OTS not TORified thanks to proxychains-ng, better TORification

2025-12-17 04:35:14 +01:00 · 2019-11-12 16:46:43 -05:00
parent b640650f30
commit e98362b16b
6 changed files with 52 additions and 26 deletions
--- a/cyphernodeconf_docker/prompters/040_tor.js
+++ b/cyphernodeconf_docker/prompters/040_tor.js
@@ -19,6 +19,6 @@ module.exports = {
    ];
  },
  templates: function( props ) {
-    return [ 'torrc', 'curlcfg' ];
+    return [ 'torrc' ];
  }
 };
--- a/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml
+++ b/cyphernodeconf_docker/templates/installer/docker/docker-compose.yaml
@@ -127,8 +127,9 @@ services:
    image: cyphernode/notifier:<%= notifier_version %>
    command: $USER ./startnotifier.sh
    <% if ( features.indexOf('tor') !== -1 ) { %>
-    volumes:
-      - "<%= tor_datapath %>/curlcfg:/notifier/curlcfg"
+    environment:
+      - "TOR_HOST=tor"
+      - "TOR_PORT=9050"
    <% } %>
    networks:
      - cyphernodenet
@@ -175,6 +176,10 @@ services:
      <% if (net === 'testnet') { %>
      - "TESTNET=1"
      <% } %>
+      <% if ( features.indexOf('tor') !== -1 ) { %>
+      - "TOR_HOST=tor"
+      - "TOR_PORT=9050"
+      <% } %>
    volumes:
      - "<%= otsclient_datapath %>:/otsfiles"
      - "<%= bitcoin_datapath %>/bitcoin-client.conf:/.bitcoin/bitcoin.conf:ro"
--- a/dist/setup.sh
+++ b/dist/setup.sh
@@ -407,7 +407,6 @@ install_docker() {
    fi

    copy_file $cyphernodeconf_filepath/tor/torrc $TOR_DATAPATH/torrc 1 $SUDO_REQUIRED
-    copy_file $cyphernodeconf_filepath/tor/curlcfg $TOR_DATAPATH/curlcfg 1 $SUDO_REQUIRED
  fi


--- a/notifier_docker/script/web.sh
+++ b/notifier_docker/script/web.sh
@@ -56,11 +56,11 @@ curl_it() {
  local response
  local rnd=$(dd if=/dev/urandom bs=5 count=1 | xxd -pc 5)

-  if [ "${torbypass}" = "true" ] || [ ! -f "curlcfg" ]; then
+  if [ "${torbypass}" = "true" ] || [ -z "${TOR_HOST}" ]; then
    # If we want to bypass tor or the config file doesn't exist
    torbypass=""
  else
-    torbypass="-K curlcfg"
+    torbypass="--socks5-hostname ${TOR_HOST}:${TOR_PORT}"
  fi

  if [ -n "${data}" ]; then
--- a/otsclient_docker/Dockerfile
+++ b/otsclient_docker/Dockerfile
@@ -1,3 +1,14 @@
+FROM alpine:3.9 as builder
+
+RUN apk add --no-cache --update alpine-sdk bsd-compat-headers \
+ && git clone https://github.com/Kexkey/proxychains-ng.git
+
+RUN cd /proxychains-ng \
+ && ./configure \
+ && make \
+ && make install \
+ && make install-config
+
 FROM node:11.1-alpine

 RUN apk add --update --no-cache \
@@ -13,6 +24,10 @@ RUN apk add --update --no-cache \

 WORKDIR /script

+COPY --from=builder /usr/local/etc/proxychains.conf /usr/local/etc/proxychains.conf
+COPY --from=builder /usr/local/bin/proxychains4 /usr/local/bin/proxychains4
+COPY --from=builder /usr/local/lib/libproxychains4.so /usr/local/lib/libproxychains4.so
+
 COPY script/otsclient.sh /script/otsclient.sh
 COPY script/requesthandler.sh /script/requesthandler.sh
 COPY script/responsetoclient.sh /script/responsetoclient.sh
@@ -22,11 +37,3 @@ COPY script/trace.sh /script/trace.sh
 RUN chmod +x /script/startotsclient.sh /script/requesthandler.sh

