded(l.runCtx, ports) | ||
| if err != nil { | ||
| l.logger.Error(err.Error()) | ||
| } |
There was a problem hiding this comment.
Perhaps we should return an error here to let the http client know it failed for xyz reason 🤔
And possibly log it as well, as it is now.
There was a problem hiding this comment.
Commit f18cdb8 addresses this. It would probably suffice to let control server respond with a more generic error, since the original error message already gets logged anyways. What do you think?
There was a problem hiding this comment.
I suggested exactly that 😄 I should had read unresolved conversations better!
| if l.service == nil { | ||
| return | ||
| } |
There was a problem hiding this comment.
We could set the ports somehow, even if the service is not started. The ports could then be injected to the service when we create it. A bit of a futuristic approach about when we could do all kind of modifications live 😄
There was a problem hiding this comment.
Yeah, that might be beyond me for now. 😅
There was a problem hiding this comment.
No problem, let's keep this unresolved and I'll jump at implementing it later 😉
qdm12
added
Status: 🔴 Blocked
qdm12
removed
the
Status: 🔒 After next release
|
(Sort of) blocked by #1785 |
qdm12
added
Status: 🔴 Blocked
|
Blocked by #2238 as well. |
|
Hello! |
| for i, port := range s.ports { | ||
| err := s.portAllower.RemoveAllowedPort(ctx, port) | ||
| if err != nil { | ||
| for j := 0; j < i; j++ { |
There was a problem hiding this comment.
nit you can now use the 'intrange' introduced in Go 1.23
| for j := 0; j < i; j++ { | |
| for j := range i { |
| s.logger.Error(err.Error()) | ||
| return err |
There was a problem hiding this comment.
Let's remove the log here and let the caller handle the error
| s.logger.Error(err.Error()) | |
| return err | |
| return fmt.Errorf("removing allowed port: %w", err) |
| s.logger.Error(err.Error()) | ||
| return err |
There was a problem hiding this comment.
Let's remove the log here and let the caller handle the error
| s.logger.Error(err.Error()) | |
| return err | |
| return fmt.Errorf("setting allowed port: %w", err) |
internal/server/openvpn.go
Outdated
| if len(data.Ports) == 0 { | ||
| http.Error(w, "no port specified", http.StatusBadRequest) | ||
| return | ||
| } |
There was a problem hiding this comment.
Maybe we could handle that as "remove forwarded ports"?
There was a problem hiding this comment.
Simply removing the statement with 3b633e4 will clear forwarded ports, because we already remove the old port forwards when setting the new ones anyways.
internal/server/openvpn.go
Outdated
| if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | ||
| http.Error(w, err.Error(), http.StatusInternalServerError) |
There was a problem hiding this comment.
Let's log out as warning the error from the function call, and only say "failed setting forwarded ports" in the http response (for the sake of not exposing too much details to the http caller who might not control the gluetun instance)
| if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | |
| http.Error(w, err.Error(), http.StatusInternalServerError) | |
| if err := h.pf.SetPortsForwarded(data.Ports); err != nil { | |
| h.warner.Warn(fmt.Sprintf("failed setting forwarded ports: %s", err)) | |
| http.Error(w, "failed setting forwarded ports", http.StatusInternalServerError) |
There was a problem hiding this comment.
Done with 32a7f1f.
Also, I assumed that if we want to limit detail exposure through http responses we should give the json deconding logic just above the same treatment.
| if l.service == nil { | ||
| return | ||
| } |
There was a problem hiding this comment.
No problem, let's keep this unresolved and I'll jump at implementing it later 😉
internal/portforward/loop.go
Outdated
| if err != nil { | ||
| l.logger.Error(err.Error()) | ||
| return err |
There was a problem hiding this comment.
Let's remove the logs in the port forwarding code and let the calling layers log out the error if necessary (in this case in the control server code) - sorry if I might had changed my mind on this!
| if err != nil { | |
| l.logger.Error(err.Error()) | |
| return err | |
| if err != nil { | |
| return err |
|
@jagaimoworks By the way:
|
|
And @andy3469 I'm curious, what do you plan to use this PR for 😃? |
First timer here. This is a somewhat working implementation of #2369. Hit me with the improvements I can take it 😅
I say somewhat working because the removal of ports from the firewall suffers from #2334 and therefore does not reliably work right now.
The way it works right now is by sending a http PUT request with a body like
{ports: [1234, 3456]}to/v1/openvpn/portforwarded.