From 3722969f0f8e0aab2f959bea3d0ab61affbb13f4 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 10:57:28 +0100 Subject: [PATCH 01/18] Add blocker Dockerfile --- docker/blocker/Dockerfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 docker/blocker/Dockerfile diff --git a/docker/blocker/Dockerfile b/docker/blocker/Dockerfile new file mode 100644 index 00000000..3dbc2f61 --- /dev/null +++ b/docker/blocker/Dockerfile @@ -0,0 +1,16 @@ +FROM golang:1.16.7 +LABEL maintainer="NebulousLabs " + +ENV GOOS linux +ENV GOARCH amd64 + +ARG branch=main + +WORKDIR /root + +RUN git clone --single-branch --branch ${branch} https://github.com/SkynetLabs/blocker.git && \ + cd blocker && \ + go mod download && \ + make release + +ENTRYPOINT ["blocker"] From 18e00431135eee71c14fc29899729d77cf243071 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 11:02:15 +0100 Subject: [PATCH 02/18] Add docker-compose --- docker-compose.blocker.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 docker-compose.blocker.yml diff --git a/docker-compose.blocker.yml b/docker-compose.blocker.yml new file mode 100644 index 00000000..4e46893c --- /dev/null +++ b/docker-compose.blocker.yml @@ -0,0 +1,28 @@ +version: "3.7" + +x-logging: &default-logging + driver: json-file + options: + max-size: "10m" + max-file: "3" + +services: + blocker: + build: + context: ./docker/blocker + dockerfile: Dockerfile + args: + branch: main + container_name: blocker + restart: unless-stopped + logging: *default-logging + env_file: + - .env + expose: + - 4000 + networks: + shared: + ipv4_address: 10.10.10.102 + depends_on: + - mongo + - sia From fe87f19e68ec96b279e0c1da75b1bc00cea89e77 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 11:02:55 +0100 Subject: [PATCH 03/18] Update dc to include blocker module --- dc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dc b/dc index 60418cb8..c041317a 100755 --- a/dc +++ b/dc @@ -13,6 +13,11 @@ for i in $(seq 1 ${#PORTAL_MODULES}); do COMPOSE_FILES+=" -f docker-compose.mongodb.yml -f docker-compose.accounts.yml" fi + # blocker module - alias "b" + if [[ ${PORTAL_MODULES:i-1:1} == "b" ]]; then + COMPOSE_FILES+=" -f docker-compose.blocker.yml" + fi + # jaeger module - alias "j" if [[ ${PORTAL_MODULES:i-1:1} == "j" ]]; then COMPOSE_FILES+=" -f docker-compose.jaeger.yml" From a03860419f459b2515b4a1f5f1306fb17b616246 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 11:04:02 +0100 Subject: [PATCH 04/18] Update dockerfile --- docker/blocker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/blocker/Dockerfile b/docker/blocker/Dockerfile index 3dbc2f61..e0bbabaa 100644 --- a/docker/blocker/Dockerfile +++ b/docker/blocker/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NebulousLabs " ENV GOOS linux ENV GOARCH amd64 -ARG branch=main +ARG branch=ivo/initial_impl WORKDIR /root From 1fe2c3d76f12913d306b814a97bc885b23097dc1 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 11:18:25 +0100 Subject: [PATCH 05/18] Add abuse location --- docker/nginx/conf.d/server/server.api | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 07be6fcb..3d6e7c2e 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -90,6 +90,10 @@ location /health-check { proxy_pass http://10.10.10.60:3100; # hardcoded ip because health-check waits for nginx } +location /abuse { + proxy_pass http://10.10.10.102:4000; +} + location /hns { # match the request_uri and extract the hns domain and anything that is passed in the uri after it # example: /hns/something/foo/bar matches: From 0f740419f3a02f092c4c5c1720877720510cd3f3 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 11:19:06 +0100 Subject: [PATCH 06/18] Remove branch arg --- docker-compose.blocker.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker-compose.blocker.yml b/docker-compose.blocker.yml index 4e46893c..b76d2e43 100644 --- a/docker-compose.blocker.yml +++ b/docker-compose.blocker.yml @@ -11,8 +11,6 @@ services: build: context: ./docker/blocker dockerfile: Dockerfile - args: - branch: main container_name: blocker restart: unless-stopped logging: *default-logging From 63b283fc421f22d60333557f2dcf0a4d55c7dfe1 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 12:56:25 +0100 Subject: [PATCH 07/18] Update block routes --- docker/nginx/conf.d/server/server.api | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 3d6e7c2e..20fcff1e 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -90,8 +90,15 @@ location /health-check { proxy_pass http://10.10.10.60:3100; # hardcoded ip because health-check waits for nginx } +location /block/ { + proxy_method POST; + proxy_http_version 1.1; + proxy_pass http://10.10.10.102:4000/; + client_max_body_size 