Skip to content

Improve runtime launch and proxy bridge safety#39

Open
AmirrezaFarnamTaheri wants to merge 3 commits into
WhiteDNS:mainfrom
AmirrezaFarnamTaheri:runtime-launch-cleanup
Open

Improve runtime launch and proxy bridge safety#39
AmirrezaFarnamTaheri wants to merge 3 commits into
WhiteDNS:mainfrom
AmirrezaFarnamTaheri:runtime-launch-cleanup

Conversation

@AmirrezaFarnamTaheri

@AmirrezaFarnamTaheri AmirrezaFarnamTaheri commented May 16, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Clean up runtime launch request files with atomic writes, stale pruning, and terminal deletion.
  • Keep runtime service starts on nonblank session IDs and report missing launch profiles through runtime state instead of synchronous caller crashes.
  • Bound the HTTP proxy bridge with fixed executors, capacity rejection, header/host limits, idle tunnel handling, and bridge statistics.
  • Require usable SOCKS credentials before allowing LAN-reachable HTTP proxy listeners.
  • Normalize SOCKS authentication from the bounded credential values so blank credentials cannot satisfy exposure protection.

Verification

Prune stale persisted launch request files before saving new proxy or VPN starts.

Delete consumed launch request files when proxy and VPN services stop, fail before a stable start, or are replaced by a newer session while preserving active-session requests for recovery reconnects.

Avoid blank service session IDs on redelivered or malformed starts and report missing server profile starts through runtime state instead of throwing synchronously from callers.

Add JVM coverage for stale request selection and pruning.
Replace unbounded HTTP proxy bridge client and tunnel threads with bounded executors, explicit capacity controls, and lightweight bridge statistics.

Reject over-capacity clients with a 503 response, enforce header and host limits, and clean up executors if startup fails before the listener binds.

Normalize SOCKS authentication so blank credentials disable auth, and require usable credentials before allowing LAN-reachable HTTP proxy listeners.
@AmirrezaFarnamTaheri AmirrezaFarnamTaheri changed the title Clean up runtime launch requests Improve runtime launch and proxy bridge safety May 16, 2026
Resolve SOCKS authentication through truncated username and password values before applying the enabled flag.

This keeps blank or truncated credentials from satisfying LAN-exposure protection and lets the runtime/proxy branch merge cleanly with setup validation changes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant