Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Onion service is auto-redirecting to clearnet #640

Open
micahflee opened this issue Oct 4, 2024 · 1 comment
Open

Onion service is auto-redirecting to clearnet #640

micahflee opened this issue Oct 4, 2024 · 1 comment

Comments

@micahflee
Copy link
Collaborator

Describe the bug
The onion service for https://tips.hushline.app/ is http://hyewn4dvbedq7ooe3oxrhpceljd7ncfyeyts2c7nwsjp34i46smbzwid.onion/, however it seems that if you load the site using the onion service hostname it auto-redirects to SERVER_NAME, which is tips.hushline.app.

To Reproduce
Steps to reproduce the behavior:

Open Tor Browser, load https://tips.hushline.app/, and click ".onion available". It loads the onion service, which redirects back to https://tips.hushline.app/.

Expected behavior
You should be able to use the onion service.
@brassy-endomorph
Copy link
Collaborator

I have this snipped in another project and it would obviously need modifying, but it could be set up to a single app like this. It's a few years old and from the Flask 2.x release series, so idk if there's a better way to do it.

class DomainDispatcher:
    def __init__(self, domains):
        self.domains = domains

    def __call__(self, environ, start_response):
        request_host = environ['HTTP_HOST']
        for (domain, app) in self.domains:
            if request_host.endswith(domain):
                return app(environ, start_response)

        # TODO instead of aborting 503, replace with call to simple app that renders a
        # simple page "service not available" static page.
        # nginx should redirect to this too when the service is down
        abort(503)


def create_app(config: Config = None) -> DomainDispatcher:
    if config is None:
        config = Config()

    domains = []
    for domain in config.domains:
        # make a copy so we can fiddle with some of the options for this sub-app
        domains.append((domain, make_app(copy.deepcopy(config), domain)))

    return DomainDispatcher(domains)


def make_app(config: Config, domain: str = None) -> Flask:
    # normal app.route, app.config, etc. stuff here

The disadvantage of this is I had some dangerous mangling of the Config in make_app where I was doing things like if domain.endswith(".onion"): ... and then tweaking things.

I actually think the best way to deploy this would be using two containers each with fully separate (but in some cases copy/pasted) configs because for example in #626 there almost certainly would be a difference in the proxy config for clearnet vs. Tor which would require a totally different Config (and/or set of env vars), and no tricky mangling within make_app would be able to account for this without being highly brittle and tied to our particular setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Hush Line Roadmap
Status: BL-P0 - Security Issues
Milestone
No milestone
Development

No branches or pull requests
2 participants
@micahflee @brassy-endomorph