From 7d3ba2d68cf00a21f06e40d3c285dd728d0048fb Mon Sep 17 00:00:00 2001 From: teidesu Date: Mon, 25 Nov 2024 01:44:34 +0300 Subject: [PATCH] feat(koi/pds): fetch() proxying --- hosts/koi/containers/pds/default.nix | 2 ++ hosts/koi/containers/pds/entrypoint.js | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 hosts/koi/containers/pds/entrypoint.js diff --git a/hosts/koi/containers/pds/default.nix b/hosts/koi/containers/pds/default.nix index eb14248..f912647 100644 --- a/hosts/koi/containers/pds/default.nix +++ b/hosts/koi/containers/pds/default.nix @@ -14,7 +14,9 @@ in { virtualisation.oci-containers.containers.bluesky-pds = { image = "ghcr.io/bluesky-social/pds:sha-b595125a28368fa52d12d3b6ca265c1bea06977f"; + cmd = [ "node" "--enable-source-maps" "/app/entrypoint.js" ]; volumes = [ + "${./entrypoint.js}:/app/entrypoint.js" "/srv/bluesky-pds/data:/pds" "/srv/bluesky-pds/blobstore:/blobstore" ]; diff --git a/hosts/koi/containers/pds/entrypoint.js b/hosts/koi/containers/pds/entrypoint.js new file mode 100644 index 0000000..0fde9bf --- /dev/null +++ b/hosts/koi/containers/pds/entrypoint.js @@ -0,0 +1,18 @@ +// hack to use a proxy for fetch() + +const fs = require('fs') + +// since undici is a transitive dependency, we need to load it manually from pnpm store +const modules = fs.readdirSync('./node_modules/.pnpm') +const undiciDirname = modules.find(x => x.startsWith('undici@')) +const undici = require('./node_modules/.pnpm/' + undiciDirname + '/node_modules/undici/index.js') + +undici.setGlobalDispatcher(new undici.ProxyAgent('http://172.17.0.1:7890')) + +// ssrf protection uses a custom dispatcher that will override the one above +// we don't actually need ssrf protection since we're proxying all requests, +// so whatever lol +process.env.PDS_DISABLE_SSRF_PROTECTION = 'true' + +// continue with the rest of the actual entrypoint +require('./index.js') \ No newline at end of file