Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added the ability to specify a proxy in the config.json file #58

Closed
wants to merge 5 commits into from

Conversation

TheraNinjaCat
Copy link

@TheraNinjaCat TheraNinjaCat commented Mar 31, 2020

All that needs to be done to enable a proxy is to specify a key "proxy" in one of the config.json files, and set it to a format accepted by electrons default setProxy function.
i.e. "proxy": "socks5://localhost:8080"

Fixes #735


Here's what your changelog entry will look like:

✨ Features

@t3chguy
Copy link
Member

t3chguy commented Mar 31, 2020

@TheraNinjaCat
Copy link
Author

I assume a comment here works for that too.
Signed-off-by: Greg Best greg@thebest.nz

@t3chguy
Copy link
Member

t3chguy commented Mar 31, 2020

Yup, that is fine :)

@t3chguy t3chguy requested a review from a team March 31, 2020 13:19
@turt2live turt2live added the Z-Community-PR Issue is solved by a community member's PR label Mar 31, 2020
Copy link
Contributor

@jryans jryans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable to me overall, thanks! 😁

We also document the various config options as well. Could you send a PR to update this also?


if (vectorConfig['proxy']) {
console.log(`Starting electron through proxy: ${vectorConfig['proxy']}`);
mainWindow.webContents.session.setProxy({proxyRules: vectorConfig['proxy']})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should be able to use await here, and then you can remove the then handler and put loadURL back where it was outside of the if to cover both cases.

jryans
jryans previously requested changes Apr 6, 2020
Copy link
Contributor

@jryans jryans left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making this contribution. Upon more reflection with the core team, while we'd like to have proxy support available, we would want to ensure a few things before accepting a PR for it:

  • The proxy options should affect the entire app (including Electron main process requests for app update etc.)
  • We need some kind of test coverage to ensure the proxy option remains working as code evolves

There's too much risk to privacy and security if a proxy option suddenly stops working and potentially exposes your traffic (if you were using Tor, for example), so it's critical to have test coverage for such a path.

Considering the desktop app currently has no test framework of its own, this could end up being a large task to achieve. If you're still interested in working on it, please reach out in #riot-dev:matrix.org to work through approaches with the team.

@NHAS
Copy link

NHAS commented Oct 25, 2020

Has there been any more discussion about adding proper proxy support to Element Desktop?

We've been using the --proxy-server=address:port command line option that Electron supports by default, and I imagine that many people who don't have a direct connection (e.g ISP/Work Place level proxy) will be doing the same.

Unfortunately the auto update function does not respect this command line flag and will attempt to connect directly, potentially revealing that the device is using Element/Electron which impacts privacy.
So people who use this flag (as they may have to) might be unknowingly putting themselves at risk.

From a functionality perspective, this also seems rather important to have. This would both enable people who are behind proxies by default to access matrix, and enable greater privacy by allowing less technical people to use proxies.

@kn0wmad
Copy link

kn0wmad commented Jun 17, 2021

Has there been any more discussion about adding proper proxy support to Element Desktop?

We've been using the --proxy-server=address:port command line option that Electron supports by default, and I imagine that many people who don't have a direct connection (e.g ISP/Work Place level proxy) will be doing the same.

Unfortunately the auto update function does not respect this command line flag and will attempt to connect directly, potentially revealing that the device is using Element/Electron which impacts privacy.
So people who use this flag (as they may have to) might be unknowingly putting themselves at risk.

From a functionality perspective, this also seems rather important to have. This would both enable people who are behind proxies by default to access matrix, and enable greater privacy by allowing less technical people to use proxies.

Bump. Our users have to use the same workaround and get the same issues.

@TheraNinjaCat
Copy link
Author

I’ve not done any changes to this one, it’s been a while and I’ve not kept up to date with the codebase.
The change in the original PR here doesn’t actually fix the auto update proxy leak. As far as I could tell that’s an issue with Electron’s default auto-updater not respecting Electron’s proxy settings. I did look into proposing the replacement that’s suggested in the Electron documentation (that in my testing seemed to fix the issue) but it involved changing more upstream stuff around how updates are handled, however I didn’t feel like a change like that would be received well so I didn’t continue further.

TheraNinjaCat added 4 commits September 17, 2021 15:37
…ter from using the built in updater to using electron-updater instead, as the built in updater does not obey proxy settings, and the electron-updater exposes it's session that can have proxy settings applied
@TheraNinjaCat
Copy link
Author

I have revisited this, moved the proxy handling to a helper module, and added basic support for the file: URI scheme.

