t0114: restored rest of file

ipfs · Jun 30, 2023 · ce9079a · ce9079a
1 parent 2bb3700
commit ce9079a
Showing 1 changed file with 305 additions and 3 deletions.
diff --git a/test/sharness/t0114-gateway-subdomains.sh b/test/sharness/t0114-gateway-subdomains.sh
@@ -139,6 +139,28 @@ test_localhost_gateway_response_should_contain \
   "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1" \
   "$CID_VAL"
 
+# 'localhost' hostname is used for subdomains, and should not return
+#  payload directly, but redirect to URL with proper origin isolation
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipfs/{CIDv1} returns HTTP 301 Moved Permanently" \
+  "http://localhost:$GWAY_PORT/ipfs/$CIDv1" \
+  "301 Moved Permanently"
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipfs/{CIDv1} returns Location HTTP header for subdomain redirect in browsers" \
+  "http://localhost:$GWAY_PORT/ipfs/$CIDv1" \
+  "Location: http://$CIDv1.ipfs.localhost:$GWAY_PORT/"
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipfs/{DIR_CID} returns HTTP 301 Moved Permanently" \
+  "http://localhost:$GWAY_PORT/ipfs/$DIR_CID" \
+  "301 Moved Permanently"
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipfs/{DIR_CID} returns Location HTTP header for subdomain redirect in browsers" \
+  "http://localhost:$GWAY_PORT/ipfs/$DIR_CID/" \
+  "Location: http://$DIR_CID.ipfs.localhost:$GWAY_PORT/"
 
 # Kubo specific end-to-end test
 # (independend of gateway-conformance)
@@ -152,6 +174,24 @@ test_localhost_gateway_response_should_contain \
 
 # end Kubo specific end-to-end test
 
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipfs/{CIDv0} redirects to CIDv1 representation in subdomain" \
+  "http://localhost:$GWAY_PORT/ipfs/$CIDv0" \
+  "Location: http://${CIDv0to1}.ipfs.localhost:$GWAY_PORT/"
+
+# /ipns/<libp2p-key>
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipns/{CIDv0} redirects to CIDv1 with libp2p-key multicodec in subdomain" \
+  "http://localhost:$GWAY_PORT/ipns/$RSA_IPNS_IDv0" \
+  "Location: http://${RSA_IPNS_IDv1}.ipns.localhost:$GWAY_PORT/"
+
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipns/{CIDv0} redirects to CIDv1 with libp2p-key multicodec in subdomain" \
+  "http://localhost:$GWAY_PORT/ipns/$ED25519_IPNS_IDv0" \
+  "Location: http://${ED25519_IPNS_IDv1}.ipns.localhost:$GWAY_PORT/"
+
+# /ipns/<dnslink-fqdn>
 
 # Kubo specific end-to-end test
 # (independend of gateway-conformance)
@@ -187,6 +227,24 @@ test_localhost_gateway_response_should_contain \
 ## (origin per content root at http://*.localhost)
 ## ============================================================================
 
+# {CID}.ipfs.localhost
+
+test_localhost_gateway_response_should_contain \
+  "request for {CID}.ipfs.localhost should return expected payload" \
+  "http://${CIDv1}.ipfs.localhost:$GWAY_PORT" \
+  "$CID_VAL"
+
+# ensure /ipfs/ namespace is not mounted on subdomain
+test_localhost_gateway_response_should_contain \
+  "request for {CID}.ipfs.localhost/ipfs/{CID} should return HTTP 404" \
+  "http://${CIDv1}.ipfs.localhost:$GWAY_PORT/ipfs/$CIDv1" \
+  "404 Not Found"
+
+# ensure requests to /ipfs/* are not blocked, if content root has such subdirectory
+test_localhost_gateway_response_should_contain \
+  "request for {CID}.ipfs.localhost/ipfs/file.txt should return data from a file in CID content root" \
+  "http://${DIR_CID}.ipfs.localhost:$GWAY_PORT/ipfs/file.txt" \
+  "I am a txt file"
 
 # Kubo specific end-to-end test
 # (independend of gateway-conformance)
@@ -213,6 +271,30 @@ test_expect_success "request for deep path resource at {cid}.ipfs.localhost/sub/
 '
 # end Kubo specific end-to-end test
 
