Add option to disable onion service (#372)

waybackarchiver · web-flow · commit a835a7957c7f · 2023-04-17T14:56:41.000Z
* Improve the definition of embedded tor

* Rename tor to onion

* Bulk rename _TOR_ to _ONION_
diff --git a/README.md b/README.md
@@ -283,9 +283,10 @@ You can also specify configuration options either via command flags or via envir
 | -                   | `WAYBACK_NOSTR_RELAY_URL`         | `wss://nostr.developer.li` | Nostr relay server url, multiple separated by comma          |
 | -                   | `WAYBACK_NOSTR_PRIVATE_KEY`       | -                          | The private key of a Nostr account                           |
 | `--tor`             | `WAYBACK_USE_TOR`                 | `false`                    | Snapshot webpage via Tor anonymity network                   |
-| `--tor-key`         | `WAYBACK_TOR_PRIVKEY`             | -                          | The private key for Tor Hidden Service                       |
-| -                   | `WAYBACK_TOR_LOCAL_PORT`          | `8964`                     | Local port for Tor Hidden Service, also support for a **reverse proxy**. This is ignored if `WAYBACK_LISTEN_ADDR` is set. |
-| -                   | `WAYBACK_TOR_REMOTE_PORTS`        | `80`                       | Remote ports for Tor Hidden Service, e.g. `WAYBACK_TOR_REMOTE_PORTS=80,81` |
+| `--tor-key`         | `WAYBACK_ONION_PRIVKEY`           | -                          | The private key for Tor Hidden Service                       |
+| -                   | `WAYBACK_ONION_LOCAL_PORT`        | `8964`                     | Local port for Tor Hidden Service, also support for a **reverse proxy**. This is ignored if `WAYBACK_LISTEN_ADDR` is set. |
+| -                   | `WAYBACK_ONION_REMOTE_PORTS`      | `80`                       | Remote ports for Tor Hidden Service, e.g. `WAYBACK_ONION_REMOTE_PORTS=80,81` |
+| -                   | `WAYBACK_ONION_DISABLED`          | `false`                    | Disable onion service                                        |
 | -                   | `WAYBACK_SLOT`                    | -                          | Pinning service for IPFS mode of pinner, see [ipfs-pinner](https://github.com/wabarc/ipfs-pinner#supported-pinning-services) |
 | -                   | `WAYBACK_APIKEY`                  | -                          | API key for pinning service                                  |
 | -                   | `WAYBACK_SECRET`                  | -                          | API secret for pinning service                               |
diff --git a/build/docker/Dockerfile.render b/build/docker/Dockerfile.render
@@ -8,7 +8,7 @@ ARG WAYBACK_IMAGE_TAG=latest-bundle
 FROM ghcr.io/wabarc/wayback:${WAYBACK_IMAGE_TAG}
 
 ENV BASE_DIR /wayback
-ENV WAYBACK_TOR_LOCAL_PORT 80
+ENV WAYBACK_ONION_LOCAL_PORT 80
 
 WORKDIR ${BASE_DIR}
 
diff --git a/cmd/wayback/main.go b/cmd/wayback/main.go
@@ -147,7 +147,7 @@ func setToEnv(cmd *cobra.Command) {
 		os.Setenv("WAYBACK_USE_TOR", fmt.Sprint(tor))
 	}
 	if flags.Changed("tor-key") {
-		os.Setenv("WAYBACK_TOR_PRIVKEY", torKey)
+		os.Setenv("WAYBACK_ONION_PRIVKEY", torKey)
 	}
 }
 
diff --git a/config/config_test.go b/config/config_test.go
@@ -536,27 +536,27 @@ func TestPublishToChannel(t *testing.T) {
 	}
 }
 
-func TestTorPrivateKey(t *testing.T) {
+func TestOnionPrivateKey(t *testing.T) {
 	os.Clearenv()
-	os.Setenv("WAYBACK_TOR_PRIVKEY", "tor:private:key")
+	os.Setenv("WAYBACK_ONION_PRIVKEY", "onion:private:key")
 
 	parser := NewParser()
 	opts, err := parser.ParseEnvironmentVariables()
 	if err != nil {
 		t.Fatalf(`Parsing environment variables failed: %v`, err)
 	}
 
