Merge branch 'main' of github.com:go-i2p/go-gittisane

README.md

@@ -1,88 +1,118 @@
-# go-gittisane
+# Go-Gittisane
-A soft-fork of gitea with support for running as an I2P service. Just the mod and the CI files.
 
-How it works:
+A soft-fork of Gitea with built-in support for running as an I2P (Invisible Internet Project) service. This project provides network implementation files and CI configuration to build Gitea with I2P support.
-=============
 
-This uses GitHub CI to continuously build an I2P-only version of Gitea based on the latest release of Gitea.
+## What is Go-Gittisane?
-We can do this without requiring a patch to the Gitea source code.
-This is because Gitea encapsulates its "Listening" and "Dialing" into functions, which can easily be substituted for alternative versions.
-For instance, the network listener is set up by a function, `graceful.GetListener() (net.Listener, error)` in the file `modules/graceful/server.go`. 
-The default implementation of the `GetListener() (net.Listener, error)` function, `DefaultGetListener() (net.Listener, error)` is defined in the `modules/graceful/net_unix.go` for Unix-like systems and `modules/graceful/net_windows.go` for Windows-like systems.
-A developer who wishes to "Mod" gitea to listen on another kind of connection do so by creating a new file which implements a `GetListener() (net.Listener, error)` function using an alternate listener implementation.
 
-On the client side, the same thing is possible because Go allows you to substitute the underlying transports used for the default HTTP Client.
+Go-Gittisane enables you to run the Gitea git server with anonymity features through the I2P network. All HTTP traffic - both incoming requests to your Gitea instance and outgoing requests from it - are routed through I2P, providing privacy and censorship resistance.
-So, in the absence of overriding settings, we can configure it to use SAMv3 to build HTTP connections by default using the same keys as the hidden service.
-Effectively this is like a "Bidirectional HTTP" tunnel in Java's Hidden Service Manager.
 
-Finally, if you need to include additional libraries, run `go mod tidy` in the root of the gitea checkout to include them.
+## How it Works
 
-Here is a complete working example mod:
+### Technical Explanation
 
-```Go
+Go-Gittisane leverages Gitea's modular network architecture to replace the standard TCP/IP networking with I2P connectivity:
-// copy this file to modules/graceful/net_anon.go before building gitea
+
+1. **Network Module Substitution**: Gitea encapsulates its network operations in the `graceful` package. By providing alternative implementations of key functions like `GetListener()`, we can redirect all network traffic through I2P.
+
+2. **I2P Integration**: The core modification is in `net_anon.go`, which uses the `github.com/go-i2p/onramp` library to establish I2P connectivity. This file:
+   - Creates an I2P "Garlic" router connection
+   - Implements a custom `GetListener` function that returns I2P listeners 
+   - Configures Go's HTTP client to use I2P for outbound connections
+
+3. **Platform-Specific Handling**: Unix socket connections (used for local IPC) are handled normally since they don't present anonymity risks. These implementations are in `net_anon_unix.go` and `net_anon_windows.go`.
+
+### Automated Builds
+
+This repository contains a GitHub Actions workflow that:
+1. Checks for new Gitea releases daily
+2. Downloads the Gitea source code for the latest release
+3. Applies our I2P network modifications
+4. Builds binaries for Linux, Windows, and macOS
+5. Creates a new release with these modified binaries
+
+## Deployment Options
+
+### Using Pre-built Binaries
+
+1. Download the latest release for your platform from the [Releases page](https://github.com/go-i2p/go-gittisane/releases)
+2. Ensure you have I2P router running with SAM enabled on port 7656
+3. Run the gittisane binary(it has identical options as gitea)
+
+## Implementation Details
+
+The core networking modification looks like this:
+
+```go
+// This file gets copied to modules/graceful/net_anon.go during build
 package graceful
 
 import (
-	"net"
+    "net"
-	"net/http"
+    "net/http"
 
