Merge branch 'master' into development

DecentralCardGame · Jul 7, 2024 · 3521468 · 3521468
2 parents 0d863dd + 669cfe1
commit 3521468
Show file tree

Hide file tree

Showing 9 changed files with 1,094 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,4 @@ release/
 .DS_Store
 /build
 /cs
+/goat/node_modules
diff --git a/config/nginx-test.conf b/config/nginx-test.conf
@@ -0,0 +1,137 @@
+
+server {
+  listen 443 http2;
+  listen [::]:443 http2;
+  server_name cardchain.crowdcontrol.network;
+  #ssl_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem;
+  #ssl_certificate_key /etc/letsencrypt/live/cardchain.crowdcontrol.network/privkey.pem;
+
+  # Improve HTTPS performance with session resumption
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  # Enable server-side protection against BEAST attacks
+  ssl_protocols TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
+
+  # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
+  ssl_dhparam /etc/nginx/ssl/dhparam-4096.pem;
+  ssl_ecdh_curve secp521r1:secp384r1;
+
+  # Aditional Security Headers
+  # ref: https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
+  add_header X-Frame-Options DENY always;
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+  add_header X-Content-Type-Options nosniff always;
+
+  # ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+  add_header X-Xss-Protection "1; mode=block" always;
+
+  # Enable OCSP stapling
+  # ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_trusted_certificate /etc/letsencrypt/live/cardchain.crowdcontrol.network/fullchain.pem;
+  #resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
+  resolver 127.0.0.11;
+  resolver_timeout 5s;
+
+  location ~ ^/cosmos(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://blockchain:1317$1$is_args$args;
+  }
+
+  location ~ ^/grpc(/.*)?$ {
+    grpc_pass grpcs://blockchain:9090$1$is_args$args;
+  }
+
+  location ~ ^/grpc2(/.*)?$ {
+    grpc_pass grpcs://blockchain:9091$1$is_args$args;
+  }
+
+  location ~ ^/tendermint(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_set_header X-forwarded-proto $scheme;
+    proxy_intercept_errors on;
+    proxy_pass http://blockchain:26657$1$is_args$args;
+  }
+
+  location ~ ^/faucet(/.*)?$ {
+    # Not sending ACAO header because it is already being added by the upstream
+    #add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    if ($request_method = 'OPTIONS') {
+      return 200;
+    }
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://blockchain:4500$1$is_args$args;
+  }
+
+  location /files/ {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    root /;
+  }
+
+  location /goat/ {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://goat:31337;
+  }
+}
diff --git a/config/nginx.conf b/config/nginx.conf
@@ -96,8 +96,8 @@ server {
     # Not sending ACAO header because it is already being added by the upstream
     #add_header 'Access-Control-Allow-Origin' '*' always;
     add_header 'Access-Control-Allow-Credentials' 'true' always;
-    add_header 'Access-Control-Allow-Headers' '*' always;
     add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
     add_header 'Access-Control-Max-Age' 1728000 always;
 
     if ($request_method = 'OPTIONS') {
@@ -110,4 +110,30 @@ server {
     proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
     proxy_pass http://blockchain:4500$1$is_args$args;
   }
+
+  location /files/ {
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    root /;
+  }
+
+  location /goat/ {
+    rewrite ^/goat/(.*)$ /$1 break;
+
+    add_header 'Access-Control-Allow-Origin' '*' always;
+    add_header 'Access-Control-Allow-Credentials' 'true' always;
+    add_header 'Access-Control-Allow-Methods' '*' always;
+    add_header 'Access-Control-Allow-Headers' '*' always;
+    add_header 'Access-Control-Max-Age' 1728000 always;
+
+    proxy_redirect off;
+    proxy_set_header host $host;
+    proxy_set_header X-real-ip $remote_addr;
+    proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
+    proxy_pass http://goat:31337;
+  }
 }
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -15,6 +15,11 @@ services:
       - 9091:9091
       - 4500:4500
 
+  goat:
+    build: ./goat/
+    ports:
+      - 31337:31337
+
   herd:
     image: nginx:latest
     container_name: herd
@@ -23,10 +28,12 @@ services:
       - /etc/letsencrypt/live/cardchain.crowdcontrol.network/privkey.pem:/etc/letsencrypt/live/cardchain.crowdcontrol.network/privkey.pem
       - ./config/nginx.conf:/etc/nginx/conf.d/default.conf
       - /etc/nginx/ssl/dhparam-4096.pem:/etc/nginx/ssl/dhparam-4096.pem
+      - ./files/:/files/
     ports:
       - 80:80
       - 81:81
       - 443:443
     command: /bin/bash -c "exec nginx -g 'daemon off;'"
     depends_on: 
       - blockchain
+      - goat
diff --git a/goat/Dockerfile b/goat/Dockerfile
@@ -0,0 +1,20 @@
+# Use the official Node.js image as the base image
+FROM node:16.14.0-alpine 
+
+# Set the working directory
+WORKDIR /usr/src/app
+
+# Copy package.json and package-lock.json
+COPY package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy the application files
+COPY . .
+
+# Expose the port
+EXPOSE 31337
+
+# Start the application
+CMD [ "node", "app.js" ]
diff --git a/goat/app.js b/goat/app.js
@@ -0,0 +1,61 @@
+const express = require('express');
+const axios = require('axios');
+const querystring = require('node:querystring');
+
+const app = express();
+const PORT = process.env.PORT || 31337;
+
+//let codeValue = 'oHISzAR5RdTef7jVntWuA48Gf044Vr'
+
+const fetchUser = code => {
+	let query = querystring.stringify({
+		'client_id': '1242405621815316502',
+		'client_secret': 'SdY9h2ilQb42AKV3dL8pscd9vcvUc0Bo',
+		'grant_type': 'authorization_code',
+		'code': code,
+		'redirect_uri': 'https://crowdcontrol.network/#/discord',
+		'scope': 'identify'
+    })
+    let headers = {
+        'Content-Type': 'application/x-www-form-urlencoded'
+    }
+
+	return axios.post('https://discordapp.com/api/oauth2/token', query, headers)
+	.then(token => {
+		return axios.get(`https://discordapp.com/api/users/@me`, {
+	        headers: {
+	            "Authorization": "Bearer " + token.data.access_token,
+	    	}
+	    })
+	})
+
+}
+
+app.get('/', (req, res) => {
+	if (!req.query.code) {
+		throw new Error('No code provided - you must provide a token code from Discord')
+	}
+
+	console.log("code", req.query.code)
+
+	return fetchUser(req.query.code)
+	.then(user => {
+		console.log("response", user.data)
+		console.log("status", user.status, user.statusText);
+	 	res.send(user.data);
+	})
+	.catch(err => {
+		console.error(err.response)
+		res.status(500).send(err.message)
+	})
+
+});
+
+app.listen(PORT, () => {
+  console.log(`Server running on port ${PORT}`);
+});
+
+
+
+
+