fix(monero-rpc-pool): only try to bypass unforced Tor

nabijaczleweli · nabijaczleweli · commit 27bb7ff8e2c9 · 2025-10-26T07:06:39.000+01:00
Bypassing Tor on TorBackend::Socks breaks everything,
because /all/ traffic needs to go through the proxy
(normal connect() is broken on Tails)

Bypassing Tor on TorBackend::Torsocks is misleading,
because the log implies the request would be performed over clearnet
(it won't be), but doesn't otherwise impact anything,
since Torsocks is the same as clearnet from the program's POV
diff --git a/monero-rpc-pool/src/proxy.rs b/monero-rpc-pool/src/proxy.rs
@@ -130,6 +130,16 @@ pub async fn proxy_handler(State(state): State<AppState>, request: Request) -> R
     }
 }
 
+/// Check if we're using Tor for this request
+///
+/// Use Tor if:
+/// 1. the environment can *only* route clearnet traffic over Tor
+/// 2. it's enabled, ready, and the request didn't ask to be routed over clearnet
+fn use_tor_for_request(state: &AppState, request: &CloneableRequest) -> bool {
+    state.tor_client.masquerade_clearnet()
+        || (state.tor_client.ready_for_traffic() && !request.clearnet_whitelisted())
+}
+
 /// Given a Vec of nodes, proxy the given request to multiple nodes until we get a successful response
 async fn proxy_to_multiple_nodes(
     state: &AppState,
@@ -141,8 +151,7 @@ async fn proxy_to_multiple_nodes(
     }
 
     // Sort nodes to prioritize those with available connections
-    // Check if we're using Tor for this request
-    let use_tor = state.tor_client.ready_for_traffic() && !request.clearnet_whitelisted();
+    let use_tor = use_tor_for_request(state, &request);
 
     // Create a vector of (node, has_connection) pairs
     let mut nodes_with_availability = Vec::new();
@@ -447,12 +456,11 @@ async fn proxy_to_single_node(
 ) -> Result<Response, SingleRequestError> {
     use crate::connection_pool::GuardedSender;
 
-    if request.clearnet_whitelisted() {
+    let use_tor = use_tor_for_request(state, &request);
+    if !use_tor && request.clearnet_whitelisted() {
         tracing::trace!("Request is whitelisted, sending over clearnet");
     }
 
-    let use_tor = state.tor_client.ready_for_traffic() && !request.clearnet_whitelisted();
-
     let key = (node.0.clone(), node.1.clone(), node.2, use_tor);
 
     // Try to reuse an idle HTTP connection first.
diff --git a/monero-rpc-pool/src/tor.rs b/monero-rpc-pool/src/tor.rs
@@ -11,6 +11,7 @@ impl<T: AsyncRead + AsyncWrite + Unpin + Send> HyperStream for T {}
 pub trait TorBackendRpc {
     fn is_some(&self) -> bool;
     fn ready_for_traffic(&self) -> bool;
+    fn masquerade_clearnet(&self) -> bool;
     async fn connect(&self, address: (&str, u16)) -> anyhow::Result<Box<dyn HyperStream>>;
 }
 impl TorBackendRpc for TorBackend {
@@ -26,6 +27,13 @@ impl TorBackendRpc for TorBackend {
         }
     }
 
+    fn masquerade_clearnet(&self) -> bool {
+        match self {
+            TorBackend::Arti(..) | TorBackend::None => false,
+            TorBackend::Socks(..) => true,
+        }
+    }
+
     async fn connect(&self, address: (&str, u16)) -> anyhow::Result<Box<dyn HyperStream>> {
         match self {
             TorBackend::Arti(tor_client) => Ok(Box::new(tor_client.connect(address).await?)),