I have moved the config from config.json to electron-config.json because the former seemed to be more relevant to the vector webapp running inside electron, but proxy settings are more relevant to electron itself.

I have also investigated the autoUpdater as this did not seem to obey the proxy settings from my original implementation, nor the --proxy-server=address:port chromium flag. It turns out the built-in autoUpdater does not support proxying at all, however most electron documentation suggests using the electron-updater instead, which exposes the netSession object which can have proxy settings applied. As far as I can tell these two sessions are the only sessions in the app, however if it turns out that there are more it's trivial to add them to the helper to apply proxy settings to them as well.

The change to electron-updater does potentially break the current build/deploy/auto-update functionality as it no longer uses the same method of checking for updates. Where electron autoUpdater relies on a server responding with specific HTTP status codes, the electron-updater simply deploys a latest-platform.yml file for each platform that contains information for updating.

In regards to a test framework, I don't think the lack of a test suite should hold back implementing this, as due to several comments here people are already using the built-in chromium flag for using a proxy (which coincidentally uses the exact underlying APIs used by my changes), using a proxy isn't necessarily for the intention of increasing privacy as inside a walled-garden network it's often required for access to the internet, and if the underlying APIs stop working in the future, this will be due to an upstream change in electron or chromium.

In terms of writing tests for this, it would be possible to perform tests by using session.resolveProxy(url), and validating that the output matches the defined proxy configuration.

Finally, I have also documented the proxy config inside the README.md file.

@TheraNinjaCat
Copy link
Author

I have just noticed that a bunch of packages were updated and I didn't notice before committing, including electron core, which I believe also deprecated enableRemoteModule, hence it being removed. All of those changes don't belong in this PR so after feedback has come back I can revert those changes.

@TheraNinjaCat TheraNinjaCat changed the base branch from master to develop September 19, 2021 21:10
@xanoni
Copy link

xanoni commented Sep 26, 2021

Can confirm that the package auto updater just doesn't want to use the proxy, so I had to firewall everything that wasn't going to localhost:8118.

I tried using torsocks, proxychains, and I exported the ALL_PROXY and HTTPS_PROXY environment variables .... that all didn't help.

For all other Element traffic, the --proxy-server=127.0.0.1:8118 parameter does the job.

@jryans jryans requested review from a team and removed request for jryans October 12, 2021 10:08
@jryans jryans dismissed their stale review October 12, 2021 10:09

Team should take a fresh look

Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this all looks fine, but I'm definitely not a proxy expert. The proxy setup looks fairly complicated for someone to follow though, and I worry that's a barrier to entry when we could/should have our own UI for it.

Further, isn't the system proxy respected, and can't these sorts of options be supplied on the command line already? Not sure I understand the need for the change - tickets would help.

@@ -0,0 +1,109 @@
/*
Copyright 2021 New Vector Ltd
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if you intended to assign copyright to us or not, but feel free to use your name instead.

@@ -19,7 +19,8 @@ limitations under the License.

// Squirrel on windows starts the app with various flags as hooks to tell us when we've been installed/uninstalled etc.
import "./squirrelhooks";
import { app, ipcMain, powerSaveBlocker, BrowserWindow, Menu, autoUpdater, protocol, dialog } from "electron";
import { app, ipcMain, powerSaveBlocker, BrowserWindow, Menu, protocol, dialog } from "electron";
import { autoUpdater } from "electron-updater";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to document somewhere that electron-updater is for proxy config, but I don't have any good ideas for where that could be recorded.

@NHAS
Copy link

NHAS commented Oct 19, 2021

While element itself can use the electron --proxy-server option, this is not applied to the autoupdater which may lead to privacy issues as discussed previously in this issue.
Lacking this functionality also makes it harder to deploy these changes at scale.

For example, imagine a private matrix server that is behind a proxy, currently if we want to set up a number of devices to use it we would have to add a command line argument when Element is executed, which isnt standardised across multiple platforms (Im looking at you Mac).
Even with that argument added the auto updater will still dial out to the internet. Which may be not what users want.

I definitely agree that this should have some UI component to it. Although I would push for the inclusion of at a configuration file option to begin with.
Only partially bias as I want to use it myself 😋

@turt2live
Copy link
Member

If we can get that context duplicated to an issue we can reference, that'd be awesome. The PR description currently doesn't mention it, and reading this PR's thread is a bit difficult with limited time :)

@NHAS
Copy link

NHAS commented Oct 19, 2021

Yup of course. You guys manage a massive amount of comms, so I appreciate that you definitely don't have time to re-read every each time you come back to something.

