From a004f59187939e0f83ef5b9a971205566bb066f4 Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Mon, 4 Nov 2024 13:56:13 +0000 Subject: [PATCH 01/10] fix(blossom): Example returns io.Reader --- examples/blossom/main.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/examples/blossom/main.go b/examples/blossom/main.go index d7c8e55..01c1c0e 100644 --- a/examples/blossom/main.go +++ b/examples/blossom/main.go @@ -3,7 +3,9 @@ package main import ( "context" "fmt" + "io" "net/http" + "strings" "github.com/fiatjaf/eventstore/badger" "github.com/fiatjaf/khatru" @@ -29,9 +31,10 @@ func main() { fmt.Println("storing", sha256, len(body)) return nil }) - bl.LoadBlob = append(bl.LoadBlob, func(ctx context.Context, sha256 string) ([]byte, error) { + bl.LoadBlob = append(bl.LoadBlob, func(ctx context.Context, sha256 string) (io.Reader, error) { fmt.Println("loading", sha256) - return []byte("aaaaa"), nil + blob := strings.NewReader("aaaaa") + return blob, nil }) fmt.Println("running on :3334") From dc34dd7e90674d63f6f1ead04850d56c43a836ec Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Mon, 4 Nov 2024 14:02:18 +0000 Subject: [PATCH 02/10] build(deps): bump rs/cors version to v1.11.1 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 1c65610..8614bdf 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/liamg/magic v0.0.1 github.com/nbd-wtf/go-nostr v0.42.0 github.com/puzpuzpuz/xsync/v3 v3.4.0 - github.com/rs/cors v1.7.0 + github.com/rs/cors v1.11.1 github.com/stretchr/testify v1.9.0 ) diff --git a/go.sum b/go.sum index b8f1014..ad13a24 100644 --- a/go.sum +++ b/go.sum @@ -134,6 +134,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/cors v1.7.0 h1:+88SsELBHx5r+hZ8TCkggzSstaWNbDvThkVK8H6f9ik= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= +github.com/rs/cors v1.11.1 h1:eU3gRzXLRK57F5rKMGMZURNdIG4EoAmX8k94r9wXWHA= +github.com/rs/cors v1.11.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU= github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee h1:8Iv5m6xEo1NR1AvpV+7XmhI4r39LGNzwUL4YpMuL5vk= github.com/savsgio/gotils v0.0.0-20230208104028-c358bd845dee/go.mod h1:qwtSXrKuJh/zsFQ12yEE89xfCrGKK63Rr7ctU/uCo4g= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ= From c93441cd6380e982f1706508f6d18378c0c6352e Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Mon, 4 Nov 2024 17:18:37 +0000 Subject: [PATCH 03/10] feat(blossom): use rs/cors to handle BUD-01 CORS --- blossom/server.go | 18 ++++++++++-------- blossom/utils.go | 10 +++++----- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/blossom/server.go b/blossom/server.go index 653756f..ea55e47 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -2,6 +2,7 @@ package blossom import ( "context" + "github.com/rs/cors" "io" "net/http" "strings" @@ -31,43 +32,37 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { base := rl.Router() mux := http.NewServeMux() + blossomApi := http.NewServeMux() - mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + blossomApi.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { if r.Method == "OPTIONS" { - setCors(w) w.WriteHeader(http.StatusNoContent) return } if r.URL.Path == "/upload" { if r.Method == "PUT" { - setCors(w) bs.handleUpload(w, r) return } else if r.Method == "HEAD" { - setCors(w) bs.handleUploadCheck(w, r) return } } if strings.HasPrefix(r.URL.Path, "/list/") && r.Method == "GET" { - setCors(w) bs.handleList(w, r) return } if len(strings.SplitN(r.URL.Path, ".", 2)[0]) == 65 { if r.Method == "HEAD" { - setCors(w) bs.handleHasBlob(w, r) return } else if r.Method == "GET" { - setCors(w) bs.handleGetBlob(w, r) return } else if r.Method == "DELETE" { - setCors(w) bs.handleDelete(w, r) return } @@ -76,6 +71,13 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { base.ServeHTTP(w, r) }) + bud01corsHeaders := cors.New(cors.Options{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"GET", "PUT", "DELETE"}, + AllowedHeaders: []string{"Authorization", "*"}, + }) + + mux.Handle("/", bud01corsHeaders.Handler(blossomApi)) rl.SetRouter(mux) return bs diff --git a/blossom/utils.go b/blossom/utils.go index 5af0d0d..6f95c7a 100644 --- a/blossom/utils.go +++ b/blossom/utils.go @@ -5,11 +5,11 @@ import ( "net/http" ) -func setCors(w http.ResponseWriter) { - w.Header().Set("Access-Control-Allow-Origin", "*") - w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") - w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS") -} +//func setCors(w http.ResponseWriter) { +// w.Header().Set("Access-Control-Allow-Origin", "*") +// w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") +// w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS") +//} func blossomError(w http.ResponseWriter, msg string, code int) { w.Header().Add("X-Reason", msg) From ad6635d86cbc0f5d38a856b945a0af197da3f527 Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 16:48:21 +0000 Subject: [PATCH 04/10] refactor(blossom): use Go 1.22 enhanced routing --- blossom/server.go | 65 ++++++++++++++++------------------------------- 1 file changed, 22 insertions(+), 43 deletions(-) diff --git a/blossom/server.go b/blossom/server.go index ea55e47..2247924 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -2,13 +2,12 @@ package blossom import ( "context" - "github.com/rs/cors" "io" "net/http" - "strings" "github.com/fiatjaf/khatru" "github.com/nbd-wtf/go-nostr" + "github.com/rs/cors" ) type BlossomServer struct { @@ -31,54 +30,34 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { } base := rl.Router() - mux := http.NewServeMux() + + combinedMux := http.NewServeMux() + blossomApi := http.NewServeMux() + blossomApi.HandleFunc("PUT /upload", bs.handleUpload) + blossomApi.HandleFunc("HEAD /upload", bs.handleUploadCheck) + blossomApi.HandleFunc("GET /list/{pubkey}", bs.handleList) + blossomApi.HandleFunc("HEAD /{sha256}", bs.handleHasBlob) + blossomApi.HandleFunc("GET /{sha256}", bs.handleGetBlob) + blossomApi.HandleFunc("DELETE /{sha256}", bs.handleDelete) - blossomApi.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - if r.Method == "OPTIONS" { - w.WriteHeader(http.StatusNoContent) - return - } - - if r.URL.Path == "/upload" { - if r.Method == "PUT" { - bs.handleUpload(w, r) - return - } else if r.Method == "HEAD" { - bs.handleUploadCheck(w, r) - return - } - } - - if strings.HasPrefix(r.URL.Path, "/list/") && r.Method == "GET" { - bs.handleList(w, r) - return - } - - if len(strings.SplitN(r.URL.Path, ".", 2)[0]) == 65 { - if r.Method == "HEAD" { - bs.handleHasBlob(w, r) - return - } else if r.Method == "GET" { - bs.handleGetBlob(w, r) - return - } else if r.Method == "DELETE" { - bs.handleDelete(w, r) - return - } - } - - base.ServeHTTP(w, r) - }) - - bud01corsHeaders := cors.New(cors.Options{ + bud01CorsMux := cors.New(cors.Options{ AllowedOrigins: []string{"*"}, AllowedMethods: []string{"GET", "PUT", "DELETE"}, AllowedHeaders: []string{"Authorization", "*"}, }) - mux.Handle("/", bud01corsHeaders.Handler(blossomApi)) - rl.SetRouter(mux) + wrappedBlossomApi := bud01CorsMux.Handler(blossomApi) + + combinedMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + if _, pattern := blossomApi.Handler(r); pattern != "" { + wrappedBlossomApi.ServeHTTP(w, r) + } else { + base.ServeHTTP(w, r) + } + }) + + rl.SetRouter(combinedMux) return bs } From 2a80d4099d165f915d2f24b81c5be7978b779f5c Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 16:56:59 +0000 Subject: [PATCH 05/10] perf(blossom): set Access-Control-Max-Age to 24 h --- blossom/server.go | 1 + 1 file changed, 1 insertion(+) diff --git a/blossom/server.go b/blossom/server.go index 2247924..e5d5435 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -45,6 +45,7 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { AllowedOrigins: []string{"*"}, AllowedMethods: []string{"GET", "PUT", "DELETE"}, AllowedHeaders: []string{"Authorization", "*"}, + MaxAge: 86400, }) wrappedBlossomApi := bud01CorsMux.Handler(blossomApi) From 553d848362f4de5d23cc2617b1fc1dd255a7c7f3 Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 17:32:56 +0000 Subject: [PATCH 06/10] fix(policies): update check for ephemeral kinds The Event.IsEphemeral method has been removed from go-nostr --- policies/events.