diff --git a/docker/nginx/conf.d/include/location-skylink b/docker/nginx/conf.d/include/location-skylink index cf250cea..db3a7b86 100644 --- a/docker/nginx/conf.d/include/location-skylink +++ b/docker/nginx/conf.d/include/location-skylink @@ -25,41 +25,44 @@ set $skynet_proof ''; set $limit_rate 0; access_by_lua_block { - local httpc = require("resty.http").new() + -- the block below only makes sense if we are using nginx cache + if not ngx.var.skyd_disk_cache_enabled then + local httpc = require("resty.http").new() - -- detect whether requested skylink is v2 - local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04" - local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ" - - if isBase32v2 or isBase64v2 then - -- 10.10.10.10 points to sia service (alias not available when using resty-http) - local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, { - headers = { ["User-Agent"] = "Sia-Agent" } - }) + -- detect whether requested skylink is v2 + local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04" + local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ" + + if isBase32v2 or isBase64v2 then + -- 10.10.10.10 points to sia service (alias not available when using resty-http) + local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, { + headers = { ["User-Agent"] = "Sia-Agent" } + }) - -- print error and exit with 500 or exit with response if status is not 200 - if err or (res and res.status ~= ngx.HTTP_OK) then - ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status - ngx.header["content-type"] = "text/plain" - ngx.say(err or res.body) - return ngx.exit(ngx.status) + -- print error and exit with 500 or exit with response if status is not 200 + if err or (res and res.status ~= ngx.HTTP_OK) then + ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status + ngx.header["content-type"] = "text/plain" + ngx.say(err or res.body) + return ngx.exit(ngx.status) + end + + local json = require('cjson') + local resolve = json.decode(res.body) + ngx.var.skylink_v1 = resolve.skylink + ngx.var.skynet_proof = res.headers["Skynet-Proof"] end - local json = require('cjson') - local resolve = json.decode(res.body) - ngx.var.skylink_v1 = resolve.skylink - ngx.var.skynet_proof = res.headers["Skynet-Proof"] - end + -- check if skylink v1 is present on blocklist (compare hashes) + if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then + return require("skynet.blocklist").exit_illegal() + end - -- check if skylink v1 is present on blocklist (compare hashes) - if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then - return require("skynet.blocklist").exit_illegal() - end - - -- if skylink is found on nocache list then set internal nocache variable - -- to tell nginx that it should not try and cache this file (too large) - if ngx.shared.nocache:get(ngx.var.skylink_v1) then - ngx.var.nocache = "1" + -- if skylink is found on nocache list then set internal nocache variable + -- to tell nginx that it should not try and cache this file (too large) + if ngx.shared.nocache:get(ngx.var.skylink_v1) then + ngx.var.nocache = "1" + end end if require("skynet.account").accounts_enabled() then @@ -85,18 +88,21 @@ header_filter_by_lua_block { ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. os.getenv("PORTAL_DOMAIN") ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. os.getenv("SERVER_DOMAIN") - -- not empty skynet_proof means this is a skylink v2 request - -- so we should replace the Skynet-Proof header with the one - -- we got from /skynet/resolve/ endpoint, otherwise we would - -- be serving cached empty v1 skylink Skynet-Proof header - if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then - ngx.header["Skynet-Proof"] = ngx.var.skynet_proof - end + -- the block below only makes sense if we are using nginx cache + if not ngx.var.skyd_disk_cache_enabled then + -- not empty skynet_proof means this is a skylink v2 request + -- so we should replace the Skynet-Proof header with the one + -- we got from /skynet/resolve/ endpoint, otherwise we would + -- be serving cached empty v1 skylink Skynet-Proof header + if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then + ngx.header["Skynet-Proof"] = ngx.var.skynet_proof + end - -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold - -- (content length can be nil for already cached files - we can ignore them) - if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then - ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"]) + -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold + -- (content length can be nil for already cached files - we can ignore them) + if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then + ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"]) + end end }