Clean up and seperate flags

tor/torProvider.go

@@ -270,14 +270,23 @@ func (tp *torProvider) Listen(identity connectivity.PrivateKey, port int) (conne
 
 	var localListener net.Listener
 	var err error
-	if bineWhonix := os.Getenv("BINE_WHONIX"); strings.ToLower(bineWhonix) == "true" {
-		if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
-			localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
-		}
+
+	if cwtchRestrictPorts := os.Getenv("CWTCH_RESTRICT_PORTS"); strings.ToLower(cwtchRestrictPorts) == "true" {
 		// for whonix like systems we tightly restrict possible listen...
 		// pick a random port between 15300 and 15378
 		// cwtch = 63 *77 *74* 63* 68 = 1537844616
-		localport = 15300 + ((localport - 1024) % 78)
+		log.Infof("using restricted ports, CWTCH_RESTRICT_PORTS=true");
+		localport = 15300 + (localport % 78)
+	}
+	
+	if bindExternal := os.Getenv("CWTCH_BIND_EXTERNAL_WHONIX"); strings.ToLower(bindExternal) == "true" {
+		if _, ferr := os.Stat("/usr/share/anon-ws-base-files/workstation"); !os.IsNotExist(ferr) {
+			log.Infof("WARNING: binding to external interfaces. This is potentially unsafe outside of a containerized environment.");
+			localListener, err = net.Listen("tcp", "0.0.0.0:"+strconv.Itoa(localport))
+		} else {
+			log.Errorf("CWTCH_BIND_EXTERNAL_WHONIX flag set, but /usr/share/anon-ws-base-files/workstation does not exist. Defaulting to binding to local ports");
+			localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
+		}
 	} else {
 		localListener, err = net.Listen("tcp", "127.0.0.1:"+strconv.Itoa(localport))
 	}