From 840a5a9b4970f9575865ec9434d994bdd460397d Mon Sep 17 00:00:00 2001 From: Henrique Dias Date: Fri, 14 Jan 2022 11:34:56 +0100 Subject: [PATCH] refactor: remove checkCorsConfig License: MIT Signed-off-by: Henrique Dias --- src/daemon/config.js | 50 ------------------------------------- src/daemon/daemon.js | 3 +-- test/e2e/launch.e2e.test.js | 40 ----------------------------- 3 files changed, 1 insertion(+), 92 deletions(-) diff --git a/src/daemon/config.js b/src/daemon/config.js index 7a4149e02..613ab72d8 100644 --- a/src/daemon/config.js +++ b/src/daemon/config.js @@ -99,55 +99,6 @@ function migrateConfig (ipfsd) { store.set(REVISION_KEY, REVISION) } -// Check for * and webui://- in allowed origins on API headers. -// The wildcard was a ipfsd-ctl default, that we don't want, and -// webui://- was an earlier experiement that should be cleared out. -// -// We remove them the first time we find them. If we find it again on subsequent -// runs then we leave them in, under the assumption that you really want it. -// TODO: show warning in UI when wildcard is in the allowed origins. -function checkCorsConfig (ipfsd) { - if (store.get('checkedCorsConfig')) { - // We've already checked so skip it. - return - } - - let config = null - - try { - config = readConfigFile(ipfsd) - } catch (err) { - // This is a best effort check, dont blow up here, that should happen else where. - // TODO: gracefully handle config errors elsewhere! - logger.error(`[daemon] checkCorsConfig: error reading config file: ${err.message || err}`) - return - } - - if (config.API && config.API.HTTPHeaders && config.API.HTTPHeaders['Access-Control-Allow-Origin']) { - const allowedOrigins = config.API.HTTPHeaders['Access-Control-Allow-Origin'] - const originsToRemove = ['*', 'webui://-'] - - if (Array.isArray(allowedOrigins)) { - const specificOrigins = allowedOrigins.filter(origin => !originsToRemove.includes(origin)) - - if (specificOrigins.length !== allowedOrigins.length) { - config.API.HTTPHeaders['Access-Control-Allow-Origin'] = specificOrigins - - try { - writeConfigFile(ipfsd, config) - store.set('updatedCorsConfig', Date.now()) - } catch (err) { - logger.error(`[daemon] checkCorsConfig: error writing config file: ${err.message || err}`) - // don't skip setting checkedCorsConfig so we try again next time time. - return - } - } - } - } - - store.set('checkedCorsConfig', true) -} - const parseCfgMultiaddr = (addr) => (addr.includes('/http') ? multiaddr(addr) : multiaddr(addr).encapsulate('/http') @@ -320,6 +271,5 @@ module.exports = Object.freeze({ rmApiFile, applyDefaults, migrateConfig, - checkCorsConfig, checkPorts }) diff --git a/src/daemon/daemon.js b/src/daemon/daemon.js index ef87f9ae5..b2f8509f4 100644 --- a/src/daemon/daemon.js +++ b/src/daemon/daemon.js @@ -2,7 +2,7 @@ const Ctl = require('ipfsd-ctl') const i18n = require('i18next') const { showDialog } = require('../dialogs') const logger = require('../common/logger') -const { applyDefaults, migrateConfig, checkCorsConfig, checkPorts, configExists, rmApiFile, apiFileExists } = require('./config') +const { applyDefaults, migrateConfig, checkPorts, configExists, rmApiFile, apiFileExists } = require('./config') const { getCustomBinary } = require('../custom-ipfs-binary') function cannotConnectDialog (addr) { @@ -41,7 +41,6 @@ async function spawn ({ flags, path }) { if (configExists(ipfsd)) { migrateConfig(ipfsd) - checkCorsConfig(ipfsd) return { ipfsd, isRemote: false } } diff --git a/test/e2e/launch.e2e.test.js b/test/e2e/launch.e2e.test.js index 312bf2695..b19db4899 100644 --- a/test/e2e/launch.e2e.test.js +++ b/test/e2e/launch.e2e.test.js @@ -99,46 +99,6 @@ test.describe.serial('Application launch', async () => { expect(config.Discovery.MDNS.Enabled).toBeTruthy() }) - test('fixes cors config if access to "*" is granted', async () => { - // create config - const { repoPath, configPath, peerId: expectedId } = await makeRepository({ start: false }) - let config = fs.readJsonSync(configPath) - - // pretend someone set dangerous "*" (allowing global access to API) - // Note: '*' is the default when running ipfsd-ctl with test=true, but we set it here just to be sure - config.API.HTTPHeaders['Access-Control-Allow-Origin'] = ['*'] - fs.writeJsonSync(configPath, config, { spaces: 2 }) - - const { app } = await startApp({ repoPath }) - const { peerId } = await daemonReady(app) - expect(peerId).toBe(expectedId) - - // ensure app has enabled cors checking - config = fs.readJsonSync(configPath) - expect(config.API.HTTPHeaders['Access-Control-Allow-Origin']).toEqual([]) - }) - - test('fixes cors config with multiple allowed origins', async () => { - // create preexisting, initialized repo and config - const { repoPath, configPath, peerId: expectedId } = await makeRepository({ start: false }) - - // setup CORS config for the test - const initConfig = fs.readJsonSync(configPath) - // update origins to include multiple entries, including wildcard. - const newOrigins = ['https://webui.ipfs.io', '*'] - initConfig.API.HTTPHeaders['Access-Control-Allow-Origin'] = newOrigins - fs.writeJsonSync(configPath, initConfig, { spaces: 2 }) - - const { app } = await startApp({ repoPath }) - const { peerId } = await daemonReady(app) - expect(peerId).toBe(expectedId) - - const config = fs.readJsonSync(configPath) - // ensure app has enabled cors checking - const specificOrigins = newOrigins.filter(origin => origin !== '*') - expect(config.API.HTTPHeaders['Access-Control-Allow-Origin']).toEqual(specificOrigins) - }) - test('starts with repository with "IPFS_PATH/api" file and no daemon running', async () => { // create "remote" repo const { ipfsd } = await makeRepository({ start: true })