implement base32 decoder

This commit is contained in:
Karol Wypchlo 2021-11-05 12:57:06 +01:00
parent 9abdb63c23
commit a4ce3c935d
No known key found for this signature in database
GPG Key ID: C92C016317A964D0
7 changed files with 76 additions and 8 deletions

View File

@ -7,6 +7,7 @@ RUN luarocks install lua-resty-http && \
-out /etc/ssl/local-certificate.crt -out /etc/ssl/local-certificate.crt
COPY mo ./ COPY mo ./
COPY libs /etc/nginx/libs
COPY conf.d /etc/nginx/conf.d COPY conf.d /etc/nginx/conf.d
COPY conf.d.templates /etc/nginx/conf.d.templates COPY conf.d.templates /etc/nginx/conf.d.templates

View File

@ -7,3 +7,6 @@ set $hns_domain '';
# set only if server has been access through SERVER_DOMAIN # set only if server has been access through SERVER_DOMAIN
set $server_alias ''; set $server_alias '';
# expose skylink variable so we can use it in access log
set $skylink '';

View File

@ -11,6 +11,10 @@ if ($request_method = PURGE) {
limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time limit_conn downloads_by_ip 100; # ddos protection: max 100 downloads at a time
# ensure that skylink that we pass around is base64 encoded (transform base32 encoded ones)
# this is important because we want only one format in cache keys and logs
set_by_lua_block $skylink { return require("skynet.skylink").parse(ngx.var.skylink) }
# $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was: # $skylink_v1 and $skylink_v2 variables default to the same value but in case the requested skylink was:
# a) skylink v1 - it would not matter, no additional logic is executed # a) skylink v1 - it would not matter, no additional logic is executed
# b) skylink v2 - in a lua block below we will resolve the skylink v2 into skylink v1 and update # b) skylink v2 - in a lua block below we will resolve the skylink v2 into skylink v1 and update

View File

@ -231,9 +231,6 @@ location /skynet/metadata {
header_filter_by_lua_block { header_filter_by_lua_block {
ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API") ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API")
ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API") ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API")
-- do not expose internal header
ngx.header["Skynet-Requested-Skylink"] = ""
} }
proxy_set_header User-Agent: Sia-Agent; proxy_set_header User-Agent: Sia-Agent;
@ -246,9 +243,6 @@ location /skynet/resolve {
header_filter_by_lua_block { header_filter_by_lua_block {
ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API") ngx.header["Skynet-Portal-Api"] = os.getenv("SKYNET_PORTAL_API")
ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API") ngx.header["Skynet-Server-Api"] = os.getenv("SKYNET_SERVER_API")
-- do not expose internal header
ngx.header["Skynet-Requested-Skylink"] = ""
} }
proxy_set_header User-Agent: Sia-Agent; proxy_set_header User-Agent: Sia-Agent;

View File

@ -37,6 +37,7 @@ location / {
ngx.var.skylink = cache_value ngx.var.skylink = cache_value
end end
ngx.var.skylink = require("skynet.skylink").parse(ngx.var.skylink)
ngx.var.skylink_v1 = ngx.var.skylink ngx.var.skylink_v1 = ngx.var.skylink
ngx.var.skylink_v2 = ngx.var.skylink ngx.var.skylink_v2 = ngx.var.skylink
} }

View File

@ -0,0 +1,61 @@
local _M = {}
local function str_split(str, size)
local result = {}
for i=1, #str, size do
table.insert(result, str:sub(i, i + size - 1))
end
return result
end
local function dec2bin(num)
local result = ""
repeat
local halved = num / 2
local int, frac = math.modf(halved)
num = int
result = math.ceil(frac) .. result
until num == 0
return result
end
local base32Alphabet = "0123456789ABCDEFGHIJKLMNOPQRSTUV"
-- this is not a full implementation of base32 decoder, it doesn't
-- cover all edge cases but it works good enough for decoding skylinks
-- source: https://gist.github.com/linsonder6/3202fc06832f97905aab2a8a492a80de
function decodeBase32Skylink(str)
local binary = string.upper(str):gsub(".", function (char)
if char == "=" then return "" end
local pos = string.find(base32Alphabet, char)
pos = pos - 1
return string.format("%05u", dec2bin(pos))
end)
local bytes = str_split(binary, 8)
local decoded = {}
for _, byte in pairs(bytes) do
table.insert(decoded, string.char(tonumber(byte, 2)))
end
local concatenated = table.concat(decoded)
-- decoded skylink is always 34 bytes, anything
-- else is leftover and should be discarded
return string.sub(concatenated, 1, 34)
end
-- parse any skylink and return base64 version
function _M.parse(skylink)
if string.len(skylink) == 55 then
local base64 = require("ngx.base64")
local decoded = decodeBase32Skylink(skylink)
return base64.encode_base64url(decoded)
end
return skylink
end
return _M

View File

@ -38,6 +38,8 @@ http {
include mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
lua_package_path "/etc/nginx/libs/?.lua;;";
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $upstream_response_time ' '"$http_user_agent" $upstream_response_time '
@ -45,7 +47,7 @@ http {
'"$upstream_http_content_type" "$upstream_cache_status" ' '"$upstream_http_content_type" "$upstream_cache_status" '
'"$server_alias" "$sent_http_skynet_skylink" ' '"$server_alias" "$sent_http_skynet_skylink" '
'$upstream_connect_time $upstream_header_time ' '$upstream_connect_time $upstream_header_time '
'$request_time "$hns_domain"'; '$request_time "$hns_domain" "$skylink"';
access_log logs/access.log main; access_log logs/access.log main;
@ -72,8 +74,10 @@ http {
# this runs before forking out nginx worker processes # this runs before forking out nginx worker processes
init_by_lua_block { init_by_lua_block {
require "cjson" require "cjson"
require "ngx.base64"
require "resty.http" require "resty.http"
require "skynet.skylink"
} }
# include skynet-portal-api and skynet-server-api header on every request # include skynet-portal-api and skynet-server-api header on every request