'FetchBlocks' gateway option #4150
Conversation
Voker57
force-pushed
the
feat/offline-gateway
branch
from
0cb7e7f
to
dc0db30
Compare
|
There is already |
|
@Kubuxu --offline will also disable fetching via API. I want only gateway to be restricted. |
|
I think it might be better to implement this as a config option |
cmd/ipfs/daemon.go
Outdated
| @@ -148,6 +149,7 @@ Headers. | |||
| cmds.BoolOption(initOptionKwd, "Initialize ipfs with default settings if not already initialized").Default(false), | |||
| cmds.StringOption(routingOptionKwd, "Overrides the routing option").Default("dht"), | |||
| cmds.BoolOption(mountKwd, "Mounts IPFS to the filesystem").Default(false), | |||
| cmds.BoolOption(offlineGatewayKwd, "Do not fetch blocks because of gateway requests").Default(false), | |||
Voker57
force-pushed
the
feat/offline-gateway
branch
from
dc0db30
to
30ac2b7
Compare
There was a problem hiding this comment.
This looks pretty reasonable to me. My only concern is that we don't have a solid general way of setting up configuration for the gateway. I hesitate to add more flags to ipfs daemon without having a good plan for future gateway configuration options, every flag we add is really hard to remove (has to go through deprecation period, documentation, etc) and flags suddenly being gone makes future documentation people might read confusing.
@Voker57 @Kubuxu @magik6k @lgierth can we try and put together some ideas for this?
|
IMO daemon already has too many flags ( |
|
How about something like: #4180 |
|
Phew I recovered it -- deleting my two comments above. Good idea 👍 Agreed that a config option is desirable over a command flag, and we'll also want to refactor the gateway a bit. It should get a GatewayOpts struct, similar to the HostOpts struct I implemented in libp2p/go-libp2p#197 I'll put up to debate whether "offline" is a good name though. It already means a couple of different things in go-ipfs. This option seems spiritiually related to the |
|
Btw, mentioning the |
|
@lgierth Isn't GatewayConfig already doing same job as proposed GatewayOpts? https://github.com/ipfs/go-ipfs/blob/master/core/corehttp/gateway.go#L14 |
|
Yeah you're right that's already useful |
|
Maybe the better term would be |
Voker57
force-pushed
the
feat/offline-gateway
branch
from
30ac2b7
to
9abdfd8
Compare
|
Renamed option to FetchBlocks and moved to config. |
Voker57
force-pushed
the
feat/offline-gateway
branch
from
9abdfd8
to
74bdfee
Compare
Voker57
force-pushed
the
feat/offline-gateway
branch
from
74bdfee
to
8cc6abc
Compare
Voker57
force-pushed
the
feat/offline-gateway
branch
from
8cc6abc
to
95187d3
Compare
|
I want this so badly :( I want to host an IPFS node on my machine, but I don't want people to get content from hashes that I don't allow.. :/ Does this fix that? |
Voker57
force-pushed
the
feat/offline-gateway
branch
from
95187d3
to
2bb6f95
Compare
|
@nicola yes. |
Voker57
force-pushed
the
feat/offline-gateway
branch
from
2bb6f95
to
bffa0e0
Compare
Voker57
force-pushed
the
feat/offline-gateway
branch
from
bffa0e0
to
a00e0dd
Compare
Voker57
force-pushed
the
feat/offline-gateway
branch
2 times, most recently
from
7d2dc12
to
c83b869
Compare
|
Where is the option handled in the gateway? I see it only added to GatewayOptions. |
|
Sorry, I screwed up a rebase. Will update. |
|
Also: and as tests passed on circleci and travis, they seem to be too weak. I would recommend using IPTB to setup 2 node cluster. |
Voker57
force-pushed
the
feat/offline-gateway
branch
3 times, most recently
from
4de08dd
to
a1920ac
Compare
|
Fixed the PR and improved the tests. |
There was a problem hiding this comment.
