change server domain to 0.0.0.0

[tiezhuli001]

change server domain to 0.0.0.0. allow remote ssh connections to access the http address via the ip:port format.

when the host is set to 0.0.0.0 in net.Listen(), it supports both IPv4 and IPv6. Refer to: golang/go#22811

[ccoVeille]

I might be wrong but this change may lead that anyone on the same local network will be able to access your port, while it was not available with localhost.

As I said, I might be wrong, but it's worth trying. And if so, maybe it would be interesting to make this available via a command-line parameters (like --public or whatever)

I'm reporting this because of security concern

[xhd2015]

The default behavior is to follow an npm package called http-server, which defaults to listen on public address.

Since this tool is primarily used in local development, it's better to listen on local address by default. And can be made public by specifying --public.

Good point.

[tiezhuli001]

You're right. With regards to security, using the --public parameter certainly seems more prudent. The default is still set to the localhost:port configuration, but I'll make the appropriate changes. Thank you for your advice.

[ccoVeille]

You're right. With regards to security, using the --public parameter certainly seems more prudent. Thank you for your advice.

I faced that issue when implementing something like that on a tool, that's why I raised the point.

Also, @xhd2015 @tiezhuli001 most people won't need the feature to listen on all network ever. So yes, it should be something to pass as argument

By the way, --public was a suggestion, a better name should be found I think.

[tiezhuli001]

Yes, thanks for the suggestions. Similar to Python's http.server and Node.js's http-server, I've added --bind and --port as options to set IP and port. The default host remains as localhost.

[ccoVeille]

Perfect, thanks

[ccoVeille]

So no warning, error reporting here that you will fallback to local host?

[tiezhuli001]

Yes, I agree that there's no need to return an error and terminate the process here.
Regardless of the situation, we should open to the default host and port - localhost should always be accessible, right?

[ccoVeille]

This one may cause problem

If this method failed to find an IP, you will display an error message, but the user may have provided 0.0.0.0.

So you will use it, but an error will be displayed

It's unlikely to happen I think, but I would expect the local IPs to be tested after the valid one would be tested first

[ccoVeille]

I don't think this is valid hereif someone provides a bind to his public IP you won't display it.

You will have to create a function to test if the bind is purely local I think and use icon other method, or copy paste the code here

[tiezhuli001]

I will refer to the nodejs http-server to print the corresponding URL, like this:

if (argv.a && host !== '0.0.0.0') {
logger.info( ${protocol}${host}:${chalk.green(port.toString())});
} else {
Object.keys(ifaces).forEach(function (dev) {
ifaces[dev].forEach(function (details) {
if (details.family === 'IPv4') {
logger.info((' ' + protocol + details.address + ':' + chalk.green(port.toString())));
}
});
});
}

[ccoVeille]

Indeed, it only displays something if not listening on everything

[xhd2015]

Need to rebase master and squash to one commit

[tiezhuli001]

Yes, it has been merged into one commit, thank you.

[ccoVeille]

Not a real issue

But, I would have written this 😅

        localIPs = append(localIPs, "0.0.0.0", "::")

[ccoVeille]

Indeed, it only displays something if not listening on everything

[ccoVeille]

Thanks for applying the suggestions I made