2021-08-27 12:15:22 +00:00
|
|
|
include /etc/nginx/conf.d/include/cors;
|
|
|
|
include /etc/nginx/conf.d/include/proxy-buffer;
|
|
|
|
include /etc/nginx/conf.d/include/proxy-cache-downloads;
|
|
|
|
include /etc/nginx/conf.d/include/track-download;
|
|
|
|
|
|
|
|
# redirect purge calls to separate location
|
|
|
|
error_page 462 = @purge;
|
|
|
|
if ($request_method = PURGE) {
|
|
|
|
return 462;
|
|
|
|
}
|
|
|
|
|
|
|
|
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
|
|
|
|
|
2021-11-05 11:57:06 +00:00
|
|
|
# ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)
|
|
|
|
# this is important because we want only one format in cache keys and logs
|
|
|
|
set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }
|
|
|
|
|
2021-08-27 12:15:22 +00:00
|
|
|
# $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was:
|
2021-09-20 20:20:48 +00:00
|
|
|
# a) skylink v1 - it would not matter, no additional logic is executed
|
2021-08-27 12:15:22 +00:00
|
|
|
# b) skylink v2 - in a lua block below we will resolve the skylink v2 into skylink v1 and update
|
|
|
|
# $skylink_v1 variable so then the proxy request to skyd can be cached in nginx (proxy_cache_key
|
|
|
|
# in proxy-cache-downloads includes $skylink_v1 as a part of the cache key)
|
|
|
|
set $skylink_v1 $skylink;
|
|
|
|
set $skylink_v2 $skylink;
|
|
|
|
|
|
|
|
# variable for Skynet-Proof header that we need to inject
|
|
|
|
# into a response if the request was for skylink v2
|
|
|
|
set $skynet_proof '';
|
|
|
|
|
|
|
|
# default download rate to unlimited
|
|
|
|
set $limit_rate 0;
|
|
|
|
|
|
|
|
access_by_lua_block {
|
|
|
|
local httpc = require("resty.http").new()
|
|
|
|
|
|
|
|
-- detect whether requested skylink is v2
|
|
|
|
local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04"
|
|
|
|
local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ"
|
|
|
|
|
|
|
|
if isBase32v2 or isBase64v2 then
|
|
|
|
-- 10.10.10.10 points to sia service (alias not available when using resty-http)
|
|
|
|
local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, {
|
|
|
|
headers = { ["User-Agent"] = "Sia-Agent" }
|
|
|
|
})
|
|
|
|
|
|
|
|
-- print error and exit with 500 or exit with response if status is not 200
|
|
|
|
if err or (res and res.status ~= ngx.HTTP_OK) then
|
|
|
|
ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status
|
|
|
|
ngx.header["content-type"] = "text/plain"
|
|
|
|
ngx.say(err or res.body)
|
|
|
|
return ngx.exit(ngx.status)
|
|
|
|
end
|
|
|
|
|
|
|
|
local json = require('cjson')
|
|
|
|
local resolve = json.decode(res.body)
|
|
|
|
ngx.var.skylink_v1 = resolve.skylink
|
|
|
|
ngx.var.skynet_proof = res.headers["Skynet-Proof"]
|
|
|
|
end
|
|
|
|
|
2021-12-20 10:27:29 +00:00
|
|
|
-- check if skylink v1 is present on blocklist (compare hashes)
|
|
|
|
if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then
|
|
|
|
ngx.status = ngx.HTTP_ILLEGAL
|
|
|
|
ngx.header["content-type"] = "text/plain"
|
|
|
|
ngx.say("Unavailable For Legal Reasons")
|
|
|
|
return ngx.exit(ngx.status)
|
|
|
|
end
|
|
|
|
|
2021-08-27 12:15:22 +00:00
|
|
|
-- this block runs only when accounts are enabled
|
2022-01-04 13:57:20 +00:00
|
|
|
if not os.getenv("PORTAL_MODULES"):match("a") then return end
|
2021-08-27 12:15:22 +00:00
|
|
|
|
|
|
|
-- 10.10.10.70 points to accounts service (alias not available when using resty-http)
|
|
|
|
local res, err = httpc:request_uri("http://10.10.10.70:3000/user/limits", {
|
2021-08-27 16:33:27 +00:00
|
|
|
headers = { ["Cookie"] = "skynet-jwt=" .. ngx.var.skynet_jwt }
|
2021-08-27 12:15:22 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
-- fail gracefully in case /user/limits failed
|
|
|
|
if err or (res and res.status ~= ngx.HTTP_OK) then
|
|
|
|
ngx.log(ngx.ERR, "Failed accounts service request /user/limits: ", err or ("[HTTP " .. res.status .. "] " .. res.body))
|
|
|
|
ngx.var.limit_rate = 2621440 -- (20 * 1024 * 1024 / 8) conservative fallback to 20 mbps in case accounts failed to return limits
|
|
|
|
elseif res and res.status == ngx.HTTP_OK then
|
|
|
|
local json = require('cjson')
|
|
|
|
local limits = json.decode(res.body)
|
|
|
|
ngx.var.limit_rate = limits.download
|
|
|
|
end
|
|
|
|
}
|
|
|
|
|
|
|
|
header_filter_by_lua_block {
|
|
|
|
ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API")
|
|
|
|
ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API")
|
|
|
|
|
|
|
|
-- not empty skynet_proof means this is a skylink v2 request
|
|
|
|
-- so we should replace the Skynet-Proof header with the one
|
|
|
|
-- we got from /skynet/resolve/ endpoint, otherwise we would
|
|
|
|
-- be serving cached empty v1 skylink Skynet-Proof header
|
|
|
|
if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then
|
|
|
|
ngx.header["Skynet-Proof"] = ngx.var.skynet_proof
|
|
|
|
end
|
|
|
|
}
|
|
|
|
|
|
|
|
limit_rate_after 512k;
|
|
|
|
limit_rate $limit_rate;
|
|
|
|
|
|
|
|
proxy_read_timeout 600;
|
|
|
|
proxy_set_header User-Agent: Sia-Agent;
|
|
|
|
|
2021-09-20 20:20:48 +00:00
|
|
|
# in case the requested skylink was v2 and we already resolved it to skylink v1, we are going to pass resolved
|
2021-08-27 12:15:22 +00:00
|
|
|
# skylink v1 to skyd to save that extra skylink v2 lookup in skyd but in turn, in case skyd returns a redirect
|
|
|
|
# we need to rewrite the skylink v1 to skylink v2 in the location header with proxy_redirect
|
|
|
|
proxy_redirect $skylink_v1 $skylink_v2;
|
|
|
|
proxy_pass http://sia:9980/skynet/skylink/$skylink_v1$path$is_args$args;
|