Commit Graph

551 Commits

Author SHA1 Message Date
Marcin Rataj
7d397ac219
feat: webui v2.7.4
(supersedes v2.7.3)

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
2020-04-14 17:51:25 +02:00
Hector Sanjuan
7340543615 corehttp: Gateway handler: add Allow headers when returning MethodNotAllowed
Spec says that response with 405 must set Allow headers.
2020-04-05 09:57:57 +02:00
Hector Sanjuan
1b490476e5 HTTP API: Disallow GET requests on API
This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).

The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).

By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.

This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).

Co-Authored-By: Steven Allen <steven@stebalien.com>
Co-Authored-By: Marcin Rataj <lidel@lidel.org>
2020-04-05 09:57:57 +02:00
Marcin Rataj
f9567a0a0f fix(gateway): curl without redirect on localhost
When request is sent to http://localhost:8080/ipfs/$cid response has
HTTP 301 status code and "Location" header with redirect destination at
$cid.ipfs.localhost:8080

Redirect is followed by browsersi, but not by commandline tools.
Status 301 is ignored by curl in default mode: it will print response
and won't follow redirect, user needs to add -L for that.

To fix curl, we return correct payload in body of HTTP 301 response,
but set Clear-Site-Data header to ensure Origin sandbox can't be abused.

This requires a surgical workaround:
If Location header is present in ResponseWriter's Header map,
we ensure http.ServeContent() returns HTTP 301

Context: https://github.com/ipfs/go-ipfs/pull/6982

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
2020-03-18 08:50:40 -07:00
Marcin Rataj
3ecccd6e1d feat(gateway): subdomain and proxy gateway
License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
2020-03-18 08:50:38 -07:00
Steven Allen
72490f7ed0 gateway: simplify/improve dnslink rewrite handling
Instead of adding a new fake header (that could be spoofed by the client...),
just read the original request URI from the request object.

This also removes support for suborigins. They have never been implemented in
browsers and it looks like efforts have stalled. We can add support back if we
need it but, well, maintaining support was going to be more trouble than it was
worth.

License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
2020-03-17 19:34:44 -07:00
Steven Allen
11c229bb14 rename ProxyOption to P2PProxyOption
(we're implementing an _actual_ proxy)

License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
2020-03-17 19:34:44 -07:00
Steven Allen
906f45edd9 fix(tracing): remove event tracing
We've deprecated this system and have yet to move to a new system. We might as
well remove everything, switch to a new system, then deliberately trace the
entire system.
2020-01-28 21:31:12 -08:00
Steven Allen
a53d48059b fix: migrate from deprecated warning function 2020-01-28 21:20:21 -08:00
Steven Allen
725e6844ee gateway: cleanup logic
License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
2020-01-10 10:19:13 +01:00
Steven Allen
5eea0a4ba0 http: use Method* constants
License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
2020-01-10 10:19:08 +01:00
Steven Allen
c64eb11992 test(gateway): test the lazy seeker 2020-01-05 16:43:45 -08:00
Steven Allen
6cb03d4dfd fix(gateway): fix seek read length typo 2020-01-05 16:43:45 -08:00
Steven Allen
453b78962b chore(gateway): remove dead code 2020-01-05 16:43:45 -08:00
Steven Allen
1a06fb6e2f fix(gateway): correct symlink content type
We should be _resolving_ symlinks (sometimes, still need to figure out when to
do this WRT IPNS). However, that's a larger feature.
2020-01-05 16:43:44 -08:00
Steven Allen
3859f08bf7 fix(gateway): better seeking/sized
1. Require files to have known sizes. We can add support for unknown sizes
_later_ but we can't use ServeContent for those files.
2. Replace the `sizeReadSeeker` with a `lazySeeker`. This one makes no
assumptions about how it's used so we're less likely to run into weird bugs.
2020-01-05 16:43:44 -08:00
Steven Allen
e8a6c0c050 fix(gateway): gracefully handle files with unknown sizes in directory listings 2020-01-05 16:43:44 -08:00
Steven Allen
62451039ec fix(gateway): serve the index with serveFile 2020-01-05 16:43:44 -08:00
Marcin Rataj
115b2ba6cd
fix: limit SW registration to content root
Introduces hardening proposed in:
https://github.com/ipfs/go-ipfs/issues/4025#issuecomment-342250616