I'll see if I can bug the maintainer of this issue to add it to the issue description, if that would be sufficient?

@turt2live
Copy link
Member

Posting a link here is also just as good - we can get it added.

Looks like someone will need to work on some tests for this though, which is a challenge. If people have good ideas for how to accomplish that, drop by #element-dev:matrix.org on Matrix and we can talk through it.

@TheraNinjaCat
Copy link
Author

I appreciate you taking your time to look at this. I'll jump on #element-dev:matrix.org at some point this week when I get a chance to discuss all the points raised, as well as implications of the element-updater change, I do agree this PR has become a bit of a mess, turns out I'm not very good at this whole "git" thing.

@NHAS
Copy link

NHAS commented Oct 19, 2021

Sweet. I've hijacked an already existing issue that also references issues with the autoupdater:

#735

su-ex added a commit to SchildiChat/element-desktop that referenced this pull request Apr 30, 2022
* Handle forced disconnects from Jitsi ([\#21697](element-hq/element-web#21697)). Fixes element-hq/element-web#21517.
* Improve performance of switching to rooms with lots of servers and ACLs ([\#8347](matrix-org/matrix-react-sdk#8347)).
* Avoid a reflow when setting caret position on an empty composer ([\#8348](matrix-org/matrix-react-sdk#8348)).
* Add message right-click context menu as a labs feature ([\#5672](matrix-org/matrix-react-sdk#5672)).
* Live location sharing - basic maximised beacon map ([\#8310](matrix-org/matrix-react-sdk#8310)).
* Live location sharing - render users own beacons in timeline ([\#8296](matrix-org/matrix-react-sdk#8296)).
* Improve Threads beta around degraded mode ([\#8318](matrix-org/matrix-react-sdk#8318)).
* Live location sharing -  beacon in timeline happy path ([\#8285](matrix-org/matrix-react-sdk#8285)).
* Add copy button to View Source screen ([\#8278](matrix-org/matrix-react-sdk#8278)). Fixes element-hq/element-web#21482. Contributed by @olivialivia.
* Add heart effect ([\#6188](matrix-org/matrix-react-sdk#6188)). Contributed by @CicadaCinema.
* Update new room icon ([\#8239](matrix-org/matrix-react-sdk#8239)).
* Prevent packing of native modules ([\element-hq#337](element-hq#337)). Fixes element-hq/element-web#17188. Contributed by @PF4Public.
* Fix: "Code formatting button does not escape backticks" ([\#8181](matrix-org/matrix-react-sdk#8181)). Contributed by @yaya-usman.
* Fix beta indicator dot causing excessive CPU usage ([\#8340](matrix-org/matrix-react-sdk#8340)). Fixes element-hq/element-web#21793.
* Fix overlapping timestamps on empty messages ([\#8205](matrix-org/matrix-react-sdk#8205)). Fixes element-hq/element-web#21381. Contributed by @goelesha.
* Fix power selector not showing up in user info when state_default undefined ([\#8297](matrix-org/matrix-react-sdk#8297)). Fixes element-hq/element-web#21669.
* Avoid looking up settings during timeline rendering ([\#8313](matrix-org/matrix-react-sdk#8313)). Fixes element-hq/element-web#21740.
* Fix a soft crash with video rooms ([\#8333](matrix-org/matrix-react-sdk#8333)).
* Fixes call tiles overflow ([\#8096](matrix-org/matrix-react-sdk#8096)). Fixes element-hq/element-web#20254. Contributed by @luixxiul.
* Fix a bug with emoji autocomplete sorting where adding the final "&element-hq#58;" would cause the emoji with the typed shortcode to no longer be at the top of the autocomplete list. ([\#8086](matrix-org/matrix-react-sdk#8086)). Fixes element-hq/element-web#19302. Contributed by @commonlawfeature.
* Fix image preview sizing for edge cases ([\#8322](matrix-org/matrix-react-sdk#8322)). Fixes element-hq/element-web#20088.
* Refactor SecurityRoomSettingsTab and remove unused state ([\#8306](matrix-org/matrix-react-sdk#8306)). Fixes matrix-org/element-web-rageshakes#12002.
* Don't show the prompt to enable desktop notifications immediately after registration ([\#8274](matrix-org/matrix-react-sdk#8274)).
* Stop tracking threads if threads support is disabled ([\#8308](matrix-org/matrix-react-sdk#8308)). Fixes element-hq/element-web#21766.
* Fix some issues with threads rendering ([\#8305](matrix-org/matrix-react-sdk#8305)). Fixes element-hq/element-web#21670.
