From 164a9dab17b3aa71fec064ba0d22b12c6fd09b98 Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Thu, 6 Jan 2022 18:42:48 -0500
Subject: [PATCH 1/3] refactored nginx configs

- handle CORS within nginx
- remove allow-headers from CORS
- add custom dynamic error pages
- remove unused fastcgi
- removed OPTIONS backend
- remove previous custom errorDirective
- moved proxy directives to appropiate file
---
 nginx/cors.conf        | 10 ++++++++++
 nginx/error.conf       |  7 +++++++
 nginx/error/error.html |  1 +
 nginx/error_map.conf   | 15 ++++++++++++++
 nginx/fastcgi.conf     | 26 ------------------------
 nginx/nginx.conf       | 45 +++++++++++++-----------------------------
 nginx/proxy.conf       | 23 ++++++++++-----------
 src/middleware/cors.ts |  1 -
 8 files changed, 59 insertions(+), 69 deletions(-)
 create mode 100644 nginx/cors.conf
 create mode 100644 nginx/error.conf
 create mode 100644 nginx/error/error.html
 create mode 100644 nginx/error_map.conf
 delete mode 100644 nginx/fastcgi.conf

diff --git a/nginx/cors.conf b/nginx/cors.conf
new file mode 100644
index 0000000..1182113
--- /dev/null
+++ b/nginx/cors.conf
@@ -0,0 +1,10 @@
+if ($request_method = 'OPTIONS') {
+  add_header 'Access-Control-Allow-Origin' '*';
+  add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE';
+  # cache CORS for 24 hours
+  add_header 'Access-Control-Max-Age' 86400;
+  # return empty response for preflight
+  add_header 'Content-Type' 'text/plain; charset=UTF-8';
+  add_header 'Content-Length' 0;
+  return 204;
+}
\ No newline at end of file
diff --git a/nginx/error.conf b/nginx/error.conf
new file mode 100644
index 0000000..e61d9bd
--- /dev/null
+++ b/nginx/error.conf
@@ -0,0 +1,7 @@
+error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error_message;
+
+location = /error.html {
+  ssi on;
+  internal;
+  root /etc/nginx/error;
+}
\ No newline at end of file
diff --git a/nginx/error/error.html b/nginx/error/error.html
new file mode 100644
index 0000000..ece1e33
--- /dev/null
+++ b/nginx/error/error.html
@@ -0,0 +1 @@
+<!--# echo var="status"--> <!--# echo var="status_text"--> https://status.sponsor.ajay.app
\ No newline at end of file
diff --git a/nginx/error_map.conf b/nginx/error_map.conf
new file mode 100644
index 0000000..8de14c7
--- /dev/null
+++ b/nginx/error_map.conf
@@ -0,0 +1,15 @@
+map $status $status_text {
+  400 'Bad Request';
+  401 'Unauthorized';
+  403 'Forbidden';
+  404 'Not Found';
+  405 'Method Not Allowed';
+  408 'Request Timeout';
+  409 'Conflict';
+  429 'Too Many Requests';
+  500 'Internal Server Error';
+  502 'Bad Gateway';
+  503 'Service Unavailable';
+  504 'Gateway Timeout';
+  505 'HTTP Version Not Supported';
+}
\ No newline at end of file
diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf
deleted file mode 100644
index 091738c..0000000
--- a/nginx/fastcgi.conf
+++ /dev/null
@@ -1,26 +0,0 @@
-
-fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
-fastcgi_param  QUERY_STRING       $query_string;
-fastcgi_param  REQUEST_METHOD     $request_method;
-fastcgi_param  CONTENT_TYPE       $content_type;
-fastcgi_param  CONTENT_LENGTH     $content_length;
-
-fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
-fastcgi_param  REQUEST_URI        $request_uri;
-fastcgi_param  DOCUMENT_URI       $document_uri;
-fastcgi_param  DOCUMENT_ROOT      $document_root;
-fastcgi_param  SERVER_PROTOCOL    $server_protocol;
-fastcgi_param  REQUEST_SCHEME     $scheme;
-fastcgi_param  HTTPS              $https if_not_empty;
-
-fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
-fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
-
-fastcgi_param  REMOTE_ADDR        $remote_addr;
-fastcgi_param  REMOTE_PORT        $remote_port;
-fastcgi_param  SERVER_ADDR        $server_addr;
-fastcgi_param  SERVER_PORT        $server_port;
-fastcgi_param  SERVER_NAME        $server_name;
-
-# PHP only, required if PHP was built with --enable-force-cgi-redirect
-fastcgi_param  REDIRECT_STATUS    200;
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 7eb7317..f84c2bd 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -16,16 +16,15 @@ http {
 	
 	include		/etc/nginx/mime.types;
 	include		/etc/nginx/proxy.conf;
-	include		/etc/nginx/fastcgi.conf;
-	## Custom MIME definition
+	# error_map has to be at http level
+	include	  /etc/nginx/error_map.conf;
+	# Custom MIME definition
 	types {
 		text/csv	csv;
 	}
 	# keepalive settings
 	keepalive_requests		10;
 	keepalive_timeout		5;
-	proxy_http_version 1.1;
-	proxy_set_header Connection "";
 	access_log off;
 	error_log /dev/null crit;
 
@@ -66,15 +65,11 @@ http {
 		server		10.0.0.3:4441;
 		#server		10.0.0.3:4442;
 	}
-	upstream backend_OPTIONS {
-		server		10.0.0.3:4441;
-	}
 	upstream backend_db {
 		server		10.0.0.4:4441;
 		#server		10.0.0.3:4441;
 		#server		10.0.0.4; 
 	}
-
 	upstream backend_db_dl {
 		server		10.0.0.4;
 	}
@@ -86,26 +81,7 @@ http {
 	server {
 		server_name sponsor.ajay.app api.sponsor.ajay.app;
 
-		error_page	404 /404.html;
-		#error_page	500 @myerrordirective_500;
-		#error_page	502 @myerrordirective_502;
-		#error_page	504 @myerrordirective_504;
-		#location =	/404 {
-		#	root /home/sbadmin/caddy/SponsorBlockSite/public-prod;
-		#	internal;
-		#}
-
-		#proxy_send_timeout 120s;
-
-		#location @myerrordirective_500 {
-		#	return 400 "Internal Server Error";
-		#}
-		#location @myerrordirective_502 {
-		#	return 400 "Bad Gateway";
-		#}
-		#location @myerrordirective_504 {
-		#    return 400 "Gateway Timeout";
-		#}
+		include		  /etc/nginx/error.conf;
 
 		location /news {
 			return	301		https://blog.ajay.app/sponsorblock;
@@ -124,6 +100,7 @@ http {
 		#access_log /etc/nginx/logs/requests.log no_ip buffer=64k;
 
 		location /api/skipSegments {
+			include				/etc/nginx/cors.conf
 			#return 200 "[]";
 			proxy_pass		http://backend_$request_method;
 			#proxy_cache	CACHEZONE;
@@ -134,31 +111,35 @@ http {
 			if ($request_method = POST) {
 				access_log /etc/nginx/logs/submissions.log user_agent buffer=64k;
 			}
-				
+
 			#proxy_read_timeout 6s;
 			#proxy_next_upstream error timeout http_500 http_502;
 		}
 
 		location /api/getTopUsers {
+			include				/etc/nginx/cors.conf
 			proxy_pass		http://backend_GET;
 			proxy_cache		CACHEZONE;
 			proxy_cache_valid	20m;
 		}
 
 		location /api/getTotalStats {
+			include		 /etc/nginx/cors.conf
 			proxy_pass http://backend_GET;
 			proxy_cache CACHEZONE;
 			proxy_cache_valid 20m;
-			#return 200 "";
+			#return 204;
 		}
 
 		location /api/getTopCategoryUsers {
+			include				/etc/nginx/cors.conf
 			proxy_pass		http://backend_GET;
 			proxy_cache		CACHEZONE;
 			proxy_cache_valid	20m;
 		}
 
 		location /api/getVideoSponsorTimes {
+			include		/etc/nginx/cors.conf
 			proxy_pass http://backend_GET;
 		}
 
@@ -174,10 +155,11 @@ http {
 			#proxy_buffering off;		
 	
 
-			proxy_pass  http://backend_db;
+			proxy_pass http://backend_db;
       #alias		/home/sbadmin/sponsor/docker/database-export/;
 			#return 307 https://rsync.sponsor.ajay.app$request_uri;
 		}
+
 		location /database {
 			proxy_pass  http://backend_db;
 			#return 200 "Disabled for load reasons";
@@ -202,6 +184,7 @@ http {
 		#}
 
 		location /api {
+			include			/etc/nginx/cors.conf
 			proxy_pass	http://backend_POST;
 		}
 		