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policies/events.go b/policies/events.go index f084a2c..a21e21d 100644 --- a/policies/events.go +++ b/policies/events.go @@ -72,7 +72,7 @@ func RestrictToSpecifiedKinds(allowEphemeral bool, kinds ...uint16) func(context slices.Sort(kinds) return func(ctx context.Context, event *nostr.Event) (reject bool, msg string) { - if allowEphemeral && event.IsEphemeral() { + if allowEphemeral && nostr.IsEphemeralKind(event.Kind) { return false, "" } From bbcf948dd66b92c449af6e8461c742f0ff381aaa Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 17:56:56 +0000 Subject: [PATCH 07/10] fix(blossom): forward requests to base relay --- blossom/server.go | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/blossom/server.go b/blossom/server.go index e5d5435..5b9fcff 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -31,8 +31,6 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { base := rl.Router() - combinedMux := http.NewServeMux() - blossomApi := http.NewServeMux() blossomApi.HandleFunc("PUT /upload", bs.handleUpload) blossomApi.HandleFunc("HEAD /upload", bs.handleUploadCheck) @@ -40,6 +38,7 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { blossomApi.HandleFunc("HEAD /{sha256}", bs.handleHasBlob) blossomApi.HandleFunc("GET /{sha256}", bs.handleGetBlob) blossomApi.HandleFunc("DELETE /{sha256}", bs.handleDelete) + blossomApi.Handle("/", base) // forwards to relay bud01CorsMux := cors.New(cors.Options{ AllowedOrigins: []string{"*"}, @@ -50,13 +49,8 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { wrappedBlossomApi := bud01CorsMux.Handler(blossomApi) - combinedMux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { - if _, pattern := blossomApi.Handler(r); pattern != "" { - wrappedBlossomApi.ServeHTTP(w, r) - } else { - base.ServeHTTP(w, r) - } - }) + combinedMux := http.NewServeMux() + combinedMux.Handle("/", wrappedBlossomApi) rl.SetRouter(combinedMux) From 582a74c00095daa7121bccce4e685e6961edd046 Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 18:37:12 +0000 Subject: [PATCH 08/10] refactor: apply CORS rules on relay --- blossom/server.go | 32 +++++++------------------------- handlers.go | 20 +++++++++++++++++--- 2 files changed, 24 insertions(+), 28 deletions(-) diff --git a/blossom/server.go b/blossom/server.go index 5b9fcff..4aed5ac 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -3,11 +3,9 @@ package blossom import ( "context" "io" - "net/http" "github.com/fiatjaf/khatru" "github.com/nbd-wtf/go-nostr" - "github.com/rs/cors" ) type BlossomServer struct { @@ -29,30 +27,14 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { ServiceURL: serviceURL, } - base := rl.Router() + mux := rl.Router() - blossomApi := http.NewServeMux() - blossomApi.HandleFunc("PUT /upload", bs.handleUpload) - blossomApi.HandleFunc("HEAD /upload", bs.handleUploadCheck) - blossomApi.HandleFunc("GET /list/{pubkey}", bs.handleList) - blossomApi.HandleFunc("HEAD /{sha256}", bs.handleHasBlob) - blossomApi.HandleFunc("GET /{sha256}", bs.handleGetBlob) - blossomApi.HandleFunc("DELETE /{sha256}", bs.handleDelete) - blossomApi.Handle("/", base) // forwards to relay - - bud01CorsMux := cors.New(cors.Options{ - AllowedOrigins: []string{"*"}, - AllowedMethods: []string{"GET", "PUT", "DELETE"}, - AllowedHeaders: []string{"Authorization", "*"}, - MaxAge: 86400, - }) - - wrappedBlossomApi := bud01CorsMux.Handler(blossomApi) - - combinedMux := http.NewServeMux() - combinedMux.Handle("/", wrappedBlossomApi) - - rl.SetRouter(combinedMux) + mux.HandleFunc("PUT /upload", bs.handleUpload) + mux.HandleFunc("HEAD /upload", bs.handleUploadCheck) + mux.HandleFunc("GET /list/{pubkey}", bs.handleList) + mux.HandleFunc("HEAD /{sha256}", bs.handleHasBlob) + mux.HandleFunc("GET /{sha256}", bs.handleGetBlob) + mux.HandleFunc("DELETE /{sha256}", bs.handleDelete) return bs } diff --git a/handlers.go b/handlers.go index 914f74a..aaf3d03 100644 --- a/handlers.go +++ b/handlers.go @@ -26,14 +26,28 @@ func (rl *Relay) ServeHTTP(w http.ResponseWriter, r *http.Request) { rl.ServiceURL = getServiceBaseURL(r) } + corsMiddleware := cors.New(cors.Options{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{ + http.MethodHead, + http.MethodGet, + http.MethodPost, + http.MethodPut, + http.MethodPatch, + http.MethodDelete, + }, + AllowedHeaders: []string{"Authorization", "*"}, + MaxAge: 86400, + }) + if r.Header.Get("Upgrade") == "websocket" { rl.HandleWebsocket(w, r) } else if r.Header.Get("Accept") == "application/nostr+json" { - cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r) + corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP11)).ServeHTTP(w, r) } else if r.Header.Get("Content-Type") == "application/nostr+json+rpc" { - cors.AllowAll().Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r) + corsMiddleware.Handler(http.HandlerFunc(rl.HandleNIP86)).ServeHTTP(w, r) } else { - rl.serveMux.ServeHTTP(w, r) + corsMiddleware.Handler(rl.serveMux).ServeHTTP(w, r) } } From 3d4dd7151080a78eeb7e7c79e7d2db77cc5fb1dd Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 18:55:47 +0000 Subject: [PATCH 09/10] refactor(blossom): undo enhanced routing --- blossom/server.go | 44 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 37 insertions(+), 7 deletions(-) diff --git a/blossom/server.go b/blossom/server.go index 4aed5ac..ed3404d 100644 --- a/blossom/server.go +++ b/blossom/server.go @@ -3,6 +3,8 @@ package blossom import ( "context" "io" + "net/http" + "strings" "github.com/fiatjaf/khatru" "github.com/nbd-wtf/go-nostr" @@ -27,14 +29,42 @@ func New(rl *khatru.Relay, serviceURL string) *BlossomServer { ServiceURL: serviceURL, } - mux := rl.Router() + base := rl.Router() + mux := http.NewServeMux() - mux.HandleFunc("PUT /upload", bs.handleUpload) - mux.HandleFunc("HEAD /upload", bs.handleUploadCheck) - mux.HandleFunc("GET /list/{pubkey}", bs.handleList) - mux.HandleFunc("HEAD /{sha256}", bs.handleHasBlob) - mux.HandleFunc("GET /{sha256}", bs.handleGetBlob) - mux.HandleFunc("DELETE /{sha256}", bs.handleDelete) + mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + if r.URL.Path == "/upload" { + if r.Method == "PUT" { + bs.handleUpload(w, r) + return + } else if r.Method == "HEAD" { + bs.handleUploadCheck(w, r) + return + } + } + + if strings.HasPrefix(r.URL.Path, "/list/") && r.Method == "GET" { + bs.handleList(w, r) + return + } + + if len(strings.SplitN(r.URL.Path, ".", 2)[0]) == 65 { + if r.Method == "HEAD" { + bs.handleHasBlob(w, r) + return + } else if r.Method == "GET" { + bs.handleGetBlob(w, r) + return + } else if r.Method == "DELETE" { + bs.handleDelete(w, r) + return + } + } + + base.ServeHTTP(w, r) + }) + + rl.SetRouter(mux) return bs } From 1498da09c87f09321af7efddbd2f2139462263f8 Mon Sep 17 00:00:00 2001 From: Anthony Accioly <1591739+aaccioly@users.noreply.github.com> Date: Tue, 5 Nov 2024 19:04:41 +0000 Subject: [PATCH 10/10] refactor(blossom): remove setCors function --- blossom/utils.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/blossom/utils.go b/blossom/utils.go index 6f95c7a..47d8ee5 100644 --- a/blossom/utils.go +++ b/blossom/utils.go @@ -5,12 +5,6 @@ import ( "net/http" ) -//func setCors(w http.ResponseWriter) { -// w.Header().Set("Access-Control-Allow-Origin", "*") -// w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type") -// w.Header().Set("Access-Control-Allow-Methods", "GET, PUT, DELETE, OPTIONS") -//} - func blossomError(w http.ResponseWriter, msg string, code int) { w.Header().Add("X-Reason", msg) w.WriteHeader(code)