coosld/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2026-03-05 00:08:06 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
11,332 Commits 162 Branches 214 Tags 122 MiB
613cd78ee9
Commit Graph

232 Commits

Author SHA1 Message Date
Hector Sanjuan
1b490476e5 HTTP API: Disallow GET requests on API 
This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).

Co-Authored-By: Steven Allen <steven@stebalien.com>
Co-Authored-By: Marcin Rataj <lidel@lidel.org>
 2020-04-05 09:57:57 +02:00
Steven Allen
8fc9ddfe1b chore: update libp2p deps 
Prepare for an RC. This also re-re-disables stream write coalescing till we get
a chance to thoroughly profile it.
 2020-04-02 23:25:38 -07:00
Steven Allen
fc8307fe6e
Merge pull request #7075 from ipfs/dependabot/go_modules/github.com/ipfs/go-ds-flatfs-0.4.1 
chore(deps): bump github.com/ipfs/go-ds-flatfs from 0.4.0 to 0.4.1
 2020-04-02 12:09:14 -07:00
dependabot-preview[bot]
32838843e4
chore(deps): bump github.com/ipfs/go-ds-flatfs from 0.4.0 to 0.4.1 
Bumps [github.com/ipfs/go-ds-flatfs](https://github.com/ipfs/go-ds-flatfs) from 0.4.0 to 0.4.1.
- [Release notes](https://github.com/ipfs/go-ds-flatfs/releases)
- [Commits](https://github.com/ipfs/go-ds-flatfs/compare/v0.4.0...v0.4.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-02 18:23:07 +00:00
Steven Allen
871bded47a
Merge pull request #7076 from ipfs/dependabot/go_modules/go.uber.org/fx-1.11.0 
chore(deps): bump go.uber.org/fx from 1.10.0 to 1.11.0
 2020-04-02 11:23:02 -07:00
Steven Allen
b90870ea6e
Merge pull request #7070 from ipfs/dependabot/go_modules/github.com/hashicorp/go-multierror-1.1.0 
chore(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0
 2020-04-02 11:18:20 -07:00
dependabot-preview[bot]
cb063a28a3
chore(deps): bump github.com/ipfs/go-ds-badger from 0.2.2 to 0.2.3 
Bumps [github.com/ipfs/go-ds-badger](https://github.com/ipfs/go-ds-badger) from 0.2.2 to 0.2.3.
- [Release notes](https://github.com/ipfs/go-ds-badger/releases)
- [Commits](https://github.com/ipfs/go-ds-badger/compare/v0.2.2...v0.2.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-02 11:26:25 +00:00
dependabot-preview[bot]
c7ab790547
chore(deps): bump go.uber.org/fx from 1.10.0 to 1.11.0 
Bumps [go.uber.org/fx](https://github.com/uber-go/fx) from 1.10.0 to 1.11.0.
- [Release notes](https://github.com/uber-go/fx/releases)
- [Changelog](https://github.com/uber-go/fx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/fx/compare/v1.10.0...v1.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-02 11:25:50 +00:00
dependabot-preview[bot]
9570efb204
chore(deps): bump github.com/hashicorp/go-multierror from 1.0.0 to 1.1.0 
Bumps [github.com/hashicorp/go-multierror](https://github.com/hashicorp/go-multierror) from 1.0.0 to 1.1.0.
- [Release notes](https://github.com/hashicorp/go-multierror/releases)
- [Commits](https://github.com/hashicorp/go-multierror/compare/v1.0.0...v1.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-04-01 11:24:42 +00:00
Steven Allen
474ade1f49
Merge pull request #7057 from ipfs/dependabot/go_modules/github.com/libp2p/go-libp2p-peerstore-0.2.2 
chore(deps): bump github.com/libp2p/go-libp2p-peerstore from 0.2.1 to 0.2.2
 2020-03-29 19:53:12 -07:00
dependabot-preview[bot]
8531b242c3
chore(deps): bump github.com/libp2p/go-libp2p-peerstore 
Bumps [github.com/libp2p/go-libp2p-peerstore](https://github.com/libp2p/go-libp2p-peerstore) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/libp2p/go-libp2p-peerstore/releases)
- [Commits](https://github.com/libp2p/go-libp2p-peerstore/compare/v0.2.1...v0.2.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-30 02:36:03 +00:00
dependabot-preview[bot]
2f565f1723
chore(deps): bump github.com/ipfs/go-ipfs-files from 0.0.7 to 0.0.8 
Bumps [github.com/ipfs/go-ipfs-files](https://github.com/ipfs/go-ipfs-files) from 0.0.7 to 0.0.8.
