Merge pull request #138 from containerish/hotfix

Hotfix

auth/github.go

@@ -81,7 +81,7 @@ func (a *auth) GithubLoginCallbackHandler(ctx echo.Context) error {
 	oauthUser.Username = oauthUser.Login
 	oauthUser.Id = uuid.NewString()
 
-	accessToken, refreshToken, err := a.SignOAuthToken(oauthUser, token)
+	accessToken, refreshToken, err := a.SignOAuthToken(oauthUser.Id, token)
 	if err != nil {
 		echoErr := ctx.JSON(http.StatusInternalServerError, echo.Map{
 			"error": err.Error(),
@@ -128,7 +128,7 @@ const (
 func (a *auth) createCookie(name string, value string, httpOnly bool, expiresAt time.Time) *http.Cookie {
 
 	secure := true
-	sameSite := http.SameSiteStrictMode
+	sameSite := http.SameSiteNoneMode
 	domain := a.c.Registry.FQDN
 	if a.c.Environment == config.Local {
 		secure = false

auth/jwt.go

@@ -55,15 +55,13 @@ func (a *auth) newPublicPullToken() (string, error) {
 	return sign, nil
 }
 
-func (a *auth) SignOAuthToken(u types.User, payload *oauth2.Token) (string, string, error) {
-	u.StripForToken()
-
-	return a.newOAuthToken(u, payload)
+func (a *auth) SignOAuthToken(userId string, payload *oauth2.Token) (string, string, error) {
+	return a.newOAuthToken(userId, payload)
 }
 
-func (a *auth) newOAuthToken(u types.User, payload *oauth2.Token) (string, string, error) {
-	accessClaims := a.createOAuthClaims(u, payload)
-	refreshClaims := a.createRefreshClaims(u.Id)
+func (a *auth) newOAuthToken(userId string, payload *oauth2.Token) (string, string, error) {
+	accessClaims := a.createOAuthClaims(userId, payload)
+	refreshClaims := a.createRefreshClaims(userId)
 
 	accessToken := jwt.NewWithClaims(jwt.SigningMethodHS256, &accessClaims)
 	accessSign, err := accessToken.SignedString([]byte(a.c.Registry.SigningSecret))
@@ -151,17 +149,17 @@ func (a *auth) createServiceClaims(u types.User) ServiceClaims {
 // 	NodeID:   u.NodeID,
 // 	OAuthID:  u.OAuthID,
 // },
-func (a *auth) createOAuthClaims(u types.User, token *oauth2.Token) PlatformClaims {
+func (a *auth) createOAuthClaims(userId string, token *oauth2.Token) PlatformClaims {
 	claims := PlatformClaims{
 		OauthPayload: token,
 		StandardClaims: jwt.StandardClaims{
 			Audience:  a.c.Endpoint(),
 			ExpiresAt: time.Now().Add(time.Hour * 750).Unix(),
-			Id:        u.Id,
+			Id:        userId,
 			IssuedAt:  time.Now().Unix(),
 			Issuer:    a.c.Endpoint(),
 			NotBefore: time.Now().Unix(),
-			Subject:   u.Id,
+			Subject:   userId,
 		},
 	}
 

auth/user.go

@@ -15,15 +15,15 @@ func (a *auth) ReadUserWithSession(ctx echo.Context) error {
 
 	session, err := ctx.Cookie("session_id")
 	if err != nil {
-		echoErr := ctx.JSON(http.StatusInternalServerError, echo.Map{
+		echoErr := ctx.JSON(http.StatusBadRequest, echo.Map{
 			"error":   err.Error(),
 			"message": "error getting session id",
 		})
 		a.logger.Log(ctx, err)
 		return echoErr
 	}
 	if session.Value == "" {
-		err := fmt.Errorf("ERR_GETTING_COOKIE")
+		err = fmt.Errorf("ERR_GETTING_COOKIE")
 		echoErr := ctx.JSON(http.StatusBadRequest, echo.Map{
 			"error":   err.Error(),
 			"message": "error getting cookie",
@@ -34,7 +34,7 @@ func (a *auth) ReadUserWithSession(ctx echo.Context) error {
 
 	parts := strings.Split(session.Value, ":")
 	if len(parts) != 2 {
-		err := fmt.Errorf("INVALID_SESSION_ID")
+		err = fmt.Errorf("INVALID_SESSION_ID")
 		echoErr := ctx.JSON(http.StatusBadRequest, echo.Map{
 			"error":   err.Error(),
 			"message": "invalid session id",

config.yaml.example

@@ -21,8 +21,9 @@ oauth:
     client_id: dummy-gh-client-id
     client_secret: dummy-gh-client-secret
 skynet:
-  portal_url: https://siasky.dev
+  portal_url: https://skynetpro.net
   api_key: skynet-key
+  custom_cookie: skynet_cookie_hack
 database:
   kind: postgres
   host: 0.0.0.0

go.mod

@@ -20,10 +20,8 @@ require (
 	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
 )
 
