drop nginx blocklist proxy endpoint

This commit is contained in:
Karol Wypchlo 2022-03-15 10:32:46 +01:00
parent 4f6b5fb0a8
commit e2beee6fac
No known key found for this signature in database
GPG Key ID: B515DE9EEBE241E1
4 changed files with 19 additions and 38 deletions

View File

@ -1,9 +0,0 @@
server {
# local server - do not expose this port externally
listen 8000;
# secure traffic by limiting to only local networks
include /etc/nginx/conf.d/include/local-network-only;
include /etc/nginx/conf.d/server/server.local;
}

View File

@ -1,12 +0,0 @@
include /etc/nginx/conf.d/include/init-optional-variables;
# TODO: this endpoint could be removed and calls be made directly to skyd
# since we're not using any nginx specific code here any more
location /skynet/blocklist {
include /etc/nginx/conf.d/include/sia-auth;
client_max_body_size 10m; # increase max body size to account for large lists
proxy_set_header User-Agent: Sia-Agent;
proxy_pass http://sia:9980/skynet/blocklist;
}

View File

@ -34,18 +34,16 @@ else
skylinks=("$1") # just single skylink passed as input argument
fi
# get local nginx ip adress
nginx_ip=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx)
# get local skyd ip adress
ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
# get sia api password either from env variable if exists or from apipassword file in sia-data directory
apipassword=$(docker exec sia sh -c '[ ! -z "${SIA_API_PASSWORD}" ] && echo ${SIA_API_PASSWORD} || $(cat /sia-data/apipassword | tr -d '\n')')
# iterate over provided skylinks and block them one by one
for skylink in "${skylinks[@]}"; do
printf "Blocking ${skylink} ... "
status_code=$(curl --write-out '%{http_code}' --silent --output /dev/null --data "{\"add\":[\"$skylink\"]}" "http://${nginx_ip}:8000/skynet/blocklist")
echo "> Blocking ${skylink} ... "
# print blocklist response status code
if [ $status_code = "204" ]; then
echo "done"
else
echo "error $status_code"
fi
# POST /skynet/blocklist always returns 200 and in case of failure print error message
curl -A Sia-Agent -u "":${apipassword} --data "{\"add\":[\"$skylink\"]}" "http://${ipaddress}:9980/skynet/blocklist"
done

View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3
from bot_utils import setup, send_msg
from bot_utils import get_api_password, setup, send_msg
from random import randint
from time import sleep
@ -11,6 +11,8 @@ import asyncio
import requests
import json
from requests.auth import HTTPBasicAuth
setup()
@ -38,14 +40,14 @@ def exec(command):
async def block_skylinks_from_airtable():
# Get nginx's IP before doing anything else. If this step fails we don't
# Get sia IP before doing anything else. If this step fails we don't
# need to continue with the execution of the script.
ipaddress = exec(
"docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx"
"docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia"
)
if ipaddress == "":
print("Nginx's IP could not be detected. Exiting.")
print("Skyd IP could not be detected. Exiting.")
return
print("Pulling blocked skylinks from Airtable via api integration")
@ -117,11 +119,13 @@ async def block_skylinks_from_airtable():
print(
"Sending /skynet/blocklist request with "
+ str(len(skylinks))
+ " skylinks to siad through nginx"
+ " skylinks to siad"
)
response = requests.post(
"http://" + ipaddress + ":8000/skynet/blocklist",
"http://" + ipaddress + ":9980/skynet/blocklist",
data=json.dumps({"add": skylinks}),
headers={"User-Agent": "Sia-Agent"},
auth=HTTPBasicAuth("", get_api_password()),
)
if response.status_code != 200:
@ -153,5 +157,5 @@ loop.run_until_complete(run_checks())
# --- BASH EQUIVALENT
# skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')")
# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx)
# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
# curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist"