diff --git a/docker/nginx/conf.d/include/location-hns b/docker/nginx/conf.d/include/location-hns index f41ac303..62ff9729 100644 --- a/docker/nginx/conf.d/include/location-hns +++ b/docker/nginx/conf.d/include/location-hns @@ -3,8 +3,7 @@ include /etc/nginx/conf.d/include/proxy-pass-internal; include /etc/nginx/conf.d/include/portal-access-check; # variable definititions - we need to define a variable to be able to access it in lua by ngx.var.something -set $skylink ''; # placeholder for the base64 skylink -set $skylink_base32 ''; # placeholder for the base32 skylink +set $skylink ''; # placeholder for the raw 46 bit skylink # resolve handshake domain by requesting to /hnsres endpoint and assign correct values to $skylink and $rest rewrite_by_lua_block { @@ -75,16 +74,10 @@ rewrite_by_lua_block { if ngx.var.path == "/" and skylink_rest ~= nil and skylink_rest ~= "" and skylink_rest ~= "/" then ngx.var.path = skylink_rest end - - -- assign base32 skylink to be used in proxy_pass - ngx.var.skylink_base32 = require("skynet.skylink").base32(ngx.var.skylink) } -# host header has to be adjusted to properly match server name -proxy_set_header Host $skylink_base32.$skynet_portal_domain; - -# pass the skylink request to subdomain skylink server -proxy_pass $scheme://$server_addr$path$is_args$args; +# we proxy to another nginx location rather than directly to siad because we do not want to deal with caching here +proxy_pass https://127.0.0.1/$skylink$path$is_args$args; # in case siad returns location header, we need to replace the skylink with the domain name header_filter_by_lua_block { diff --git a/docker/nginx/conf.d/include/location-skylink b/docker/nginx/conf.d/include/location-skylink index c613fe29..da4727c7 100644 --- a/docker/nginx/conf.d/include/location-skylink +++ b/docker/nginx/conf.d/include/location-skylink @@ -7,7 +7,7 @@ limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time # ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones) # this is important because we want only one format in cache keys and logs -set_by_lua_block $skylink { return require("skynet.skylink").base64(ngx.var.skylink) } +set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) } # $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was: # a) skylink v1 - it would not matter, no additional logic is executed diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index ede926f9..ce93c669 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -123,14 +123,15 @@ location /abuse/report { location /hns { include /etc/nginx/conf.d/include/cors; - rewrite_by_lua_block { - local hns_domain = string.match(ngx.var.uri, "/hns/([^/?]+)") - local path = string.match(ngx.var.uri, "/hns/[^/?]+(.*)") - local args = ngx.var.args and ngx.var.is_args .. ngx.var.args or "" - local hns_subdomain_url = ngx.var.scheme .. "://" .. hns_domain .. ".hns." .. ngx.var.skynet_portal_domain .. path .. args + # match the request_uri and extract the hns domain and anything that is passed in the uri after it + # example: /hns/something/foo/bar matches: + # > hns_domain: something + # > path: /foo/bar/ + set_by_lua_block $hns_domain { return string.match(ngx.var.uri, "/hns/([^/?]+)") } + set_by_lua_block $path { return string.match(ngx.var.uri, "/hns/[^/?]+(.*)") } - return ngx.redirect(hns_subdomain_url, ngx.HTTP_MOVED_PERMANENTLY) - } + proxy_set_header Host $host; + include /etc/nginx/conf.d/include/location-hns; } location /hnsres { @@ -334,19 +335,10 @@ location /skynet/resolve { } location ~ "^/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" { - include /etc/nginx/conf.d/include/cors; - set $skylink $2; set $path $3; - rewrite_by_lua_block { - local skynet_skylink = require("skynet.skylink") - local base32_skylink = skynet_skylink.base32(ngx.var.skylink) - local args = ngx.var.args and ngx.var.is_args .. ngx.var.args or "" - local base32_url = ngx.var.scheme .. "://" .. base32_skylink .. "." .. ngx.var.skynet_portal_domain .. ngx.var.path .. args - - return ngx.redirect(base32_url, ngx.HTTP_MOVED_PERMANENTLY) - } + include /etc/nginx/conf.d/include/location-skylink; } location ~ "^/file/(([a-zA-Z0-9-_]{46}|[a-z0-9]{55})(/.*)?)$" { diff --git a/docker/nginx/conf.d/server/server.dnslink b/docker/nginx/conf.d/server/server.dnslink index 22ce75a3..32e454cc 100644 --- a/docker/nginx/conf.d/server/server.dnslink +++ b/docker/nginx/conf.d/server/server.dnslink @@ -37,7 +37,7 @@ location / { ngx.var.skylink = cache_value end - ngx.var.skylink = require("skynet.skylink").base64(ngx.var.skylink) + ngx.var.skylink = require("skynet.skylink").parse(ngx.var.skylink) ngx.var.skylink_v1 = ngx.var.skylink ngx.var.skylink_v2 = ngx.var.skylink } diff --git a/docker/nginx/libs/skynet/skylink.lua b/docker/nginx/libs/skynet/skylink.lua index c6372a41..adcf0b70 100644 --- a/docker/nginx/libs/skynet/skylink.lua +++ b/docker/nginx/libs/skynet/skylink.lua @@ -3,13 +3,10 @@ local _M = {} local basexx = require("basexx") local hasher = require("hasher") --- use lowercase alphabet since our skylinks are part of urls -local base32_alphabet = "0123456789abcdefghijklmnopqrstuv" - -- parse