Skip to content

Commit

Permalink
Fix up proxy hiding and protecting
Browse files Browse the repository at this point in the history 
Change-Id: Ice3f1ee70a8fbe358835d60b8b3d20b59e063ec7
  • Loading branch information
@Pchelolo
Pchelolo committed Jun 6, 2019
1 parent 3a020d1 commit 652dc61
Show file tree
Hide file tree
Showing 20 changed files with 1,202 additions and 191 deletions.
9 changes: 5 additions & 4 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,11 @@ addons:
env:
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=sqlite TEST_MODE=fs
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=cassandra TEST_MODE=fs
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=sqlite TEST_MODE=ftfs
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=cassandra TEST_MODE=ftfs
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=sqlite TEST_MODE=ftbe
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=cassandra TEST_MODE=ftbe
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=sqlite TEST_MODE=fefs
- CASSANDRA_VERSION=3.11.2 TEST_TARGET=cassandra TEST_MODE=fefs
# Disabled until a new feature in restbase-mod-table-* is delivered.
# - CASSANDRA_VERSION=3.11.2 TEST_TARGET=sqlite TEST_MODE=febe
# - CASSANDRA_VERSION=3.11.2 TEST_TARGET=cassandra TEST_MODE=febe

before_install:
- wget https://archive.apache.org/dist/cassandra/${CASSANDRA_VERSION}/apache-cassandra-${CASSANDRA_VERSION}-bin.tar.gz -P ../
Expand Down
18 changes: 9 additions & 9 deletions config.frontend.test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ enwiki_project: &enwiki_project
paths:
/{api:v1}:
x-modules:
- path: projects/v1/enwiki.wmf.yaml
- path: projects/v1/wikipedia.wmf.yaml
options: *default_options
/{api:sys}: *default_sys

Expand Down Expand Up @@ -178,24 +178,24 @@ spec_root: &spec_root

# Finally, a standard service-runner config.
info:
name: restbase
name: restrouter

services:
- name: restbase
- name: restrouter
module: hyperswitch
conf:
port: 7232
port: 7233
spec: *spec_root
salt: secret
default_page_size: 1
user_agent: RESTBase-testsuite
ui_name: RESTBase
user_agent: RESTRouer-testsuite
ui_name: RESTRouter
ui_url: https://www.mediawiki.org/wiki/RESTBase
ui_title: RESTBase docs
ui_title: REST API docs

logging:
name: restbase-test
level: info
name: restrouter
level: warn
streams:
- type: stdout

Expand Down
10 changes: 2 additions & 8 deletions config.fullstack.test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ default_project: &default_project
- path: projects/proxy.yaml
options:
backend_host_template: '{{"/{domain}/sys/legacy"}}'
block_external_reqs: false
- spec:
paths:
/legacy/key_value:
Expand Down Expand Up @@ -98,7 +97,6 @@ wikimedia_project: &wikimedia_project
- path: projects/proxy.yaml
options:
backend_host_template: '{{"/{domain}/sys/legacy"}}'
block_external_reqs: false
- spec:
paths:
/legacy/key_value:
Expand Down Expand Up @@ -142,7 +140,7 @@ enwiki_project: &enwiki_project
paths:
/{api:v1}:
x-modules:
- path: projects/v1/enwiki.wmf.yaml
- path: projects/v1/wikipedia.wmf.yaml
options: *default_options
- path: projects/proxy.yaml
options:
Expand Down Expand Up @@ -179,7 +177,6 @@ spec_root: &spec_root
# Some more general RESTBase info
x-request-filters:
- path: lib/security_response_header_filter.js
- path: lib/normalize_headers_filter.js

x-sub-request-filters:
- type: default
Expand All @@ -190,9 +187,6 @@ spec_root: &spec_root
forward_headers: true
- pattern: /^https?:\/\/parsoid-beta.wmflabs.org.+/
forward_headers: true
# Need to forward cookie to backend RESTBase
- pattern: /^https?:\/\/localhost:7232.+/
forward_headers: true
- pattern: /^https?:\/\//
paths:
/{domain:test.wikipedia.org}: *wikipedia_project
Expand Down Expand Up @@ -244,7 +238,7 @@ services:

logging:
name: restbase-test
level: info
level: warn
streams:
- type: stdout

Expand Down
2 changes: 1 addition & 1 deletion config.storage.test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ services:

logging:
name: restbase
level: error
level: warn
streams:
- type: stdout

Expand Down
126 changes: 0 additions & 126 deletions projects/v1/enwiki.wmf.yaml
View file

This file was deleted.

