From a3a5d6fa88abd5de2e0a9137289e0de98889f5db Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Mon, 14 Mar 2022 18:03:08 +0100 Subject: [PATCH] make sure --- docker/nginx/conf.d/include/location-skylink | 152 +++++++++---------- 1 file changed, 75 insertions(+), 77 deletions(-) diff --git a/docker/nginx/conf.d/include/location-skylink b/docker/nginx/conf.d/include/location-skylink index e6c540c3..86bb7f15 100644 --- a/docker/nginx/conf.d/include/location-skylink +++ b/docker/nginx/conf.d/include/location-skylink @@ -25,87 +25,85 @@ set $skynet_proof ''; set $limit_rate 0; access_by_lua_block { - if require("skynet.account").accounts_enabled() then - -- check if portal is in authenticated only mode - if require("skynet.account").is_access_unauthorized() then - return require("skynet.account").exit_access_unauthorized() - end - - -- check if portal is in subscription only mode - if require("skynet.account").is_access_forbidden() then - return require("skynet.account").exit_access_forbidden() - end - - -- get account limits of currently authenticated user - local limits = require("skynet.account").get_account_limits() - - -- apply download speed limit - ngx.var.limit_rate = limits.download - end +-- if require("skynet.account").accounts_enabled() then +-- -- check if portal is in authenticated only mode +-- if require("skynet.account").is_access_unauthorized() then +-- return require("skynet.account").exit_access_unauthorized() +-- end +-- +-- -- check if portal is in subscription only mode +-- if require("skynet.account").is_access_forbidden() then +-- return require("skynet.account").exit_access_forbidden() +-- end +-- +-- -- get account limits of currently authenticated user +-- local limits = require("skynet.account").get_account_limits() +-- +-- -- apply download speed limit +-- ngx.var.limit_rate = limits.download +-- end +-- -- the block below only makes sense if we are using nginx cache +-- if not ngx.var.skyd_disk_cache_enabled then +-- local httpc = require("resty.http").new() +-- +-- -- detect whether requested skylink is v2 +-- local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04" +-- local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ" +-- +-- if isBase32v2 or isBase64v2 then +-- -- 10.10.10.10 points to sia service (alias not available when using resty-http) +-- local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, { +-- headers = { ["User-Agent"] = "Sia-Agent" } +-- }) +-- +-- -- print error and exit with 500 or exit with response if status is not 200 +-- if err or (res and res.status ~= ngx.HTTP_OK) then +-- ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status +-- ngx.header["content-type"] = "text/plain" +-- ngx.say(err or res.body) +-- return ngx.exit(ngx.status) +-- end +-- +-- local json = require('cjson') +-- local resolve = json.decode(res.body) +-- ngx.var.skylink_v1 = resolve.skylink +-- ngx.var.skynet_proof = res.headers["Skynet-Proof"] +-- end +-- +-- -- check if skylink v1 is present on blocklist (compare hashes) +-- if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then +-- return require("skynet.blocklist").exit_illegal() +-- end +-- +-- -- if skylink is found on nocache list then set internal nocache variable +-- -- to tell nginx that it should not try and cache this file (too large) +-- if ngx.shared.nocache:get(ngx.var.skylink_v1) then +-- ngx.var.nocache = "1" +-- end +-- end } -### -- the block below only makes sense if we are using nginx cache -### if not ngx.var.skyd_disk_cache_enabled then -### local httpc = require("resty.http").new() -### -### -- detect whether requested skylink is v2 -### local isBase32v2 = string.len(ngx.var.skylink) == 55 and string.sub(ngx.var.skylink, 0, 2) == "04" -### local isBase64v2 = string.len(ngx.var.skylink) == 46 and string.sub(ngx.var.skylink, 0, 2) == "AQ" -### -### if isBase32v2 or isBase64v2 then -### -- 10.10.10.10 points to sia service (alias not available when using resty-http) -### local res, err = httpc:request_uri("http://10.10.10.10:9980/skynet/resolve/" .. ngx.var.skylink_v2, { -### headers = { ["User-Agent"] = "Sia-Agent" } -### }) -### -### -- print error and exit with 500 or exit with response if status is not 200 -### if err or (res and res.status ~= ngx.HTTP_OK) then -### ngx.status = (err and ngx.HTTP_INTERNAL_SERVER_ERROR) or res.status -### ngx.header["content-type"] = "text/plain" -### ngx.say(err or res.body) -### return ngx.exit(ngx.status) -### end -### -### local json = require('cjson') -### local resolve = json.decode(res.body) -### ngx.var.skylink_v1 = resolve.skylink -### ngx.var.skynet_proof = res.headers["Skynet-Proof"] -### end -### -### -- check if skylink v1 is present on blocklist (compare hashes) -### if require("skynet.blocklist").is_blocked(ngx.var.skylink_v1) then -### return require("skynet.blocklist").exit_illegal() -### end -### -### -- if skylink is found on nocache list then set internal nocache variable -### -- to tell nginx that it should not try and cache this file (too large) -### if ngx.shared.nocache:get(ngx.var.skylink_v1) then -### ngx.var.nocache = "1" -### end -### end - header_filter_by_lua_block { - +-- ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain +-- ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain +-- +-- -- the block below only makes sense if we are using nginx cache +-- if not ngx.var.skyd_disk_cache_enabled then +-- -- not empty skynet_proof means this is a skylink v2 request +-- -- so we should replace the Skynet-Proof header with the one +-- -- we got from /skynet/resolve/ endpoint, otherwise we would +-- -- be serving cached empty v1 skylink Skynet-Proof header +-- if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then +-- ngx.header["Skynet-Proof"] = ngx.var.skynet_proof +-- end +-- +-- -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold +-- -- (content length can be nil for already cached files - we can ignore them) +-- if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then +-- ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"]) +-- end +-- end } -### ngx.header["Skynet-Portal-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_portal_domain -### ngx.header["Skynet-Server-Api"] = ngx.var.scheme .. "://" .. ngx.var.skynet_server_domain -### -### -- the block below only makes sense if we are using nginx cache -### if not ngx.var.skyd_disk_cache_enabled then -### -- not empty skynet_proof means this is a skylink v2 request -### -- so we should replace the Skynet-Proof header with the one -### -- we got from /skynet/resolve/ endpoint, otherwise we would -### -- be serving cached empty v1 skylink Skynet-Proof header -### if ngx.var.skynet_proof and ngx.var.skynet_proof ~= "" then -### ngx.header["Skynet-Proof"] = ngx.var.skynet_proof -### end -### -### -- add skylink to nocache list if it exceeds 1GB (1e+9 bytes) threshold -### -- (content length can be nil for already cached files - we can ignore them) -### if ngx.header["Content-Length"] and tonumber(ngx.header["Content-Length"]) > 1e+9 then -### ngx.shared.nocache:set(ngx.var.skylink_v1, ngx.header["Content-Length"]) -### end -### end limit_rate_after 512k; limit_rate $limit_rate;