feat: trustless-only mode (RAINBOW_TRUSTLESS_GATEWAY_DOMAINS) #81
Conversation
There was a problem hiding this comment.
Thanks, works as expected.
I've expanded docs a bit, making it very clear to which response types we limit on RAINBOW_TRUSTLESS_GATEWAY_DOMAINS.
This is because many people will learn about them by having to deploy IPFS with rainbow, making it a good educational oportunity (cc @2color for another set of eyes at docs/ here)
RAINBOW_TRUSTLESS_GATEWAY_DOMAINS flag needs basic end-to-end regression test
This flag will protect people from liability around web hosting of deserialized responses (phishing, hostlinking etc), we can't risk it stopping working and people get hit by regressions/slips like the one we had during early days of trustless-gateway.link.
Before we merge this, we must have end-to-end test that confirms RAINBOW_TRUSTLESS_GATEWAY_DOMAINS works.
I think mvp test is to run with RAINBOW_TRUSTLESS_GATEWAY_DOMAINS=trustless-gateway.link and then confirm
curl -H "Host: trustless-gateway.link" http://127.0.0.1:8090/ipfs/bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi -s -ireturns HTTP 406curl -H "Host: trustless-gateway.link" "http://127.0.0.1:8090/ipfs/bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi?format=raw" -s -iandcurl -H "Host: trustless-gateway.link" -H "Accept: application/vnd.ipld.raw" http://127.0.0.1:8090/ipfs/bafybeigdyrzt5sfp7udm7hu76uh7y26nf3efuylqabf3oclgtqy55fbzdi -s -iboth return HTTP 200 withContent-Type: application/vnd.ipld.raw
This has to be end-to-end test specific to rainbow, because gateway-conformance tests won't catch regression when RAINBOW_TRUSTLESS_GATEWAY_DOMAINS stops disabling deserialized responses.
hacdias
force-pushed
the
trustless-gateway
branch
3 times, most recently
from
c4e4abb
to
b2503d7
Compare
|
@lidel I've added the trustless test. |
hacdias
force-pushed
the
trustless-gateway
branch
from
b2503d7
to
989df62
Compare
Co-authored-by: Daniel Norman <1992255+2color@users.noreply.github.com> Co-authored-by: Marcin Rataj <lidel@lidel.org>
hacdias
force-pushed
the
trustless-gateway
branch
from
989df62
to
82eadcb
Compare
this ensures configured domains are logged suring startup
| fmt.Printf("IPFS Gateway listening at %s\n\n", gatewayListen) | ||
|
|
||
| printIfListConfigured(" RAINBOW_GATEWAY_DOMAINS = ", cfg.GatewayDomains) | ||
| printIfListConfigured(" RAINBOW_SUBDOMAIN_GATEWAY_DOMAINS = ", cfg.SubdomainGatewayDomains) | ||
| printIfListConfigured(" RAINBOW_TRUSTLESS_GATEWAY_DOMAINS = ", cfg.TrustlessGatewayDomains) | ||
| printIfListConfigured(" Legacy RPC at /api/v0 will redirect to KUBO_RPC_URL = ", cfg.KuboRPCURLs) |
There was a problem hiding this comment.
ℹ️ I've added this to make it easy to eyeball in logs/terminal if/when specific domains got set up correctly.
| ts, gnd := mustTestServer(t, Config{ | ||
| TrustlessGatewayDomains: []string{"trustless.com"}, |
There was a problem hiding this comment.
💭 should be good enough to merge, but not a real end-to-end, because we can break the way config gets set via RAINBOW_TRUSTLESS_GATEWAY_DOMAINS or CLI parameter.
Filled #89 to figure out better end-to-end test setup for config (not just this feature).
lidel
changed the title
Closes #71.
I made it such that a trustless gateway can also be a subdomain gateway, if you add the domain to both options.