-	expected := "tor:private:key"
-	got := opts.TorPrivKey()
+	expected := "onion:private:key"
+	got := opts.OnionPrivKey()
 
 	if got != expected {
 		t.Fatalf(`Unexpected Tor private key, got %v instead of %s`, got, expected)
 	}
 }
 
-func TestTorLocalPort(t *testing.T) {
+func TestOnionLocalPort(t *testing.T) {
 	os.Clearenv()
-	os.Setenv("WAYBACK_TOR_LOCAL_PORT", "8080")
+	os.Setenv("WAYBACK_ONION_LOCAL_PORT", "8080")
 
 	parser := NewParser()
 	opts, err := parser.ParseEnvironmentVariables()
@@ -565,14 +565,14 @@ func TestTorLocalPort(t *testing.T) {
 	}
 
 	expected := 8080
-	got := opts.TorLocalPort()
+	got := opts.OnionLocalPort()
 
 	if got != expected {
 		t.Fatalf(`Unexpected Tor local port, got %v instead of %q`, got, expected)
 	}
 }
 
-func TestDefaultTorLocalPortValue(t *testing.T) {
+func TestDefaultOnionLocalPortValue(t *testing.T) {
 	os.Clearenv()
 
 	parser := NewParser()
@@ -581,8 +581,8 @@ func TestDefaultTorLocalPortValue(t *testing.T) {
 		t.Fatalf(`Parsing environment variables failed: %v`, err)
 	}
 
-	expected := defTorLocalPort
-	got := opts.TorLocalPort()
+	expected := defOnionLocalPort
+	got := opts.OnionLocalPort()
 
 	if got != expected {
 		t.Fatalf(`Unexpected Tor local port, got %v instead of %q`, got, expected)
@@ -591,7 +591,7 @@ func TestDefaultTorLocalPortValue(t *testing.T) {
 
 func TestTorRemotePorts(t *testing.T) {
 	os.Clearenv()
-	os.Setenv("WAYBACK_TOR_REMOTE_PORTS", "80,81,82")
+	os.Setenv("WAYBACK_ONION_REMOTE_PORTS", "80,81,82")
 
 	parser := NewParser()
 	opts, err := parser.ParseEnvironmentVariables()
@@ -600,13 +600,44 @@ func TestTorRemotePorts(t *testing.T) {
 	}
 
 	expected := []int{80, 81, 82}
-	got := opts.TorRemotePorts()
+	got := opts.OnionRemotePorts()
 
 	if got == nil || len(got) != 3 {
 		t.Fatalf(`Unexpected Tor remote port, got %v instead of %v`, got, expected)
 	}
 }
 
+func TestOnionDisabled(t *testing.T) {
+	tests := []struct {
+		name     string
+		disabled bool
+		expected bool
+	}{
+		{"default", defOnionDisabled, false},
+		{"disabled", true, true},
+		{"enabled", false, false},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			os.Clearenv()
+			os.Setenv("WAYBACK_ONION_DISABLED", strconv.FormatBool(test.disabled))
+
+			parser := NewParser()
+			opts, err := parser.ParseEnvironmentVariables()
+			if err != nil {
+				t.Fatalf(`Parsing environment variables failed: %v`, err)
+			}
+
+			got := opts.OnionDisabled()
+
+			if got != test.expected {
+				t.Fatalf(`Unexpected disable onion service, got %v instead of %v`, got, test.expected)
+			}
+		})
+	}
+}
+
 func TestListenAddr(t *testing.T) {
 	t.Parallel()
 
@@ -653,7 +684,7 @@ func TestDefaultTorRemotePortsValue(t *testing.T) {
 	}
 
 	expected := []int{80}
-	got := opts.TorRemotePorts()
+	got := opts.OnionRemotePorts()
 
 	if got == nil || len(got) != 1 {
 		t.Fatalf(`Unexpected Tor remote port, got %v instead of %v`, got, expected)
diff --git a/config/options.go b/config/options.go
@@ -72,9 +72,10 @@ const (
 	defNostrRelayURL   = "wss://nostr.developer.li"
 	defNostrPrivateKey = ""
 
-	defTorPrivateKey = ""
-	defListenAddr    = "0.0.0.0:8964"
-	defTorLocalPort  = 8964
+	defListenAddr      = "0.0.0.0:8964"
+	defOnionLocalPort  = 8964
+	defOnionPrivateKey = ""
+	defOnionDisabled   = false
 
 	defChromeRemoteAddr    = ""
 	defEnabledChromeRemote = false
@@ -99,8 +100,8 @@ var (
 	IPFSToken  = ""
 	IPFSTarget = "web3storage"
 
