From f9e394180ff5dffd467c5ba3fb64e9e1035e7b31 Mon Sep 17 00:00:00 2001 From: J the Code Monkey Date: Mon, 18 Nov 2024 23:00:54 -0500 Subject: [PATCH] chore: add strfry binary verification to strfry29 relay install and turn server tokens off for nginx http server when redirecting to https --- pkg/relays/khatru29/install.go | 10 +++--- pkg/relays/khatru29/nginx_https.go | 3 ++ pkg/relays/khatru_pyramid/install.go | 10 +++--- pkg/relays/khatru_pyramid/nginx_https.go | 3 ++ pkg/relays/nostr_rs_relay/install.go | 10 +++--- pkg/relays/nostr_rs_relay/nginx_https.go | 3 ++ pkg/relays/strfry/install.go | 10 +++--- pkg/relays/strfry/nginx_https.go | 3 ++ pkg/relays/strfry29/install.go | 41 +++++++++++++----------- pkg/relays/strfry29/nginx_https.go | 3 ++ pkg/relays/wot_relay/install.go | 10 +++--- pkg/relays/wot_relay/nginx_https.go | 3 ++ pkg/verification/verify.go | 7 ++-- 13 files changed, 68 insertions(+), 48 deletions(-) diff --git a/pkg/relays/khatru29/install.go b/pkg/relays/khatru29/install.go index a5bbb54..e10a562 100644 --- a/pkg/relays/khatru29/install.go +++ b/pkg/relays/khatru29/install.go @@ -12,7 +12,7 @@ import ( // Function to download and make the binary executable func InstallRelayBinary() { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binary...", RelayName)) // Determine the file name from the URL tmpFileName := filepath.Base(DownloadURL) @@ -26,12 +26,12 @@ func InstallRelayBinary() { // Download and copy the file files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binary downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(RelayName, tmpFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binary...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -56,5 +56,5 @@ func InstallRelayBinary() { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binary installed", RelayName)) } diff --git a/pkg/relays/khatru29/nginx_https.go b/pkg/relays/khatru29/nginx_https.go index 60c7f6e..d71fa0e 100644 --- a/pkg/relays/khatru29/nginx_https.go +++ b/pkg/relays/khatru29/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/relays/khatru_pyramid/install.go b/pkg/relays/khatru_pyramid/install.go index 4cc554e..4b380b3 100644 --- a/pkg/relays/khatru_pyramid/install.go +++ b/pkg/relays/khatru_pyramid/install.go @@ -13,7 +13,7 @@ import ( // Function to download and make the binary executable func InstallRelayBinary(pubKey string) { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binary...", RelayName)) // Determine the file name from the URL tmpFileName := filepath.Base(DownloadURL) @@ -27,12 +27,12 @@ func InstallRelayBinary(pubKey string) { // Download and copy the file files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binary downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(RelayName, tmpFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binary...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -72,5 +72,5 @@ func InstallRelayBinary(pubKey string) { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binary installed", RelayName)) } diff --git a/pkg/relays/khatru_pyramid/nginx_https.go b/pkg/relays/khatru_pyramid/nginx_https.go index 14a0277..05cca13 100644 --- a/pkg/relays/khatru_pyramid/nginx_https.go +++ b/pkg/relays/khatru_pyramid/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/relays/nostr_rs_relay/install.go b/pkg/relays/nostr_rs_relay/install.go index fe033a5..262655e 100644 --- a/pkg/relays/nostr_rs_relay/install.go +++ b/pkg/relays/nostr_rs_relay/install.go @@ -14,7 +14,7 @@ import ( // Function to download and make the binary executable func InstallRelayBinary() { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binary...", RelayName)) // Check for and remove existing git repository directories.RemoveDirectory(GitRepoTmpDirPath) @@ -36,12 +36,12 @@ func InstallRelayBinary() { // Download and copy the file files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binary downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(RelayName, tmpFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binary...