Initial commit

Author: gateway-tools

Dockerfile

@@ -0,0 +1,30 @@
+# Builder
+FROM node:16-bullseye-slim as build-test
+
+WORKDIR /build
+
+COPY . .
+
+RUN apt-get update && \
+    apt-get install -y \
+    --no-install-recommends \ 
+    make \
+    ca-certificates && \
+    make build && \
+    make pkg && \
+    useradd -u 10005 proxyuser && \
+    tail -n 1 /etc/passwd > /etc/passwd.scratch
+
+FROM scratch as runtime
+
+WORKDIR /app
+
+COPY --from=build-test /build/index ./resolver
+COPY --from=build-test /etc/ssl /etc/ssl
+COPY --from=build-test /etc/passwd.scratch /etc/passwd
+
+ENV PATH="${PATH}:/app"
+
+USER 10005
+
+CMD ["resolver"]

Makefile

@@ -0,0 +1,28 @@
+.PHONY: build test pkg
+
+NODE_VERSION := 16
+
+all: build test pkg
+
+help:
+	@echo "Builds and compiles a static binary"
+	@echo "The following command are available"
+	@echo "- build: runs npm install and pkg"
+	@echo "- test: runs test suite"
+	@echo "- pkg: packages the project into a static binary"
+
+build:
+	@npm install
+
+test:
+	( NODE_ENV="test" ASK_ENABLED="true" npm run test || exit 1)
+
+pkg:
+	@./node_modules/.bin/pkg -t node$(value NODE_VERSION)-linuxstatic-x64 index.js
+
+image:
+	@docker \
+	build \
+	--rm \
+	conduit \
+	.

blacklist/index.js

@@ -0,0 +1,26 @@
+const configuration = require('../configuration/config')
+
+/**
+ * 
+ * @param {string} domain 
+ * @returns {boolean}
+ */
+const checkIfDomainIsBlacklisted = (domain) => {
+    if(!domain) {
+        return false
+    }
+    for(const blockedHost of configuration.resolver.blacklist) {
+        if(domain.length === blockedHost.length) {
+            return blockedHost === domain
+        } else {
+            if(domain.endsWith(`.${blockedHost}`)) {
+                return true
+            }
+        }
+    }
+    return false
+}
+
+module.exports = {
+    checkIfDomainIsBlacklisted
+}

cache/redis.js

@@ -0,0 +1,85 @@
+const Redis = require("ioredis");
+const logger = require("../logging/log");
+const NodeCache = require("node-cache");
+const configuration = require("../configuration/config");
+const { default: Redlock } = require("redlock");
+const { redis } = require("../configuration/config");
+
+const cacheTtl = configuration.cache.ttl;
+
+const localCache = new NodeCache({
+  stdTTL: cacheTtl,
+  checkperiod: cacheTtl
+});
+
+const redisClient = new Redis(configuration.redis.url);
+const redlockClient = new Redis(configuration.redis.url);
+
+const redlock = new Redlock(
+  [redlockClient],
+  {
+    driftFactor: 0.01,
+    retryCount: 100000,
+    retryDelay: 5000,
+    retryJitter: 200,
+    automaticExtensionThreshold: 500
+  }
+);
+
+async function checkCache(hostname) {
+  let memCached = await localCache.get(hostname);
+  if (memCached === undefined) {
+    try {
+      let redisCached = await redisClient.get(hostname);
+      if (redisCached === null) {
+        return false
+      } else {
+        // Populate local in-memory cache from Redis
+        localCache.set(hostname, redisCached);
+        let cachedResult = JSON.parse(redisCached);
+        return cachedResult;
+      }
+    } catch (err) {
+      logger.error("Could not check Redis cache", err)
+    }
+  } else {
+    return JSON.parse(memCached);
+  }
+}
+
+async function updateCache(hostname, content) {
+  let contentObject = JSON.stringify(content);
+  localCache.set(hostname, contentObject);
+  try {
+    await redisClient.set(hostname, contentObject);
+    await redisClient.expire(hostname, cacheTtl);
+  } catch (err) {
+    logger.error("Error adding item to cache", err);
+  }
+}
+
+
+async function rateLimitIncr(key, amount, timeForAmount) {
+  const keyTtl = await redisClient.ttl(key)
+  logger.debug(`rateLimitIncr: ${key} has ttl ${keyTtl}`)
+  var times = await redisClient.incr(key)
+  if(!keyTtl || keyTtl < 0) {
+    logger.info(`rateLimitIncr: setting TTL for ${key} = ${timeForAmount} seconds`)
+    await redisClient.expire(key, timeForAmount)
+  }
+
+  return {
+    times,
+    periodInSeconds: timeForAmount,
+    keyTtl,
+    surpassed: times > amount
+  }
+}
+
+module.exports = {
+  updateCache,
+  checkCache,
+  redlockClient,
+  redlock,
+  rateLimitIncr
+}

