feat: wire Tor controller into server and API

Start/stop TorController in serve() lifecycle when tor: config is present. Adds GET /tor (status) and POST /tor/newnym (signal) endpoints to the control API. Logs control address at startup. Adds tor: section and api_listen to example config. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 20:07:18 +01:00
parent b07135ad44
commit ff217be9c8
3 changed files with 65 additions and 0 deletions
--- a/config/example.yaml
+++ b/config/example.yaml
@@ -8,6 +8,7 @@ log_level: info
 # max_connections: 256  # max concurrent client connections (backpressure)
 # pool_size: 0          # pre-warmed TCP connections to first hop (0 = disabled)
 # pool_max_idle: 30     # max idle time (seconds) for pooled connections
+# api_listen: 127.0.0.1:1081  # control API (disabled by default)

 # Proxy chain -- connections tunnel through each hop in order.
 # Supported protocols: socks5://, socks4://, http://
@@ -37,6 +38,15 @@ chain:
 #   state_file: ""           # empty = ~/.cache/s5p/pool.json
 #   report_url: ""           # POST dead proxies here (optional)

+# Tor control port -- enables NEWNYM signaling (new circuit on demand).
+# Requires Tor's ControlPort enabled (torrc: ControlPort 9051).
+# tor:
+#   control_host: 127.0.0.1
+#   control_port: 9051
+#   password: ""                   # HashedControlPassword in torrc
+#   cookie_file: ""                # CookieAuthentication file path
+#   newnym_interval: 0             # periodic NEWNYM (seconds, 0 = manual only)
+
 # Legacy proxy source (still supported, auto-converts to proxy_pool):
 # proxy_source:
 #   url: http://10.200.1.250:8081/proxies