package corehttp import ( "context" "fmt" "io" "mime" "net/http" "net/url" "os" gopath "path" "runtime/debug" "strings" "time" "github.com/dustin/go-humanize" "github.com/ipfs/go-cid" files "github.com/ipfs/go-ipfs-files" dag "github.com/ipfs/go-merkledag" "github.com/ipfs/go-mfs" "github.com/ipfs/go-path" "github.com/ipfs/go-path/resolver" coreiface "github.com/ipfs/interface-go-ipfs-core" ipath "github.com/ipfs/interface-go-ipfs-core/path" routing "github.com/libp2p/go-libp2p-core/routing" "github.com/multiformats/go-multibase" ) const ( ipfsPathPrefix = "/ipfs/" ipnsPathPrefix = "/ipns/" ) // gatewayHandler is a HTTP handler that serves IPFS objects (accessible by default at /ipfs/) // (it serves requests like GET /ipfs/QmVRzPKPzNtSrEzBFm2UZfxmPAgnaLke4DMcerbsGGSaFe/link) type gatewayHandler struct { config GatewayConfig api coreiface.CoreAPI } func newGatewayHandler(c GatewayConfig, api coreiface.CoreAPI) *gatewayHandler { i := &gatewayHandler{ config: c, api: api, } return i } func parseIpfsPath(p string) (cid.Cid, string, error) { rootPath, err := path.ParsePath(p) if err != nil { return cid.Cid{}, "", err } // Check the path. rsegs := rootPath.Segments() if rsegs[0] != "ipfs" { return cid.Cid{}, "", fmt.Errorf("WritableGateway: only ipfs paths supported") } rootCid, err := cid.Decode(rsegs[1]) if err != nil { return cid.Cid{}, "", err } return rootCid, path.Join(rsegs[2:]), nil } func (i *gatewayHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { // the hour is a hard fallback, we don't expect it to happen, but just in case ctx, cancel := context.WithTimeout(r.Context(), time.Hour) defer cancel() r = r.WithContext(ctx) defer func() { if r := recover(); r != nil { log.Error("A panic occurred in the gateway handler!") log.Error(r) debug.PrintStack() } }() if i.config.Writable { switch r.Method { case "POST": i.postHandler(w, r) return case "PUT": i.putHandler(w, r) return case "DELETE": i.deleteHandler(w, r) return } } if r.Method == "GET" || r.Method == "HEAD" { i.getOrHeadHandler(w, r) return } if r.Method == "OPTIONS" { i.optionsHandler(w, r) return } errmsg := "Method " + r.Method + " not allowed: " var status int if !i.config.Writable { status = http.StatusMethodNotAllowed errmsg = errmsg + "read only access" } else { status = http.StatusBadRequest errmsg = errmsg + "bad request for " + r.URL.Path } http.Error(w, errmsg, status) } func (i *gatewayHandler) optionsHandler(w http.ResponseWriter, r *http.Request) { /* OPTIONS is a noop request that is used by the browsers to check if server accepts cross-site XMLHttpRequest (indicated by the presence of CORS headers) https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests */ i.addUserHeaders(w) // return all custom headers (including CORS ones, if set) } func (i *gatewayHandler) getOrHeadHandler(w http.ResponseWriter, r *http.Request) { begin := time.Now() urlPath := r.URL.Path escapedURLPath := r.URL.EscapedPath() // If the gateway is behind a reverse proxy and mounted at a sub-path, // the prefix header can be set to signal this sub-path. // It will be prepended to links in directory listings and the index.html redirect. prefix := "" if prfx := r.Header.Get("X-Ipfs-Gateway-Prefix"); len(prfx) > 0 { for _, p := range i.config.PathPrefixes { if prfx == p || strings.HasPrefix(prfx, p+"/") { prefix = prfx break } } } // IPNSHostnameOption might have constructed an IPNS path using the Host header. // In this case, we need the original path for constructing redirects // and links that match the requested URL. // For example, http://example.net would become /ipns/example.net, and // the redirects and links would end up as http://example.net/ipns/example.net originalUrlPath := prefix + urlPath ipnsHostname := false if hdr := r.Header.Get("X-Ipns-Original-Path"); len(hdr) > 0 { originalUrlPath = prefix + hdr ipnsHostname = true } parsedPath := ipath.New(urlPath) if err := parsedPath.IsValid(); err != nil { webError(w, "invalid ipfs path", err, http.StatusBadRequest) return } // Resolve path to the final DAG node for the ETag resolvedPath, err := i.api.ResolvePath(r.Context(), parsedPath) switch err { case nil: case coreiface.ErrOffline: webError(w, "ipfs resolve -r "+escapedURLPath, err, http.StatusServiceUnavailable) return default: webError(w, "ipfs resolve -r "+escapedURLPath, err, http.StatusNotFound) return } dr, err := i.api.Unixfs().Get(r.Context(), resolvedPath) if err != nil { webError(w, "ipfs cat "+escapedURLPath, err, http.StatusNotFound) return } unixfsGetMetric.WithLabelValues(parsedPath.Namespace()).Observe(time.Since(begin).Seconds()) defer dr.Close() // Check etag send back to us etag := "\"" + resolvedPath.Cid().String() + "\"" if r.Header.Get("If-None-Match") == etag || r.Header.Get("If-None-Match") == "W/"+etag { w.WriteHeader(http.StatusNotModified) return } i.addUserHeaders(w) // ok, _now_ write user's headers. w.Header().Set("X-IPFS-Path", urlPath) w.Header().Set("Etag", etag) // Suborigin header, sandboxes apps from each other in the browser (even // though they are served from the same gateway domain). // // Omitted if the path was treated by IPNSHostnameOption(), for example // a request for http://example.net/ would be changed to /ipns/example.net/, // which would turn into an incorrect Suborigin header. // In this case the correct thing to do is omit the header because it is already // handled correctly without a Suborigin. // // NOTE: This is not yet widely supported by browsers. if !ipnsHostname { // e.g.: 1="ipfs", 2="QmYuNaKwY...", ... pathComponents := strings.SplitN(urlPath, "/", 4) var suboriginRaw []byte cidDecoded, err := cid.Decode(pathComponents[2]) if err != nil { // component 2 doesn't decode with cid, so it must be a hostname suboriginRaw = []byte(strings.ToLower(pathComponents[2])) } else { suboriginRaw = cidDecoded.Bytes() } base32Encoded, err := multibase.Encode(multibase.Base32, suboriginRaw) if err != nil { internalWebError(w, err) return } suborigin := pathComponents[1] + "000" + strings.ToLower(base32Encoded) w.Header().Set("Suborigin", suborigin) } // set these headers _after_ the error, for we may just not have it // and dont want the client to cache a 500 response... // and only if it's /ipfs! // TODO: break this out when we split /ipfs /ipns routes. modtime := time.Now() if f, ok := dr.(files.File); ok { if strings.HasPrefix(urlPath, ipfsPathPrefix) { w.Header().Set("Cache-Control", "public, max-age=29030400, immutable") // set modtime to a really long time ago, since files are immutable and should stay cached modtime = time.Unix(1, 0) } urlFilename := r.URL.Query().Get("filename") var name string if urlFilename != "" { w.Header().Set("Content-Disposition", fmt.Sprintf("inline; filename*=UTF-8''%s", url.PathEscape(urlFilename))) name = urlFilename } else { name = getFilename(urlPath) } i.serveFile(w, r, name, modtime, f) return } dir, ok := dr.(files.Directory) if !ok { internalWebError(w, fmt.Errorf("unsupported file type")) return } idx, err := i.api.Unixfs().Get(r.Context(), ipath.Join(resolvedPath, "index.html")) switch err.(type) { case nil: dirwithoutslash := urlPath[len(urlPath)-1] != '/' goget := r.URL.Query().Get("go-get") == "1" if dirwithoutslash && !goget { // See comment above where originalUrlPath is declared. http.Redirect(w, r, originalUrlPath+"/", 302) return } f, ok := idx.(files.File) if !ok { internalWebError(w, files.ErrNotReader) return } // write to request http.ServeContent(w, r, "index.html", modtime, f) return case resolver.ErrNoLink: // no index.html; noop default: internalWebError(w, err) return } if r.Method == "HEAD" { return } // storage for directory listing var dirListing []directoryItem dirit := dir.Entries() for dirit.Next() { // See comment above where originalUrlPath is declared. s, err := dirit.Node().Size() if err != nil { internalWebError(w, err) return } di := directoryItem{humanize.Bytes(uint64(s)), dirit.Name(), gopath.Join(originalUrlPath, dirit.Name())} dirListing = append(dirListing, di) } if dirit.Err() != nil { internalWebError(w, dirit.Err()) return } // construct the correct back link // https://github.com/ipfs/go-ipfs/issues/1365 var backLink string = prefix + urlPath // don't