| Commit message (Expand) | Author | Files | Lines |
|---|
| 23 hours | Add WSCAT_ALLOWED_ORIGINS env-driven CheckOrigin•••gorilla/websocket's safe-default CheckOrigin rejects upgrades whose
Origin host doesn't match the request Host — sound for prod (untls
puts wscat and the page on the same hostname), but a hard 403 for
any dev setup where the page is served from one localhost port and
wscat runs on another.
Wire an opt-in allowlist: WSCAT_ALLOWED_ORIGINS holds comma-separated
scheme://host[:port] entries; matches are case-insensitive on both
sides; rejected upgrades log the offending Origin so the operator
sees what to add. Empty/unset preserves gorilla's safe default.
The allowlist is opt-in by design — production should keep the
default and dev sets exactly the origins it serves the page from.
| EuAndreh | 1 | -1/+39 |
| 9 days | Forward PROXY v2 AUTHORITY end-to-end•••wscat now sits transparently in the untls → wscat → papod path:
on Accept, it parses any PROXY v2 header from upstream and stashes
the AUTHORITY TLV on the wrapped conn; on the downstream dial to
papod, it re-emits a PROXY v2 header with the same authority
before forwarding any WebSocket payload bytes.
A 5-second read deadline caps the parse window (so a slowloris
peer can't pin the accept goroutine), and Accept loops past
per-connection wrap errors — without that, an "nc -z" liveness
probe (open + close, zero bytes) bubbles up as EOF to
http.Server.Serve and panics the whole process.
When no PROXY header is present (e.g. the integration test stack
where binder speaks raw bytes) wscat skips the re-emit and lets
papod fall back to PAPOD_NETWORK_NAME.
Tests cover header build/parse roundtrip, the no-signature-pass-
through case, and header byte layout.
| EuAndreh | 2 | -2/+232 |
| 9 days | src/wscat.go: Make Start a duplex multi-message relay•••The previous Start ran a single NextReader/NextWriter pair and
spawned the copy goroutines after the handler had already returned,
so the deferred connection close fired immediately and at most one
WebSocket message was forwarded in either direction.
Replace it with two relays — one looping NextReader → io.Copy to
the unix socket, the other reading from the unix socket and
emitting each chunk as a discrete TextMessage frame — and have the
handler block on a 2-slot done channel until at least one side
ends. When that happens, the handler explicitly sends a Close
frame, half-closes the unix side, and waits up to 250ms for the
peer to acknowledge before defers tear down both connections, so
the WS state machine on each end reaches CLOSED instead of
deadlocking in CLOSING.
| EuAndreh | 1 | -29/+66 |
| 2025-05-29 | Update to latest project skeleton: i18n and fine-grained fuzzing | EuAndreh | 21 | -33/+310 |