-	defStorageDir     = path.Join(os.TempDir(), "reduxer")
-	defTorRemotePorts = []int{80}
+	defStorageDir       = path.Join(os.TempDir(), "reduxer")
+	defOnionRemotePorts = []int{80}
 )
 
 // Options represents a configuration options in the application.
@@ -123,7 +124,7 @@ type Options struct {
 	slack    *slack
 	nostr    *nostr
 	irc      *irc
-	tor      *tor
+	onion    *onion
 
 	listenAddr          string
 	chromeRemoteAddr    string
@@ -216,11 +217,13 @@ type irc struct {
 	server   string
 }
 
-type tor struct {
+type onion struct {
 	pvk string
 
 	localPort   int
 	remotePorts []int
+
+	disabled bool
 }
 
 // NewOptions returns Options with default values.
@@ -313,10 +316,9 @@ func NewOptions() *Options {
 			channel:  defIRCChannel,
 			server:   defIRCServer,
 		},
-		tor: &tor{
-			pvk:         defTorPrivateKey,
-			localPort:   defTorLocalPort,
-			remotePorts: defTorRemotePorts,
+		onion: &onion{
+			localPort:   defOnionLocalPort,
+			remotePorts: defOnionRemotePorts,
 		},
 	}
 
@@ -664,20 +666,25 @@ func (o *Options) PublishToNostr() bool {
 	return len(o.NostrRelayURL()) > 0 && o.NostrPrivateKey() != ""
 }
 
-// TorPrivKey returns the private key of Tor service.
-func (o *Options) TorPrivKey() string {
-	return o.tor.pvk
+// OnionPrivKey returns the private key of Onion service.
+func (o *Options) OnionPrivKey() string {
+	return o.onion.pvk
 }
 
-// TorLocalPort returns the local port to a TCP listener on.
+// OnionLocalPort returns the local port to a TCP listener on.
 // This is ignored if `WAYBACK_LISTEN_ADDR` is set.
-func (o *Options) TorLocalPort() int {
-	return o.tor.localPort
+func (o *Options) OnionLocalPort() int {
+	return o.onion.localPort
+}
+
+// OnionRemotePorts returns the remote ports to serve the Onion hidden service on.
+func (o *Options) OnionRemotePorts() []int {
+	return o.onion.remotePorts
 }
 
-// TorRemotePorts returns the remote ports to serve the Tor hidden service on.
-func (o *Options) TorRemotePorts() []int {
-	return o.tor.remotePorts
+// OnionDisabled returns whether disable Onion service.
+func (o *Options) OnionDisabled() bool {
+	return o.onion.disabled
 }
 
 // ListenAddr returns the listen address for the HTTP server.
diff --git a/config/parser.go b/config/parser.go
@@ -181,12 +181,14 @@ func (p *Parser) parseLines(lines []string) (err error) {
 			p.opts.nostr.url = parseString(val, defNostrRelayURL)
 		case "WAYBACK_NOSTR_PRIVATE_KEY":
 			p.opts.nostr.privateKey = parseString(val, defNostrPrivateKey)
-		case "WAYBACK_TOR_PRIVKEY":
-			p.opts.tor.pvk = parseString(val, defTorPrivateKey)
-		case "WAYBACK_TOR_LOCAL_PORT":
-			p.opts.tor.localPort = parseInt(val, defTorLocalPort)
-		case "WAYBACK_TOR_REMOTE_PORTS":
-			p.opts.tor.remotePorts = parseIntList(val, defTorRemotePorts)
+		case "WAYBACK_TOR_PRIVKEY", "WAYBACK_ONION_PRIVKEY":
+			p.opts.onion.pvk = parseString(val, defOnionPrivateKey)
+		case "WAYBACK_TOR_LOCAL_PORT", "WAYBACK_ONION_LOCAL_PORT":
+			p.opts.onion.localPort = parseInt(val, defOnionLocalPort)
+		case "WAYBACK_TOR_REMOTE_PORTS", "WAYBACK_ONION_REMOTE_PORTS":
+			p.opts.onion.remotePorts = parseIntList(val, defOnionRemotePorts)
+		case "WAYBACK_ONION_DISABLED":
+			p.opts.onion.disabled = parseBool(val, defOnionDisabled)
 		case "WAYBACK_POOLING_SIZE":
 			p.opts.poolingSize = parseInt(val, defPoolingSize)
 		case "WAYBACK_BOLT_PATH":
diff --git a/docs/changelog.md b/docs/changelog.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 - Add docker-compose.yml ([#367](https://github.com/wabarc/wayback/pull/367))
+- Add option to disable onion service ([#372](https://github.com/wabarc/wayback/pull/372))
 
