From d99cf88f38f27e96b6c3808dd01fb1e14c785154 Mon Sep 17 00:00:00 2001 From: Iain Learmonth Date: Wed, 25 May 2022 15:32:17 +0100 Subject: [PATCH] smart_proxy: add asset domains concept --- app/models/mirrors.py | 1 + app/portal/origin.py | 7 +++- app/portal/templates/tables.html.j2 | 2 + app/terraform/proxy/__init__.py | 12 +++++- app/terraform/proxy/cloudfront.py | 2 +- .../c644bb20d0e3_add_asset_origins.py | 40 +++++++++++++++++++ 6 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 migrations/versions/c644bb20d0e3_add_asset_origins.py diff --git a/app/models/mirrors.py b/app/models/mirrors.py index 91da8f2..1cfee70 100644 --- a/app/models/mirrors.py +++ b/app/models/mirrors.py @@ -13,6 +13,7 @@ class Origin(AbstractConfiguration): domain_name = db.Column(db.String(255), unique=True, nullable=False) auto_rotation = db.Column(db.Boolean, nullable=False) smart = db.Column(db.Boolean(), nullable=False) + assets = db.Column(db.Boolean(), nullable=False) group = db.relationship("Group", back_populates="origins") proxies = db.relationship("Proxy", back_populates="origin") diff --git a/app/portal/origin.py b/app/portal/origin.py index 1c7b496..8d1e629 100644 --- a/app/portal/origin.py +++ b/app/portal/origin.py @@ -22,6 +22,7 @@ class NewOriginForm(FlaskForm): # type: ignore group = SelectField('Group', validators=[DataRequired()]) auto_rotate = BooleanField("Enable auto-rotation?", default=True) smart_proxy = BooleanField("Requires smart proxy?", default=False) + asset_domain = BooleanField("Used to host assets for other domains?", default=False) submit = SubmitField('Save Changes') @@ -30,6 +31,7 @@ class EditOriginForm(FlaskForm): # type: ignore group = SelectField('Group', validators=[DataRequired()]) auto_rotate = BooleanField("Enable auto-rotation?") smart_proxy = BooleanField("Requires smart proxy?") + asset_domain = BooleanField("Used to host assets for other domains?", default=False) submit = SubmitField('Save Changes') @@ -45,6 +47,7 @@ def origin_new(group_id: Optional[int] = None) -> ResponseReturnValue: origin.description = form.description.data origin.auto_rotation = form.auto_rotate.data origin.smart = form.smart_proxy.data + origin.assets = form.asset_domain.data origin.created = datetime.utcnow() origin.updated = datetime.utcnow() try: @@ -73,13 +76,15 @@ def origin_edit(origin_id: int) -> ResponseReturnValue: form = EditOriginForm(group=origin.group_id, description=origin.description, auto_rotate=origin.auto_rotation, - smart_proxy=origin.smart) + smart_proxy=origin.smart, + asset_domain=origin.assets) form.group.choices = [(x.id, x.group_name) for x in Group.query.all()] if form.validate_on_submit(): origin.group_id = form.group.data origin.description = form.description.data origin.auto_rotation = form.auto_rotate.data origin.smart = form.smart_proxy.data + origin.assets = form.asset_domain.data origin.updated = datetime.utcnow() try: db.session.commit() diff --git a/app/portal/templates/tables.html.j2 b/app/portal/templates/tables.html.j2 index ad84a60..bff009c 100644 --- a/app/portal/templates/tables.html.j2 +++ b/app/portal/templates/tables.html.j2 @@ -211,6 +211,7 @@ Description Auto-Rotation Smart Proxy + Assets Origin Onion Service Group Actions @@ -228,6 +229,7 @@ {{ origin.description }} {% if origin.auto_rotation %}✅{% else %}❌{% endif %} {% if origin.smart %}✅{% else %}❌{% endif %} + {% if origin.assets %}✅{% else %}❌{% endif %} {% if origin.onion() %}✅{% else %}❌{% endif %} {{ origin.group.group_name }} diff --git a/app/terraform/proxy/__init__.py b/app/terraform/proxy/__init__.py index 1d27ff8..94cafa3 100644 --- a/app/terraform/proxy/__init__.py +++ b/app/terraform/proxy/__init__.py @@ -167,7 +167,7 @@ class ProxyAutomation(TerraformAutomation): {% for origin in origins %} server { listen 443 ssl; - server_name origin-{{ origin.id }}.{{ provider }}.smart.censorship.guide; + server_name origin-{{ origin.id }}.{{ provider }}.smart.{{ smart_zone[:-1] }}; location / { proxy_set_header Accept-Encoding ""; proxy_ssl_server_name on; @@ -175,6 +175,13 @@ class ProxyAutomation(TerraformAutomation): subs_filter_types text/html text/css text/xml; subs_filter https://{{ origin.domain_name }}/ /; subs_filter "\\\"https://{{ origin.domain_name }}\\\"" /; + {% for asset_origin in origin.group.origins | selectattr("origin", "true") %} + {% for asset_proxy in asset_origin.proxies | selectattr("provider", provider) %} + {% if loop.first %} + subs_filter https://{{ asset_origin.domain_name }}/ {{ asset_proxy.url }}/ + {% endif %} + {% endfor %} + {% endfor %} } ssl_certificate /etc/ssl/smart_proxy.crt; ssl_certificate_key /etc/ssl/private/smart_proxy.key; @@ -182,4 +189,5 @@ class ProxyAutomation(TerraformAutomation): {% endfor %} """, provider=self.provider, - origins=group_origins) + origins=group_origins, + smart_zone=app.config['SMART_ZONE']) diff --git a/app/terraform/proxy/cloudfront.py b/app/terraform/proxy/cloudfront.py index ecd1f47..8c7a053 100644 --- a/app/terraform/proxy/cloudfront.py +++ b/app/terraform/proxy/cloudfront.py @@ -122,7 +122,7 @@ class ProxyCloudfrontAutomation(ProxyAutomation): {% for proxy in proxies %} module "cloudfront_{{ proxy.id }}" { source = "sr2c/bc-proxy/aws" - version = "0.0.7" + version = "0.0.10" {% if proxy.origin.smart %} origin_domain = "origin-{{ proxy.origin.id }}.cloudfront.smart.{{ smart_zone[:-1] }}" {% else %} diff --git a/migrations/versions/c644bb20d0e3_add_asset_origins.py b/migrations/versions/c644bb20d0e3_add_asset_origins.py new file mode 100644 index 0000000..7f174bb --- /dev/null +++ b/migrations/versions/c644bb20d0e3_add_asset_origins.py @@ -0,0 +1,40 @@ +"""add asset origins + +Revision ID: c644bb20d0e3 +Revises: 133961a48525 +Create Date: 2022-05-25 15:21:16.221418 + +""" +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision = 'c644bb20d0e3' +down_revision = '133961a48525' +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + with op.batch_alter_table('origin', schema=None) as batch_op: + batch_op.add_column(sa.Column('assets', sa.Boolean(), nullable=True)) + with op.batch_alter_table('origin', schema=None) as batch_op: + batch_op.execute("UPDATE origin SET assets=false") + batch_op.alter_column('assets', + existing_type=sa.BOOLEAN(), + nullable=False) + + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + with op.batch_alter_table('origin', schema=None) as batch_op: + batch_op.alter_column('smart', + existing_type=sa.BOOLEAN(), + nullable=True) + batch_op.drop_column('assets') + + # ### end Alembic commands ###