Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add prototype Meridian header #10

Closed
wants to merge 9 commits into from
Closed

Add prototype Meridian header #10

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
29ffa89
add write `X-Signature` header
juliangruber Jul 25, 2023
f6fee03
add sign
juliangruber Jul 25, 2023
bed38e6
x-signature -> x-request-id
juliangruber Jul 26, 2023
0c69813
include raw signature in header
juliangruber Jul 26, 2023
f791a89
base64 encode payload
juliangruber Jul 26, 2023
035578a
use `x-attestation` response header
juliangruber Jul 26, 2023
27390ce
fix header
juliangruber Jul 31, 2023
68ded2c
fly.io has issues with this header
juliangruber Jul 31, 2023
334077a
send the attestation after the response body
bajtos Aug 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/frisbii/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func action(c *cli.Context) error {
unixfsnode.AddUnixFSReificationToLinkSystem(&lsys)
lsys.SetReadStorage(multicar)

server, err := frisbii.NewFrisbiiServer(ctx, logWriter, lsys, config.MaxResponseDuration, config.MaxResponseBytes, config.Listen)
server, err := frisbii.NewFrisbiiServer(ctx, logWriter, lsys, config.MaxResponseDuration, config.MaxResponseBytes, config.Listen, privKey)
if err != nil {
return err
}
Expand Down
6 changes: 5 additions & 1 deletion frisbii.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (

"github.com/ipfs/go-cid"
"github.com/ipfs/go-log/v2"
"github.com/libp2p/go-libp2p/core/crypto"
"github.com/libp2p/go-libp2p/core/peer"

"github.com/ipld/go-ipld-prime/linking"
Expand All @@ -34,6 +35,7 @@ type FrisbiiServer struct {
listener net.Listener
mux *http.ServeMux
indexerProvider IndexerProvider
privKey crypto.PrivKey
}

type IndexerProvider interface {
Expand All @@ -48,6 +50,7 @@ func NewFrisbiiServer(
maxResponseDuration time.Duration,
maxResponseBytes int64,
address string,
privKey crypto.PrivKey,
) (*FrisbiiServer, error) {
listener, err := net.Listen("tcp", address)
if err != nil {
Expand All @@ -61,6 +64,7 @@ func NewFrisbiiServer(
maxResponseBytes: maxResponseBytes,

listener: listener,
privKey: privKey,
}, nil
}

Expand All @@ -70,7 +74,7 @@ func (fs *FrisbiiServer) Addr() net.Addr {

func (fs *FrisbiiServer) Serve() error {
fs.mux = http.NewServeMux()
fs.mux.Handle("/ipfs/", NewHttpIpfs(fs.ctx, fs.logWriter, fs.lsys, fs.maxResponseDuration, fs.maxResponseBytes))
fs.mux.Handle("/ipfs/", NewHttpIpfs(fs.ctx, fs.logWriter, fs.lsys, fs.maxResponseDuration, fs.maxResponseBytes, fs.privKey))
server := &http.Server{
Addr: fs.Addr().String(),
BaseContext: func(listener net.Listener) context.Context { return fs.ctx },
Expand Down
36 changes: 36 additions & 0 deletions httpipfs.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package frisbii

import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"io"
Expand All @@ -15,6 +17,7 @@ import (
"github.com/ipfs/go-unixfsnode"
"github.com/ipld/go-ipld-prime/datamodel"
"github.com/ipld/go-ipld-prime/linking"
"github.com/libp2p/go-libp2p/core/crypto"
)

var _ http.Handler = (*HttpIpfs)(nil)
Expand All @@ -23,6 +26,12 @@ type ErrorLogger interface {
LogError(status int, err error)
}

type RequestSignature struct {
RequestId string `json:"requestId"`
Cid string `json:"cid"`
Protocol string `json:"protocol"`
}

// HttpIpfs is an http.Handler that serves IPLD data via HTTP according to the
// Trustless Gateway specification.
type HttpIpfs struct {
Expand All @@ -31,6 +40,7 @@ type HttpIpfs struct {
lsys linking.LinkSystem
maxResponseDuration time.Duration
maxResponseBytes int64
privKey crypto.PrivKey
}

func NewHttpIpfs(
Expand All @@ -39,6 +49,7 @@ func NewHttpIpfs(
lsys linking.LinkSystem,
maxResponseDuration time.Duration,
maxResponseBytes int64,
privKey crypto.PrivKey,
) *HttpIpfs {

return &HttpIpfs{
Expand All @@ -47,6 +58,7 @@ func NewHttpIpfs(
lsys: lsys,
maxResponseDuration: maxResponseDuration,
maxResponseBytes: maxResponseBytes,
privKey: privKey,
}
}

Expand Down Expand Up @@ -119,6 +131,30 @@ func (hi *HttpIpfs) ServeHTTP(res http.ResponseWriter, req *http.Request) {

selNode := unixfsnode.UnixFSPathSelectorBuilder(path.String(), dagScope.TerminalSelectorSpec(), false)

sig := RequestSignature{
RequestId: req.Header.Get("X-Request-Id"),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably need to gate this on whether this header is included; maybe if there's no request id then you don't get an attestation?

Cid: rootCid.String(),
Protocol: "https",
}
b, err := json.Marshal(sig)
if err != nil {
logError(http.StatusInternalServerError, err)
return
}
sigSigned, err := hi.privKey.Sign(b)
if err != nil {
logError(http.StatusInternalServerError, err)
return
}
res.Header().Set(
"X-Attestation",
fmt.Sprintf(
"\"%s.%s\"",
base64.StdEncoding.EncodeToString(b),
base64.StdEncoding.EncodeToString(sigSigned),
),
)

Copy link

@bajtos bajtos Aug 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to send the attestation in response trailer headers, after the retrieved content was transmitted.

I implemented this change in 5cf3fb9 334077a.

@juliangruber PTAL, could you also deploy my change to fly.io please?

This comment was marked as outdated.

Sign in to view

This comment was marked as outdated.

Sign in to view

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It turns now Fetch API does not allow clients to read HTTP trailers :(

Quoting from denoland/deno#10214 (comment)

Trailers are not supported in the fetch spec anymore, and likely will not be re-introduced unless there is significant demand: whatwg/fetch#981. I don't think we will be supporting them either if the web does not. Removal happened in whatwg/fetch#772.

Let's not deploy my change yet.

bytesWrittenCh := make(chan struct{})
writer := newIpfsResponseWriter(res, hi.maxResponseBytes, func() {
// called once we start writing blocks into the CAR (on the first Put())
Expand Down