-	"github.com/go-i2p/onramp"
+    "github.com/go-i2p/onramp"
 )
 
-// First, make sure that the onramp.Garlic API is set up:
+// Set up I2P connectivity
 var garlic, i2perr = onramp.NewGarlic("gitea-anon", "127.0.0.1:7656", onramp.OPT_DEFAULTS)
 
-// This implements the GetListener function for I2P. Note the exemption for Unix sockets, which is implemented in net_anon_unix.go and net_anon_windows.go
+// Custom implementation of GetListener for I2P
 func I2PGetListener(network, address string) (net.Listener, error) {
-	// Add a deferral to say that we've tried to grab a listener
+    defer GetManager().InformCleanup()
-	defer GetManager().InformCleanup()
+    switch network {
-	switch network {
+    case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
-	case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
+        return garlic.Listen()
-		return garlic.Listen()
+    case "unix", "unixpacket":
-	case "unix", "unixpacket":
+        // Unix sockets handled normally
-		// I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
+        unixAddr, err := ResolveUnixAddr(network, address)
-		unixAddr, err := net.ResolveUnixAddr(network, address)
+        if err != nil {
-		if err != nil {
+            return nil, err
-			return nil, err
+        }
-		}
+        return GetListenerUnixWrapper(network, unixAddr)
-		return GetListenerUnix(network, unixAddr)
+    default:
-	default:
+        return nil, net.UnknownNetworkError(network)
-		return nil, net.UnknownNetworkError(network)
+    }
-	}
 }
 
-// We use `init() to ensure that the I2P Listeners and Dialers are correctly placed at runtime`
+// Initialize everything at runtime
 func init() {
-	if i2perr != nil {
+    if i2perr != nil {
-		panic(i2perr)
+        panic(i2perr)
-	}
+    }
-	GetListener = I2PGetListener
+    GetListener = I2PGetListener
-	httpClient := &http.Client{
+    httpClient := &http.Client{
-		Transport: &http.Transport{
+        Transport: &http.Transport{
-			Dial: garlic.Dial,
+            Dial: garlic.Dial,
-		},
+        },
-	}
+    }
 
