-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Http backend #61
Http backend #61
Conversation
5c0d25a
to
b0e11e6
Compare
4ab4671
to
b0534f6
Compare
ae865bf
to
40d2703
Compare
025d161
to
8a06f33
Compare
c511a6b
to
2482b30
Compare
d7e9ea0
to
b5c6c98
Compare
@pipermerriam ping for review. The scheme i'm using here isn't quite exactly, what's discussed in the ERC 1319](ethereum/EIPs#1319), I'm not sure if that's a problem or not. IMO just using the I also thought about requiring a content hash fragment suffixing the github uri . . . i.e. |
@njgheorghita on not including the hash in the URL: I don't think this is ok. While I agree that it doesn't allow for arbitrary modification of the resouce by the user, it doesn't provide protection against github serving up incorrect content. I acknowledge this probably isn't a concern we're likely to see realized, but I'd prefer we do it correctly and both require the hash as well as verifying the payload we receive matches said hash. Which makes me realize that we should be doing the same with the IPFS gateway backends (and probably generically via any of the IPFS backends) just to be doubly sure that the content we receive is indeed the content that should have been at the address. |
6a4d4f2
to
04c78eb
Compare
6cc6b74
to
a2fe704
Compare
@pipermerriam Makes sense, added the requirement for a valid content hash to the end of github uris. And added a validation to IPFS backend that the hash of the retrieved contents matches the content hash in the uri |
5277de2
to
ac6b813
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I evidently never committed these two comments.
@pytest.mark.parametrize( | ||
"uri", | ||
( | ||
"https://raw.githubusercontent.com/ethpm/ethpm-spec/3945c47dedb04930ee12c0281494a1b5bdd692a0/examples/owned/1.0.0.json", # noqa: E501 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Worth pointing out that this test will fail occasionally in CI since it makes network requests. I think that's ok for now, but it might be worth leaving a note in the test indicating as much.
tests/ethpm/utils/test_uri_utils.py
Outdated
("https://raw.githubusercontent.com", False), | ||
# valid github urls | ||
("http://raw.githubusercontent.com/any/path", True), | ||
("https://raw.githubusercontent.com/any/path", True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Allowing this will result in people not using content addressed URIs, which will result in people not correctly linking to commit based files which will lead to people using URIs like https://raw.githubusercontent.com/ethpm/ethpm-spec/master/examples/owned/1.0.0.json which will lead to people getting content that isn't guaranteed to remain static and I don't think that's something we want to allow.
docs/uri_backends.rst
Outdated
|
||
.. py:method:: BaseURIBackend.can_resolve_uri(uri) | ||
|
||
Returns a bool indicating whether or not this backend is capable of resolving the given URI to a manifest. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to cleanup now but:
- Wrong ?tense?. I think the official term is "imperitive present tense". See: Add
BeaconStateMachine
outline ethereum/py-evm#1373 (comment) - These are more suited for API docs and thus can be done with
autodoc
and docstrings. Take a look at how @cburgdorf has structured the documentation inpy-evm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 autodoc, moving all (or as many) of the docs over to autodoc is next on my todo list
- Go to the target manifest in your browser. | ||
- Press ``y`` to generate the permalink in the address bar. | ||
- Replace ``"github"`` with ``"raw.githubusercontent"``, and remove the ``"blob"`` namespace from the URI. | ||
- Suffix the URI with ``#`` followed by the ``keccak`` hash of the bytes found at the Github URI. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not for this PR, but it'd be pretty cool to provide a utility on the GithubOverHTTPSBackend
that did this automatically with a uri and supported a handful of formats.
>>> GithubOverHTTPSBackend.get_permalink_with_content_hash('https://github.com/ethpm/ethpm-spec/blob/master/examples/owned/1.0.0.json')
"https://raw.githubusercontent.com/ethpm/ethpm-spec/3945c47dedb04930ee12c0281494a1b5bdd692a0/examples/owned/1.0.0.json#0x01cbc2a69a9f86e9d9e7b87475e2ba2619404dc8d6ee3cb3a8acf3176c2cace1"
Should be able to:
- parse the repository name and file path and branch
- use the github API to pull the latest commit hash
- generate the
raw.github.com
URL - pull the file and compute the
keccak
of the contents.
This would be something well defined enough that it could be bountied.
ethpm/backends/http.py
Outdated
return False | ||
|
||
def fetch_uri_contents(self, uri: str) -> bytes: | ||
http_uri, validation_hash = uri.split("#") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use urllib.parse.urlpase
and pull the fragment
from that return value.
ethpm/backends/ipfs.py
Outdated
validation_hash = generate_file_hash(contents) | ||
if validation_hash != ipfs_hash: | ||
raise ValidationError( | ||
"Hashed IPFS contents retrieved from uri: {0} " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you're python 3.6+ you can start using f-strings for formatting: https://realpython.com/python-f-strings/
ethpm/validation.py
Outdated
raise ValidationError( | ||
"Invalid content-addressed URI. " | ||
"Validation hash:{0} does not match the hash of URI contents: {1}.".format( | ||
decoded_validation, hashed_contents |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably good to output these in their hex encoded formats for friendlier error messages.
tests/conftest.py
Outdated
@@ -104,6 +104,12 @@ def _get_factory(package, factory_name): | |||
return _get_factory | |||
|
|||
|
|||
@pytest.fixture | |||
def owned_contract(): | |||
with open(V2_PACKAGES_DIR / "owned" / "contracts" / "Owned.sol") as file_obj: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can also do (V2_PACKAGES_DIR / "owned" / "contracts" / "Owned.sol").open()
but I'm undecided on whether I think it's a good pattern. The outer parenthesis wrapping is sort of awkward. Not advocating change, just bringing up my thoughts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed on the parenthesis wrapping being weird, but i'm a fan of pathlib and think the weirdness is worth it
tests/ethpm/test_dependencies.py
Outdated
@@ -43,7 +43,7 @@ def test_get_dependency_package(dependencies): | |||
|
|||
def test_validate_build_dependencies(dummy_ipfs_backend, piper_coin_manifest): | |||
result = validate_build_dependency( | |||
"standard-token", "ipfs://QmVu9zuza5mkJwwcFdh2SXBugm1oSgZVuEKkph9XLsbUwg" | |||
"standard-token", "ipfs://QmVu9zuza5mkJwwcFdh2SXBugm1oSgZVuEKkph9XLsbUwg#0x123" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's this doing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😬 nothing 😬
ac6b813
to
1f977b5
Compare
What was wrong?
URI backend needed to serve content-addressed github URIs
How was it fixed?
Wrote backend that serves github URIs conforming to
https://raw.githubusercontent.com/user/repo/commit_hash/path/to/manifest.json
Cute Animal Picture