* add flag to "ipfs key gen" to output keys in b36 CIDv1
* add flag to "ipfs key list" to output keys in b36 CIDv1
* add and modify corresponding sharness tests
This isn't perfect (we only use sessions after resolving the root cid) but it's
better than what we have. The real solution is #7198 so we can use sessions
everywhere.
(cherry picked from commit 62f61c588d)
This isn't perfect (we only use sessions after resolving the root cid) but it's
better than what we have. The real solution is #7198 so we can use sessions
everywhere.
MVP for #6097
This feature will repeatedly reconnect (with a randomized exponential backoff)
to peers in a set of "peered" peers.
In the future, this should be extended to:
1. Include a CLI for modifying this list at runtime.
2. Include additional options for peers we want to _protect_ but not connect to.
3. Allow configuring timeouts, backoff, etc.
4. Allow groups? Possibly through textile threads.
5. Allow for runtime-only peering rules.
6. Different reconnect policies.
But this MVP should be a significant step forward.
While the content of raw files retrieved via the gateway should never
change, the look and feel of the directory index can and will change
between versions of go-ipfs.
Incorporate the hash of assets/bindata.go into the ETag when appropriate
Otherwise, we could end up with only DHT clients and never re-bootstrap.
I've left the default go-ipfs bootstrapping code in for now as it's technically
possible to disable the DHT entirely.
fixes https://github.com/ipfs/go-ipfs/pull/4233#issuecomment-631454543
Basically, there's a trade-off here:
1. We can support directory listings while supporting 404 pages (this PR).
2. If a 404 page is present, directory listings don't work.
Given that option 1 is more flexible and users shouldn't be _too_ confused if
they land on a directory with no index.html page, I've gone with that option.
Files already have an explicit Content-Type set. Be sure to do this for
directory listings as well to avoid a fallback to autodetection in
net/http. That fallback fails when a ResponseWriter is installed that
performs compression.
In the same way that an `index.html` file is rendered, if one is present, when the
requested path is a directory, now an `ipfs-404.html` file is rendered if
the requested file is not present within the specified IPFS object.
`ipfs-404.html` files are looked for in the directory of the requested path and each
parent until one is found, falling back on the well-known 404 error message.
License: MIT
Signed-off-by: JP Hastings-Spital <jphastings@gmail.com>
1. Increase broadcast timeout.
2. Fix use of sessions when pinning.
This also includes some bitswap changes to reduce some memory allocations and
optimize some hot spots.
1. Enable AutoNATService on _all_ nodes by default. If it's an issue, we can
disable it in RC3 but this will give us the best testing results.
2. Expose options to configure AutoNAT rate limiting.
And remove retry logic. This was flatfs specific and we've moved the logic down
into flatfs itself.
This update:
* Retries in more cases when we run out of file descriptors.
* Ensures we don't leak temporary files on batch put.
This still works over "loosely defined" .car files
Please refer to the sharness tests for extra info
We can tighten this up if the sentiment is "Postel was wrong"
This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
to only allow POST/OPTIONS, disallowing GET and others in the handling of
command requests in the IPFS HTTP API (where before every type of request
method was handled, with GET/POST/PUT/PATCH being equivalent).
The Read-Only commands that the HTTP API attaches to the gateway endpoint will
additional handled GET as they did before (but stop handling PUT,DELETEs).
By limiting the request types we address the possibility that a website
accessed by a browser abuses the IPFS API by issuing GET requests to it which
have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.
This is a breaking change for clients that relay on GET requests against the
HTTP endpoint (usually :5001). Applications integrating on top of the
gateway-read-only API should still work (including cross-domain access).
Co-Authored-By: Steven Allen <steven@stebalien.com>
Co-Authored-By: Marcin Rataj <lidel@lidel.org>
This logic collects a list of known relays by testing every new connection.
It exists so we can dial /p2p-circuit/p2p/QmFoobar addresses (circuit addresses
that don't specify the relay). However, this kind of address is useless outside
of basic demos as a random relay is practically guaranteed to not be connected
to the target peer. Picking a random relay to connect to some peer is almost
_never_ the desired behavior.
Instead of feeding through the top-level context, feed through a cancel-free
context (that still carries the same context values). Then, when the top-level
context is canceled, call `stop` to shut everything down in-order. Finally,
cancel the inner context to make sure everything has been cleaned up.
Ideally, we just wouldn't use contexts for this. But this is strictly better
than what we have.
When request is sent to http://localhost:8080/ipfs/$cid response has
HTTP 301 status code and "Location" header with redirect destination at
$cid.ipfs.localhost:8080
Redirect is followed by browsersi, but not by commandline tools.
Status 301 is ignored by curl in default mode: it will print response
and won't follow redirect, user needs to add -L for that.
To fix curl, we return correct payload in body of HTTP 301 response,
but set Clear-Site-Data header to ensure Origin sandbox can't be abused.
This requires a surgical workaround:
If Location header is present in ResponseWriter's Header map,
we ensure http.ServeContent() returns HTTP 301
Context: https://github.com/ipfs/go-ipfs/pull/6982
License: MIT
Signed-off-by: Marcin Rataj <lidel@lidel.org>
Instead of adding a new fake header (that could be spoofed by the client...),
just read the original request URI from the request object.
This also removes support for suborigins. They have never been implemented in
browsers and it looks like efforts have stalled. We can add support back if we
need it but, well, maintaining support was going to be more trouble than it was
worth.
License: MIT
Signed-off-by: Steven Allen <steven@stebalien.com>