 ENTRYPOINT ["su-exec"]
-
-# docker build -t otsclient-js .
-# docker run -it --rm --name otsclient -v /home/debian/otsfiles:/otsfiles otsclient-js `id -u cyphernode`:`id -g cyphernode` ash
-
-# ots-cli.js stamp -d 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7
-# ots-cli.js verify -d 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots
-# ots-cli.js info 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots
-# ots-cli.js upgrade 1ddfb769eb0b8876bc570e25580e6a53afcf973362ee1ee4b54a807da2e5eed7.ots
--- a/otsclient_docker/script/otsclient.sh
+++ b/otsclient_docker/script/otsclient.sh
@@ -13,14 +13,19 @@ stamp() {
  local result
  local returncode
  local data
+  local proxychains=""
+
+  if [ -n ${TOR_HOST} ]; then
+    proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4"
+  fi

  if [ "${TESTNET}" -eq "1" ]; then
-    trace "[stamp] ots-cli.js stamp -c \"https://ots.testnet.kexkey.com\" -d ${hash}"
-    result=$(cd /otsfiles && ots-cli.js stamp -c "https://ots.testnet.kexkey.com" -d ${hash} 2>&1)
+    trace "[stamp] ${proxychains} ots-cli.js stamp -c \"https://ots.testnet.kexkey.com\" -d ${hash}"
+    result=$(cd /otsfiles && ${proxychains} ots-cli.js stamp -c "https://ots.testnet.kexkey.com" -d ${hash} 2>&1)
    returncode=$?
  else
-    trace "[stamp] ots-cli.js stamp -d ${hash}"
-    result=$(cd /otsfiles && ots-cli.js stamp -d ${hash} 2>&1)
+    trace "[stamp] ${proxychains} ots-cli.js stamp -d ${hash}"
+    result=$(cd /otsfiles && ${proxychains} ots-cli.js stamp -d ${hash} 2>&1)
    returncode=$?
  fi
  trace_rc ${returncode}
@@ -58,14 +63,19 @@ upgrade() {

  local result
  local returncode
+  local proxychains=""
+
+  if [ -n ${TOR_HOST} ]; then
+    proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4"
+  fi

  if [ "${TESTNET}" -eq "1" ]; then
-    trace "[upgrade] ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist upgrade -c \"https://testnet.calendar.kexkey.com/\" ${hash}.ots"
-    result=$(cd /otsfiles && ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist upgrade -c "https://testnet.calendar.kexkey.com/" ${hash}.ots 2>&1)
+    trace "[upgrade] ${proxychains} ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist upgrade -c \"https://testnet.calendar.kexkey.com/\" ${hash}.ots"
+    result=$(cd /otsfiles && ${proxychains} ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist upgrade -c "https://testnet.calendar.kexkey.com/" ${hash}.ots 2>&1)
    returncode=$?
  else
-    trace "[upgrade] ots-cli.js upgrade ${hash}.ots"
-    result=$(cd /otsfiles && ots-cli.js upgrade ${hash}.ots 2>&1)
+    trace "[upgrade] ${proxychains} ots-cli.js upgrade ${hash}.ots"
+    result=$(cd /otsfiles && ${proxychains} ots-cli.js upgrade ${hash}.ots 2>&1)
    returncode=$?
  fi
  trace_rc ${returncode}
@@ -107,18 +117,23 @@ verify() {
  local returncode
  local message
  local data
+  local proxychains=""
+
+  if [ -n ${TOR_HOST} ]; then
+    proxychains="PROXYCHAINS_ONE_PROXY=\"socks5 `getent hosts ${TOR_HOST} | awk '{ print $1 }'` ${TOR_PORT}\" proxychains4"
+  fi

  # Let's create the OTS file locally from the base64
  trace "[verify] Creating /otsfiles/otsfile-$$.ots"
  echo "${base64otsfile}" | base64 -d > /otsfiles/otsfile-$$.ots

  if [ "${TESTNET}" -eq "1" ]; then
-    trace "[verify] ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots"
-    result=$(ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1)
+    trace "[verify] ${proxychains} ots-cli.js -l \"https://testnet.calendar.kexkey.com/\" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots"
+    result=$(${proxychains} ots-cli.js -l "https://testnet.calendar.kexkey.com/" --no-default-whitelist verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1)
    returncode=$?
  else
-    trace "[verify] ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots"
-    result=$(ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1)
+    trace "[verify] ${proxychains} ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots"
+    result=$(${proxychains} ots-cli.js verify -d ${hash} /otsfiles/otsfile-$$.ots 2>&1)
    returncode=$?
  fi
  trace_rc ${returncode}