LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix hns header overflow and redirects

This commit is contained in:
Karol Wypchlo 2020-07-31 15:25:57 +02:00
parent b70d4f143e
commit 06f0946317
4 changed files with 12 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/handshake-api/Dockerfile
View File

@ -17,4 +17,4 @@ ENV HSD_API_KEY="foo"
EXPOSE $PORT EXPOSE $PORT
ENTRYPOINT ["node", "index.js"] ENTRYPOINT ["node", "--max-http-header-size=64000", "index.js"]

11
docker/nginx/conf.d/client.conf
View File

@ -114,6 +114,7 @@ server {
location /hns { location /hns {
include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/cors;
include /etc/nginx/conf.d/include/proxy-buffer;
proxy_pass http://handshake-api:3100; proxy_pass http://handshake-api:3100;
} }
@ -173,6 +174,7 @@ server {
location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" { location ~ "^/([a-zA-Z0-9-_]{46}(/.*)?)$" {
include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/cors;
include /etc/nginx/conf.d/include/proxy-buffer;
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
@ -185,10 +187,6 @@ server {
# proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct) # proxy this call to siad /skynet/skylink/ endpoint (make sure the ip is correct)
proxy_pass http://siad/skynet/skylink/$skylink$is_args$args; proxy_pass http://siad/skynet/skylink/$skylink$is_args$args;
# if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs
proxy_buffer_size 128k;
proxy_buffers 4 128k;
# cache frequent (> 10) downloads for 24 hours # cache frequent (> 10) downloads for 24 hours
proxy_cache skynet; proxy_cache skynet;
proxy_cache_key $uri; proxy_cache_key $uri;
@ -199,6 +197,7 @@ server {
location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" { location ~ "^/file/([a-zA-Z0-9-_]{46}(/.*)?)$" {
include /etc/nginx/conf.d/include/cors; include /etc/nginx/conf.d/include/cors;
include /etc/nginx/conf.d/include/proxy-buffer;
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
@ -212,10 +211,6 @@ server {
# this alias also adds attachment=true url param to force download the file # this alias also adds attachment=true url param to force download the file
proxy_pass http://siad/skynet/skylink/$skylink?attachment=true&$args; proxy_pass http://siad/skynet/skylink/$skylink?attachment=true&$args;
# if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs
proxy_buffer_size 128k;
proxy_buffers 4 128k;
# cache frequent (> 10) downloads for 24 hours # cache frequent (> 10) downloads for 24 hours
proxy_cache skynet; proxy_cache skynet;
proxy_cache_key $uri; proxy_cache_key $uri;

4
docker/nginx/conf.d/include/proxy-buffer Normal file
View File

@ -0,0 +1,4 @@
# if you are expecting large headers (ie. Skynet-Skyfile-Metadata), tune these values to your needs
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;

10
handshake-api/index.js
View File

@ -85,14 +85,12 @@ server.use(
const basepath = url.resolve("/", skylink); // make the url absolute const basepath = url.resolve("/", skylink); // make the url absolute
const subpath = req.url.slice(1); // drop the leading slash const subpath = req.url.slice(1); // drop the leading slash
// if the skylink from handshake does not contain a subpath but subpath // if the record is just a raw skylink, replace baseUrl with /skylink
// is defined in request, join the skylink and subpath together (do not if (skylink.length === 46) {
// use url.resolve because it will replace skylink with subapth thinking return req.originalUrl.replace(req.baseUrl, basepath);
// it is relative)
if (skylink.length === 46 && subpath) {
return `${basepath}/${subpath}`;
} }
// if the record contains more than a skylink then it needs to be resolved
return url.resolve(basepath, subpath); return url.resolve(basepath, subpath);
}, },
}) })