# README

syncthing-proxy

This is a proxy server that does authentication and proxies to unix domain sockets.

Inspired by:

It will talk with an accountserver daemon to fetch the credentials and use the username to derive a unix domain socket to forward requests to if the authentication succeeds.

TODO

write a wrapper around syncthing that will:
- acquire a lock file in the sshfs mount point
- if lock file is acquired, ensure syncthing is running
- if lock file is released, ensure syncthing is stopped
when syncthing is running, bind a public socket and run a reverse proxy that forwards to the Syncthing GUI. Add a X-Authorization: bearer UUID of the lock file.
when syncthing is not running, the wrapper should open the socket syncthing would notmally open and run a reverse proxy to the instance that is running using the public address of the running service with the correct X-Authorization header.
Uses HTTPS using a certificate stored on sshfs, or use a encrypted transport using a key derived from the UUID shared secret like for example https://github.com/nknorg/encrypted-stream
For good measures, add an interface to browse the files.
Add nice HTML form for the authentication

File locking:

generate random UUID
check if the lock file is old (mtime>60s). if stale, remove it
take a lock with open(O_CREAT | O_EXCL)
if lock file cannot be created, wait 30s and repeat
if lock is taken, write a random UUID to it then close the lock file
every 30s, check the file exists and contains the UUID
if not, the lock has been removed from under us, stop services
if the lock file still exists with the correct UUID, touch it