- [Release notes](https://github.com/ipfs/go-ipfs-files/releases)
- [Commits](https://github.com/ipfs/go-ipfs-files/compare/v0.0.7...v0.0.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-30 02:35:24 +00:00
Steven Allen
f28b8fce66 feat: tls by default 
Switches to TLS as the default security transports.
 2020-03-29 19:12:54 -07:00
Steven Allen
968e70f1e2 fix: downgrade to go 1.13 
Go 1.14 has a timer reset deadlock (https://github.com/golang/go/issues/38070).

This also downgrades quic-go until either a go patch release fixes this issue or
a version of quic-go is released that works with go 1.13.
 2020-03-29 18:41:47 -07:00
Steven Allen
3561de0740
Merge pull request #7047 from ipfs/dependabot/go_modules/github.com/ipfs/go-ds-badger-0.2.2 
chore(deps): bump github.com/ipfs/go-ds-badger from 0.2.1 to 0.2.2
 2020-03-27 22:41:43 -07:00
dependabot-preview[bot]
88bc8362a0
chore(deps): bump github.com/ipfs/go-ds-badger from 0.2.1 to 0.2.2 
Bumps [github.com/ipfs/go-ds-badger](https://github.com/ipfs/go-ds-badger) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/ipfs/go-ds-badger/releases)
- [Commits](https://github.com/ipfs/go-ds-badger/compare/v0.2.1...v0.2.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-28 03:37:46 +00:00
dependabot-preview[bot]
c18b3dafa0
chore(deps): bump github.com/libp2p/go-libp2p from 0.7.1 to 0.7.2 
Bumps [github.com/libp2p/go-libp2p](https://github.com/libp2p/go-libp2p) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/libp2p/go-libp2p/releases)
- [Changelog](https://github.com/libp2p/go-libp2p/blob/master/NEWS.md)
- [Commits](https://github.com/libp2p/go-libp2p/compare/v0.7.1...v0.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-28 03:37:07 +00:00
dependabot-preview[bot]
37f38de614
chore(deps): bump github.com/libp2p/go-libp2p-yamux from 0.2.5 to 0.2.6 
Bumps [github.com/libp2p/go-libp2p-yamux](https://github.com/libp2p/go-libp2p-yamux) from 0.2.5 to 0.2.6.
- [Release notes](https://github.com/libp2p/go-libp2p-yamux/releases)
- [Commits](https://github.com/libp2p/go-libp2p-yamux/compare/v0.2.5...v0.2.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-27 11:30:20 +00:00
Peter Rabbitson
027f08ccba Upgrade go-ipfs-chunker 
Closes #6953
 2020-03-26 21:46:21 +01:00
dependabot-preview[bot]
b4b8401827
chore(deps): bump github.com/ipfs/go-bitswap from 0.2.6 to 0.2.7 
Bumps [github.com/ipfs/go-bitswap](https://github.com/ipfs/go-bitswap) from 0.2.6 to 0.2.7.
- [Release notes](https://github.com/ipfs/go-bitswap/releases)
- [Commits](https://github.com/ipfs/go-bitswap/compare/v0.2.6...v0.2.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-26 11:29:39 +00:00
Steven Allen
5129758122 chore: update deps 
Specifically, fix an autonat issue where the service wouldn't actually start.
 2020-03-25 12:32:22 -07:00
dependabot-preview[bot]
c88a2bfd59
chore(deps): bump github.com/ipfs/go-log from 1.0.2 to 1.0.3 
Bumps [github.com/ipfs/go-log](https://github.com/ipfs/go-log) from 1.0.2 to 1.0.3.