 ### Changed
 - Set NoWait to true for tor listen config ([#368](https://github.com/wabarc/wayback/pull/368))
diff --git a/docs/integrations/web.md b/docs/integrations/web.md
@@ -11,8 +11,8 @@ Wayback supports serving both **Clear Web** and **Onion Service**. If the Tor bi
 After installation, you need to provide the required keys by placing them in the environment or configuration file. This allows you to customize the configuration based on your needs.
 
 - `WAYBACK_LISTEN_ADDR`: The listen address for the HTTP server, defaults to `0.0.0.0:8964`.
-- `WAYBACK_TOR_PRIVKEY`: The private key for Onion Service.
-- `WAYBACK_TOR_LOCAL_PORT`: Local port for Onion Service, also support for a reverse proxy. This is ignored if `WAYBACK_LISTEN_ADDR` is set.
-- `WAYBACK_TOR_REMOTE_PORTS`: Remote ports for Onion Service, e.g. `WAYBACK_TOR_REMOTE_PORTS=80,81`.
+- `WAYBACK_ONION_PRIVKEY`: The private key for Onion Service.
+- `WAYBACK_ONION_LOCAL_PORT`: Local port for Onion Service, also support for a reverse proxy. This is ignored if `WAYBACK_LISTEN_ADDR` is set.
+- `WAYBACK_ONION_REMOTE_PORTS`: Remote ports for Onion Service, e.g. `WAYBACK_ONION_REMOTE_PORTS=80,81`.
 
 Note: To run a Onion Service for the first time, you need to keep the `private key`, which can be seen from the log output.
diff --git a/docs/integrations/web.zh.md b/docs/integrations/web.zh.md
@@ -11,8 +11,8 @@ Wayback支持服务于**明文Web**和**Onion服务**。如果缺少Tor二进制
 安装完成后，您需要通过将其放置在环境或配置文件中来提供所需的密钥。这允许您根据需要自定义配置。
 
 - `WAYBACK_LISTEN_ADDR`：HTTP服务器的侦听地址，默认为`0.0.0.0:8964`。
-- `WAYBACK_TOR_PRIVKEY`：Onion服务的私钥。
-- `WAYBACK_TOR_LOCAL_PORT`：Onion服务的本地端口，也支持反向代理。如果设置了`WAYBACK_LISTEN_ADDR`，则忽略此设置。
-- `WAYBACK_TOR_REMOTE_PORTS`：Onion服务的远程端口，例如`WAYBACK_TOR_REMOTE_PORTS=80,81`。
+- `WAYBACK_ONION_PRIVKEY`：Onion服务的私钥。
+- `WAYBACK_ONION_LOCAL_PORT`：Onion服务的本地端口，也支持反向代理。如果设置了`WAYBACK_LISTEN_ADDR`，则忽略此设置。
+- `WAYBACK_ONION_REMOTE_PORTS`：Onion服务的远程端口，例如`WAYBACK_ONION_REMOTE_PORTS=80,81`。
 
 注意：要首次运行Onion服务，您需要保留`私钥`，该私钥可以从日志输出中看到。
diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
@@ -19,7 +19,7 @@ This will disable JavaScript for the entire site `wikipedia.org` or only for the
 