go further up than /ipfs/$hash/ pathSplit := path.SplitList(backLink) switch { // keep backlink case len(pathSplit) == 3: // url: /ipfs/$hash // keep backlink case len(pathSplit) == 4 && pathSplit[3] == "": // url: /ipfs/$hash/ // add the correct link depending on wether the path ends with a slash default: if strings.HasSuffix(backLink, "/") { backLink += "./.." } else { backLink += "/.." } } // strip /ipfs/$hash from backlink if IPNSHostnameOption touched the path. if ipnsHostname { backLink = prefix + "/" if len(pathSplit) > 5 { // also strip the trailing segment, because it's a backlink backLinkParts := pathSplit[3 : len(pathSplit)-2] backLink += path.Join(backLinkParts) + "/" } } var hash string if !strings.HasPrefix(originalUrlPath, ipfsPathPrefix) { hash = resolvedPath.Cid().String() } // See comment above where originalUrlPath is declared. tplData := listingTemplateData{ Listing: dirListing, Path: originalUrlPath, BackLink: backLink, Hash: hash, } err = listingTemplate.Execute(w, tplData) if err != nil { internalWebError(w, err) return } } type sizeReadSeeker interface { Size() (int64, error) io.ReadSeeker } type sizeSeeker struct { sizeReadSeeker } func (s *sizeSeeker) Seek(offset int64, whence int) (int64, error) { if whence == io.SeekEnd && offset == 0 { return s.Size() } return s.sizeReadSeeker.Seek(offset, whence) } func (i *gatewayHandler) serveFile(w http.ResponseWriter, req *http.Request, name string, modtime time.Time, content io.ReadSeeker) { if sp, ok := content.(sizeReadSeeker); ok { content = &sizeSeeker{ sizeReadSeeker: sp, } } ctype := mime.TypeByExtension(gopath.Ext(name)) if ctype == "" { buf := make([]byte, 512) n, _ := io.ReadFull(content, buf[:]) ctype = http.DetectContentType(buf[:n]) _, err := content.Seek(0, io.SeekStart) if err != nil { http.Error(w, "seeker can't seek", http.StatusInternalServerError) return } } if strings.HasPrefix(ctype, "text/html;") { ctype = "text/html" } w.Header().Set("Content-Type", ctype) http.ServeContent(w, req, name, modtime, content) } func (i *gatewayHandler) postHandler(w http.ResponseWriter, r *http.Request) { p, err := i.api.Unixfs().Add(r.Context(), files.NewReaderFile(r.Body)) if err != nil { internalWebError(w, err) return } i.addUserHeaders(w) // ok, _now_ write user's headers. w.Header().Set("IPFS-Hash", p.Cid().String()) http.Redirect(w, r, p.String(), http.StatusCreated) } func (i *gatewayHandler) putHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() ds := i.api.Dag() // Parse the path rootCid, newPath, err := parseIpfsPath(r.URL.Path) if err != nil { webError(w, "WritableGateway: failed to parse the path", err, http.StatusBadRequest) return } if newPath == "" || newPath == "/" { http.Error(w, "WritableGateway: empty path", http.StatusBadRequest) return } newDirectory, newFileName := gopath.Split(newPath) // Resolve the old root. rnode, err := ds.Get(ctx, rootCid) if err != nil { webError(w, "WritableGateway: Could not create DAG from request", err, http.StatusInternalServerError) return } pbnd, ok := rnode.(*dag.ProtoNode) if !ok { webError(w, "Cannot read non protobuf nodes through gateway", dag.ErrNotProtobuf, http.StatusBadRequest) return } // Create the new file. newFilePath, err := i.api.Unixfs().Add(ctx, files.NewReaderFile(r.Body)) if err != nil { webError(w, "WritableGateway: could not create DAG from request", err, http.StatusInternalServerError) return } newFile, err := ds.Get(ctx, newFilePath.Cid()) if err != nil { webError(w, "WritableGateway: failed to resolve new file", err, http.StatusInternalServerError) return } // Patch the new file into the old root. root, err := mfs.NewRoot(ctx, ds, pbnd, nil) if err != nil { webError(w, "WritableGateway: failed to create MFS root", err, http.StatusBadRequest) return } if newDirectory != "" { err := mfs.Mkdir(root, newDirectory, mfs.MkdirOpts{Mkparents: true, Flush: false}) if err != nil { webError(w, "WritableGateway: failed to create MFS directory", err, http.StatusInternalServerError) return } } dirNode, err := mfs.Lookup(root, newDirectory) if err != nil { webError(w, "WritableGateway: failed to lookup directory", err, http.StatusInternalServerError) return } dir, ok := dirNode.