10M; +} + location /abuse { - proxy_pass http://10.10.10.102:4000; + proxy_pass https://vg2e911ounsg4d87jppvj5mkcg3gvnceh28aobjl2puonuu24696uno.siasky.dev/; } location /hns { From 25fd697d5fc533eae682db651bc81463518d6ef8 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 16:23:56 +0100 Subject: [PATCH 08/18] Configure routes --- docker/nginx/conf.d/server/server.api | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 20fcff1e..7a4b5895 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -90,15 +90,22 @@ location /health-check { proxy_pass http://10.10.10.60:3100; # hardcoded ip because health-check waits for nginx } -location /block/ { - proxy_method POST; - proxy_http_version 1.1; +location /abuse/ { proxy_pass http://10.10.10.102:4000/; - client_max_body_size 10M; } -location /abuse { - proxy_pass https://vg2e911ounsg4d87jppvj5mkcg3gvnceh28aobjl2puonuu24696uno.siasky.dev/; +location /report-abuse { + # include /etc/nginx/conf.d/include/cors; + + # set $skylink "vg2e911ounsg4d87jppvj5mkcg3gvnceh28aobjl2puonuu24696uno"; + # set $path $uri; + + # include /etc/nginx/conf.d/include/location-skylink; + + # proxy_intercept_errors on; + # error_page 400 404 490 500 502 503 504 =200 @fallback2; + # TODO: wanted to use proxy pass but ran into error here + return https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net } location /hns { From 6c9980374916a798be2d75f3a6d9fed707815222 Mon Sep 17 00:00:00 2001 From: PJ Date: Wed, 1 Dec 2021 16:51:40 +0100 Subject: [PATCH 09/18] Bypass CORS issue --- docker/nginx/conf.d/server/server.api | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 7a4b5895..afd20dc0 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -91,6 +91,40 @@ location /health-check { } location /abuse/ { + # TODO: this is probably temporary - it bypasses CORS issues on dev nodes + # although it's not that bad as it only allows the correct origin + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; + # + # Om nom nom cookies + # + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + # + # Tell client that this pre-flight info is valid for 20 days + # + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain charset=UTF-8'; + add_header 'Content-Length' 0; + return 204; + } + if ($request_method = 'POST') { + add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + } + if ($request_method = 'GET') { + add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; + add_header 'Access-Control-Allow-Credentials' 'true'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; + } + proxy_pass http://10.10.10.102:4000/; } From c89663b393615e79078f373f1af7172f763581a8 Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 14:05:41 +0100 Subject: [PATCH 10/18] Add missing semi colon --- docker/nginx/conf.d/server/server.api | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index afd20dc0..6d644f78 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -139,7 +139,7 @@ location /report-abuse { # proxy_intercept_errors on; # error_page 400 404 490 500 502 503 504 =200 @fallback2; # TODO: wanted to use proxy pass but ran into error here - return https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net + return https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net; } location /hns { From 31d73821efb54a665bfcf611531891a320f5d97b Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Thu, 2 Dec 2021 14:08:42 +0100 Subject: [PATCH 11/18] Add a volume to accounts, so it can find its JWKS.json --- docker-compose.accounts.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.accounts.yml b/docker-compose.accounts.yml index 0ce21695..c25557b9 100644 --- a/docker-compose.accounts.yml +++ b/docker-compose.accounts.yml @@ -41,6 +41,8 @@ services: - SKYNET_ACCOUNTS_LOG_LEVEL=${SKYNET_ACCOUNTS_LOG_LEVEL} - KRATOS_ADDR=${KRATOS_ADDR} - OATHKEEPER_ADDR=${OATHKEEPER_ADDR} + volumes: + - ./docker/accounts/conf:/accounts/conf expose: - 3000 networks: From 938c5905c54b26c4e4cd2edbcd56c798182786f7 Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 17:07:11 +0100 Subject: [PATCH 12/18] Remove CORS settings --- docker/nginx/conf.d/server/server.api | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index 6d644f78..cbcf10dc 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -91,8 +91,7 @@ location /health-check { } location /abuse/ { - # TODO: this is probably temporary - it bypasses CORS issues on dev nodes - # although it's not that bad as it only allows the correct origin + # set CORS headers if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; # @@ -112,18 +111,6 @@ location /abuse/ { add_header 'Content-Length' 0; return 