Skip to content

Commit

Permalink
feat: support https
Browse files Browse the repository at this point in the history
  • Loading branch information
@hai-ko
hai-ko committed Nov 21, 2023
1 parent ff4f854 commit 40228ed
Show file tree
Hide file tree
Showing 8 changed files with 101 additions and 25 deletions.
25 changes: 14 additions & 11 deletions .github/workflows/deploy-billboard.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ name: Staging billboard deploy
on: push

jobs:
messenger-demo-deploy:
billboard-deploy:
environment: staging-billboard
runs-on: ubuntu-latest
# if: ${{ contains( github.ref, vars.STAGING_BRANCH) }}
environment: staging-billboard
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
Expand All @@ -28,15 +28,16 @@ jobs:
- name: Create .env file
env:
TARGET_HOST: ${{ secrets.STAGING_HOST }}
TARGET_IP: ${{ secrets.IP_ADDRESS }}
run: |
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.bb-addr.dm3.eth" >> ./.env.react
echo "REACT_APP_BACKEND=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=beta-ds.dm3.eth" >> ./.env.react
echo "REACT_APP_DEFAULT_SERVICE=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=.addr.devconnect.dm3.eth" >> ./.env.react
echo "REACT_APP_BACKEND=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=bb-ds.devconnect.dm3.eth" >> ./.env.react
echo "REACT_APP_DEFAULT_SERVICE=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_ETHEREUM_PROVIDER=${{ secrets.REACT_APP_ETHEREUM_PROVIDER }}" >> ./.env.react
echo "REACT_APP_PROFILE_BASE_URL=http://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_RESOLVER_BACKEND=http://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
echo "REACT_APP_USER_ENS_SUBDOMAIN=.beta-user.dm3.eth" >> ./.env.react
echo "REACT_APP_PROFILE_BASE_URL=https://${{ secrets.STAGING_HOST }}/api" >> ./.env.react
echo "REACT_APP_RESOLVER_BACKEND=https://${{ secrets.STAGING_HOST }}/resolver-handler" >> ./.env.react
echo "REACT_APP_USER_ENS_SUBDOMAIN=.user.devconnect.dm3.eth" >> ./.env.react
echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
Expand All @@ -55,7 +56,9 @@ jobs:
echo "interceptor=${{ secrets.INTERCEPTOR }}" >> ./.env
echo "DISABLE_SESSION_CHECK='true'" >> ./.env
echo "BILLBOARD_NAMES=${{ secrets.BILLBOARD_NAMES }}" >> ./.env
envsubst '${SSL_CERTIFICATE_BASE_LOC} ${TLS_CERTIFICATE_LOCATION} ${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
echo "CERT_MAIL=${{ secrets.CERT_MAIL }}" >> ./.env
echo "URL=${{ secrets.STAGING_HOST }}" >> ./.env
envsubst '${TARGET_HOST}' < ./docker/billboard/nginx.conf > ./nginx.conf
cat ./.env
- name: Build docker image
run: |
Expand All @@ -82,7 +85,7 @@ jobs:
- name: Firewall config
run: |
ssh -i ./ssh-key root@${{ secrets.STAGING_HOST }} "\
ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.STAGING_HOST }} port 80"
ufw allow from 172.18.0.1/16 proto tcp to ${{ secrets.IP_ADDRESS }} port 80"
- name: Start
run: |
ssh -i ./ssh-key app@${{ secrets.STAGING_HOST }} "\
Expand Down
26 changes: 24 additions & 2 deletions docker/billboard/docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ services:
- ccip-resolver
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- web-root:/var/www/html
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
ports:
- "80:80"
- "443:443"
Expand Down Expand Up @@ -92,6 +95,17 @@ services:
# REACT_APP_WALLET_CONNECT_PROJECT_ID: ${REACT_APP_WALLET_CONNECT_PROJECT_ID}
# RESOLVER_ADDR: ${RESOLVER_ADDR}

certbot:
image: certbot/certbot
container_name: certbot
volumes:
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- web-root:/var/www/html
depends_on:
- nginx
command: certonly --webroot --webroot-path=/var/www/html --email ${CERT_MAIL} --agree-tos --no-eff-email -d ${URL}

ccip-resolver:
image: dm3org/ccip-resolver:v0.2.7
restart: always
Expand All @@ -103,10 +117,18 @@ services:
LOG_LEVEL: debug
CONFIG: |
{
"0x26139b2349282de5ee2bd9c7a53171a28d6a6c84": {
"0xc9bf092673b3a066df088a2a911e23e9b69b82f2": {
"type": "signing",
"handlerUrl": "http://offchain-resolver:8082"
}
}
PORT: 8181

volumes:
certbot-etc:
certbot-var:
web-root:
driver: local
driver_opts:
type: none
device: /home/app/dm3/webroot/
o: bind
31 changes: 27 additions & 4 deletions docker/billboard/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,23 @@ http {
listen 80;
server_name ${TARGET_HOST};

return 301 https://$server_name$request_uri;
}

server {
listen 80;
server_name ${TARGET_IP};

return 301 https://${TARGET_HOST}$request_uri;
}

server {
listen 443 ssl;
server_name ${TARGET_HOST};

ssl_certificate /etc/letsencrypt/live/${TARGET_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${TARGET_HOST}/privkey.pem;

# location / {
# limit_req zone=standardlimit burst=50;
# proxy_pass http://web:8080;
Expand All @@ -30,7 +47,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_ssl_verify off;
proxy_redirect off;
}

