Dustin
ed142322bd
The backend will be split into two processes: * The privileged daemon * The unprivileged web server These processes will communicate using JSON-RPC over a UNIX socket. The web server is unprivileged to mitigate the risk of vulnerabilities being exploited to gain control of the system. The privileged daemon will handle all actual firewall management. Additionally, the backend also acts as a command-line interface for communicating with the daemon. The application's main entry point determines which process to launch based on the name of the executable. This can be controlled, e.g. by creating symbolic links pointing to the binary, or using the `@` prefix in the `ExecStart` setting in a systemd unit. This first commit introduces the Rocket framework for the web process. Unfortunately, Rocket is rather inflexible in how it is started. It expects to have complete control of the `main` function, and does not provide any mechanism for passing data to its initialization routines. Thus, in order to configure it using command-line arguments, arguments have to be parsed inside Rocket's main function; they cannot be parsed ahead of time and passed in. |
||
|---|---|---|
| backend | ||
| ui | ||
| weywot.code-workspace | ||