204; } - if ($request_method = 'POST') { - add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } - if ($request_method = 'GET') { - add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; - add_header 'Access-Control-Allow-Credentials' 'true'; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - } proxy_pass http://10.10.10.102:4000/; } From 7f28d30a449f6f2cc8838e2782f047c96bc6f5d2 Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 17:20:14 +0100 Subject: [PATCH 13/18] Update branch arg --- docker/blocker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/blocker/Dockerfile b/docker/blocker/Dockerfile index e0bbabaa..3dbc2f61 100644 --- a/docker/blocker/Dockerfile +++ b/docker/blocker/Dockerfile @@ -4,7 +4,7 @@ LABEL maintainer="NebulousLabs " ENV GOOS linux ENV GOARCH amd64 -ARG branch=ivo/initial_impl +ARG branch=main WORKDIR /root From 6e1af409c6689beceeb43cfd0bf39b615c06ea4f Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 17:23:37 +0100 Subject: [PATCH 14/18] Remove commented out code --- docker/nginx/conf.d/server/server.api | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index cbcf10dc..a8df2b2d 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -116,16 +116,7 @@ location /abuse/ { } location /report-abuse { - # include /etc/nginx/conf.d/include/cors; - - # set $skylink "vg2e911ounsg4d87jppvj5mkcg3gvnceh28aobjl2puonuu24696uno"; - # set $path $uri; - - # include /etc/nginx/conf.d/include/location-skylink; - - # proxy_intercept_errors on; - # error_page 400 404 490 500 502 503 504 =200 @fallback2; - # TODO: wanted to use proxy pass but ran into error here + # TODO: do a proxy_pass return https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net; } From 4d936a05c27e051c7d3259d4560713aa213415a9 Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 17:26:22 +0100 Subject: [PATCH 15/18] Add changelog --- changelog/items/other/add-abuse-config.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog/items/other/add-abuse-config.md diff --git a/changelog/items/other/add-abuse-config.md b/changelog/items/other/add-abuse-config.md new file mode 100644 index 00000000..51a55918 --- /dev/null +++ b/changelog/items/other/add-abuse-config.md @@ -0,0 +1 @@ +- Add abuse report configuration From 341f313839e7ab68f5b91564f0b0f2a294a23be8 Mon Sep 17 00:00:00 2001 From: PJ Date: Thu, 2 Dec 2021 17:28:40 +0100 Subject: [PATCH 16/18] Remove comments --- docker/nginx/conf.d/server/server.api | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/docker/nginx/conf.d/server/server.api b/docker/nginx/conf.d/server/server.api index a8df2b2d..4402fc07 100644 --- a/docker/nginx/conf.d/server/server.api +++ b/docker/nginx/conf.d/server/server.api @@ -91,21 +91,14 @@ location /health-check { } location /abuse/ { - # set CORS headers if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' 'https://0404guluqu38oaqapku91ed11kbhkge55smh9lhjukmlrj37lfpm8no.siasky.net'; - # - # Om nom nom cookies - # + add_header 'Access-Control-Allow-Credentials' 'true'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; - # - # Custom headers and headers various browsers *should* be OK with but aren't - # add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; - # - # Tell client that this pre-flight info is valid for 20 days - # + + # pre-flight info is valid for 20 days add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain charset=UTF-8'; add_header 'Content-Length' 0; From 1351fb79d26f0268b40a6f59a576da1acb062d4a Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Thu, 2 Dec 2021 17:34:22 +0100 Subject: [PATCH 17/18] New path to JWKS.json. --- docker-compose.accounts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.accounts.yml b/docker-compose.accounts.yml index c25557b9..8b0a53b3 100644 --- a/docker-compose.accounts.yml +++ b/docker-compose.accounts.yml @@ -42,7 +42,7 @@ services: - KRATOS_ADDR=${KRATOS_ADDR} - OATHKEEPER_ADDR=${OATHKEEPER_ADDR} volumes: - - ./docker/accounts/conf:/accounts/conf + - ./docker/accounts/conf:/conf expose: - 3000 networks: From 3bef37b789e780a35a507920a202cde255e70939 Mon Sep 17 00:00:00 2001 From: Ivaylo Novakov Date: Thu, 2 Dec 2021 18:04:19 +0100 Subject: [PATCH 18/18] Revert the change of JWKS path --- docker-compose.accounts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.accounts.yml b/docker-compose.accounts.yml index 8b0a53b3..c25557b9 100644 --- a/docker-compose.accounts.yml +++ b/docker-compose.accounts.yml @@ -42,7 +42,7 @@ services: - KRATOS_ADDR=${KRATOS_ADDR} - OATHKEEPER_ADDR=${OATHKEEPER_ADDR} volumes: - - ./docker/accounts/conf:/conf + - ./docker/accounts/conf:/accounts/conf expose: - 3000 networks: