~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@orignal
@postman
@zzz
%Liorar
%acetone
+FreefallHeavens
+Onn4l7h
+Sh0ck
+bak83_
+bpb
+leopold
+r00tobo_BNC
+uop23ip
+xHarr
Arch
BubbRubb
Danny
DeltaOreo
H20
Irc2PGuest16752
Irc2PGuest33667
Irc2PGuest97218
Maylay
Meow
ac9f_
anontor
b4dab00m
eyedeekay_
halloy13412
john231
makoto
nZDoYBkF
nilbog-
not_bob_afk
ntty
poriori_
profetik1
r00tobo[2]
shiver_
simprelay
solidx66
thetia
tmg86
tr
u5657
vivid_reader56
zer0bitz
cumlord
not_bob_afk put it up, hopefully works git.simp.i2p/simp/deletehosts
dr|z3d
what do you mean hopefully it works, cumlord? :) have you dogfooded it?
cumlord
I only fed it to one dog 🤣
dr|z3d
:)
dr|z3d
yeah, I think we need the nonce (or p/w protected console), zzz, however the delete function is being called, because currently this: if (_context.getBooleanProperty(PROP_PW_ENABLE) || (serial != null && serial.equals(lastSerial))) {
not_bob_afk
cumlord: Thank you!
cumlord
Welcome :)
dr|z3d
you are the offender, not_bob_afk :)
dr|z3d
mareki2p: let's have a look.
dr|z3d
CI used to happen on gitlab, need to fix it on github, haven't got around to it yet.
dr|z3d
re ant snark, can you try 'apt install parallel uglifyjs' and then run ant i2psnark again and see if that fixes?
dr|z3d
uglifyjs shouldn't be a requirement but won't hurt.
dr|z3d
you can also try 'ant i2psnark_nozip' as a target.
dr|z3d
not_bob_afk: context:
dr|z3d
<dr|z3d> currently you delete a host, it gets restored when subscriptions are updated.
dr|z3d
<dr|z3d> so delete is functionally *almost* useless.
dr|z3d
* Leopold_ has quit (Read error)
dr|z3d
<zzz> shouldn't, if you're using etags or last-mod, and the subsciption server only sends you the new ones
dr|z3d
<not_bob_afk> Unless the site in question is no longer in any hosts files that are in your subs.
dr|z3d
<zzz> if you get the whole thing, not just the new ones, your subscription server is semi-broken
mareki2p
installing that thing didnt help, i need to go away, approx 20 hours
mareki2p
it is also failing on github actions
dr|z3d
anything else in the build logs?
dr|z3d
thanks, let's have a look at that..
dr|z3d
maybe try installing the ant-contrib package..
dr|z3d
>> [taskdef] Could not load definitions from resource net/sf/antcontrib/antcontrib.properties. It could not be found.
dr|z3d
it looks like you need that to support <if> clauses in the build.xml ?
dr|z3d
if you want to have a stab at configuring the github CI to build various targets and upload somewhere public, be my guest.
mareki2p
yes, that helped, i go to sleep, bye
dr|z3d
laters o/
dr|z3d
anyways, good work on the delete hosts script, jizzlord, it helped me fix up what I was working on for a "native" + solution.
cumlord
oh good deal glad it worked 🤸
dr|z3d
you're sending a few unnecessary headers.
dr|z3d
like, probably all of them :)
dr|z3d
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
dr|z3d
'Accept-Language': 'en-US,en;q=0.5',
dr|z3d
'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0',
dr|z3d
'Origin': search_url,
dr|z3d
'Connection': 'keep-alive',
dr|z3d
'Upgrade-Insecure-Requests': '1',
dr|z3d
'Sec-Fetch-Dest': 'iframe',
dr|z3d
'Sec-Fetch-Mode': 'navigate',
dr|z3d
'Sec-Fetch-Site': 'same-origin',
dr|z3d
'Sec-Fetch-User': '?1',
dr|z3d
'begin': 0,
dr|z3d
'end': 99,
dr|z3d
you don't need begin and end either.
cumlord
ha yup i don't need any headers by looks of it
cumlord
deleted all that, looked like it was doing something weird but it was just me lol
dr|z3d
don't ask, don't tell :)
dr|z3d
ok, rudimentary delete hosts feature in latest + build.
dr|z3d
example usage: 127.0.0.1:7657/susidns/deleteHosts.jsp?hosts=thisisatest.i2p,thisisanothertest.i2p
dr|z3d
it maybe need something like brow.sh to call it from the terminal. dunno. let me know if you use it.
dr|z3d
firefox -headless may also work, remember to killall firefox afterwards.
zzz
dr|z3d, doing it as a GET is really insecure
zzz
nice little new tool from acetone: tun7gldhhpy75fzqafhgku34kkwnplxw6v7dit6iwpnvwce2gweq.b32.i2p
zzz
but why not put it into i2pd? or is there a config UI in there already?
zzz
I put up my jump stats for 2023 and 2024 to compare to not_bob_afk
zzz
note that stats.i2p was down for half of 2023, that's why you were way down and I was way up for 2024
zzz
but not_bob_afk is serving about 3x what I am
dr|z3d
not doing it as a GET.
dr|z3d
const response = await fetch(url, {
dr|z3d
method: "POST", body: formData,
dr|z3d
headers: {"Content-Type": "application/x-www-form-urlencoded; charset=utf-8", "Cookie": cookieHeader},
dr|z3d
credentials: "include"
dr|z3d
});
zzz
but that URL is a good test to ensure that you're not allowing GET
zzz
just because you're using POST on the client side doesn't mean you're disallowing GET on the server side ))
dr|z3d
Window.fetch: HEAD or GET Request cannot have a body.
