-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'FetchBlocks' gateway option #4150
Conversation
0cb7e7f
to
dc0db30
Compare
There is already |
@Kubuxu --offline will also disable fetching via API. I want only gateway to be restricted. |
I think it might be better to implement this as a config option |
cmd/ipfs/daemon.go
Outdated
@@ -148,6 +149,7 @@ Headers. | |||
cmds.BoolOption(initOptionKwd, "Initialize ipfs with default settings if not already initialized").Default(false), | |||
cmds.StringOption(routingOptionKwd, "Overrides the routing option").Default("dht"), | |||
cmds.BoolOption(mountKwd, "Mounts IPFS to the filesystem").Default(false), | |||
cmds.BoolOption(offlineGatewayKwd, "Do not fetch blocks because of gateway requests").Default(false), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/because of/for/
dc0db30
to
30ac2b7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty reasonable to me. My only concern is that we don't have a solid general way of setting up configuration for the gateway. I hesitate to add more flags to ipfs daemon
without having a good plan for future gateway configuration options, every flag we add is really hard to remove (has to go through deprecation period, documentation, etc) and flags suddenly being gone makes future documentation people might read confusing.
@Voker57 @Kubuxu @magik6k @lgierth can we try and put together some ideas for this?
IMO daemon already has too many flags ( |
How about something like: #4180 |
Phew I recovered it -- deleting my two comments above. Good idea 👍 Agreed that a config option is desirable over a command flag, and we'll also want to refactor the gateway a bit. It should get a GatewayOpts struct, similar to the HostOpts struct I implemented in libp2p/go-libp2p#197 I'll put up to debate whether "offline" is a good name though. It already means a couple of different things in go-ipfs. This option seems spiritiually related to the |
Btw, mentioning the |
@lgierth Isn't GatewayConfig already doing same job as proposed GatewayOpts? https://github.com/ipfs/go-ipfs/blob/master/core/corehttp/gateway.go#L14 |
Yeah you're right that's already useful |
Maybe the better term would be |
30ac2b7
to
9abdfd8
Compare
Renamed option to FetchBlocks and moved to config. |
9abdfd8
to
74bdfee
Compare
74bdfee
to
8cc6abc
Compare
8cc6abc
to
95187d3
Compare
I want this so badly :( I want to host an IPFS node on my machine, but I don't want people to get content from hashes that I don't allow.. :/ Does this fix that? |
95187d3
to
2bb6f95
Compare
@nicola yes. |
2bb6f95
to
bffa0e0
Compare
bffa0e0
to
a00e0dd
Compare
7d2dc12
to
c83b869
Compare
Where is the option handled in the gateway? I see it only added to GatewayOptions. |
Sorry, I screwed up a rebase. Will update. |
Also:
and as tests passed on circleci and travis, they seem to be too weak. I would recommend using IPTB to setup 2 node cluster. |
4de08dd
to
a1920ac
Compare
Fixed the PR and improved the tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@magik6k or @schomatis, would one of you see this to completion (i.e., handle reviews)? This will need a bit more work to be a bit less invasive but it would be really nice to have it.
core/coreapi/coreapi.go
Outdated
} | ||
|
||
// NewCoreAPI creates new instance of IPFS CoreAPI backed by go-ipfs Node. | ||
func NewCoreAPI(n *core.IpfsNode) coreiface.CoreAPI { | ||
api := &CoreAPI{n} | ||
func NewCoreAPI(n *core.IpfsNode, offlineMode bool) coreiface.CoreAPI { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is really not the right place to configure this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not? I don't see how @magik6k solution is better, except for modifying less code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In retrospect, it's probably a reasonable place to do this (although I would have used functional options). Really, I was reacting to the fact that the CoreAPI needed to store a separate DAGService (I don't want it to turn into yet another "IpfsNode"). However, it turns out that we have to do that for sessions (no way around that as far as I can tell given the current sessions design) so this really isn't an issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CoreAPI is what will eventually be exposed as the interface to go-ipfs-*, so we want to make sure it's designed fairly well. The offline mode thing could be interpreted as a 'global option', and in CoreAPI we want to:
- Hide all options and use sane defaults (mostly done with functional options)
- Have a standard way to set them on the interface (for global options applying to all commands this is probably going to be in form of context hints)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could also define a set of functional options for use with CoreAPI constructors, but I don't really like that as some implementations such as RPC will likely need to establish a new connection if user needs a global option for one command but not others
core/coreapi/coreapi.go
Outdated
) | ||
|
||
var log = logging.Logger("core/coreapi") | ||
|
||
type CoreAPI struct { | ||
node *core.IpfsNode | ||
dag ipld.DAGService |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is going to be a footgun. Now the CoreAPI needs to make sure to use it's dag instead of the global one.
Maybe #4009? This keeps on haunting us and I've yet to see a better proposal.
I'll handle this |
bb2d521
to
e711316
Compare
e711316
to
02b80ab
Compare
License: MIT Signed-off-by: Iaroslav Gridin <voker57@gmail.com>
License: MIT Signed-off-by: Iaroslav Gridin <voker57@gmail.com>
02b80ab
to
34baed7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, this option shouldn't prevent IPNS from working.
The Api.FetchBlocks
option also needs to be set for commands as some are accessible through the gateway port. There are also some other fixes in the other PR that would need to be ported here.
I'll import the FetchBlocks
api option to #5649
@@ -217,6 +216,10 @@ func (api *CoreAPI) WithOptions(opts ...options.ApiOption) (coreiface.CoreAPI, e | |||
|
|||
} | |||
|
|||
if !settings.FetchBlocks { | |||
subApi.dag = dag.NewDAGService(bserv.New(subApi.blockstore, offlinexch.Exchange(subApi.blockstore))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
settings.FetchBlocks
needs to set exchange
/blocks
too, otherwise it still will be possible to use gateway to fetch stuff from the network with things like /api/v0/block/get
|
||
id "gx/ipfs/QmRBaUEQEeFWywfrZJ64QgsmvcqgLSK3VbvGMR2NM2Edpf/go-libp2p/p2p/protocol/identify" | ||
) | ||
|
||
type GatewayConfig struct { | ||
Headers map[string][]string | ||
Writable bool | ||
FetchBlocks bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this used anywhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no, leftover.
IPNS should now work in #5649, can you check if it works for you? |
yes, now this PR works like I need it. I'm closing this one. |
If FetchBlocks=false, don't fetch blocks which are not already present in storage.
Also add Gateway.FetchBlocks option
This mode can be useful for creating gateways which are supposed to serve only chosen content.