 When running the `wayback` service for the first time, it is important to keep the private key from the output message
 (the key is the part after `private key:`). The next time you run the wayback service, you can use the key by providing
-it to the `--tor-key` option or setting it as the `WAYBACK_TOR_PRIVKEY` environment variable.
+it to the `--tor-key` option or setting it as the `WAYBACK_ONION_PRIVKEY` environment variable.
 
 ```text
 [INFO] Web: Important: remember to keep the private key: d005473a611d2b23e54d6446dfe209cb6c52ddd698818d1233b1d750f790445fcfb5ece556fe5ee3b4724ac6bea7431898ee788c6011febba7f779c85845ae87
diff --git a/docs/troubleshooting.zh.md b/docs/troubleshooting.zh.md
@@ -14,7 +14,7 @@ export DISABLEJS_URIS=wikipedia.org|eff.org/tags
 
 ## 如何保留Tor隐藏服务主机名？
 
-第一次运行`wayback`服务时，保留来自输出消息的私钥非常重要（私钥是`private key:`之后的部分）。下次运行wayback服务时，您可以通过将其提供给`--tor-key`选项或将其设置为`WAYBACK_TOR_PRIVKEY`环境变量来使用密钥。
+第一次运行`wayback`服务时，保留来自输出消息的私钥非常重要（私钥是`private key:`之后的部分）。下次运行wayback服务时，您可以通过将其提供给`--tor-key`选项或将其设置为`WAYBACK_ONION_PRIVKEY`环境变量来使用密钥。
 
 ```text
 [INFO] Web: Important: remember to keep the private key: d005473a611d2b23e54d6446dfe209cb6c52ddd698818d1233b1d750f790445fcfb5ece556fe5ee3b4724ac6bea7431898ee788c6011febba7f779c85845ae87
diff --git a/service/httpd/httpd.go b/service/httpd/httpd.go
@@ -54,8 +54,8 @@ func New(ctx context.Context, opts service.Options) *Httpd {
 }
 
 // Serve accepts incoming HTTP requests over Tor network, or open
-// a local port for proxy server by "WAYBACK_TOR_LOCAL_PORT" env.
-// Use "WAYBACK_TOR_PRIVKEY" to keep the Tor hidden service hostname.
+// a local port for proxy server by "WAYBACK_ONION_LOCAL_PORT" env.
+// Use "WAYBACK_ONION_PRIVKEY" to keep the Tor hidden service hostname.
 //
 // Serve always returns an error.
 func (h *Httpd) Serve() error {
@@ -71,9 +71,9 @@ func (h *Httpd) Serve() error {
 	}
 
 	switch {
-	case torExist():
+	case h.serveOnion():
 		logger.Info("start a tor hidden server")
-		err := h.startTorServer(server)
+		err := h.startOnionService(server)
 		if err != nil {
 			return errors.Wrap(err, "start tor server failed")
 		}
@@ -92,7 +92,7 @@ func (h *Httpd) Serve() error {
 	return ErrServiceClosed
 }
 
-// Shutdown shuts down the Tor server
+// Shutdown shuts down the httpd server
 func (h *Httpd) Shutdown() error {
 	h.RLock()
 	defer h.RUnlock()
diff --git a/service/httpd/libtor.go b/service/httpd/libtor.go
@@ -0,0 +1,14 @@
+// Copyright 2023 Wayback Archiver. All rights reserved.
+// Use of this source code is governed by the GNU GPL v3
+// license that can be found in the LICENSE file.
+
+//go:build with_tor
+
+package httpd // import "github.com/wabarc/wayback/service/httpd"
+
+import (
+	"github.com/cretz/bine/process"
+	"github.com/ipsn/go-libtor"
+)
+
+var creator process.Creator = libtor.Creator
diff --git a/service/httpd/libtor_stub.go b/service/httpd/libtor_stub.go
@@ -0,0 +1,13 @@
+// Copyright 2023 Wayback Archiver. All rights reserved.
+// Use of this source code is governed by the GNU GPL v3
+// license that can be found in the LICENSE file.
+
+//go:build !with_tor
+
+package httpd // import "github.com/wabarc/wayback/service/httpd"
+
+import (
+	"github.com/cretz/bine/process"
+)
+
+var creator process.Creator
diff --git a/service/httpd/onion.go b/service/httpd/onion.go
diff --git a/service/httpd/tor_stub.go b/service/httpd/tor_stub.go
diff --git a/wayback.1 b/wayback.1
diff --git a/wayback.conf b/wayback.conf

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ func setToEnv(cmd *cobra.Command) {`
`147`	`147`	`os.Setenv("WAYBACK_USE_TOR", fmt.Sprint(tor))`
`148`	`148`	`}`
`149`	`149`	`if flags.Changed("tor-key") {`
`150`		`- os.Setenv("WAYBACK_TOR_PRIVKEY", torKey)`
	`150`	`+ os.Setenv("WAYBACK_ONION_PRIVKEY", torKey)`
`151`	`151`	`}`
`152`	`152`	`}`
`153`	`153`