+# *.ipns.localhost
+
+# <libp2p-key>.ipns.localhost
+
+test_localhost_gateway_response_should_contain \
+  "request for {CIDv1-libp2p-key}.ipns.localhost returns expected payload" \
+  "http://${RSA_IPNS_IDv1}.ipns.localhost:$GWAY_PORT" \
+  "$CID_VAL"
+
+test_localhost_gateway_response_should_contain \
+  "request for {CIDv1-libp2p-key}.ipns.localhost returns expected payload" \
+  "http://${ED25519_IPNS_IDv1}.ipns.localhost:$GWAY_PORT" \
+  "$CID_VAL"
+
+test_localhost_gateway_response_should_contain \
+  "localhost request for {CIDv1-dag-pb}.ipns.localhost redirects to CID with libp2p-key multicodec" \
+  "http://${RSA_IPNS_IDv1_DAGPB}.ipns.localhost:$GWAY_PORT" \
+  "Location: http://${RSA_IPNS_IDv1}.ipns.localhost:$GWAY_PORT/"
+
+test_localhost_gateway_response_should_contain \
+  "localhost request for {CIDv1-dag-pb}.ipns.localhost redirects to CID with libp2p-key multicodec" \
+  "http://${ED25519_IPNS_IDv1_DAGPB}.ipns.localhost:$GWAY_PORT" \
+  "Location: http://${ED25519_IPNS_IDv1}.ipns.localhost:$GWAY_PORT/"
+
 # <dnslink-fqdn>.ipns.localhost
 
 # DNSLink test requires a daemon in online mode with precached /ipns/ mapping
@@ -221,6 +303,11 @@ DNSLINK_FQDN="dnslink-test.example.com"
 export IPFS_NS_MAP="$DNSLINK_FQDN:/ipfs/$CIDv1"
 test_launch_ipfs_daemon
 
+test_localhost_gateway_response_should_contain \
+  "request for {dnslink}.ipns.localhost returns expected payload" \
+  "http://$DNSLINK_FQDN.ipns.localhost:$GWAY_PORT" \
+  "$CID_VAL"
+
 # api.localhost/api
 
 # Note: we use DIR_CID so refs -r returns some CIDs for child nodes
@@ -250,6 +337,17 @@ ipfs config --json Gateway.PublicGateways '{
 test_kill_ipfs_daemon
 test_launch_ipfs_daemon_without_network
 
+test_localhost_gateway_response_should_contain \
+  "request for localhost/ipns/{fqdn} redirects to DNSLink in subdomain with DNS inlining" \
+  "http://localhost:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki" \
+  "Location: http://en-wikipedia--on--ipfs-org.ipns.localhost:$GWAY_PORT/wiki"
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipns/{fqdn} redirects to DNSLink in subdomain with DNS inlining" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki" \
+  "Location: http://en-wikipedia--on--ipfs-org.ipns.example.com/wiki"
+
 ## ============================================================================
 ## Test subdomain-based requests with a custom hostname config
 ## (origin per content root at http://*.example.com)
@@ -267,6 +365,96 @@ test_kill_ipfs_daemon
 test_launch_ipfs_daemon_without_network
 
 
+# example.com/ip(f|n)s/*
+# =============================================================================
+
+# path requests to the root hostname should redirect
+# to a subdomain URL with proper origin isolation
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipfs/{CIDv1} produces redirect to {CIDv1}.ipfs.example.com" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1" \
+  "Location: http://$CIDv1.ipfs.example.com/"
+
+# error message should include original CID
+# (and it should be case-sensitive, as we can't assume everyone uses base32)
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipfs/{InvalidCID} produces useful error before redirect" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/QmInvalidCID" \
+  'invalid path \"/ipfs/QmInvalidCID\"'
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipfs/{CIDv0} produces redirect to {CIDv1}.ipfs.example.com" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv0" \
+  "Location: http://${CIDv0to1}.ipfs.example.com/"
+
+# Support X-Forwarded-Proto
+test_expect_success "request for http://example.com/ipfs/{CID} with X-Forwarded-Proto: https produces redirect to HTTPS URL" "
+  curl -H \"X-Forwarded-Proto: https\" -H \"Host: example.com\" -sD - \"http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1\" > response &&
+  test_should_contain \"Location: https://$CIDv1.ipfs.example.com/\" response
+"
+
+# Support ipfs:// in https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipfs/?uri=ipfs%3A%2F%2F.. produces redirect to /ipfs/.. content path" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/?uri=ipfs%3A%2F%2FQmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco%2Fwiki%2FDiego_Maradona.html" \
+  "Location: /ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/Diego_Maradona.html"
+
+# example.com/ipns/<libp2p-key>
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipns/{CIDv0} redirects to CIDv1 with libp2p-key multicodec in subdomain" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/$RSA_IPNS_IDv0" \
+  "Location: http://${RSA_IPNS_IDv1}.ipns.example.com/"
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipns/{CIDv0} redirects to CIDv1 with libp2p-key multicodec in subdomain" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/$ED25519_IPNS_IDv0" \
+  "Location: http://${ED25519_IPNS_IDv1}.ipns.example.com/"
+
+# example.com/ipns/<dnslink-fqdn>
+
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipns/{fqdn} redirects to DNSLink in subdomain" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki" \
+  "Location: http://en.wikipedia-on-ipfs.org.ipns.example.com/wiki"
+
+# DNSLink on Public gateway with a single-level wildcard TLS cert
+# "Option C" from  https://github.com/ipfs/in-web-browsers/issues/169
+test_expect_success \
+  "request for example.com/ipns/{fqdn} with X-Forwarded-Proto redirects to TLS-safe label in subdomain" "
+  curl -H \"Host: example.com\" -H \"X-Forwarded-Proto: https\" -sD - \"http://127.0.0.1:$GWAY_PORT/ipns/en.wikipedia-on-ipfs.org/wiki\" > response &&
+  test_should_contain \"Location: https://en-wikipedia--on--ipfs-org.ipns.example.com/wiki\" response
+  "
+
+# Support ipns:// in https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProtocolHandler
+test_hostname_gateway_response_should_contain \
+  "request for example.com/ipns/?uri=ipns%3A%2F%2F.. produces redirect to /ipns/.. content path" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/?uri=ipns%3A%2F%2Fen.wikipedia-on-ipfs.org" \
+  "Location: /ipns/en.wikipedia-on-ipfs.org"
+
+# *.ipfs.example.com: subdomain requests made with custom FQDN in Host header
+
+test_hostname_gateway_response_should_contain \
+  "request for {CID}.ipfs.example.com should return expected payload" \
+  "${CIDv1}.ipfs.example.com" \
+  "http://127.0.0.1:$GWAY_PORT/" \
+  "$CID_VAL"
+
+test_hostname_gateway_response_should_contain \
+  "request for {CID}.ipfs.example.com/ipfs/{CID} should return HTTP 404" \
+  "${CIDv1}.ipfs.example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1" \
+  "404 Not Found"
+
 # Kubo specific end-to-end test
 # (independend of gateway-conformance)
 # HTML specific to Boxo/Kubo, and relative pathing specific to code in Kubo
@@ -295,6 +483,41 @@ test_expect_success "valid breadcrumb links in the header of directory listing a
 '
 