dr|z3d
Hosts: thisisatest.i2p
dr|z3d
if *you're* allowing GET, that's on you. I haven't changed the form handling. :)
zzz
just load the URL in the browser. don't put POST data in a GET request
dr|z3d
have you actually looked at the code?
zzz
no
zzz
just suggesting a way to test the security of your new feature
dr|z3d
I suggest you do that before you accusing me of using GET :)
zzz
not accusing you. You put up a GET URL as "example usage", so that strongly implied you supported GET
dr|z3d
here's how it works.. we perform an initial GET request to snag the cookie and nonce, and with that we then formulate a POST request to submit the delete request.
zzz
yup
dr|z3d
the url allows for running the process with a headless browser or other method.
dr|z3d
it appears to require both cookie and nonce to work. just the nonce is insufficient.
cumlord
oh nice i'll try it out on my naughty router
dr|z3d
firefox -headless <url>
dr|z3d
or firefox -headless <url> & killall firefox
dr|z3d
assuming you're not running normal sessions in firefox.
dr|z3d
*or firefox -headless <url> && killall firefox
dr|z3d
-or- if you're in X or wayland, no need for headless at all.
zzz
doesnt look like susidns requires POST, unfortunately. seems like we should beef that up
dr|z3d
sure, just add an ALLOW header for submission forms, or whatever.
zzz
pretty sure we do it in the main console somehow, looking...
dr|z3d
re host deletion, still think a deleted book would be good. even if all subs hosts are doing the right thing, you might want a log for deleted hosts, or you might want to revert the deletion later.
zzz
perhaps
zzz
the main console check is in FormHandler
dr|z3d
*nods*
dr|z3d
I tweaked that recently to add support for closable messages.
dr|z3d
having a deleted book also allows for custom handling when requesting deleted hosts, instead of just claiming we don't know the host and presenting a proxy jump error page.
zzz
might be a big API effort to get that all the way back to the proxy
dr|z3d
"The requested URL is in your deleted address book. To enable browsing to this host, undelete it first"
dr|z3d
maybe, maybe not. could just retain a text file of deleted hosts and check that instead of trying to interface with susidns directly.
dr|z3d
which could be another, simpler way of deleting hosts.. just add the undesirable hosts to that file and you're good.
dr|z3d
looking at the address book arrangement in susidns, does anyone actually use the master book? seems like a possible candidate for removal.
dr|z3d
published also seems a bit dubious.. it was never clear to me that it worked as intended. just an export of router book hosts (if enabled) should be sufficient.
zzz
i think i use it for stats.i2p, not sure
dr|z3d
if we did a reorg, we could potentially be left with 3 books and an export router book hosts feature. [router] [private] [deleted]
zzz
testing the POST fix now, I think we should squeeze this in for the release, heads up eyedeekay
dr|z3d
you got time yet :)
zzz
eew the susidns dark css needs some work too
dr|z3d
looks fine here :)
dr|z3d
*** grins. ***
dr|z3d
you might want to think about a per-theme global stylesheet, reduces your maintenance burden.
zzz
nope
dr|z3d
maybe you don't understand what I'm suggesting.
dr|z3d
not a single global stylesheet for webapps/console, per-theme.
zzz
well, we have it, it's console.css
dr|z3d
a global stylesheet per theme, shared between console and webapps that sets the shared styles and imported into each webapp/console main theme.
dr|z3d
so instead of having to define your colors and button styles etc in each theme, you define them once.
dr|z3d
that way you get consistency across apps and less hassle when you want to adjust shared styles.
zzz
at one point I assumed eyedeekay was maintaining the dark theme since I think that's his preference
zzz
but when I got this huge new monitor last year, I switched to dark because it was way too bright
zzz
and am still finding and fixing issues
zzz
all over
dr|z3d
yup
dr|z3d
thinking you can tweak a theme that's taken years to evolve in a couple of months and be done with it is naive at best. I think eyedeekay eventually conceded that css wasn't quite as easy as he first imagined :)
zzz
MR 223 for the POST restriction
dr|z3d
you might want to check susimail and the tunnel manager while you're checking POST.
dr|z3d
MR looks good.
dr|z3d
there's some code duplication in AddressBook.bean and NamingService.bean that I'm not entirely sure needs to be there, specifically relating to form handling.
dr|z3d
NamingService.bean appears to be handling the form submissions, so I'm not entirely sure what the AddressBook code is there for.
zzz
Addressbookbean is for the hosts.txt file format. NamingServiceBean is on top of it, for blockfile
dr|z3d
ok, maybe there some consolidation potential there, or maybe it's not worth the effort.
zzz
it _is_ consolidated. NSB extends ABB and overrides methods only where necessary
dr|z3d
one method, with an additional parameter to determine which format to target, perhaps?
dr|z3d
ok, nevermind then. it was the error handling that looked duplicated.
zzz
sure, the overridden methods are similar, but they're not identical
zzz
otherwise we'd just let it thru to super
dr|z3d
ok
zzz
take a look at the javadocs to see what's inherited and what's overridden
dr|z3d
10-4
zzz
I don't see POST checks in susimail/i2ptunnel/i2psnark either. I think I can fix up the latter 2 easily but susimail UI is a mess of GET and POST and P-R-G
eyedeekay
Is there going to be a MR 224 for snark POST checks?
zzz
looking at it now
zzz
looks like snark will be a one-liner. the i2ptunnel one will look similar to the susidns one
eyedeekay
Ack I'm already looking at 223 will be ready for the next 1-2
zzz
great. as usual testing takes longer than coding
zzz
gah the i2ptunnel start/stop buttons are GETs also