drop nginx blocklist proxy endpoint

2022-03-15 10:32:46 +01:00 · 2022-03-15 10:32:46 +01:00 · e2beee6fac
parent 4f6b5fb0a8
commit e2beee6fac
4 changed files with 19 additions and 38 deletions
--- a/docker/nginx/conf.d/server.local.conf
+++ b/docker/nginx/conf.d/server.local.conf
@ -1,9 +0,0 @@
-server {
-    # local server - do not expose this port externally
-    listen 8000;
-
-    # secure traffic by limiting to only local networks
-    include /etc/nginx/conf.d/include/local-network-only;
-
-    include /etc/nginx/conf.d/server/server.local;
-}
--- a/docker/nginx/conf.d/server/server.local
+++ b/docker/nginx/conf.d/server/server.local
@ -1,12 +0,0 @@
-include /etc/nginx/conf.d/include/init-optional-variables;
-
-# TODO: this endpoint could be removed and calls be made directly to skyd
-# since we're not using any nginx specific code here any more
-location /skynet/blocklist {
-    include /etc/nginx/conf.d/include/sia-auth;
-
-    client_max_body_size 10m; # increase max body size to account for large lists
-
-    proxy_set_header User-Agent: Sia-Agent;
-    proxy_pass http://sia:9980/skynet/blocklist;
-}
--- a/scripts/blocklist-skylink.sh
+++ b/scripts/blocklist-skylink.sh
@ -34,18 +34,16 @@ else
    skylinks=("$1") # just single skylink passed as input argument
 fi

-# get local nginx ip adress
-nginx_ip=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx)
+# get local skyd ip adress
+ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
+
+# get sia api password either from env variable if exists or from apipassword file in sia-data directory
+apipassword=$(docker exec sia sh -c '[ ! -z "${SIA_API_PASSWORD}" ] && echo ${SIA_API_PASSWORD} || $(cat /sia-data/apipassword | tr -d '\n')')

 # iterate over provided skylinks and block them one by one
 for skylink in "${skylinks[@]}"; do
-    printf "Blocking ${skylink} ... "
-    status_code=$(curl --write-out '%{http_code}' --silent --output /dev/null --data "{\"add\":[\"$skylink\"]}" "http://${nginx_ip}:8000/skynet/blocklist")
+    echo "> Blocking ${skylink} ... "

-    # print blocklist response status code
-    if [ $status_code = "204" ]; then
-        echo "done"
-    else
-        echo "error $status_code"
-    fi
+    # POST /skynet/blocklist always returns 200 and in case of failure print error message
+    curl -A Sia-Agent -u "":${apipassword} --data "{\"add\":[\"$skylink\"]}" "http://${ipaddress}:9980/skynet/blocklist"
 done
--- a/setup-scripts/blocklist-airtable.py
+++ b/setup-scripts/blocklist-airtable.py
@ -1,6 +1,6 @@
 #!/usr/bin/env python3

-from bot_utils import setup, send_msg
+from bot_utils import get_api_password, setup, send_msg
 from random import randint
 from time import sleep

@ -11,6 +11,8 @@ import asyncio
 import requests
 import json

+from requests.auth import HTTPBasicAuth
+
 setup()


@ -38,14 +40,14 @@ def exec(command):


 async def block_skylinks_from_airtable():
-    # Get nginx's IP before doing anything else. If this step fails we don't
+    # Get sia IP before doing anything else. If this step fails we don't
    # need to continue with the execution of the script.
    ipaddress = exec(
-        "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx"
+        "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia"
    )

    if ipaddress == "":
-        print("Nginx's IP could not be detected. Exiting.")
+        print("Skyd IP could not be detected. Exiting.")
        return

    print("Pulling blocked skylinks from Airtable via api integration")
@ -117,11 +119,13 @@ async def block_skylinks_from_airtable():
    print(
        "Sending /skynet/blocklist request with "
        + str(len(skylinks))
-        + " skylinks to siad through nginx"
+        + " skylinks to siad"
    )
    response = requests.post(
-        "http://" + ipaddress + ":8000/skynet/blocklist",
+        "http://" + ipaddress + ":9980/skynet/blocklist",
        data=json.dumps({"add": skylinks}),
+        headers={"User-Agent": "Sia-Agent"},
+        auth=HTTPBasicAuth("", get_api_password()),
    )

    if response.status_code != 200:
@ -153,5 +157,5 @@ loop.run_until_complete(run_checks())

 # --- BASH EQUIVALENT
 # skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')")
-# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx)
+# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
 # curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist"