From 24dd662d381cb60502a996e5be23e1bfd0c51a87 Mon Sep 17 00:00:00 2001 From: divingpetrel Date: Tue, 13 Apr 2021 16:53:22 +0100 Subject: [PATCH 1/2] feat support non-ICANN DNS --- core/corehttp/hostname.go | 9 ++++++--- core/corehttp/hostname_test.go | 2 +- go.mod | 1 - go.sum | 5 +---- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/core/corehttp/hostname.go b/core/corehttp/hostname.go index 6740f0e59f7..b6246e281e8 100644 --- a/core/corehttp/hostname.go +++ b/core/corehttp/hostname.go @@ -13,8 +13,9 @@ import ( core "github.com/ipfs/go-ipfs/core" coreapi "github.com/ipfs/go-ipfs/core/coreapi" namesys "github.com/ipfs/go-namesys" - isd "github.com/jbenet/go-is-domain" "github.com/libp2p/go-libp2p-core/peer" + dns "github.com/miekg/dns" + mbase "github.com/multiformats/go-multibase" config "github.com/ipfs/go-ipfs-config" @@ -351,9 +352,11 @@ func knownSubdomainDetails(hostname string, knownGateways gatewayHosts) (gw *con // isDNSLinkName returns bool if a valid DNS TXT record exist for provided host func isDNSLinkName(ctx context.Context, ipfs iface.CoreAPI, host string) bool { fqdn := stripPort(host) - if len(fqdn) == 0 && !isd.IsDomain(fqdn) { + + if _, ok := dns.IsDomainName(fqdn); !ok && len(fqdn) == 0 { return false } + name := "/ipns/" + fqdn // check if DNSLink exists depth := options.Name.ResolveOption(nsopts.Depth(1)) @@ -473,7 +476,7 @@ func toSubdomainURL(hostname, path string, r *http.Request, ipfs iface.CoreAPI) } // Normalize problematic PeerIDs (eg. ed25519+identity) to CID representation - if isPeerIDNamespace(ns) && !isd.IsDomain(rootID) { + if _, ok := dns.IsDomainName(rootID); !ok && isPeerIDNamespace(ns) { peerID, err := peer.Decode(rootID) // Note: PeerID CIDv1 with protobuf multicodec will fail, but we fix it // in the next block diff --git a/core/corehttp/hostname_test.go b/core/corehttp/hostname_test.go index 3ece5e88f8f..9bee6768ac7 100644 --- a/core/corehttp/hostname_test.go +++ b/core/corehttp/hostname_test.go @@ -55,7 +55,7 @@ func TestToSubdomainURL(t *testing.T) { {httpRequest, "localhost", "/ipns/QmY3hE8xgFCjGcz6PHgnvJz5HZi1BaKRfPkn1ghZUcYMjD", "http://k2k4r8n0flx3ra0y5dr8fmyvwbzy3eiztmtq6th694k5a3rznayp3e4o.ipns.localhost/", nil}, {httpRequest, "localhost", "/ipns/bafybeickencdqw37dpz3ha36ewrh4undfjt2do52chtcky4rxkj447qhdm", "http://k2k4r8l9ja7hkzynavdqup76ou46tnvuaqegbd04a4o1mpbsey0meucb.ipns.localhost/", nil}, // PeerID: ed25519+identity multihash → CIDv1Base36 - {httpRequest, "localhost", "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://k51qzi5uqu5di608geewp3nqkg0bpujoasmka7ftkyxgcm3fh1aroup0gsdrna.ipns.localhost/", nil}, + {httpRequest, "localhost", "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5.ipns.localhost/", nil}, {httpRequest, "sub.localhost", "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.sub.localhost/", nil}, // HTTPS requires DNSLink name to fit in a single DNS label – see "Option C" from https://github.com/ipfs/in-web-browsers/issues/169 {httpRequest, "dweb.link", "/ipns/dnslink.long-name.example.com", "http://dnslink.long-name.example.com.ipns.dweb.link/", nil}, diff --git a/go.mod b/go.mod index 42c4ddcf7df..db8be4a1dcc 