- [Release notes](https://github.com/ipfs/go-log/releases)
- [Commits](https://github.com/ipfs/go-log/compare/v1.0.2...v1.0.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-25 11:29:55 +00:00
Steven Allen
ad543f0724 feat: update go-libp2p & go-bitswap 
Uses the new libp2p AutoNAT option.
 2020-03-24 14:54:09 -07:00
Steven Allen
65fe1df37b
Merge pull request #7025 from ipfs/dependabot/go_modules/github.com/ipfs/go-blockservice-0.1.3 
chore(deps): bump github.com/ipfs/go-blockservice from 0.1.2 to 0.1.3
 2020-03-24 09:39:30 -07:00
dependabot-preview[bot]
a5ad19ae52
chore(deps): bump github.com/libp2p/go-libp2p-peerstore 
Bumps [github.com/libp2p/go-libp2p-peerstore](https://github.com/libp2p/go-libp2p-peerstore) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/libp2p/go-libp2p-peerstore/releases)
- [Commits](https://github.com/libp2p/go-libp2p-peerstore/compare/v0.2.0...v0.2.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-24 11:30:21 +00:00
dependabot-preview[bot]
c6b2c66b20
chore(deps): bump github.com/ipfs/go-blockservice from 0.1.2 to 0.1.3 
Bumps [github.com/ipfs/go-blockservice](https://github.com/ipfs/go-blockservice) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/ipfs/go-blockservice/releases)
- [Commits](https://github.com/ipfs/go-blockservice/compare/v0.1.2...v0.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-24 11:29:55 +00:00
Cornelius Toole
62de9ba9d3 feat(file-ignore): add ignore opts to add cmd 
- add the `gitignore` or `ignore options to the add command
 2020-03-20 09:22:04 -07:00
dependabot-preview[bot]
26cd0d4a73
chore(deps): bump github.com/ipfs/go-bitswap from 0.2.4 to 0.2.5 
Bumps [github.com/ipfs/go-bitswap](https://github.com/ipfs/go-bitswap) from 0.2.4 to 0.2.5.
- [Release notes](https://github.com/ipfs/go-bitswap/releases)
- [Commits](https://github.com/ipfs/go-bitswap/compare/v0.2.4...v0.2.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-19 17:27:11 +00:00
dependabot-preview[bot]
b8261d6417
chore(deps): bump github.com/libp2p/go-libp2p from 0.6.0 to 0.6.1 
Bumps [github.com/libp2p/go-libp2p](https://github.com/libp2p/go-libp2p) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/libp2p/go-libp2p/releases)
- [Changelog](https://github.com/libp2p/go-libp2p/blob/master/NEWS.md)
- [Commits](https://github.com/libp2p/go-libp2p/compare/v0.6.0...v0.6.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-19 11:30:39 +00:00
Steven Allen
5b308bb30c chore: update dependencies 2020-03-18 09:17:21 -07:00
Marcin Rataj
3ecccd6e1d feat(gateway): subdomain and proxy gateway 
License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
 2020-03-18 08:50:38 -07:00
Peter Rabbitson
705bee7d3f Support pipes when named on the cli explicitly 
Still throws an error when a pipe is encountered during directory recursion
 2020-03-16 17:25:33 -07:00
Steven Allen
f791f693b7 chore(dep): update bitswap 
* better logging
* `ipfs bitswap wantlist` now returns both want-haves and want-blocks.
 2020-03-16 14:50:31 -07:00
Steven Allen
d4cc0b8aa3
Merge pull request #7002 from ipfs/dependabot/go_modules/github.com/prometheus/client_golang-1.5.1 
chore(deps): bump github.com/prometheus/client_golang from 1.5.0 to 1.5.1
 2020-03-16 09:35:40 -07:00
Steven Allen
ef41ce2b74
Merge pull request #7003 from ipfs/dependabot/go_modules/github.com/libp2p/go-libp2p-kad-dht-0.5.2 
chore(deps): bump github.com/libp2p/go-libp2p-kad-dht from 0.5.1 to 0.5.2
 2020-03-16 09:35:30 -07:00
Steven Allen
faaf96fa21 chore(dep): update go-libp2p-yamux 
fixes a timer race

fixes #7004
 2020-03-16 09:01:08 -07:00
dependabot-preview[bot]
f53d2a649d
chore(deps): bump github.com/libp2p/go-libp2p-kad-dht 
Bumps [github.com/libp2p/go-libp2p-kad-dht](https://github.com/libp2p/go-libp2p-kad-dht) from 0.5.1 to 0.5.2.
