feat(koi/pds): fetch() proxying

2024-11-25 01:44:34 +03:00 · 2024-11-25 01:44:34 +03:00 · 7d3ba2d68c
commit 7d3ba2d68c
parent d4fef260a1
2 changed files with 20 additions and 0 deletions
--- a/hosts/koi/containers/pds/default.nix
+++ b/hosts/koi/containers/pds/default.nix
@ -14,7 +14,9 @@ in {

  virtualisation.oci-containers.containers.bluesky-pds = {
    image = "ghcr.io/bluesky-social/pds:sha-b595125a28368fa52d12d3b6ca265c1bea06977f";
+    cmd = [ "node" "--enable-source-maps" "/app/entrypoint.js" ];
    volumes = [
+      "${./entrypoint.js}:/app/entrypoint.js"
      "/srv/bluesky-pds/data:/pds"
      "/srv/bluesky-pds/blobstore:/blobstore"
    ];
--- a/hosts/koi/containers/pds/entrypoint.js
+++ b/hosts/koi/containers/pds/entrypoint.js
@ -0,0 +1,18 @@
+// hack to use a proxy for fetch()
+
+const fs = require('fs')
+
+// since undici is a transitive dependency, we need to load it manually from pnpm store
+const modules = fs.readdirSync('./node_modules/.pnpm')
+const undiciDirname = modules.find(x => x.startsWith('undici@'))
+const undici = require('./node_modules/.pnpm/' + undiciDirname + '/node_modules/undici/index.js')
+
+undici.setGlobalDispatcher(new undici.ProxyAgent('http://172.17.0.1:7890'))
+
+// ssrf protection uses a custom dispatcher that will override the one above
+// we don't actually need ssrf protection since we're proxying all requests,
+// so whatever lol
+process.env.PDS_DISABLE_SSRF_PROTECTION = 'true'
+
+// continue with the rest of the actual entrypoint
+require('./index.js')