* Update golog in go-ipfs
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update go-libp2p for go-log
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update go-libp2p-secio for go-log
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update go-libp2p-crypto for go-log
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update go-libp2p-peer for go-log
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Import peersore, it wasn't imported
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update peerstore
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update peer
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update secio
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
* Update go-libp2p
License: MIT
Signed-off-by: Jakub Sztandera <kubuxu@protonmail.ch>
This patch is in preparation for the gateway's extraction.
It's interesting to trace technical debt back to its
origin, understanding the circumstances in which it
was introduced and built up, and then cutting it back
at exactly the right places.
- Clean up the gateway's surface
The option builder GatewayOption() now takes only
arguments which are relevant for HTTP handler muxing,
i.e. the paths where the gateway should be mounted.
All other configuration happens through the
GatewayConfig object.
- Remove BlockList
I know why this was introduced in the first place,
but it never ended up fulfilling that purpose.
Somehow it was only ever used by the API server,
not the gateway, which really doesn't make sense.
It was also never wired up with CLI nor fs-repo.
Eventually @krl started punching holes into it
to make the Web UI accessible.
- Remove --unrestricted-api
This was holes being punched into BlockList too,
for accessing /ipfs and /ipn on the API server.
With BlockList removed and /ipfs and /ipns freely
accessible, putting this option out of action
is safe. With the next major release,
the option can be removed for good.
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
The gateway accepts an X-Ipfs-Path-Prefix header,
and assumes that it is mounted in a reverse proxy
like nginx, at this path. Links in directory listings,
as well as trailing-slash redirects need to be rewritten
with that prefix in mind.
We don't want a potential attacker to be able to
pass in arbitrary path prefixes, which would end up
in redirects and directory listings, which is why
every prefix has to be explicitly allowed in the config.
Previously, we'd accept *any* X-Ipfs-Path-Prefix header.
Example:
We mount blog.ipfs.io (a dnslink page) at ipfs.io/blog.
nginx_ipfs.conf:
location /blog/ {
rewrite "^/blog(/.*)$" $1 break;
proxy_set_header Host blog.ipfs.io;
proxy_set_header X-Ipfs-Gateway-Prefix /blog;
proxy_pass http://127.0.0.1:8080;
}
.ipfs/config:
"Gateway": {
"PathPrefixes": ["/blog"],
// ...
},
dnslink:
> dig TXT _dnslink.blog.ipfs.io
dnslink=/ipfs/QmWcBjXPAEdhXDATV4ghUpkAonNBbiyFx1VmmHcQe9HEGd
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
ServeOptions take the node and muxer, they should get the listener
too as sometimes they need to operate on the listener address.
License: MIT
Signed-off-by: Juan Batiz-Benet <juan@benet.ai>
this commit adds the ability to specify arbitrary HTTP headers
for either the Gateway or the API. simply set the desired headers
on the config:
ipfs config --json API.HTTPHeaders.X-MyHdr '["meow :)"]'
ipfs config --json Gateway.HTTPHeaders.X-MyHdr '["meow :)"]'
License: MIT
Signed-off-by: Juan Batiz-Benet <juan@benet.ai>
Each option now additionally returns the mux to be used by future options. If
every options returns the mux it was passed, the current behavior is unchanged.
However, if the option returns an a new mux, it can mediate requests to handlers
provided by future options:
return func(n *core.IpfsNode, mux *http.ServeMux) (*http.ServeMux, error) {
childMux := http.NewServeMux()
mux.Handle("/", handlerThatDelegatesToChildMux)
return childMux, nil
}
License: MIT
Signed-off-by: Kevin Wallace <kevin@pentabarf.net>