 # end Kubo specific end-to-end test
+
+test_expect_success "request for deep path resource {cid}.ipfs.example.com/sub/dir/file" '
+  curl -s -H "Host: $DIR_FQDN" http://127.0.0.1:$GWAY_PORT/ipfs/ipns/bar > list_response &&
+  test_should_contain "text-file-content" list_response
+'
+
+# *.ipns.example.com
+# ============================================================================
+
+# <libp2p-key>.ipns.example.com
+
+test_hostname_gateway_response_should_contain \
+  "request for {CIDv1-libp2p-key}.ipns.example.com returns expected payload" \
+  "${RSA_IPNS_IDv1}.ipns.example.com" \
+  "http://127.0.0.1:$GWAY_PORT" \
+  "$CID_VAL"
+
+test_hostname_gateway_response_should_contain \
+  "request for {CIDv1-libp2p-key}.ipns.example.com returns expected payload" \
+  "${ED25519_IPNS_IDv1}.ipns.example.com" \
+  "http://127.0.0.1:$GWAY_PORT" \
+  "$CID_VAL"
+
+test_hostname_gateway_response_should_contain \
+  "hostname request for {CIDv1-dag-pb}.ipns.localhost redirects to CID with libp2p-key multicodec" \
+  "${RSA_IPNS_IDv1_DAGPB}.ipns.example.com" \
+  "http://127.0.0.1:$GWAY_PORT" \
+  "Location: http://${RSA_IPNS_IDv1}.ipns.example.com/"
+
+test_hostname_gateway_response_should_contain \
+  "hostname request for {CIDv1-dag-pb}.ipns.localhost redirects to CID with libp2p-key multicodec" \
+  "${ED25519_IPNS_IDv1_DAGPB}.ipns.example.com" \
+  "http://127.0.0.1:$GWAY_PORT" \
+  "Location: http://${ED25519_IPNS_IDv1}.ipns.example.com/"
+
 # API on subdomain gateway example.com
 # ============================================================================
 
@@ -354,9 +577,6 @@ DNSLINK_FQDN="dnslink-subdomain-gw-test.example.org"
 export IPFS_NS_MAP="$DNSLINK_FQDN:/ipfs/$CIDv1"
 test_launch_ipfs_daemon
 
-# TODO: dns inlining? 
-# this lives in subdomain_gateway_ipns_test.go for now
-
 test_hostname_gateway_response_should_contain \
   "request for {dnslink}.ipns.example.com returns expected payload" \
   "$DNSLINK_FQDN.ipns.example.com" \
@@ -371,6 +591,59 @@ test_expect_success \
   test_should_contain \"$CID_VAL\" response
   "
 