-
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/sendgrid/rest v2.6.9+incompatible // indirect
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/go-playground/locales v0.14.0 // indirect
@@ -53,6 +51,7 @@ require (
 	github.com/prometheus/client_model v0.2.0 // indirect
 	github.com/prometheus/common v0.25.0 // indirect
 	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/sendgrid/rest v2.6.9+incompatible // indirect
 	github.com/spf13/afero v1.6.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
 	github.com/spf13/jwalterweatherman v1.1.0 // indirect
@@ -71,4 +70,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/SkynetLabs/go-skynet/v2 => github.com/containerish/go-skynet/v2 v2.0.2-0.20220319175248-c0c090653812
+replace github.com/SkynetLabs/go-skynet/v2 => github.com/containerish/go-skynet/v2 v2.0.2-0.20220411175612-3c3d850b3a0c

go.sum

@@ -89,8 +89,8 @@ github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/containerish/go-skynet/v2 v2.0.2-0.20220319175248-c0c090653812 h1:GYIStejKwvaHADvrkDpsE3kfgLhTMF9x1iTLvBFGAUg=
-github.com/containerish/go-skynet/v2 v2.0.2-0.20220319175248-c0c090653812/go.mod h1:XOk0zwGlXeGjHQgmhXTEk7qTD6FVv3dXPW38Wh3XsIc=
+github.com/containerish/go-skynet/v2 v2.0.2-0.20220411175612-3c3d850b3a0c h1:lYT9eGuBaXNIZmJkbgA/HHxkNWu8cPAWT3jKpYTnbXQ=
+github.com/containerish/go-skynet/v2 v2.0.2-0.20220411175612-3c3d850b3a0c/go.mod h1:XOk0zwGlXeGjHQgmhXTEk7qTD6FVv3dXPW38Wh3XsIc=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=

main.go

@@ -26,7 +26,7 @@ func main() {
 
 	pgStore, err := postgres.New(cfg.StoreConfig)
 	if err != nil {
-		color.Red("error here: %s", err.Error())
+		color.Red("ERR_PG_CONN: %s", err.Error())
 		return
 	}
 	defer pgStore.Close()
@@ -60,9 +60,10 @@ func main() {
 func buildHTTPServer(cfg *config.OpenRegistryConfig, e *echo.Echo) error {
 	color.Green("Environment: %s", cfg.Environment)
 	color.Green("Service Endpoint: %s\n", cfg.Endpoint())
-	if cfg.Environment == config.Prod {
-		return e.StartTLS(cfg.Registry.Address(), cfg.Registry.TLS.PubKey, cfg.Registry.TLS.PrivateKey)
-	}
+	// for this to work, we need a custom http serve
+	// if cfg.Environment == config.Prod {
+	// 	return e.StartTLS(cfg.Registry.Address(), cfg.Registry.TLS.PubKey, cfg.Registry.TLS.PrivateKey)
+	// }
 
 	return e.Start(cfg.Registry.Address())
 }

router/router.go

@@ -2,6 +2,7 @@ package router
 
 import (
 	"net/http"
+	"strings"
 
 	"github.com/containerish/OpenRegistry/auth"
 	"github.com/containerish/OpenRegistry/config"
@@ -24,9 +25,7 @@ func Register(
 ) {
 	e.Use(middleware.Recover())
 	e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
-		AllowOrigins: []string{
-			cfg.WebAppEndpoint,
-		},
+		AllowOrigins:     strings.Split(cfg.WebAppEndpoint, ","),
 		AllowMethods:     middleware.DefaultCORSConfig.AllowMethods,
 		AllowHeaders:     middleware.DefaultCORSConfig.AllowHeaders,
 		AllowCredentials: true,

skynet/skynet.go

@@ -19,15 +19,14 @@ func NewClient(oc *config.OpenRegistryConfig) *Client {
 		CustomUserAgent: oc.SkynetConfig.CustomUserAgent,
 		APIKey:          oc.SkynetConfig.ApiKey,
 		CustomCookie:    oc.SkynetConfig.ApiKey,
+		HttpClient:      newHttpClientForSkynet(),
 	}
 
 	color.Green("Skynet Portal: %s", oc.SkynetConfig.SkynetPortalURL)
 	skynetClient := skynet.NewCustom(oc.SkynetConfig.SkynetPortalURL, opts)
-	httpClient := NewHttpClientForSkynet()
 
 	return &Client{
 		skynet:     &skynetClient,
-		httpClient: httpClient,
 		isRemote:   false,
 		host:       oc.Registry.Host,
 		gatewayURL: oc.SkynetConfig.SkynetPortalURL,
@@ -111,7 +110,7 @@ func (c *Client) Metadata(skylink string) (*skynet.Metadata, error) {
 			err = fmt.Errorf("SKYNET_METADATA_ERR: %w", err)
 			retryCounter--
 			// cool off
-			time.Sleep(time.Second * 2)
+			time.Sleep(time.Second * 3)
 			continue
 		}
 		break
@@ -120,7 +119,7 @@ func (c *Client) Metadata(skylink string) (*skynet.Metadata, error) {
 	return metadata, err
 }
 
-func NewHttpClientForSkynet() *http.Client {
+func newHttpClientForSkynet() *http.Client {
 	t := http.DefaultTransport.(*http.Transport).Clone()
 	t.MaxIdleConns = 100
 	t.MaxConnsPerHost = 100

skynet/types.go

@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"io"
-	"net/http"
 
 	skynet "github.com/SkynetLabs/go-skynet/v2"
 	"github.com/containerish/OpenRegistry/config"
@@ -13,11 +12,10 @@ import (
 type (
 	Client struct {
 		skynet     *skynet.SkynetClient
-		httpClient *http.Client
+		config     *config.OpenRegistryConfig
 		host       string
 		gatewayURL string
 		isRemote   bool
-		config     *config.OpenRegistryConfig
 	}
 	Config struct {
 		Host       string