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -66,5 +66,5 @@ func InstallRelayBinary() { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binary installed", RelayName)) } diff --git a/pkg/relays/nostr_rs_relay/nginx_https.go b/pkg/relays/nostr_rs_relay/nginx_https.go index e5b2889..12cc543 100644 --- a/pkg/relays/nostr_rs_relay/nginx_https.go +++ b/pkg/relays/nostr_rs_relay/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/relays/strfry/install.go b/pkg/relays/strfry/install.go index 5dd40d7..a19eb83 100644 --- a/pkg/relays/strfry/install.go +++ b/pkg/relays/strfry/install.go @@ -14,7 +14,7 @@ import ( // Function to download and make the binary executable func InstallRelayBinary() { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binary...", RelayName)) // Check for and remove existing git repository directories.RemoveDirectory(GitRepoTmpDirPath) @@ -37,12 +37,12 @@ func InstallRelayBinary() { // Download and copy the file files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binary downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(RelayName, tmpFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binary...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -67,5 +67,5 @@ func InstallRelayBinary() { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binary installed", RelayName)) } diff --git a/pkg/relays/strfry/nginx_https.go b/pkg/relays/strfry/nginx_https.go index 91b0cc4..708c672 100644 --- a/pkg/relays/strfry/nginx_https.go +++ b/pkg/relays/strfry/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/relays/strfry29/install.go b/pkg/relays/strfry29/install.go index 97256a8..373069c 100644 --- a/pkg/relays/strfry29/install.go +++ b/pkg/relays/strfry29/install.go @@ -12,9 +12,9 @@ import ( "path/filepath" ) -// Function to download and make the binary executable +// Function to download and make the binary and plugin binary executable func InstallRelayBinary() { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binaries...", RelayName)) // Check for and remove existing git repository directories.RemoveDirectory(GitRepoTmpDirPath) @@ -26,38 +26,38 @@ func InstallRelayBinary() { // Install // Determine the file name from the URL - tmpFileName := filepath.Base(DownloadURL) + tmpBinaryFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) + tmpBinaryFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpBinaryFileName) // Check if the temporary file exists and remove it if it does - files.RemoveFile(tmpFilePath) + files.RemoveFile(tmpBinaryFilePath) // Download and copy the file - files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - - // Extract binary - files.ExtractFile(tmpFilePath, relays.BinaryDestDir) + files.DownloadAndCopyFile(tmpBinaryFilePath, DownloadURL) // Determine the file name from the URL - tmpFileName = filepath.Base(BinaryPluginDownloadURL) + tmpBinaryPluginFileName := filepath.Base(BinaryPluginDownloadURL) // Temporary file path - tmpFilePath = fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) + tmpBinaryPluginFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpBinaryPluginFileName) // Check if the temporary file exists and remove it if it does - files.RemoveFile(tmpFilePath) + files.RemoveFile(tmpBinaryPluginFilePath) // Download and copy the file - files.DownloadAndCopyFile(tmpFilePath, BinaryPluginDownloadURL) + files.DownloadAndCopyFile(tmpBinaryPluginFilePath, BinaryPluginDownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binaries downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(BinaryName, tmpBinaryFilePath) + + // Verify relay binary plugin + verification.VerifyRelayBinary(fmt.Sprintf("%s plugin", RelayName), tmpBinaryPluginFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binaries...