Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add /api/{alive,now,version} endpoints #2433

Merged
merged 1 commit into from
Apr 24, 2022
Merged

Add /api/{alive,now,version} endpoints #2433

merged 1 commit into from
Apr 24, 2022

Conversation

jjlin
Copy link
Contributor

@jjlin jjlin commented Apr 24, 2022

The added endpoints work the same as in their upstream implementations.

Upstream also implements /api/ip. This seems to include the server's public
IP address (the one that should be hidden behind Cloudflare), which doesn't
seem like a great idea.

@jjlin
Add /api/{alive,now,version} endpoints
df8aeb1 
The added endpoints work the same as in their upstream implementations.

Upstream also implements `/api/ip`. This seems to include the server's public
IP address (the one that should be hidden behind Cloudflare), which doesn't
seem like a great idea.
@BlackDex
Copy link
Collaborator

Yea, these are some nice additions. I agree on the IP endpoint. Even if you would hide the servers public endpoint, you could still figure out the forwarded-for IP's which might also be unwanted.

@dani-garcia dani-garcia merged commit 3abf173 into dani-garcia:main Apr 24, 2022
@jjlin jjlin deleted the meta-apis branch April 24, 2022 18:21
@GoliathLabs
Copy link

@jjlin @BlackDex would it be an option that you could switch whether /api/ip should expose the IP or not? Since most users are probably not behind cloudflare and therefore have no disadvantage in providing the IP endpoint

@github-actions github-actions bot mentioned this pull request May 23, 2022
Closed
@hevisko
Copy link

hevisko commented May 23, 2022

Hmmm... What would /api/ip return if it's behind a cloudflare behind a caddy/nginx, ie. the vaultwarden's IP would be localhost, the caddy's IP is a rfc1918 IP, which sits behind a firewall that NATs the external IP to the caddy, that might an IP behind cloudflare, so perhaps making the IP a trinary setting would be great:, like:
0.0.0.0 - off, return 404
anything from 0.0.0.1 to 255.255.255.254 - the value given (might be bogus)
255.255.255.255 - the IP that vaultwarden is listening on

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BlackDex BlackDex BlackDex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jjlin @BlackDex @GoliathLabs @hevisko @dani-garcia