Dev environment #41
Dev environment #41
Conversation
nginx/server.conf
Outdated
| if ($http_x_forwarded_proto = "https") { | ||
| set $real_scheme https; | ||
| } | ||
| if ($http_x_forwarded_proto = "") { | ||
| set $real_scheme http; | ||
| } |
There was a problem hiding this comment.
Not a blocker - I think we could use a map directive and dry this up:
map $http_x_forwarded_proto $real_scheme {
default http;
https https;
}
I think it might have to go at the http level though 🤔
http {
map $http_x_forwarded_proto $real_scheme {
default http;
https https;
}
server {
location /.ghost/activitypub {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $real_scheme;
proxy_pass http://activitypub:8080;
}
...
}
}
There was a problem hiding this comment.
Yeah this is nice - I'll try it and update
| - NODE_ENV=testing | ||
| - ALLOW_PRIVATE_ADDRESS=true | ||
| - SKIP_SIGNATURE_VERIFICATION=true |
There was a problem hiding this comment.
Should we make a note here (comment) or / and track (in linear task) that we need to come back to this once the signature stuff has been sorted (or maybe make a note on the task for that if we have one?)
scripts/bin/populate-activitypub-db
Outdated
| # Define variables | ||
| PRIVATE_KEY="private.pem" | ||
| KEY_ID="http://fake-mastodon:8080/user/john#main-key" | ||
|
|
||
| BODY=$(echo "{\"@context\": \"https://www.w3.org/ns/activitystreams\", \"id\": \"http://fake-mastodon:8080/activity/$RANDOM\", \"type\": \"Follow\", \"actor\": \"http://fake-mastodon:8080/user/john\", \"object\": \"http://activitypub:8080/.ghost/activitypub/users/index\", \"to\": [\"http://activitypub:8080/.ghost/activitypub/users/index\"], \"cc\": [\"http://fake-mastodon:8080/user/john/following\"]}" | jq -c .) | ||
|
|
||
| DIGEST=$(echo -n "$BODY" | openssl dgst -sha256 -binary | openssl base64) | ||
| REQUEST_TARGET="post /.ghost/activitypub/inbox/index" | ||
| HOST="activitypub" | ||
| DATE=$(date -R) | ||
| SIGN_STRING="(request-target): $REQUEST_TARGET\nhost: $HOST\ndate: $DATE\ndigest: SHA-256=$DIGEST" | ||
|
|
||
| # Sign the string | ||
| SIGNATURE=$(echo -n "$SIGN_STRING" | openssl dgst -sha256 -sign $PRIVATE_KEY | openssl base64 -A) | ||
|
|
||
| # Construct the Authorization header | ||
| AUTH_HEADER="keyId=\"$KEY_ID\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest\",signature=\"$SIGNATURE\"" | ||
|
|
||
| # Make the request | ||
| curl -v -X POST http://activitypub:8080/.ghost/activitypub/inbox/index \ | ||
| -H "Host: $HOST" \ | ||
| -H "Date: $DATE" \ | ||
| -H "Digest: SHA-256=$DIGEST" \ | ||
| -H "Signature: $AUTH_HEADER" \ | ||
| -d "$BODY" |
There was a problem hiding this comment.
This a left over? (occurs after the script has exited)
| @@ -0,0 +1,177 @@ | |||
| #!/usr/bin/env bash | |||
There was a problem hiding this comment.
Not a blocker - Kudos on persevering with raw bash here, the script is easy / clear to follow and grok 👌
Thoughts on using https://github.com/google/zx for stuff like this (not suggesting you change anything here 👍)?
There was a problem hiding this comment.
Oooh I remember seeing this before, still not tried it! I'm happy to give it a go!
scripts/bin/populate-activitypub-db
Outdated
| PRIVATE_KEY="private.pem" | ||
|
|
||
| # Loop 5000 times | ||
| for i in $(seq 1 5000); do |
There was a problem hiding this comment.
Should we make it so the 5000 can be passed into the script?
This was causing issues when trying to hit activitypub over http as the origins would not match. Instead should forward the X-Forwarded-Proto header if it's present, which will allow us to continue working with Tailscale funnel, whilst keeping basic local development working.
This is going to make things easier when running scripts against our service Once we've solved signatures, we can re-enable the signature verification, but we need to allow local addresses if we want to work with wiremock.
allouis
force-pushed
the
dev-environment
branch
from
4a6a133 to
67086c2
Compare
Added a script to allow populating the local db with 5k followers
This also sets the groundwork for adding more scripts to run against our dev environment