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -69,8 +69,11 @@ func InstallRelayBinary() { installSpinner.UpdateText("Service file not found...") } - // Extract binary - files.ExtractFile(tmpFilePath, relays.BinaryDestDir) + // Extract relay binary + files.ExtractFile(tmpBinaryFilePath, relays.BinaryDestDir) + + // Extract relay binary plugin + files.ExtractFile(tmpBinaryPluginFilePath, relays.BinaryDestDir) // TODO // Currently, the downloaded binary is expected to have a name that matches the BinaryName variable @@ -88,5 +91,5 @@ func InstallRelayBinary() { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binaries installed", RelayName)) } diff --git a/pkg/relays/strfry29/nginx_https.go b/pkg/relays/strfry29/nginx_https.go index 054aace..2d5ec33 100644 --- a/pkg/relays/strfry29/nginx_https.go +++ b/pkg/relays/strfry29/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/relays/wot_relay/install.go b/pkg/relays/wot_relay/install.go index 73ce193..cf21857 100644 --- a/pkg/relays/wot_relay/install.go +++ b/pkg/relays/wot_relay/install.go @@ -14,7 +14,7 @@ import ( // Function to download and make the binary executable func InstallRelayBinary(pubKey string) { - downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s relay binary...", RelayName)) + downloadSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Downloading %s binary...", RelayName)) // Check for and remove existing git repository directories.RemoveDirectory(GitRepoTmpDirPath) @@ -36,12 +36,12 @@ func InstallRelayBinary(pubKey string) { // Download and copy the file files.DownloadAndCopyFile(tmpFilePath, DownloadURL) - downloadSpinner.Success(fmt.Sprintf("%s relay binary downloaded", RelayName)) + downloadSpinner.Success(fmt.Sprintf("%s binary downloaded", RelayName)) // Verify relay binary - verification.VerifyRelayBinary(tmpFilePath) + verification.VerifyRelayBinary(RelayName, tmpFilePath) - installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s relay binary...", RelayName)) + installSpinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Installing %s binary...", RelayName)) // Check if the service file exists and disable and stop the service if it does if files.FileExists(ServiceFilePath) { @@ -81,5 +81,5 @@ func InstallRelayBinary(pubKey string) { // Make the file executable files.SetPermissions(destPath, 0755) - installSpinner.Success(fmt.Sprintf("%s relay binary installed", RelayName)) + installSpinner.Success(fmt.Sprintf("%s binary installed", RelayName)) } diff --git a/pkg/relays/wot_relay/nginx_https.go b/pkg/relays/wot_relay/nginx_https.go index f284606..b4685ec 100644 --- a/pkg/relays/wot_relay/nginx_https.go +++ b/pkg/relays/wot_relay/nginx_https.go @@ -122,6 +122,9 @@ server { location / { return 301 https://%s$request_uri; } + + # Only return Nginx in server header + server_tokens off; } `, domainName, network.WWWDirPath, domainName, network.AcmeChallengeDirPath, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.WWWDirPath, domainName, domainName) diff --git a/pkg/verification/verify.go b/pkg/verification/verify.go index 3449a14..4cea44e 100644 --- a/pkg/verification/verify.go +++ b/pkg/verification/verify.go @@ -13,9 +13,8 @@ import ( ) // Function to verify relay binaries -func VerifyRelayBinary(path string) { - spinner, _ := pterm.DefaultSpinner.Start("Verifying relay binary...") - pterm.Println() +func VerifyRelayBinary(relayName, path string) { + spinner, _ := pterm.DefaultSpinner.Start(fmt.Sprintf("Verifying %s binary...", relayName)) // Import NODE-TEC PGP key commands.PipeTwoCommands(exec.Command("curl", NodeTecKeybasePGPKeyURL), exec.Command("gpg", "--import"), "Failed to import NODE-TEC PGP key:") @@ -88,7 +87,7 @@ func VerifyRelayBinary(path string) { // Search the manifest file for the hash if strings.Contains(string(data), sha512Hash) { spinner.UpdateText(fmt.Sprintf("Verified the SHA512 hash of the %s file", path)) - spinner.Success("Relay binary verified") + spinner.Success(fmt.Sprintf("%s binary verified", relayName)) } else { pterm.Println() pterm.Error.Println(fmt.Sprintf("Failed to verify the %s file, the SHA512 hash doesn't match the SHA512 hash in the %s file", path, relaysManifestFilePath))