LumeWeb
/
skynet-webportal
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

drop nginx blocklist proxy endpoint

This commit is contained in:
Karol Wypchlo 2022-03-15 10:32:46 +01:00
parent 4f6b5fb0a8
commit e2beee6fac
No known key found for this signature in database
GPG Key ID: B515DE9EEBE241E1
4 changed files with 19 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docker/nginx/conf.d/server.local.conf
View File

@ -1,9 +0,0 @@
server {
# local server - do not expose this port externally
listen 8000;
# secure traffic by limiting to only local networks
include /etc/nginx/conf.d/include/local-network-only;
include /etc/nginx/conf.d/server/server.local;
}

12
docker/nginx/conf.d/server/server.local
View File

@ -1,12 +0,0 @@
include /etc/nginx/conf.d/include/init-optional-variables;
# TODO: this endpoint could be removed and calls be made directly to skyd
# since we're not using any nginx specific code here any more
location /skynet/blocklist {
include /etc/nginx/conf.d/include/sia-auth;
client_max_body_size 10m; # increase max body size to account for large lists
proxy_set_header User-Agent: Sia-Agent;
proxy_pass http://sia:9980/skynet/blocklist;
}

18
scripts/blocklist-skylink.sh
View File

@ -34,18 +34,16 @@ else
skylinks=("$1") # just single skylink passed as input argument skylinks=("$1") # just single skylink passed as input argument
fi fi
# get local nginx ip adress # get local skyd ip adress
nginx_ip=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx) ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
# get sia api password either from env variable if exists or from apipassword file in sia-data directory
apipassword=$(docker exec sia sh -c '[ ! -z "${SIA_API_PASSWORD}" ] && echo ${SIA_API_PASSWORD} || $(cat /sia-data/apipassword | tr -d '\n')')
# iterate over provided skylinks and block them one by one # iterate over provided skylinks and block them one by one
for skylink in "${skylinks[@]}"; do for skylink in "${skylinks[@]}"; do
printf "Blocking ${skylink} ... " echo "> Blocking ${skylink} ... "
status_code=$(curl --write-out '%{http_code}' --silent --output /dev/null --data "{\"add\":[\"$skylink\"]}" "http://${nginx_ip}:8000/skynet/blocklist")
# print blocklist response status code # POST /skynet/blocklist always returns 200 and in case of failure print error message
if [ $status_code = "204" ]; then curl -A Sia-Agent -u "":${apipassword} --data "{\"add\":[\"$skylink\"]}" "http://${ipaddress}:9980/skynet/blocklist"
echo "done"
else
echo "error $status_code"
fi
done done

18
setup-scripts/blocklist-airtable.py
View File

@ -1,6 +1,6 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
from bot_utils import setup, send_msg from bot_utils import get_api_password, setup, send_msg
from random import randint from random import randint
from time import sleep from time import sleep
@ -11,6 +11,8 @@ import asyncio
import requests import requests
import json import json
from requests.auth import HTTPBasicAuth
setup() setup()
@ -38,14 +40,14 @@ def exec(command):
async def block_skylinks_from_airtable(): async def block_skylinks_from_airtable():
# Get nginx's IP before doing anything else. If this step fails we don't # Get sia IP before doing anything else. If this step fails we don't
# need to continue with the execution of the script. # need to continue with the execution of the script.
ipaddress = exec( ipaddress = exec(
"docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx" "docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia"
) )
if ipaddress == "": if ipaddress == "":
print("Nginx's IP could not be detected. Exiting.") print("Skyd IP could not be detected. Exiting.")
return return
print("Pulling blocked skylinks from Airtable via api integration") print("Pulling blocked skylinks from Airtable via api integration")
@ -117,11 +119,13 @@ async def block_skylinks_from_airtable():
print( print(
"Sending /skynet/blocklist request with " "Sending /skynet/blocklist request with "
+ str(len(skylinks)) + str(len(skylinks))
+ " skylinks to siad through nginx" + " skylinks to siad"
) )
response = requests.post( response = requests.post(
"http://" + ipaddress + ":8000/skynet/blocklist", "http://" + ipaddress + ":9980/skynet/blocklist",
data=json.dumps({"add": skylinks}), data=json.dumps({"add": skylinks}),
headers={"User-Agent": "Sia-Agent"},
auth=HTTPBasicAuth("", get_api_password()),
) )
if response.status_code != 200: if response.status_code != 200:
@ -153,5 +157,5 @@ loop.run_until_complete(run_checks())
# --- BASH EQUIVALENT # --- BASH EQUIVALENT
# skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')") # skylinks=$(curl "https://api.airtable.com/v0/${AIRTABLE_BASE}/${AIRTABLE_TABLE}?fields%5B%5D=${AIRTABLE_FIELD}" -H "Authorization: Bearer ${AIRTABLE_KEY}" | python3 -c "import sys, json; print('[\"' + '\",\"'.join([entry['fields']['Link'] for entry in json.load(sys.stdin)['records']]) + '\"]')")
# ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' nginx) # ipaddress=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' sia)
# curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist" # curl --data "{\"add\" : ${skylinks}}" "${ipaddress}:8000/skynet/blocklist"