From 8b0f37acacda9a453e191eafdcd14c774f2e84d8 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 13:20:16 -0300 Subject: [PATCH 1/7] Create codex.yml --- .github/workflows/codex.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/codex.yml diff --git a/.github/workflows/codex.yml b/.github/workflows/codex.yml new file mode 100644 index 000000000..24b04b824 --- /dev/null +++ b/.github/workflows/codex.yml @@ -0,0 +1,29 @@ +name: codex + +on: + workflow_dispatch: + inputs: + prompt: + description: "Tarea para Codex" + required: true + type: string + pull_request: + types: [opened, synchronize, reopened] + +jobs: + codex: + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout repo + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Run Codex + uses: openai/codex-action@v1 + with: + openai-api-key: ${{ secrets.OPENAI_API_KEY }} + prompt: ${{ github.event.inputs.prompt || 'Review this PR and suggest fixes focused on rustdesk-server hbbs changes.' }} From 8917e9b333949234053721d40661c684d49c9d10 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 13:33:59 -0300 Subject: [PATCH 2/7] Update build.yaml --- .github/workflows/build.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 791bd79c3..1a0c48311 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,9 @@ permissions: on: workflow_dispatch: - push: + push: + branches: + - master tags: - 'v[0-9]+.[0-9]+.[0-9]+' - '[0-9]+.[0-9]+.[0-9]+' From 89c390bbe3f27716e8f6c263633afee31215967a Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 13:34:34 -0300 Subject: [PATCH 3/7] Update build.yaml --- .github/workflows/build.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1a0c48311..42a80b1ca 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,10 @@ permissions: on: workflow_dispatch: - push: + pull_request: + branches: + - master + push: branches: - master tags: From 7d70c785f1e13964552525274ab121940856bf63 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 14:49:26 -0300 Subject: [PATCH 4/7] Update peer.rs --- src/peer.rs | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/peer.rs b/src/peer.rs index 4ca87cfad..f45499baf 100644 --- a/src/peer.rs +++ b/src/peer.rs @@ -177,4 +177,15 @@ impl PeerMap { pub(crate) async fn is_in_memory(&self, id: &str) -> bool { self.map.read().await.contains_key(id) } + + #[inline] + pub(crate) async fn get_id_by_socket_addr(&self, addr: SocketAddr) -> Option { + let map = self.map.read().await; + for (id, peer) in map.iter() { + if peer.read().await.socket_addr == addr { + return Some(id.clone()); + } + } + None + } } From fcfe28190dfed8954b708c006491cfbca58d41f5 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 14:53:43 -0300 Subject: [PATCH 5/7] Update rendezvous_server.rs --- src/rendezvous_server.rs | 55 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) diff --git a/src/rendezvous_server.rs b/src/rendezvous_server.rs index ff68441b6..b95d6bcfc 100644 --- a/src/rendezvous_server.rs +++ b/src/rendezvous_server.rs @@ -33,7 +33,8 @@ use hbb_common::{ use ipnetwork::Ipv4Network; use sodiumoxide::crypto::sign; use std::{ - collections::HashMap, + collections::{HashMap, HashSet}, + fs, net::{IpAddr, Ipv4Addr, Ipv6Addr, SocketAddr}, sync::atomic::{AtomicBool, AtomicUsize, Ordering}, sync::Arc, @@ -88,6 +89,7 @@ pub struct RendezvousServer { relay_servers0: Arc, rendezvous_servers: Arc>, inner: Arc, + outbound_whitelist: HashSet, } enum LoopFailure { @@ -127,6 +129,19 @@ impl RendezvousServer { .unwrap_or_default(), ) }; + + let outbound_whitelist: HashSet = fs::read_to_string("whitelist.txt") + .unwrap_or_default() + .lines() + .map(|l| l.trim().to_string()) + .filter(|l| !l.is_empty() && !l.starts_with('#')) + .collect(); + + log::info!( + "Loaded outbound whitelist entries: {}", + outbound_whitelist.len() + ); + let mut rs = Self { tcp_punch: Arc::new(Mutex::new(HashMap::new())), pm, @@ -142,6 +157,7 @@ impl RendezvousServer { mask, local_ip, }), + outbound_whitelist, }; log::info!("mask: {:?}", rs.inner.mask); log::info!("local-ip: {:?}", rs.inner.local_ip); @@ -687,6 +703,7 @@ impl RendezvousServer { ws: bool, ) -> ResultType<(RendezvousMessage, Option)> { let mut ph = ph; + if !key.is_empty() && ph.licence_key != key { log::warn!("Authentication failed from {} for peer {} - invalid key", addr, ph.id); let mut msg_out = RendezvousMessage::new(); @@ -696,6 +713,38 @@ impl RendezvousServer { }); return Ok((msg_out, None)); } + + let source_id = self.pm.get_id_by_socket_addr(addr).await; + match source_id { + Some(src_id) => { + if !self.outbound_whitelist.contains(&src_id) { + log::warn!( + "Outbound connection rejected by whitelist: source_id={} remote_addr={}", + src_id, + addr + ); + let mut msg_out = RendezvousMessage::new(); + msg_out.set_punch_hole_response(PunchHoleResponse { + failure: punch_hole_response::Failure::ID_NOT_EXIST.into(), + ..Default::default() + }); + return Ok((msg_out, None)); + } + } + None => { + log::warn!( + "Outbound connection rejected: unable to resolve source_id for remote_addr={}", + addr + ); + let mut msg_out = RendezvousMessage::new(); + msg_out.set_punch_hole_response(PunchHoleResponse { + failure: punch_hole_response::Failure::ID_NOT_EXIST.into(), + ..Default::default() + }); + return Ok((msg_out, None)); + } + } + let id = ph.id; // punch hole request from A, relay to B, // check if in same intranet first, @@ -723,7 +772,7 @@ impl RendezvousServer { let to_id_clone = id.clone(); let mut lock = PUNCH_REQS.lock().await; let mut dup = false; - for e in lock.iter().rev().take(30) { // only check recent tail subset for speed + for e in lock.iter().rev().take(30) { if e.from_ip == from_ip && e.to_id == to_id_clone { if e.tm.elapsed().as_secs() < PUNCH_REQ_DEDUPE_SEC { dup = true; } break; @@ -1053,7 +1102,7 @@ impl RendezvousServer { let arg = fds.next(); if let Some("-") = arg { lock.clear(); } else { - let mut start = arg.and_then(|x| x.parse::().ok()).unwrap_or(0); + let start = arg.and_then(|x| x.parse::().ok()).unwrap_or(0); let mut page_size = fds.next().and_then(|x| x.parse::().ok()).unwrap_or(10); if page_size == 0 { page_size = 10; } for (_, e) in lock.iter().enumerate().skip(start).take(page_size) { From be65921e210de548a147aba8f84249870ad34de4 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 15:12:10 -0300 Subject: [PATCH 6/7] Add files via upload --- .github/workflows/HBBS.txt | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/HBBS.txt diff --git a/.github/workflows/HBBS.txt b/.github/workflows/HBBS.txt new file mode 100644 index 000000000..79a56228c --- /dev/null +++ b/.github/workflows/HBBS.txt @@ -0,0 +1,38 @@ +name: Create HBBS Windows + +on: + workflow_dispatch: + pull_request: + branches: + - master + push: + branches: + - master + +permissions: + contents: read + +jobs: + build-windows: + name: Build hbbs.exe (Windows) + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Install Rust toolchain + uses: dtolnay/rust-toolchain@stable + with: + targets: x86_64-pc-windows-msvc + + - name: Build hbbs.exe + run: cargo build --release --target x86_64-pc-windows-msvc --bin hbbs + + - name: Upload hbbs artifact + uses: actions/upload-artifact@v4 + with: + name: hbbs-windows + path: target/x86_64-pc-windows-msvc/release/hbbs.exe From 488241d32c90e0499392a98145bc539a11f492a5 Mon Sep 17 00:00:00 2001 From: tango103 Date: Mon, 9 Mar 2026 15:13:29 -0300 Subject: [PATCH 7/7] Rename HBBS.txt to HBBS.yaml --- .github/workflows/{HBBS.txt => HBBS.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{HBBS.txt => HBBS.yaml} (100%) diff --git a/.github/workflows/HBBS.txt b/.github/workflows/HBBS.yaml similarity index 100% rename from .github/workflows/HBBS.txt rename to .github/workflows/HBBS.yaml