@magik6k or @schomatis, would one of you see this to completion (i.e., handle reviews)? This will need a bit more work to be a bit less invasive but it would be really nice to have it.
core/coreapi/coreapi.go
Outdated
| } | ||
|
|
||
| // NewCoreAPI creates new instance of IPFS CoreAPI backed by go-ipfs Node. | ||
| func NewCoreAPI(n *core.IpfsNode) coreiface.CoreAPI { | ||
| api := &CoreAPI{n} | ||
| func NewCoreAPI(n *core.IpfsNode, offlineMode bool) coreiface.CoreAPI { |
There was a problem hiding this comment.
This is really not the right place to configure this.
There was a problem hiding this comment.
why not? I don't see how @magik6k solution is better, except for modifying less code.
There was a problem hiding this comment.
In retrospect, it's probably a reasonable place to do this (although I would have used functional options). Really, I was reacting to the fact that the CoreAPI needed to store a separate DAGService (I don't want it to turn into yet another "IpfsNode"). However, it turns out that we have to do that for sessions (no way around that as far as I can tell given the current sessions design) so this really isn't an issue.
There was a problem hiding this comment.
CoreAPI is what will eventually be exposed as the interface to go-ipfs-*, so we want to make sure it's designed fairly well. The offline mode thing could be interpreted as a 'global option', and in CoreAPI we want to:
- Hide all options and use sane defaults (mostly done with functional options)
- Have a standard way to set them on the interface (for global options applying to all commands this is probably going to be in form of context hints)
There was a problem hiding this comment.
We could also define a set of functional options for use with CoreAPI constructors, but I don't really like that as some implementations such as RPC will likely need to establish a new connection if user needs a global option for one command but not others
core/coreapi/coreapi.go
Outdated
| ) | ||
|
|
||
| var log = logging.Logger("core/coreapi") | ||
|
|
||
| type CoreAPI struct { | ||
| node *core.IpfsNode | ||
| dag ipld.DAGService |
There was a problem hiding this comment.
This is going to be a footgun. Now the CoreAPI needs to make sure to use it's dag instead of the global one.
Maybe #4009? This keeps on haunting us and I've yet to see a better proposal.
|
I'll handle this |
Voker57
force-pushed
the
feat/offline-gateway
branch
2 times, most recently
from
bb2d521
to
e711316
Compare
Voker57
force-pushed
the
feat/offline-gateway
branch
from
e711316
to
02b80ab
Compare
License: MIT Signed-off-by: Iaroslav Gridin <voker57@gmail.com>
License: MIT Signed-off-by: Iaroslav Gridin <voker57@gmail.com>
Voker57
force-pushed
the
feat/offline-gateway
branch
from
02b80ab
to
34baed7
Compare
There was a problem hiding this comment.
Right, this option shouldn't prevent IPNS from working.
The Api.FetchBlocks option also needs to be set for commands as some are accessible through the gateway port. There are also some other fixes in the other PR that would need to be ported here.
I'll import the FetchBlocks api option to #5649
| @@ -217,6 +216,10 @@ func (api *CoreAPI) WithOptions(opts ...options.ApiOption) (coreiface.CoreAPI, e | |||
|
|
|||
| } | |||
|
|
|||
| if !settings.FetchBlocks { | |||
| subApi.dag = dag.NewDAGService(bserv.New(subApi.blockstore, offlinexch.Exchange(subApi.blockstore))) | |||
There was a problem hiding this comment.
settings.FetchBlocks needs to set exchange/blocks too, otherwise it still will be possible to use gateway to fetch stuff from the network with things like /api/v0/block/get
|
|
||
| id "gx/ipfs/QmRBaUEQEeFWywfrZJ64QgsmvcqgLSK3VbvGMR2NM2Edpf/go-libp2p/p2p/protocol/identify" | ||
| ) | ||
|
|
||
| type GatewayConfig struct { | ||
| Headers map[string][]string | ||
| Writable bool | ||
| FetchBlocks bool |
|
IPNS should now work in #5649, can you check if it works for you? |
yes, now this PR works like I need it. I'm closing this one. |
If FetchBlocks=false, don't fetch blocks which are not already present in storage.
Also add Gateway.FetchBlocks option
This mode can be useful for creating gateways which are supposed to serve only chosen content.