(*mfs.Directory) if !ok { http.Error(w, "WritableGateway: target directory is not a directory", http.StatusBadRequest) return } err = dir.Unlink(newFileName) switch err { case os.ErrNotExist, nil: default: webError(w, "WritableGateway: failed to replace existing file", err, http.StatusBadRequest) return } err = dir.AddChild(newFileName, newFile) if err != nil { webError(w, "WritableGateway: failed to link file into directory", err, http.StatusInternalServerError) return } nnode, err := root.GetDirectory().GetNode() if err != nil { webError(w, "WritableGateway: failed to finalize", err, http.StatusInternalServerError) return } newcid := nnode.Cid() i.addUserHeaders(w) // ok, _now_ write user's headers. w.Header().Set("IPFS-Hash", newcid.String()) http.Redirect(w, r, gopath.Join(ipfsPathPrefix, newcid.String(), newPath), http.StatusCreated) } func (i *gatewayHandler) deleteHandler(w http.ResponseWriter, r *http.Request) { ctx := r.Context() // parse the path rootCid, newPath, err := parseIpfsPath(r.URL.Path) if err != nil { webError(w, "WritableGateway: failed to parse the path", err, http.StatusBadRequest) return } if newPath == "" || newPath == "/" { http.Error(w, "WritableGateway: empty path", http.StatusBadRequest) return } directory, filename := gopath.Split(newPath) // lookup the root rootNodeIPLD, err := i.api.Dag().Get(ctx, rootCid) if err != nil { webError(w, "WritableGateway: failed to resolve root CID", err, http.StatusInternalServerError) return } rootNode, ok := rootNodeIPLD.(*dag.ProtoNode) if !ok { http.Error(w, "WritableGateway: empty path", http.StatusInternalServerError) return } // construct the mfs root root, err := mfs.NewRoot(ctx, i.api.Dag(), rootNode, nil) if err != nil { webError(w, "WritableGateway: failed to construct the MFS root", err, http.StatusBadRequest) return } // lookup the parent directory parentNode, err := mfs.Lookup(root, directory) if err != nil { webError(w, "WritableGateway: failed to look up parent", err, http.StatusInternalServerError) return } parent, ok := parentNode.(*mfs.Directory) if !ok { http.Error(w, "WritableGateway: parent is not a directory", http.StatusInternalServerError) return } // delete the file switch parent.Unlink(filename) { case nil, os.ErrNotExist: default: webError(w, "WritableGateway: failed to remove file", err, http.StatusInternalServerError) return } nnode, err := root.GetDirectory().GetNode() if err != nil { webError(w, "WritableGateway: failed to finalize", err, http.StatusInternalServerError) } ncid := nnode.Cid() i.addUserHeaders(w) // ok, _now_ write user's headers. w.Header().Set("IPFS-Hash", ncid.String()) // note: StatusCreated is technically correct here as we created a new resource. http.Redirect(w, r, gopath.Join(ipfsPathPrefix+ncid.String(), directory), http.StatusCreated) } func (i *gatewayHandler) addUserHeaders(w http.ResponseWriter) { for k, v := range i.config.Headers { w.Header()[k] = v } } func webError(w http.ResponseWriter, message string, err error, defaultCode int) { if _, ok := err.(resolver.ErrNoLink); ok { webErrorWithCode(w, message, err, http.StatusNotFound) } else if err == routing.ErrNotFound { webErrorWithCode(w, message, err, http.StatusNotFound) } else if err == context.DeadlineExceeded { webErrorWithCode(w, message, err, http.StatusRequestTimeout) } else { webErrorWithCode(w, message, err, defaultCode) } } func webErrorWithCode(w http.ResponseWriter, message string, err error, code int) { http.Error(w, fmt.Sprintf("%s: %s", message, err), code) if code >= 500 { log.Warningf("server error: %s: %s", err) } } // return a 500 error and log func internalWebError(w http.ResponseWriter, err error) { webErrorWithCode(w, "internalWebError", err, http.StatusInternalServerError) } func getFilename(s string) string { if (strings.HasPrefix(s, ipfsPathPrefix) || strings.HasPrefix(s, ipnsPathPrefix)) && strings.Count(gopath.Clean(s), "/") <= 2 { // Don't want to treat ipfs.io in /ipns/ipfs.io as a filename. return "" } return gopath.Base(s) }