The gateway accepts an X-Ipfs-Path-Prefix header,
and assumes that it is mounted in a reverse proxy
like nginx, at this path. Links in directory listings,
as well as trailing-slash redirects need to be rewritten
with that prefix in mind.
We don't want a potential attacker to be able to
pass in arbitrary path prefixes, which would end up
in redirects and directory listings, which is why
every prefix has to be explicitly allowed in the config.
Previously, we'd accept *any* X-Ipfs-Path-Prefix header.
Example:
We mount blog.ipfs.io (a dnslink page) at ipfs.io/blog.
nginx_ipfs.conf:
location /blog/ {
rewrite "^/blog(/.*)$" $1 break;
proxy_set_header Host blog.ipfs.io;
proxy_set_header X-Ipfs-Gateway-Prefix /blog;
proxy_pass http://127.0.0.1:8080;
}
.ipfs/config:
"Gateway": {
"PathPrefixes": ["/blog"],
// ...
},
dnslink:
> dig TXT _dnslink.blog.ipfs.io
dnslink=/ipfs/QmWcBjXPAEdhXDATV4ghUpkAonNBbiyFx1VmmHcQe9HEGd
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
For the rest of the packages in util, move them to thirdparty
and update the references. util is gone!
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
use NewNode instead of NewIPFSNode in most of the codebase
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
make mocknet work with node constructor better
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
finish cleanup of old construction method
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
blockservice.New doesnt return an error anymore
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
break up node construction into separate function
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
add error case to default filling on node constructor
License: MIT
Signed-off-by: Jeromy <jeromyj@gmail.com>
IPNSHostnameOption() touches the URL path only on the way in,
but not on the way out. This commit makes it complete by
touching the following URLs in responses:
- Heading, file links, back links in directory listings
- Redirecting /foo to /foo/ if there's an index.html link
- Omit Suborigin header
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
ServeOptions take the node and muxer, they should get the listener
too as sometimes they need to operate on the listener address.
License: MIT
Signed-off-by: Juan Batiz-Benet <juan@benet.ai>
This allows direct access to the earlier protocol-specific Resolve
implementations. The guts of each protocol-specific resolver are in
the internal resolveOnce method, and we've added a new:
ResolveN(ctx, name, depth)
method to the public interface. There's also:
Resolve(ctx, name)
which wraps ResolveN using DefaultDepthLimit. The extra API endpoint
is intended to reduce the likelyhood of clients accidentally calling
the more dangerous ResolveN with a nonsensically high or infinite
depth. On IRC on 2015-05-17, Juan said:
15:34 <jbenet> If 90% of uses is the reduced API with no chance to
screw it up, that's a huge win.
15:34 <wking> Why would those 90% not just set depth=0 or depth=1,
depending on which they need?
15:34 <jbenet> Because people will start writing `r.Resolve(ctx, name,
d)` where d is a variable.
15:35 <wking> And then accidentally set that variable to some huge
number?
15:35 <jbenet> Grom experience, i've seen this happen _dozens_ of
times. people screw trivial things up.
15:35 <wking> Why won't those same people be using ResolveN?
15:36 <jbenet> Because almost every example they see will tell them to
use Resolve(), and they will mostly stay away from ResolveN.
The per-prodocol versions also resolve recursively within their
protocol. For example:
DNSResolver.Resolve(ctx, "ipfs.io", 0)
will recursively resolve DNS links until the referenced value is no
longer a DNS link.
I also renamed the multi-protocol ipfs NameSystem (defined in
namesys/namesys.go) to 'mpns' (for Multi-Protocol Name System),
because I wasn't clear on whether IPNS applied to the whole system or
just to to the DHT-based system. The new name is unambiguously
multi-protocol, which is good. It would be nice to have a distinct
name for the DHT-based link system.
Now that resolver output is always prefixed with a namespace and
unprefixed mpns resolver input is interpreted as /ipfs/,
core/corehttp/ipns_hostname.go can dispense with it's old manual
/ipfs/ injection.
Now that the Resolver interface handles recursion, we don't need the
resolveRecurse helper in core/pathresolver.go. The pathresolver
cleanup also called for an adjustment to FromSegments to more easily
get slash-prefixed paths.
Now that recursive resolution with the namesys/namesys.go composite
resolver always gets you to an /ipfs/... path, there's no need for the
/ipns/ special case in fuse/ipns/ipns_unix.go.
Now that DNS links can be things other than /ipfs/ or DHT-link
references (e.g. they could be /ipns/<domain-name> references) I've
also loosened the ParsePath logic to only attempt multihash validation
on IPFS paths. It checks to ensure that other paths have a
known-protocol prefix, but otherwise leaves them alone.
I also changed some key-stringification from .Pretty() to .String()
following the potential deprecation mentioned in util/key.go.
- updated go-ctxgroup and goprocess
ctxgroup: AddChildGroup was changed to AddChild. Used in two files:
- p2p/net/mock/mock_net.go
- routing/dht/dht.go
- updated context from hg repo to git
prev. commit in hg was ad01a6fcc8a19d3a4478c836895ffe883bd2ceab. (context: make parentCancelCtx iterative)
represents commit 84f8955a887232b6308d79c68b8db44f64df455c in git repo
- updated context to master (b6fdb7d8a4ccefede406f8fe0f017fb58265054c)
Aaron Jacobs (2):
net/context: Don't accept a context in the DoSomethingSlow example.
context: Be clear that users must cancel the result of WithCancel.
Andrew Gerrand (1):
go.net: use golang.org/x/... import paths
Bryan C. Mills (1):
net/context: Don't leak goroutines in Done example.
Damien Neil (1):
context: fix removal of cancelled timer contexts from parent
David Symonds (2):
context: Fix WithValue example code.
net: add import comments.
Sameer Ajmani (1):
context: fix TestAllocs to account for ints in interfaces