any skylink and return base64 version -function _M.base64(skylink) +function _M.parse(skylink) if string.len(skylink) == 55 then - local decoded = basexx.from_basexx(string.lower(skylink), base32_alphabet, 5) + local decoded = basexx.from_basexx(string.upper(skylink), "0123456789ABCDEFGHIJKLMNOPQRSTUV", 5) return basexx.to_url64(decoded) end @@ -17,21 +14,10 @@ function _M.base64(skylink) return skylink end --- parse any skylink and return base32 version -function _M.base32(skylink) - if string.len(skylink) == 46 then - local decoded = basexx.from_url64(skylink) - - return basexx.to_basexx(decoded, base32_alphabet, 5) - end - - return skylink -end - -- hash skylink into 32 bytes hash used in blocklist function _M.hash(skylink) -- ensure that the skylink is base64 encoded - local base64Skylink = _M.base64(skylink) + local base64Skylink = _M.parse(skylink) -- decode skylink from base64 encoding local rawSkylink = basexx.from_url64(base64Skylink) diff --git a/docker/nginx/libs/skynet/skylink.spec.lua b/docker/nginx/libs/skynet/skylink.spec.lua index 9949e534..0502a833 100644 --- a/docker/nginx/libs/skynet/skylink.spec.lua +++ b/docker/nginx/libs/skynet/skylink.spec.lua @@ -1,28 +1,15 @@ local skynet_skylink = require("skynet.skylink") -describe("base64", function() +describe("parse", function() local base32 = "0404dsjvti046fsua4ktor9grrpe76erq9jot9cvopbhsvsu76r4r30" local base64 = "AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA" it("should return unchanged base64 skylink", function() - assert.is.same(skynet_skylink.base64(base64), base64) + assert.is.same(skynet_skylink.parse(base64), base64) end) it("should transform base32 skylink into base64", function() - assert.is.same(skynet_skylink.base64(base32), base64) - end) -end) - -describe("base32", function() - local base32 = "0404dsjvti046fsua4ktor9grrpe76erq9jot9cvopbhsvsu76r4r30" - local base64 = "AQBG8n_sgEM_nlEp3G0w3vLjmdvSZ46ln8ZXHn-eObZNjA" - - it("should return unchanged base32 skylink", function() - assert.is.same(skynet_skylink.base32(base32), base32) - end) - - it("should transform base64 skylink into base32", function() - assert.is.same(skynet_skylink.base32(base64), base32) + assert.is.same(skynet_skylink.parse(base32), base64) end) end) diff --git a/packages/health-check/src/checks/critical.js b/packages/health-check/src/checks/critical.js index 9eec00fb..127ebd8a 100644 --- a/packages/health-check/src/checks/critical.js +++ b/packages/health-check/src/checks/critical.js @@ -201,11 +201,7 @@ async function genericAccessCheck(name, url) { const data = { up: false, url }; try { - const cookie = `nocache=true;${authCookie}`; - const response = await got(url, { - headers: { cookie }, - hooks: { beforeRedirect: [(options) => (options.headers.cookie = cookie)] }, - }); + const response = await got(url, { headers: { cookie: `nocache=true;${authCookie}` } }); data.statusCode = response.statusCode; data.up = true; diff --git a/packages/health-check/src/checks/extended.js b/packages/health-check/src/checks/extended.js index bf8d4b99..aaf74389 100644 --- a/packages/health-check/src/checks/extended.js +++ b/packages/health-check/src/checks/extended.js @@ -1023,27 +1023,13 @@ function fileEndpointCheck(done) { } // check whether hns/note-to-self would properly redirect to note-to-self/ -function skylinkRootDomainEndpointRedirect(done) { +function hnsEndpointDirectoryRedirect(done) { const expected = { - name: "skylink root domain endpoint redirect", - skylink: "AACogzrAimYPG42tDOKhS3lXZD8YvlF8Q8R17afe95iV2Q", - statusCode: 301, - headers: { - location: `https://000ah0pqo256c3orhmmgpol19dslep1v32v52v23ohqur9uuuuc9bm8.${process.env.PORTAL_DOMAIN}`, - }, - }; - - skylinkVerification(done, expected, { followRedirect: false }); -} - -// check whether hns/note-to-self would properly redirect to note-to-self/ -function hnsRootDomainEndpointRedirect(done) { - const expected = { - name: "hns root domain endpoint redirect", + name: "hns endpoint directory redirect", skylink: "hns/note-to-self", - statusCode: 301, + statusCode: 308, headers: { - location: `https://note-to-self.hns.${process.env.PORTAL_DOMAIN}`, + location: "note-to-self/", }, }; @@ -1150,12 +1136,7 @@ async function skylinkVerification(done, expected, { followRedirect = true, meth try { const query = `https://${process.env.PORTAL_DOMAIN}/${expected.skylink}`; - const cookie = `nocache=true;${authCookie}`; - const response = await got[method](query, { - followRedirect, - headers: { cookie }, - hooks: { beforeRedirect: [(options) => (options.headers.cookie = cookie)] }, - }); + const response = await got[method](query, { followRedirect, headers: { cookie: `nocache=true;${authCookie}` } }); const entry = { ...details, up: true, statusCode: response.statusCode, time: calculateElapsedTime(time) }; const info = {}; @@ -1256,8 +1237,7 @@ module.exports = [ // uniswapHNSRedirectCheck, uniswapHNSResolverCheck, uniswapHNSResolverRedirectCheck, - skylinkRootDomainEndpointRedirect, - hnsRootDomainEndpointRedirect, + hnsEndpointDirectoryRedirect, skappSkySend, skappNoteToSelf, skappUniswap,