Tweaks and versioning and nginx arm alpine

2026-01-31 10:14:35 +01:00 · 2018-11-19 21:39:54 -05:00
parent 830e16c12d
commit dfe28b1779
7 changed files with 47 additions and 26 deletions
--- a/api_auth_docker/Dockerfile
+++ b/api_auth_docker/Dockerfile
@@ -1,4 +1,6 @@
-FROM nginx:alpine
+# Does not work on ARM / Raspberry Pi
+
+FROM cyphernode/nginx:1.14.1-alpine

 RUN apk add --update --no-cache \
    git \
--- a/api_auth_docker/Dockerfile-debian
+++ b/api_auth_docker/Dockerfile-debian
@@ -0,0 +1,22 @@
+FROM nginx:1.14
+
+RUN apt-get update \
+ && apt-get install -y \
+    openssl \
+    spawn-fcgi \
+    fcgiwrap \
+    jq \
+    curl
+
+COPY auth.sh /etc/nginx/conf.d
+COPY default-ssl.conf /etc/nginx/conf.d/default.conf
+COPY entrypoint.sh entrypoint.sh
+COPY keys.properties /etc/nginx/conf.d
+COPY api.properties /etc/nginx/conf.d
+COPY trace.sh /etc/nginx/conf.d
+COPY tests.sh /etc/nginx/conf.d
+COPY ip-whitelist.conf /etc/nginx/conf.d
+
+RUN chmod +x /etc/nginx/conf.d/auth.sh entrypoint.sh
+
+ENTRYPOINT ["./entrypoint.sh"]
--- a/api_auth_docker/auth.sh
+++ b/api_auth_docker/auth.sh
@@ -39,14 +39,14 @@ verify_sign()
  if [ ${exp} -gt ${current} ]; then
    trace "[verify_sign] Not expired, let's validate signature"
    local id=$(echo ${payload} | jq ".id" | tr -d '"')
-  trace "[verify_sign] id=${id}"
+    trace "[verify_sign] id=${id}"

-  # Check for code injection
-  # id will usually be an int, but can be alphanum... nothing else
-  case $id in (*[![:alnum:]]*|"")
-  trace "[verify_sign] Potential code injection, exiting"
-  return 1
-  esac
+    # Check for code injection
+    # id will usually be an int, but can be alphanum... nothing else
+    case $id in (*[![:alnum:]]*|"")
+      trace "[verify_sign] Potential code injection, exiting"
+      return 1
+    esac

    # It is so much faster to include the keys here instead of grep'ing the file for key.
    . ./keys.properties
@@ -88,15 +88,15 @@ verify_group()

  local id=${1}
  # REQUEST_URI should look like this: /watch/2blablabla
-  local action=$(echo "${REQUEST_URI:1}" | cut -d '/' -f1)
+  local action=$(echo "${REQUEST_URI#\/}" | cut -d '/' -f1)
  trace "[verify_group] action=${action}"

  # Check for code injection
  # action can be alphanum... and _ and - but nothing else
 	local actiontoinspect=$(echo "$action" | tr -d '_-')
  case $actiontoinspect in (*[![:alnum:]]*|"")
-  trace "[verify_group] Potential code injection, exiting"
-  return 1
+    trace "[verify_group] Potential code injection, exiting"
+    return 1
  esac

  # It is so much faster to include the keys here instead of grep'ing the file for key.
@@ -121,15 +121,17 @@ verify_group()


 # $HTTP_AUTHORIZATION = Bearer <token>
+# Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAwMyIsImV4cCI6MTU0MjE0OTMyNH0=.b811067cf79c7009a0a38f110a6e3bf82cc4310aa6afae75b9d915b9febf13f7
 # If this is not found in header, we leave
 trace "[auth.sh] HTTP_AUTHORIZATION=${HTTP_AUTHORIZATION}"
-if [ "${HTTP_AUTHORIZATION:0:6}" = "Bearer" ]; then
-  token="${HTTP_AUTHORIZATION:6}"
+# /bin/sh on debian points to dash, which does not support substring in the form ${var:offset:length}
+if [ "-${HTTP_AUTHORIZATION%% *}" = "-Bearer" ]; then
+  token="${HTTP_AUTHORIZATION#Bearer }"

  if [ -n "$token" ]; then
-  trace "[auth.sh] Valid format for authorization header"
-  verify_sign "${token}"
-  [ "$?" -eq "0" ] && return
+    trace "[auth.sh] Valid format for authorization header"
+    verify_sign "${token}"
+    [ "$?" -eq "0" ] && return
  fi
 fi

--- a/api_auth_docker/entrypoint.sh
+++ b/api_auth_docker/entrypoint.sh
@@ -1,5 +1,5 @@
 #!/bin/sh

-spawn-fcgi -s /var/run/fcgiwrap.socket -u nginx -g nginx -U nginx -- /usr/bin/fcgiwrap
+spawn-fcgi -s /var/run/fcgiwrap.socket -u nginx -g nginx -U nginx -- `which fcgiwrap`

 nginx -g "daemon off;"
--- a/api_auth_docker/tests.sh
+++ b/api_auth_docker/tests.sh
@@ -4,7 +4,7 @@
 # Replace
 #   proxy_pass http://cyphernode:8888;
 # by
-#   proxy_pass http://tests:8888;
+#   proxy_pass http://cyphernode:1111;
 # in /etc/nginx/conf.d/default.conf to run the tests

 test_expiration()
--- a/otsclient_docker/README.md
+++ b/otsclient_docker/README.md
@@ -14,11 +14,7 @@ sudo find ~/otsfiles -type d -exec chmod 2775 {} \; ; sudo find ~/otsfiles -type

 # Usefull examples

-See https://github.com/opentimestamps/javascript-opentimestamps
-
-List SegWit addresses for path 0/24-30 for a pub32:
-
 ```shell
-curl -H "Content-Type: application/json" -d '{"pub32":"tpubD6NzVbkrYhZ4YR3QK2tyfMMvBghAvqtNaNK1LTyDWcRHLcMUm3ZN2cGm5BS3MhCRCeCkXQkTXXjiJgqxpqXK7PeUSp86DTTgkLpcjMtpKWk","path":"0/25-30"}' http://localhost:7777/derive
-curl -H "Content-Type: application/json" -d '{"pub32":"vpub5SLqN2bLY4WeZF3kL4VqiWF1itbf3A6oRrq9aPf16AZMVWYCuN9TxpAZwCzVgW94TNzZPNc9XAHD4As6pdnExBtCDGYRmNJrcJ4eV9hNqcv","path":"0/25-30"}' http://localhost:7777/derive
+curl http://localhost:6666/stamp/1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7
+curl http://localhost:6666/upgrade/1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7
 ```
--- a/pycoin_docker/Dockerfile
+++ b/pycoin_docker/Dockerfile
@@ -1,5 +1,4 @@
-#FROM resin/raspberry-pi-alpine-python:3.6
-FROM python:3.6-alpine
+FROM python:3.6-alpine3.8

 ENV HOME /pycoin