105 changes: 105 additions & 0 deletions projects/wikimedia.org.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
paths:
/{api:v1}:
x-modules:
# swagger options, overriding the shared ones from the merged specs (?)
- spec:
info:
version: 1.0.0
title: Wikimedia REST API
description: >
This API provides cacheable and straightforward access to
Wikimedia content and data, in machine-readable formats.
### Global Rules
- Limit your clients to no more than 200 requests/s to this API.
Each API endpoint's documentation may detail more specific usage limits.
- Set a unique `User-Agent` or `Api-User-Agent` header that
allows us to contact you quickly. Email addresses or URLs
of contact pages work well.
By using this API, you agree to Wikimedia's
[Terms of Use](https://wikimediafoundation.org/wiki/Terms_of_Use) and
[Privacy Policy](https://wikimediafoundation.org/wiki/Privacy_policy).
Unless otherwise specified in the endpoint documentation
below, content accessed via this API is licensed under the
[CC-BY-SA 3.0](https://creativecommons.org/licenses/by-sa/3.0/)
and [GFDL](https://www.gnu.org/copyleft/fdl.html) licenses,
and you irrevocably agree to release modifications or
additions made through this API under these licenses.
See https://www.mediawiki.org/wiki/REST_API for background and details.
### Endpoint documentation
Please consult each endpoint's documentation for details on:
- Licensing information for the specific type of content
and data served via the endpoint.
- Stability markers to inform you about development status and
change policy, according to
[our API version policy](https://www.mediawiki.org/wiki/API_versioning).
- Endpoint specific usage limits.
termsOfService: https://wikimediafoundation.org/wiki/Terms_of_Use
contact:
name: the Wikimedia Services team
url: http://mediawiki.org/wiki/REST_API
license:
name: Software available under the Apache 2 license
url: http://www.apache.org/licenses/LICENSE-2.0

securityDefinitions: &wp/content-security/1.0.0
mediawiki_auth:
description: Checks permissions using MW api
type: apiKey
in: header
name: cookie
x-internal-request-whitelist:
- /http:\/\/[a-zA-Z0-9\.]+\/w\/api\.php/
# Override the base path for host-based (proxied) requests. In our case,
# we proxy https://{domain}/api/rest_v1/ to the API.
x-host-basePath: /api/rest_v1
paths:
/media:
x-modules:
- path: v1/mathoid.yaml
options: '{{options.mathoid}}'
- path: v1/common_schemas.yaml # Doesn't really matter where to mount it.
/metrics:
x-modules:
- path: v1/metrics.yaml
options: '{{options.pageviews}}'
/transform:
x-modules:
- path: v1/transform-global.yaml
options: '{{options.transform}}'
/feed:
x-modules:
- path: v1/availability.yaml
options: '{{options.mobileapps}}'
options: '{{options}}'

/{api:sys}:
x-modules:
- spec:
paths:
/mathoid:
x-modules:
- path: sys/mathoid.js
options: '{{options.mathoid}}'
/table: &sys_table
x-modules:
- path: sys/table.js
options:
conf: '{{options.table}}'
/key_value: &sys_key_value
x-modules:
- path: sys/key_value.js
/post_data: &sys_post_data
x-modules:
- path: sys/post_data.js
/events:
x-modules:
- path: sys/events.js
options: '{{merge({"skip_updates": options.skip_updates}, options.events)}}'
options: '{{options}}'

0 comments on commit 652dc61

Please sign in to comment.