Backend for Sapphire (C)

Alyssa Rosenzweig b49a7b490f Switch to set hace 6 años
accounts 05e8dde29c Accounts/README hace 6 años
.editorconfig 3ef6ef2b3b Add .editorconfig hace 6 años
.gitignore 960b1c4ba5 Ignore the proxy hace 6 años
LICENSE 7559951990 LICENSE file hace 6 años
Makefile 8d4970e3e8 Strip out all message processing hace 6 años
README.md 888e8faec5 .. hace 6 años
cert.sh 05f4aff5c2 Opt-in HTTPS hace 6 años
core.c b49a7b490f Switch to set hace 6 años
core.h 6465665df5 Strip some old code hace 6 años
event-loop.c 60d14a6af1 Refactor event loop hace 6 años
event-loop.h 60d14a6af1 Refactor event loop hace 6 años
jailed.sh 39ceb00ee7 jailed.sh update hace 6 años
json_compat.h 1d439ad47a Broadcast write_conv as JSON hace 6 años
proxy.c 9b1479ce4a Ignore writes to closed websockets hace 6 años
push.c 8a12c50102 Implement suuuper tenative mailx-based SMS push notifications hace 6 años
push.h 8a12c50102 Implement suuuper tenative mailx-based SMS push notifications hace 6 años
sapphire-accounts.json d1ad08ddcc Add new files hace 6 años
secure-compare-64.h d1ad08ddcc Add new files hace 6 años
websocket.c b534232e77 Print gerror I guess hace 6 años
websocket.h 79d99f94e5 Beep beep hace 6 años

README.md

Backend

sapphire-backend communicates only over local filesystem-resident sockets, to simplify jailing. To reach the outside world -- in particular, to benefit from websockets -- it must be paired with sapphire-proxy, which implements proxying, authentication, and SSL.

To set this up, use:

$ ./sapphire-backend & ./sapphire-proxy

And if you need to restart, it's probably safest to quit both.

This process might be further streamlined in the future.

Proxy

Historically, on a local single-user Sapphire instance, the architecture was simple:

Browser <--> Backend

However, this does not work for multi-user, public-facing instances. In these cases, to minimise attack surface, this proxy is publicly facing while the backends only listen to localhost and are sandboxed:

Browser <--> Proxy (<--> Backends)

This package proxies WebSockets and implements authentication. It therefore depends on glib/json-glib/libsoup, but it MUST NOT depend on libpurple due to security isolation concerns.