-	http.DefaultClient = httpClient
+    http.DefaultClient = httpClient
-	http.DefaultTransport = httpClient.Transport
+    http.DefaultTransport = httpClient.Transport
 }
-
 ```
 
-Caveats
+## Caveats and Limitations
--------
 
-Gitea makes a few other kinds of connections, besides `HTTP`, if instructed to do so in the config file.
+While HTTP traffic is anonymized, other types of connections might not be:
-For instance, there is an SMTP client.
-This is not anonymized in this configuration.
-Probably ask Postman if it's OK to use `127.0.0.1:7659/7660`.
-Similarly, SSH client connections are not anonymized in this configuration.
-Similar adjustments to the configuration can be made to also route these across I2P but aren't documented here at this time.
 
-License
+1. **SMTP**: Email sending from Gitea is not automatically routed through I2P
--------
+2. **SSH**: Git operations using SSH are not automatically anonymized
+3. **External Services**: Webhooks and other external connections will use I2P, but services must support I2P addresses
 
-Both this mod and gitea are licensed under the MIT license.
+These limitations can be addressed with additional configuration but are beyond the scope of the default implementation.
-See LICENSE for net_anon*.go in this repository.
+
-LICENSE-gitea.md is a copy of the Gitea license from https://github.com/go-gitea/gitea
+## Requirements
+
+- Go 1.21 or later (for building from source)
+- Running I2P router with SAM API enabled on port 7656
+- Standard Gitea requirements (database, etc.)
+
+## License
+
+Both this modification and Gitea are licensed under the MIT license.
+- See [LICENSE](LICENSE) for the license covering the files in this repository
+- See [LICENSE-gitea.md](LICENSE-gitea.md) for the Gitea license
+
+## Contributing
+
+Contributions are welcome! Please feel free to submit a Pull Request.

go.mod

@@ -1,14 +1,18 @@
 module github.com/go-i2p/go-gittisane
 
-go 1.23.5
+go 1.24.2
 
-require github.com/go-i2p/onramp v0.33.92
+require (
+	github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f
+	github.com/go-i2p/onramp v0.33.92
+)
 
 require (
 	github.com/cretz/bine v0.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708 // indirect
 	github.com/go-i2p/sam3 v0.33.9 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/stretchr/testify v1.10.0 // indirect

go.sum

@@ -4,6 +4,10 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f h1:Zh5oyecB8nONOlVlrGHXCqkk3gam7/6I/LR+BYF2Wuc=
+github.com/go-i2p/go-select-cache v0.0.0-20250722003334-fba8c5bb610f/go.mod h1:ABhJNyNBEHNbLYhRoqOsxHAkOKCFR41SSpwdKNfx8RU=
+github.com/go-i2p/go-select-cache v0.0.0-20250722005532-0478b3779782 h1:eXFTO+aJzdQTEydTdG3kJAiipQajS+KvulG7/2S8cmo=
+github.com/go-i2p/go-select-cache v0.0.0-20250722005532-0478b3779782/go.mod h1:ABhJNyNBEHNbLYhRoqOsxHAkOKCFR41SSpwdKNfx8RU=
 github.com/go-i2p/i2pkeys v0.0.0-20241108200332-e4f5ccdff8c4/go.mod h1:m5TlHjPZrU5KbTd7Lr+I2rljyC6aJ88HdkeMQXV0U0E=
 github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708 h1:Tiy9IBwi21maNpK74yCdHursJJMkyH7w87tX1nXGWzg=
 github.com/go-i2p/i2pkeys v0.33.10-0.20241113193422-e10de5e60708/go.mod h1:m5TlHjPZrU5KbTd7Lr+I2rljyC6aJ88HdkeMQXV0U0E=
@@ -11,6 +15,8 @@ github.com/go-i2p/onramp v0.33.92 h1:Dk3A0SGpdEw829rSjW2LqN8o16pUvuhiN0vn36z7Gpc
 github.com/go-i2p/onramp v0.33.92/go.mod h1:5sfB8H2xk05gAS2K7XAUZ7ekOfwGJu3tWF0fqdXzJG4=
 github.com/go-i2p/sam3 v0.33.9 h1:3a+gunx75DFc6jxloUZTAVJbdP6736VU1dy2i7I9fKA=
 github.com/go-i2p/sam3 v0.33.9/go.mod h1:oDuV145l5XWKKafeE4igJHTDpPwA0Yloz9nyKKh92eo=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

net_anon.go

@@ -5,6 +5,7 @@ import (
 	"net"
 	"net/http"
 
+	selectcache "github.com/go-i2p/go-select-cache"
 	"github.com/go-i2p/onramp"
 )
 
@@ -17,7 +18,15 @@ func I2PGetListener(network, address string) (net.Listener, error) {
 	defer GetManager().InformCleanup()
 	switch network {
 	case "tcp", "tcp4", "tcp6", "i2p", "i2pt":
-		return garlic.Listen()
+		config := selectcache.DefaultCacheConfig()
+		config.MaxMemoryMB = 512
+		config.MaxEntries = 10000
+		listener, err := garlic.Listen(network, address)
+		if err != nil {
+			return nil, err
+		}
+		// Wrap with caching listener
+		return selectcache.NewCachingListener(listener, config), nil
 	case "unix", "unixpacket":
 		// I2P isn't really a replacement for the stuff you use Unix sockets for and it's also not an anonymity risk, so treat them normally
 		unixAddr, err := ResolveUnixAddr(network, address)

net_anon_unix.go

@@ -28,5 +28,4 @@ func GetListenerUnixWrapper(network string, addr net.Addr) (net.Listener, error)
 	default:
 		return nil, fmt.Errorf("unknown address type %T", addr)
 	}
-
 }