License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
2019-12-17 02:20:40 +01:00
Henrique Dias
5ab7a70131
feat: web ui 2.7.2 2019-12-04 08:15:58 +00:00
Steven Allen
c19bc362f5
Merge pull request #6743 from dreamski21/fix/gateway/content-type-header
fix #2203: omit the charset attribute when Content-Type is text/html
2019-12-02 14:13:57 -05:00
Henrique Dias
f4a4baccee
feat: web ui 2.7.1 2019-11-12 23:37:40 +00:00
Steven Allen
7ae6f6fa3e chore(gateway): document encoding fix 2019-11-06 11:47:27 +00:00
Steven Allen
69f6e08d9d chore(gateway): remove redundant seek 2019-11-06 11:45:41 +00:00
Steven Allen
a12d2e265e chore(gateway): fix error call 2019-11-06 11:44:56 +00:00
Steven Allen
ebf2e7da36 chore(gateway): fix import ordering 2019-11-06 11:44:32 +00:00
Djalil Dreamski
a29a9dbb98
gateway: ServeFile: use file extension to determine Content-Type
License: MIT
Signed-off-by: Abdeldjalil Hebal <dreamski21@gmail.com>
2019-11-06 01:52:49 +01:00
Djalil Dreamski
69f81a11dd
Update gateway_handler.go 2019-11-05 17:36:26 +01:00
Djalil Dreamski
aefff48654
fix #2203: omit the charset attribute when Content-Type is text/html
License: MIT
Signed-off-by: Abdeldjalil Hebal <dreamski21@gmail.com>
2019-11-02 21:56:54 +01:00
Henrique Dias
29d6d7e3cd
feat: web ui 2.6.0
See https://github.com/ipfs-shipyard/ipfs-webui/releases/tag/v2.6.0.
2019-10-30 17:50:29 +00:00
Steven Allen
4a102207a3
Merge pull request #6643 from ipfs/fix/provide-prometheus-namespace
ipfs namespace is now being provided to prometheus
2019-10-22 20:38:00 -07:00
Adrian Lanzafame
48f25d9ed7
pass opts.Namespace along like before 2019-10-23 10:46:11 +10:00
Henrique Dias
f3f3899a68
Update webui.go 2019-10-21 20:24:15 +01:00
Henrique Dias
a1854101c0
feat: web ui 2.5.8 2019-10-21 08:31:33 +01:00
Henrique Dias
bb59c24947
feat: web ui 2.5.7
Relevant release notes can be found on [v2.5.5](https://github.com/ipfs-shipyard/ipfs-webui/releases/tag/v2.5.5).
2019-10-08 08:33:58 +01:00
Steven Allen
853ed0be5d chore: fix deprecation warnings 2019-09-26 15:38:12 -07:00
Henrique Dias
36acc402aa
feat: web ui 2.5.4 2019-09-23 15:44:21 +01:00
Adrian Lanzafame
03017cb201
ipfs namespace is now being provided to prometheus 2019-09-15 11:08:19 +10:00
Henrique Dias
7c6ba8f724
feat: webui 2.5.3
Superseeds #6635.
2019-09-12 23:09:43 +01:00
Henrique Dias
de87c3aa45
feat: web ui 2.5.1 2019-09-06 09:04:21 +01:00
Henrique Dias
b0f496e79f
feat: web ui 2.5.0 2019-08-13 15:20:13 +01:00
Steven Allen
521a29956b fix and improve the writable gateway
1. Fix handling of PUT. The simple implementation was the correct
   implementation, I have no idea what was going on here.
2. Use MFS everywhere to reduce code duplication and add support for sharded
   directories.
3. _Correctly_ block IPNS.
4. Remove the dependency on `core.IpfsNode`.
5. Remove support for putting empty directories with a well-known CID. It was
   useless as directories are automatically created.
2019-07-25 19:22:56 -07:00
Hector Sanjuan
98a508fdd1 Deps: update go-libp2p-http to its new libp2p location
License: MIT
Signed-off-by: Hector Sanjuan <hector@protocol.ai>
2019-06-08 00:51:18 +02:00
Steven Allen
d460150f43 gateway: label get requests latency with the path namespace 2019-06-04 17:47:08 -07:00
Steven Allen
ebd89b4011 gateway: expand get metric metadata 2019-06-04 17:36:42 -07:00
whyrusleeping
846b6b5d95 add unixfs get metric
License: MIT
Signed-off-by: whyrusleeping <why@ipfs.io>
2019-06-04 17:36:42 -07:00
Raúl Kripalani
e8c2852179 migrate to go-libp2p-core.
closes #6391

License: MIT
Signed-off-by: Raúl Kripalani <raul@protocol.ai>
2019-05-31 23:23:52 -07:00
Henrique Dias
5cd15049ad
feat: update Web UI to v2.4.6 2019-05-31 16:51:08 +01:00
Steven Allen
23d35184c3 fix: use http.Error for sending errors
This sets a few headers that prevent browsers from misinterpreting the error
text.
2019-05-25 10:45:17 -07:00
Steven Allen
4924b80e10 chore: fix linter nits
License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
2019-05-14 09:38:26 -07:00