- [Release notes](https://github.com/libp2p/go-libp2p-kad-dht/releases)
- [Commits](https://github.com/libp2p/go-libp2p-kad-dht/compare/v0.5.1...v0.5.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-16 11:28:59 +00:00
dependabot-preview[bot]
5d2a318fb7
chore(deps): bump github.com/prometheus/client_golang 
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.5.0 to 1.5.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/master/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.5.0...v1.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-16 11:28:31 +00:00
Steven Allen
0505995816 fix: downgrade to a working semver version 2020-03-13 13:29:31 -07:00
Steven Allen
3f0cf057ec chore(dep): update deps 2020-03-13 11:20:46 -07:00
Steven Allen
36afd0b652
Merge pull request #6976 from ipfs/feat/update-bitswap 
chore(dep): update bitswap
 2020-03-12 17:08:18 -07:00
Steven Allen
9308f2f101 chore(dep): update bitswap 
This also updates graphsync to use the new peertaskqueue.

fixes #6782
 2020-03-12 16:35:32 -07:00
dependabot-preview[bot]
3e4fe58a04
chore(deps): bump github.com/fsnotify/fsnotify from 1.4.8 to 1.4.9 
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.4.8 to 1.4.9.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.4.8...v1.4.9)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-12 11:28:19 +00:00
Steven Allen
a1b50c8ed8 chore(dep): update go-ipfs-provider 2020-03-11 19:29:31 -07:00
Steven Allen
bd088239c3
Merge pull request #6979 from ipfs/dependabot/go_modules/github.com/fsnotify/fsnotify-1.4.8 
chore(deps): bump github.com/fsnotify/fsnotify from 1.4.7 to 1.4.8
 2020-03-11 09:25:42 -07:00
dependabot-preview[bot]
855a0ea8a3
chore(deps): bump github.com/multiformats/go-multiaddr-net 
Bumps [github.com/multiformats/go-multiaddr-net](https://github.com/multiformats/go-multiaddr-net) from 0.1.2 to 0.1.3.
- [Release notes](https://github.com/multiformats/go-multiaddr-net/releases)
- [Commits](https://github.com/multiformats/go-multiaddr-net/compare/v0.1.2...v0.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-11 11:28:19 +00:00
dependabot-preview[bot]
62ab7fc5c5
chore(deps): bump github.com/fsnotify/fsnotify from 1.4.7 to 1.4.8 
Bumps [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify) from 1.4.7 to 1.4.8.
- [Release notes](https://github.com/fsnotify/fsnotify/releases)
- [Changelog](https://github.com/fsnotify/fsnotify/blob/master/CHANGELOG.md)
- [Commits](https://github.com/fsnotify/fsnotify/compare/v1.4.7...v1.4.8)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-11 11:27:54 +00:00
Marten Seemann
53782d439c update to new private network interfaces 2020-03-09 19:39:06 -07:00
dependabot-preview[bot]
61a0023781
chore(deps): bump github.com/ipfs/go-ds-leveldb from 0.4.1 to 0.4.2 
Bumps [github.com/ipfs/go-ds-leveldb](https://github.com/ipfs/go-ds-leveldb) from 0.4.1 to 0.4.2.
- [Release notes](https://github.com/ipfs/go-ds-leveldb/releases)
- [Commits](https://github.com/ipfs/go-ds-leveldb/compare/v0.4.1...v0.4.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-09 11:33:09 +00:00
dependabot-preview[bot]
21ad5498f3
chore(deps): bump github.com/libp2p/go-libp2p-kad-dht 
Bumps [github.com/libp2p/go-libp2p-kad-dht](https://github.com/libp2p/go-libp2p-kad-dht) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/libp2p/go-libp2p-kad-dht/releases)
- [Commits](https://github.com/libp2p/go-libp2p-kad-dht/compare/v0.5.0...v0.5.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-03-06 21:48:04 +00:00