diff --git a/nginx/proxy.conf b/nginx/proxy.conf
index 9d0cf5f..081af02 100644
--- a/nginx/proxy.conf
+++ b/nginx/proxy.conf
@@ -1,11 +1,12 @@
-proxy_redirect          off;
-proxy_set_header        Host            $host;
-proxy_set_header        X-Real-IP       $remote_addr;
-proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-client_max_body_size    10m;
-client_body_buffer_size 128k;
-proxy_connect_timeout   10;
-proxy_send_timeout      10;
-proxy_read_timeout      10;
-#worker_shutdown_timeout	10;
-proxy_buffers           32 4k;
+proxy_redirect            off;
+proxy_set_header          Host            $host;
+proxy_set_header          X-Real-IP       $remote_addr;
+proxy_set_header          X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header          Connection      "";
+client_max_body_size      10m;
+client_body_buffer_size   128k;
+proxy_connect_timeout     10;
+proxy_send_timeout        10;
+proxy_read_timeout        10;
+proxy_buffers             32 4k;
+proxy_http_version        1.1;
\ No newline at end of file
diff --git a/src/middleware/cors.ts b/src/middleware/cors.ts
index 84b30e4..1cda853 100644
--- a/src/middleware/cors.ts
+++ b/src/middleware/cors.ts
@@ -2,7 +2,6 @@ import { NextFunction, Request, Response } from "express";
 
 export function corsMiddleware(req: Request, res: Response, next: NextFunction): void {
     res.header("Access-Control-Allow-Origin", "*");
-    res.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Accept");
     res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
     next();
 }

From 7472af714aef7b6ce20c5fe4b12f97cfc0cffa5c Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Thu, 6 Jan 2022 18:49:49 -0500
Subject: [PATCH 2/3] missing semicolons

---
 nginx/nginx.conf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index f84c2bd..6ef2d44 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -100,7 +100,7 @@ http {
 		#access_log /etc/nginx/logs/requests.log no_ip buffer=64k;
 
 		location /api/skipSegments {
-			include				/etc/nginx/cors.conf
+			include				/etc/nginx/cors.conf;
 			#return 200 "[]";
 			proxy_pass		http://backend_$request_method;
 			#proxy_cache	CACHEZONE;
@@ -117,14 +117,14 @@ http {
 		}
 
 		location /api/getTopUsers {
-			include				/etc/nginx/cors.conf
+			include				/etc/nginx/cors.conf;
 			proxy_pass		http://backend_GET;
 			proxy_cache		CACHEZONE;
 			proxy_cache_valid	20m;
 		}
 
 		location /api/getTotalStats {
-			include		 /etc/nginx/cors.conf
+			include		 /etc/nginx/cors.conf;
 			proxy_pass http://backend_GET;
 			proxy_cache CACHEZONE;
 			proxy_cache_valid 20m;
@@ -132,14 +132,14 @@ http {
 		}
 
 		location /api/getTopCategoryUsers {
-			include				/etc/nginx/cors.conf
+			include				/etc/nginx/cors.conf;
 			proxy_pass		http://backend_GET;
 			proxy_cache		CACHEZONE;
 			proxy_cache_valid	20m;
 		}
 
 		location /api/getVideoSponsorTimes {
-			include		/etc/nginx/cors.conf
+			include		/etc/nginx/cors.conf;
 			proxy_pass http://backend_GET;
 		}
 
@@ -184,7 +184,7 @@ http {
 		#}
 
 		location /api {
-			include			/etc/nginx/cors.conf
+			include			/etc/nginx/cors.conf;
 			proxy_pass	http://backend_POST;
 		}
 		

From 77de17c81021b1bbf99bab8d4e066aca72bb8593 Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Thu, 6 Jan 2022 21:31:34 -0500
Subject: [PATCH 3/3] add allow-headers content-type

---
 nginx/cors.conf        | 1 +
 src/middleware/cors.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/nginx/cors.conf b/nginx/cors.conf
index 1182113..03c163d 100644
--- a/nginx/cors.conf
+++ b/nginx/cors.conf
@@ -1,6 +1,7 @@
 if ($request_method = 'OPTIONS') {
   add_header 'Access-Control-Allow-Origin' '*';
   add_header 'Access-Control-Allow-Methods' 'GET, POST, DELETE';
+  add_header 'Access-Control-Allow-Headers', 'Content-Type'
   # cache CORS for 24 hours
   add_header 'Access-Control-Max-Age' 86400;
   # return empty response for preflight
diff --git a/src/middleware/cors.ts b/src/middleware/cors.ts
index 1cda853..e3b71ab 100644
--- a/src/middleware/cors.ts
+++ b/src/middleware/cors.ts
@@ -3,5 +3,6 @@ import { NextFunction, Request, Response } from "express";
 export function corsMiddleware(req: Request, res: Response, next: NextFunction): void {
     res.header("Access-Control-Allow-Origin", "*");
     res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
+    res.header("Access-Control-Allow-Headers", "Content-Type");
     next();
 }