feat: built-in content blocking based on IPIP-383 (#10161)

Fixes #8492 This introduces "nopfs" as a preloaded plugin into Kubo with support for denylists from https://github.com/ipfs/specs/pull/383 It automatically makes Kubo watch *.deny files found in: - /etc/ipfs/denylists - $XDG_CONFIG_HOME/ipfs/denylists - $IPFS_PATH/denylists * test: Gateway.NoFetch and GatewayOverLibp2p adds missing tests for "no fetch" gateways one can expose, in both cases the offline mode is done by passing custom blockservice/exchange into path resolver, which means global path resolver that has nopfs intercept is not used, and the content blocking does not happen on these gateways. * fix: use offline path resolvers where appropriate this fixes the problem described in https://github.com/ipfs/kubo/pull/10161#issuecomment-1782175955 by adding explicit offline path resolvers that are backed by offline exchange, and using them in NoFetch gateways instead of the default online ones --------- Co-authored-by: Henrique Dias <hacdias@gmail.com> Co-authored-by: Marcin Rataj <lidel@lidel.org>
2025-08-26 04:26:07 +08:00 · 2023-10-28 05:34:14 +02:00
parent 4f303d3208
commit a0f34b16dd
19 changed files with 596 additions and 65 deletions
--- a/plugin/plugins/nopfs/nopfs.go
+++ b/plugin/plugins/nopfs/nopfs.go
@ -0,0 +1,85 @@
+package nopfs
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/ipfs-shipyard/nopfs"
+	"github.com/ipfs-shipyard/nopfs/ipfs"
+	"github.com/ipfs/kubo/config"
+	"github.com/ipfs/kubo/core"
+	"github.com/ipfs/kubo/core/node"
+	"github.com/ipfs/kubo/plugin"
+	"go.uber.org/fx"
+)
+
+// Plugins sets the list of plugins to be loaded.
+var Plugins = []plugin.Plugin{
+	&nopfsPlugin{},
+}
+
+// fxtestPlugin is used for testing the fx plugin.
+// It merely adds an fx option that logs a debug statement, so we can verify that it works in tests.
+type nopfsPlugin struct{}
+
+var _ plugin.PluginFx = (*nopfsPlugin)(nil)
+
+func (p *nopfsPlugin) Name() string {
+	return "nopfs"
+}
+
+func (p *nopfsPlugin) Version() string {
+	return "0.0.10"
+}
+
+func (p *nopfsPlugin) Init(env *plugin.Environment) error {
+	return nil
+}
+
+// MakeBlocker is a factory for the blocker so that it can be provided with Fx.
+func MakeBlocker() (*nopfs.Blocker, error) {
+	ipfsPath, err := config.PathRoot()
+	if err != nil {
+		return nil, err
+	}
+
+	defaultFiles, err := nopfs.GetDenylistFiles()
+	if err != nil {
+		return nil, err
+	}
+
+	kuboFiles, err := nopfs.GetDenylistFilesInDir(filepath.Join(ipfsPath, "denylists"))
+	if err != nil {
+		return nil, err
+	}
+
+	files := append(defaultFiles, kuboFiles...)
+
+	return nopfs.NewBlocker(files)
+}
+
+// PathResolvers returns wrapped PathResolvers for Kubo.
+func PathResolvers(fetchers node.FetchersIn, blocker *nopfs.Blocker) node.PathResolversOut {
+	res := node.PathResolverConfig(fetchers)
+	return node.PathResolversOut{
+		IPLDPathResolver:          ipfs.WrapResolver(res.IPLDPathResolver, blocker),
+		UnixFSPathResolver:        ipfs.WrapResolver(res.UnixFSPathResolver, blocker),
+		OfflineIPLDPathResolver:   ipfs.WrapResolver(res.OfflineIPLDPathResolver, blocker),
+		OfflineUnixFSPathResolver: ipfs.WrapResolver(res.OfflineUnixFSPathResolver, blocker),
+	}
+}
+
+func (p *nopfsPlugin) Options(info core.FXNodeInfo) ([]fx.Option, error) {
+	if os.Getenv("IPFS_CONTENT_BLOCKING_DISABLE") != "" {
+		return info.FXOptions, nil
+	}
+
+	opts := append(
+		info.FXOptions,
+		fx.Provide(MakeBlocker),
+		fx.Decorate(ipfs.WrapBlockService),
+		fx.Decorate(ipfs.WrapNameSystem),
+		fx.Decorate(PathResolvers),
+	)
+	return opts, nil
+}