Expand All @@ -42,7 +59,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_ssl_verify off;
proxy_redirect off;
}

Expand All @@ -54,7 +71,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_ssl_verify off;
proxy_redirect off;
}

Expand All @@ -66,7 +83,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_ssl_verify off;
proxy_redirect off;
}

Expand All @@ -79,6 +96,7 @@ http {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
proxy_ssl_verify off;
proxy_set_header Host $host;
}

Expand All @@ -95,6 +113,11 @@ http {
proxy_set_header Host $host;
}

location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}


}
}
2 changes: 1 addition & 1 deletion packages/backend/src/rpc/methods/handleSubmitMessage.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ export async function handleSubmitMessage(
} catch (error) {
global.logger.warn({
method: 'RPC SUBMIT MESSAGE',
error,
error: JSON.stringify(error),
});
logError({
text: '[handleSubmitMessage]',
Expand Down
9 changes: 9 additions & 0 deletions packages/lib/delivery/src/Messages.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,12 +138,18 @@ export async function incomingMessage(

if (!tokenIsValid) {
//Token is invalid
logDebug({
text: 'incomingMessage token invalid',
});
throw Error('Token check failed');
}

//Retrives the session of the receiver
const receiverSession = await getSession(deliveryInformation.to);
if (!receiverSession) {
logDebug({
text: 'incomingMessage unknown session',
});
throw Error('unknown session');
}
logDebug({
Expand All @@ -155,6 +161,9 @@ export async function incomingMessage(

//Checkes if the message is spam
if (await isSpam(provider, receiverSession, deliveryInformation)) {
logDebug({
text: 'incomingMessage is spam',
});
throw Error('Message does not match spam criteria');
}

Expand Down
18 changes: 17 additions & 1 deletion packages/lib/delivery/src/Session.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { ethers } from 'ethers';
import { ProfileExtension, SignedUserProfile } from 'dm3-lib-profile';
import { logDebug } from 'dm3-lib-shared';

//1Year
const TTL = 31536000000;
Expand All @@ -23,30 +24,45 @@ export async function checkToken(
ensName: string,
token: string,
): Promise<boolean> {
logDebug({
text: 'checkToken',
});
const address = await provider.resolveName(ensName);

if (!address) {
// Couln't resolve ENS name
logDebug({
text: `checkToken - Couln't resolve ENS name`,
});
return false;
}

const session = await getSession(ensName.toLocaleLowerCase());

//There is now account for the requesting accoung
//There is no account for the requesting accoung
if (!session) {
logDebug({
text: `checkToken - There is no account for the requesting accoung`,
});
return false;
}

const tokenIsValid = token === session.token;

//The account has a session but the token is wrong
if (!tokenIsValid) {
logDebug({
text: `checkToken - The account has a session but the token is wrong`,
});
return false;
}

const isTokenExpired = session.createdAt + TTL < new Date().getTime();
//The token is exceeded
if (isTokenExpired) {
logDebug({
text: `checkToken - The token is exceeded`,
});
return false;
}

Expand Down
5 changes: 4 additions & 1 deletion packages/lib/delivery/src/UserProfile.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import { getDefaultProfileExtension } from 'dm3-lib-profile';
import { Session } from './Session';
import { v4 as uuidv4 } from 'uuid';
import { ethers } from 'ethers';
import { logDebug } from 'dm3-lib-shared';

const handlePendingConversations = async (
ensName: string,
Expand Down Expand Up @@ -40,6 +41,7 @@ export async function submitUserProfile(
const account = normalizeEnsName(ensName);

if (!(await checkUserProfile(provider, signedUserProfile, account))) {
logDebug('submitUserProfile - Signature invalid');
throw Error('Signature invalid.');
}
//TODO: remvoe DISABLE_SESSION_CHECK
Expand All @@ -48,6 +50,7 @@ export async function submitUserProfile(
process.env.DISABLE_SESSION_CHECK !== 'true' &&
(await getSession(account))
) {
logDebug('submitUserProfile - Profile exists already');
throw Error('Profile exists already');
}
const session: Session = {
Expand All @@ -57,7 +60,7 @@ export async function submitUserProfile(
createdAt: new Date().getTime(),
profileExtension: getDefaultProfileExtension(),
};

logDebug({ text: 'submitUserProfile', session });
await setSession(account.toLocaleLowerCase(), session);
await handlePendingConversations(
account,
Expand Down
10 changes: 5 additions & 5 deletions packages/offchain-resolver/src/http/profile.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,17 @@ export function profile(web3Provider: ethers.providers.BaseProvider) {
}
global.logger.debug({
message: 'nameP setAlias',
hotAddr: hotAddr + '.bb-addr.dm3.eth',
alias: `${address}.bb-user.dm3.eth`,
hotAddr: hotAddr + '.addr.devconnect.dm3.eth',
alias: `${address}.user.devconnect.dm3.eth`,
});

await req.app.locals.db.removeAlias(
`${address}.bb-user.dm3.eth`,
`${address}.user.devconnect.dm3.eth`,
);

await req.app.locals.db.setAlias(
hotAddr + '.bb-addr.dm3.eth',
`${address}.bb-user.dm3.eth`,
hotAddr + '.addr.devconnect.dm3.eth',
`${address}.user.devconnect.dm3.eth`,
);

return res.sendStatus(200);
Expand Down

0 comments on commit 40228ed

Please sign in to comment.