+## Test subdomain handling of CIDs that do not fit in a single DNS Label (>63chars)
+## https://github.com/ipfs/go-ipfs/issues/7318
+## ============================================================================
+
+# local: *.localhost
+test_localhost_gateway_response_should_contain \
+  "request for a ED25519 libp2p-key at localhost/ipns/{b58mh} returns Location HTTP header for DNS-safe subdomain redirect in browsers" \
+  "http://localhost:$GWAY_PORT/ipns/$IPNS_ED25519_B58MH" \
+  "Location: http://${IPNS_ED25519_B36CID}.ipns.localhost:$GWAY_PORT/"
+
+# router should not redirect to hostnames that could fail due to DNS limits
+test_localhost_gateway_response_should_contain \
+  "request for a too long CID at localhost/ipfs/{CIDv1} returns human readable error" \
+  "http://localhost:$GWAY_PORT/ipfs/$CIDv1_TOO_LONG" \
+  "CID incompatible with DNS label length limit of 63"
+
+test_localhost_gateway_response_should_contain \
+  "request for a too long CID at localhost/ipfs/{CIDv1} returns HTTP Error 400 Bad Request" \
+  "http://localhost:$GWAY_PORT/ipfs/$CIDv1_TOO_LONG" \
+  "400 Bad Request"
+
+# direct request should also fail (provides the same UX as router and avoids confusion)
+test_localhost_gateway_response_should_contain \
+  "request for a too long CID at {CIDv1}.ipfs.localhost returns expected payload" \
+  "http://$CIDv1_TOO_LONG.ipfs.localhost:$GWAY_PORT" \
+  "400 Bad Request"
+
+# public subdomain gateway: *.example.com
+
+test_hostname_gateway_response_should_contain \
+  "request for a ED25519 libp2p-key at example.com/ipns/{b58mh} returns Location HTTP header for DNS-safe subdomain redirect in browsers" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipns/$IPNS_ED25519_B58MH" \
+  "Location: http://${IPNS_ED25519_B36CID}.ipns.example.com"
+
+test_hostname_gateway_response_should_contain \
+  "request for a too long CID at example.com/ipfs/{CIDv1} returns human readable error" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1_TOO_LONG" \
+  "CID incompatible with DNS label length limit of 63"
+
+test_hostname_gateway_response_should_contain \
+  "request for a too long CID at example.com/ipfs/{CIDv1} returns HTTP Error 400 Bad Request" \
+  "example.com" \
+  "http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1_TOO_LONG" \
+  "400 Bad Request"
+
+test_hostname_gateway_response_should_contain \
+  "request for a too long CID at {CIDv1}.ipfs.example.com returns HTTP Error 400 Bad Request" \
+  "$CIDv1_TOO_LONG.ipfs.example.com" \
+  "http://127.0.0.1:$GWAY_PORT/" \
+  "400 Bad Request"
+
 # Disable selected Paths for the subdomain gateway hostname
 # =============================================================================
 
@@ -572,6 +845,35 @@ test_hostname_gateway_response_should_contain \
   "http://127.0.0.1:$GWAY_PORT/" \
   "$CID_VAL"
 
+## ============================================================================
+## Test support for X-Forwarded-Host
+## ============================================================================
+
+# set explicit subdomain gateway config for the hostname
+ipfs config --json Gateway.PublicGateways '{
+  "example.com": {
+    "UseSubdomains": true,
+    "Paths": ["/ipfs", "/ipns", "/api"]
+  }
+}' || exit 1
+# restart daemon to apply config changes
+test_kill_ipfs_daemon
+test_launch_ipfs_daemon_without_network
+
+test_expect_success "request for http://fake.domain.com/ipfs/{CID} doesn't match the example.com gateway" "
+  curl -H \"Host: fake.domain.com\" -sD - \"http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1\" > response &&
+  test_should_contain \"200 OK\" response
+"
+
+test_expect_success "request for http://fake.domain.com/ipfs/{CID} with X-Forwarded-Host: example.com match the example.com gateway" "
+  curl -H \"Host: fake.domain.com\" -H \"X-Forwarded-Host: example.com\" -sD - \"http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1\" > response &&
+  test_should_contain \"Location: http://$CIDv1.ipfs.example.com/\" response
+"
+
+test_expect_success "request for http://fake.domain.com/ipfs/{CID} with X-Forwarded-Host: example.com and X-Forwarded-Proto: https match the example.com gateway, redirect with https" "
+  curl -H \"Host: fake.domain.com\" -H \"X-Forwarded-Host: example.com\" -H \"X-Forwarded-Proto: https\" -sD - \"http://127.0.0.1:$GWAY_PORT/ipfs/$CIDv1\" > response &&
+  test_should_contain \"Location: https://$CIDv1.ipfs.example.com/\" response
+"
 
 # Kubo specific end-to-end test
 # (independend of gateway-conformance)