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,6 @@ require ( github.com/ipfs/go-verifcid v0.0.1 github.com/ipfs/interface-go-ipfs-core v0.4.0 github.com/ipld/go-car v0.3.0 - github.com/jbenet/go-is-domain v1.0.5 github.com/jbenet/go-random v0.0.0-20190219211222-123a90aedc0c github.com/jbenet/go-temp-err-catcher v0.1.0 github.com/jbenet/goprocess v0.1.4 diff --git a/go.sum b/go.sum index e0a01f40b19..7c4ffc92ecf 100644 --- a/go.sum +++ b/go.sum @@ -518,8 +518,6 @@ github.com/jackpal/go-nat-pmp v1.0.2/go.mod h1:QPH045xvCAeXUZOxsnwmrtiCoxIr9eob+ github.com/jbenet/go-cienv v0.0.0-20150120210510-1bb1476777ec/go.mod h1:rGaEvXB4uRSZMmzKNLoXvTu1sfx+1kv/DojUlPrSZGs= github.com/jbenet/go-cienv v0.1.0 h1:Vc/s0QbQtoxX8MwwSLWWh+xNNZvM3Lw7NsTcHrvvhMc= github.com/jbenet/go-cienv v0.1.0/go.mod h1:TqNnHUmJgXau0nCzC7kXWeotg3J9W34CUv5Djy1+FlA= -github.com/jbenet/go-is-domain v1.0.5 h1:r92uiHbMEJo9Fkey5pMBtZAzjPQWic0ieo7Jw1jEuQQ= -github.com/jbenet/go-is-domain v1.0.5/go.mod h1:xbRLRb0S7FgzDBTJlguhDVwLYM/5yNtvktxj2Ttfy7Q= github.com/jbenet/go-random v0.0.0-20190219211222-123a90aedc0c h1:uUx61FiAa1GI6ZmVd2wf2vULeQZIKG66eybjNXKYCz4= github.com/jbenet/go-random v0.0.0-20190219211222-123a90aedc0c/go.mod h1:sdx1xVM9UuLw1tXnhJWN3piypTUO3vCIHYmG15KE/dU= github.com/jbenet/go-temp-err-catcher v0.0.0-20150120210811-aac704a3f4f2/go.mod h1:8GXXJV31xl8whumTzdZsTt3RnUIiPqzkyf7mxToRCMs= @@ -911,8 +909,6 @@ github.com/miekg/dns v1.1.12/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3N github.com/miekg/dns v1.1.28/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.31/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= -github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= -github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 h1:lYpkrQH5ajf0OXOcUbGjvZxxijuBwbbmlSxLiuofa+g= github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ= @@ -1457,6 +1453,7 @@ golang.org/x/sys v0.0.0-20201214210602-f9fddec55a1e/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201231184435-2d18734c6014/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426080607-c94f62235c83/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= From 28d4d9b327b83cef407a8a79e7162ab54bcfa63d Mon Sep 17 00:00:00 2001 From: Marcin Rataj Date: Wed, 21 Apr 2021 20:36:35 +0200 Subject: [PATCH 2/2] refactor: add isDomainNameAndNotPeerID This ensures we exclude valid PeerIDs from code paths that require DNSLink names. Ref. https://github.com/ipfs/go-ipfs/pull/8071#pullrequestreview-639409245 --- core/corehttp/hostname.go | 20 ++++++++++++++++---- core/corehttp/hostname_test.go | 21 ++++++++++++++++++++- 2 files changed, 36 insertions(+), 5 deletions(-) diff --git a/core/corehttp/hostname.go b/core/corehttp/hostname.go index b6246e281e8..c02c3aeec0c 100644 --- a/core/corehttp/hostname.go +++ b/core/corehttp/hostname.go @@ -349,15 +349,27 @@ func knownSubdomainDetails(hostname string, knownGateways gatewayHosts) (gw *con return nil, "", "", "", false } +// isDomainNameAndNotPeerID returns bool if string looks like a valid DNS name AND is not a PeerID +func isDomainNameAndNotPeerID(hostname string) bool { + if len(hostname) == 0 { + return false + } + if _, err := peer.Decode(hostname); err == nil { + return false + } + _, ok := dns.IsDomainName(hostname) + return ok +} + // isDNSLinkName returns bool if a valid DNS TXT record exist for provided host func isDNSLinkName(ctx context.Context, ipfs iface.CoreAPI, host string) bool { - fqdn := stripPort(host) + dnslinkName := stripPort(host) - if _, ok := dns.IsDomainName(fqdn); !ok && len(fqdn) == 0 { + if !isDomainNameAndNotPeerID(dnslinkName) { return false } - name := "/ipns/" + fqdn + name := "/ipns/" + dnslinkName // check if DNSLink exists depth := options.Name.ResolveOption(nsopts.Depth(1)) _, err := ipfs.Name().Resolve(ctx, name, depth) @@ -476,7 +488,7 @@ func toSubdomainURL(hostname, path string, r *http.Request, ipfs iface.CoreAPI) } // Normalize problematic PeerIDs (eg. ed25519+identity) to CID representation - if _, ok := dns.IsDomainName(rootID); !ok && isPeerIDNamespace(ns) { + if isPeerIDNamespace(ns) && !isDomainNameAndNotPeerID(rootID) { peerID, err := peer.Decode(rootID) // Note: PeerID CIDv1 with protobuf multicodec will fail, but we fix it // in the next block diff --git a/core/corehttp/hostname_test.go b/core/corehttp/hostname_test.go index 9bee6768ac7..6575ee1e840 100644 --- a/core/corehttp/hostname_test.go +++ b/core/corehttp/hostname_test.go @@ -55,7 +55,7 @@ func TestToSubdomainURL(t *testing.T) { {httpRequest, "localhost", "/ipns/QmY3hE8xgFCjGcz6PHgnvJz5HZi1BaKRfPkn1ghZUcYMjD", "http://k2k4r8n0flx3ra0y5dr8fmyvwbzy3eiztmtq6th694k5a3rznayp3e4o.ipns.localhost/", nil}, {httpRequest, "localhost", "/ipns/bafybeickencdqw37dpz3ha36ewrh4undfjt2do52chtcky4rxkj447qhdm", "http://k2k4r8l9ja7hkzynavdqup76ou46tnvuaqegbd04a4o1mpbsey0meucb.ipns.localhost/", nil}, // PeerID: ed25519+identity multihash → CIDv1Base36 - {httpRequest, "localhost", "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5.ipns.localhost/", nil}, + {httpRequest, "localhost", "/ipns/12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", "http://k51qzi5uqu5di608geewp3nqkg0bpujoasmka7ftkyxgcm3fh1aroup0gsdrna.ipns.localhost/", nil}, {httpRequest, "sub.localhost", "/ipfs/QmbCMUZw6JFeZ7Wp9jkzbye3Fzp2GGcPgC3nmeUjfVF87n", "http://bafybeif7a7gdklt6hodwdrmwmxnhksctcuav6lfxlcyfz4khzl3qfmvcgu.ipfs.sub.localhost/", nil}, // HTTPS requires DNSLink name to fit in a single DNS label – see "Option C" from https://github.com/ipfs/in-web-browsers/issues/169 {httpRequest, "dweb.link", "/ipns/dnslink.long-name.example.com", "http://dnslink.long-name.example.com.ipns.dweb.link/", nil}, @@ -144,6 +144,25 @@ func TestHasPrefix(t *testing.T) { } } +func TestIsDomainNameAndNotPeerID(t *testing.T) { + for _, test := range []struct { + hostname string + out bool + }{ + {"", false}, + {"example.com", true}, + {"non-icann.something", true}, + {"..", false}, + {"12D3KooWFB51PRY9BxcXSH6khFXw1BZeszeLDy7C8GciskqCTZn5", false}, // valid peerid + {"k51qzi5uqu5di608geewp3nqkg0bpujoasmka7ftkyxgcm3fh1aroup0gsdrna", false}, // valid peerid + } { + out := isDomainNameAndNotPeerID(test.hostname) + if out != test.out { + t.Errorf("(%s) returned '%t', expected '%t'", test.hostname, out, test.out) + } + } +} + func TestPortStripping(t *testing.T) { for _, test := range []struct { in string