* Fix threads rendering issue in Safari ([\#8298](matrix-org/matrix-react-sdk#8298)). Fixes element-hq/element-web#21757.
* Fix space panel width change on hovering over space item ([\#8299](matrix-org/matrix-react-sdk#8299)). Fixes element-hq/element-web#19891.
* Hide the reply in thread button in deployments where beta is forcibly disabled ([\#8294](matrix-org/matrix-react-sdk#8294)). Fixes element-hq/element-web#21753.
* Prevent soft crash around room list header context menu when space changes ([\#8289](matrix-org/matrix-react-sdk#8289)). Fixes matrix-org/element-web-rageshakes#11416, matrix-org/element-web-rageshakes#11692, matrix-org/element-web-rageshakes#11739, matrix-org/element-web-rageshakes#11772, matrix-org/element-web-rageshakes#11891 matrix-org/element-web-rageshakes#11858 and matrix-org/element-web-rageshakes#11456.
* When selecting reply in thread on a thread response open existing thread ([\#8291](matrix-org/matrix-react-sdk#8291)). Fixes element-hq/element-web#21743.
* Handle thread bundled relationships coming from the server via MSC3666 ([\#8292](matrix-org/matrix-react-sdk#8292)). Fixes element-hq/element-web#21450.
* Fix: Avatar preview does not update when same file is selected repeatedly ([\#8288](matrix-org/matrix-react-sdk#8288)). Fixes element-hq/element-web#20098.
* Fix a bug where user gets a warning when changing powerlevel from **Admin** to **custom level (100)** ([\#8248](matrix-org/matrix-react-sdk#8248)). Fixes element-hq/element-web#21682. Contributed by @Jumeb.
* Use a consistent alignment for all text items in a list ([\#8276](matrix-org/matrix-react-sdk#8276)). Fixes element-hq/element-web#21731. Contributed by @luixxiul.
* Fixes button labels being collapsed per a character in CJK languages ([\#8212](matrix-org/matrix-react-sdk#8212)). Fixes element-hq/element-web#21287. Contributed by @luixxiul.
* Fix: Remove jittery timeline scrolling after jumping to an event ([\#8263](matrix-org/matrix-react-sdk#8263)).
* Fix regression of edits showing up in the timeline with hidden events shown ([\#8260](matrix-org/matrix-react-sdk#8260)). Fixes element-hq/element-web#21694.
* Fix reporting events not working ([\#8257](matrix-org/matrix-react-sdk#8257)). Fixes element-hq/element-web#21713.
* Make Jitsi widgets in video rooms immutable ([\#8244](matrix-org/matrix-react-sdk#8244)). Fixes element-hq/element-web#21647.
* Fix: Ensure links to events scroll the correct events into view ([\#8250](matrix-org/matrix-react-sdk#8250)). Fixes element-hq/element-web#19934.
@CLAassistant
Copy link

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@dbkr
Copy link
Member

dbkr commented Sep 12, 2024

This has been sitting since 2021 so I think it's time to close it. This isn't saying, 'no' to the feature, but this PR has 3 years worth of conflicts so it's probably as easy to start afresh anyway.

If anyone picks this up, some points from when we were discussing it:

  • An obvious use of this is to put traffic through Tor or similar, so we need to
    1. Make sure it doesn't break (ie. find a way to test it, and test it well)
    2. Make sure all the traffic the app sends uses the proxy. ie. this PR covers the web traffic + auto updater. Is that everything? Do we make any requests from the main process itself? Will we in the future?
  • The config passed to this is quite large. It's also just taking the proxy config object and exposing it in the config. Is this interface stable?
  • I forget the details of electron auto updating, but having to import a package we previously never pulled in seems very surprising. This would need a lot of explanation in comments as Travis was getting at. What's lacking about the one from electron?
  • The PAC file watching is a little 😳. This would definitely need tests. It also feels weird that it's our job.

That said, a good argument for this is that, if, in practice, people are using --proxy-server and leaking update traffic over a clearnet then this will help.

@dbkr dbkr closed this Sep 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T-Enhancement Z-Community-PR Issue is solved by a community member's PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Updater lack proxy configuration
9 participants