caddy/index.js

@@ -0,0 +1,66 @@
+const logger = require('../logging/log');
+const { rateLimitIncr, checkCache, updateCache } = require("../cache/redis");
+const { getDomainOfRequestFromGet, stripSubdomainsFromHost } = require('../utils')
+const { resolveEns } = require("../ens/ens");
+const configuration = require('../configuration/config');
+const {checkIfDomainIsBlacklisted} = require('../blacklist')
+const {blockedForLegalReasons} = require('../expressErrors')
+const caddy = async (req, res) => {
+    let ensDomain = getDomainOfRequestFromGet(req);
+    if (!ensDomain) {
+        res.status(422);
+        res.end();
+        return
+    }
+    if(checkIfDomainIsBlacklisted(ensDomain)) {
+        blockedForLegalReasons(res)
+        return
+    }
+    const parentDomain = stripSubdomainsFromHost(ensDomain)
+    let isCached = await checkCache(ensDomain);
+    if (isCached === false) {
+        if (parentDomain && configuration.ask.rate.enabled) {
+            logger.info(`caddy: checking for ${parentDomain} rate limit`)
+            const rateLimit = await rateLimitIncr(`rateLimit/caddy/${parentDomain}`, configuration.ask.rate.limit, configuration.ask.rate.period)
+            if(rateLimit.surpassed) {
+                logger.info(`caddy: rate limit exceeded for ${parentDomain} in query for ${ensDomain}, rate limit expires in ${rateLimit.keyTtl} seconds`)
+                res.status(422)
+                res.end()
+                return;
+            }
+        } else if (configuration.ask.rate.enabled) {
+            logger.error(`caddy: ignoring rate limit check, ${ensDomain} does not have a valid parent domain`)
+        }
+        let location = await resolveEns(ensDomain);
+        await updateCache(ensDomain, location);
+        switch (location.codec) {
+            case 422:
+                res.status(422);
+                res.end();
+                break;
+            default:
+                res.send(location);
+                res.status(200);
+                res.end();
+                break;
+        }
+    } else {
+        switch (isCached.codec) {
+            case "url":
+                res.status(422);
+                res.end();
+                break;
+            case 422:
+                res.status(422);
+                res.end();
+                break;
+            default:
+                res.send(isCached);
+                res.status(200);
+                res.end();
+                break;
+        }
+    }
+}
+
+module.exports = caddy

chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

chart/Chart.yaml

@@ -0,0 +1,6 @@
+apiVersion: v2
+name: conduit
+description: Proxy for ENS domains and distributed storage backends
+type: application
+version: 0.1.0
+appVersion: "1.0.0"

chart/templates/deployment.yaml

@@ -0,0 +1,68 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Values.name }}
+  labels:
+    app: {{ .Values.name }}
+  annotations:
+    seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
+  namespace: {{ .Values.namespace }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: {{ .Values.maxUnavailable }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}
+    spec:
+      terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+      {{- if not .Values.local }}
+      {{- if .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+      {{- end }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets -}}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ .Values.name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.securityContext.runAsGroup }}
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+                - ALL
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+          ports:
+{{ toYaml .Values.ports | indent 12 }}
+          env:
+{{ toYaml .Values.env | indent 12 }}
+{{- if .Values.livenessProbe }}
+          livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 12 -}}
+{{ end }}
+{{- if .Values.readinessProbe }}
+          readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 12 -}}
+{{ end }}

chart/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ .Values.name }}
+  labels:
+    app: {{ .Values.name }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ .Values.name }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+{{- end }}