From e2beee6faca1c9a232a20b902d25909ca1fe7aff Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Tue, 15 Mar 2022 10:32:46 +0100 Subject: [PATCH] drop nginx blocklist proxy endpoint --- docker/nginx/conf.d/server.local.conf | 9 --------- docker/nginx/conf.d/server/server.local | 12 ------------ scripts/blocklist-skylink.sh | 18 ++++++++---------- setup-scripts/blocklist-airtable.py | 18 +++++++++++------- 4 files changed, 19 insertions(+), 38 deletions(-) delete mode 100644 docker/nginx/conf.d/server.local.conf delete mode 100644 docker/nginx/conf.d/server/server.local diff --git a/docker/nginx/conf.d/server.local.conf b/docker/nginx/conf.d/server.local.conf deleted file mode 100644 index 8a487a53..00000000 --- a/docker/nginx/conf.d/server.local.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - # local server - do not expose this port externally - listen 8000; - - # secure traffic by limiting to only local networks - include /etc/nginx/conf.d/include/local-network-only; - - include /etc/nginx/conf.d/server/server.local; -} diff --git a/docker/nginx/conf.d/server/server.local b/docker/nginx/conf.d/server/server.local deleted file mode 100644 index 87c02d1f..00000000 --- a/docker/nginx/conf.d/server/server.local +++ /dev/null @@ -1,12 +0,0 @@ -include /etc/nginx/conf.d/include/init-optional-variables; - -# TODO: this endpoint could be removed and calls be made directly to skyd -# since we're not using any nginx specific code here any more -location /skynet/blocklist { - include /etc/nginx/conf.d/include/sia-auth; - - client_max_body_size 10m; # increase max body size to account for large lists - - proxy_set_header User-Agent: Sia-Agent; - proxy_pass http://sia:9980/skynet/blocklist; -} diff --git a/scripts/blocklist-skylink.sh b/scripts/blocklist-skylink.sh index ee19c9c2..cb60bbdb 100755 --- a/scripts/blocklist-skylink.sh +++ b/scripts/blocklist-skylink.sh @@ -34,18 +34,16 @@ else skylinks=("$1") # just single skylink passed as input argument fi -# get local nginx ip adress -nginx_ip=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx) +# get local skyd ip adress +ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia) + +# get sia api password either from env variable if exists or from apipassword file in sia-data directory +apipassword=$(docker exec sia sh -c '[ ! -z "${SIA_API_PASSWORD}" ] && echo ${SIA_API_PASSWORD} || $(cat /sia-data/apipassword | tr -d '\n')') # iterate over provided skylinks and block them one by one for skylink in "${skylinks[@]}"; do - printf "Blocking ${skylink} ... " - status_code=$(curl --write-out '%{http_code}' --silent --output /dev/null --data "{\"add\":[\"$skylink\"]}" "http://${nginx_ip}:8000/skynet/blocklist") + echo "> Blocking ${skylink} ... " - # print blocklist response status code - if [ $status_code = "204" ]; then - echo "done" - else - echo "error $status_code" - fi + # POST /skynet/blocklist always returns 200 and in case of failure print error message + curl -A Sia-Agent -u "":${apipassword} --data "{\"add\":[\"$skylink\"]}" "http://${ipaddress}:9980/skynet/blocklist" done diff --git a/setup-scripts/blocklist-airtable.py b/setup-scripts/blocklist-airtable.py index 09711605..8bd9d2dc 100755 --- a/setup-scripts/blocklist-airtable.py +++ b/setup-scripts/blocklist-airtable.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 -from bot_utils import setup, send_msg +from bot_utils import get_api_password, setup, send_msg from random import randint from time import sleep @@ -11,6 +11,8 @@ import asyncio import requests import json +from requests.auth import HTTPBasicAuth + setup() @@ -38,14 +40,14 @@ def exec(command): async def block_skylinks_from_airtable(): - # Get nginx's IP before doing anything else. If this step fails we don't + # Get sia IP before doing anything else. If this step fails we don't # need to continue with the execution of the script. ipaddress = exec( - "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx" + "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia" ) if ipaddress == "": - print("Nginx's IP could not be detected. Exiting.") + print("Skyd IP could not be detected. Exiting.") return print("Pulling blocked skylinks from Airtable via api integration") @@ -117,11 +119,13 @@ async def block_skylinks_from_airtable(): print( "Sending /skynet/blocklist request with " + str(len(skylinks)) - + " skylinks to siad through nginx" + + " skylinks to siad" ) response = requests.post( - "http://" + ipaddress + ":8000/skynet/blocklist", + "http://" + ipaddress + ":9980/skynet/blocklist", data=json.dumps({"add": skylinks}), + headers={"User-Agent": "Sia-Agent"}, + auth=HTTPBasicAuth("", get_api_password()), ) if response.status_code != 200: @@ -153,5 +157,5 @@ loop.run_until_complete(run_checks()) # --- BASH EQUIVALENT # skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')") -# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx) +# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia) # curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist"