Add flag to decompress brotli server-side

docs/src/guides/testing.md

@@ -46,6 +46,10 @@ View the inscription in the regtest explorer:
 ```
 ord -r server
 ```
+If you want to test Brotli encoded content over http you need to add:
+```
+ord -r server --decompress-brotli
+```
 
 Testing Recursion
 -----------------

src/subcommand/server.rs

@@ -29,14 +29,15 @@ use {
     Router, TypedHeader,
   },
   axum_server::Handle,
+  brotli::Decompressor,
   rust_embed::RustEmbed,
   rustls_acme::{
     acme::{LETS_ENCRYPT_PRODUCTION_DIRECTORY, LETS_ENCRYPT_STAGING_DIRECTORY},
     axum::AxumAcceptor,
     caches::DirCache,
     AcmeConfig,
   },
-  std::{cmp::Ordering, str, sync::Arc},
+  std::{cmp::Ordering, io::Read, str, sync::Arc},
   tokio_stream::StreamExt,
   tower_http::{
     compression::CompressionLayer,
@@ -49,9 +50,10 @@ mod accept_encoding;
 mod accept_json;
 mod error;
 
-#[derive(Clone)]
+#[derive(Clone, Default)]
 pub struct ServerConfig {
   pub is_json_api_enabled: bool,
+  pub decompress_brotli: bool,
 }
 
 enum InscriptionQuery {
@@ -161,6 +163,8 @@ pub(crate) struct Server {
   redirect_http_to_https: bool,
   #[arg(long, short = 'j', help = "Enable JSON API.")]
   pub(crate) enable_json_api: bool,
+  #[arg(long, help = "Decompress Brotli encoded content. NOTE: For testing only since this is a DOS vector.")]
+  pub(crate) decompress_brotli: bool,
 }
 
 impl Server {
@@ -181,9 +185,10 @@ impl Server {
 
       let server_config = Arc::new(ServerConfig {
         is_json_api_enabled: self.enable_json_api,
+        decompress_brotli: self.decompress_brotli,
       });
 
-      let config = options.load_config()?;
+      let config = Arc::new(options.load_config()?);
       let acme_domains = self.acme_domains()?;
 
       let page_config = Arc::new(PageConfig {
@@ -265,7 +270,8 @@ impl Server {
         .route("/tx/:txid", get(Self::transaction))
         .layer(Extension(index))
         .layer(Extension(page_config))
-        .layer(Extension(Arc::new(config)))
+        .layer(Extension(config))
+        .layer(Extension(server_config.clone()))
         .layer(SetResponseHeaderLayer::if_not_present(
           header::CONTENT_SECURITY_POLICY,
           HeaderValue::from_static("default-src 'self'"),
@@ -999,6 +1005,7 @@ impl Server {
     Extension(index): Extension<Arc<Index>>,
     Extension(config): Extension<Arc<Config>>,
     Extension(page_config): Extension<Arc<PageConfig>>,
+    Extension(server_config): Extension<Arc<ServerConfig>>,
     Path(inscription_id): Path<InscriptionId>,
     accept_encoding: AcceptEncoding,
   ) -> ServerResult<Response> {
@@ -1011,7 +1018,7 @@ impl Server {
       .ok_or_not_found(|| format!("inscription {inscription_id}"))?;
 
     Ok(
-      Self::content_response(inscription, accept_encoding, &page_config)?
+      Self::content_response(inscription, accept_encoding, &page_config, &server_config)?
         .ok_or_not_found(|| format!("inscription {inscription_id} content"))?
         .into_response(),
     )
@@ -1021,28 +1028,10 @@ impl Server {
     inscription: Inscription,
     accept_encoding: AcceptEncoding,
     page_config: &PageConfig,
+    server_config: &ServerConfig,
   ) -> ServerResult<Option<(HeaderMap, Vec<u8>)>> {
     let mut headers = HeaderMap::new();
 
-    headers.insert(
-      header::CONTENT_TYPE,
-      inscription
-        .content_type()
-        .and_then(|content_type| content_type.parse().ok())
-        .unwrap_or(HeaderValue::from_static("application/octet-stream")),
-    );
-
-    if let Some(content_encoding) = inscription.content_encoding() {
-      if accept_encoding.is_acceptable(&content_encoding) {
-        headers.insert(header::CONTENT_ENCODING, content_encoding);
-      } else {
-        return Err(ServerError::NotAcceptable {
-          accept_encoding,
-          content_encoding,
-        });
-      }
-    }
-
     match &page_config.csp_origin {
       None => {
         headers.insert(
@@ -1068,6 +1057,43 @@ impl Server {
       HeaderValue::from_static("public, max-age=31536000, immutable"),
     );
 
+    headers.insert(
+      header::CONTENT_TYPE,
+      inscription
+        .content_type()
+        .and_then(|content_type| content_type.parse().ok())
+        .unwrap_or(HeaderValue::from_static("application/octet-stream")),
+    );
+
+    if let Some(content_encoding) = inscription.content_encoding() {
+      if server_config.decompress_brotli
+        && content_encoding
+          .to_str()
+          .map_err(|err| ServerError::Internal(err.into()))?
+          .to_lowercase()
+          == "br"
+      {
+        let Some(body) = inscription.into_body() else {
+          return Ok(None);
+        };
+
+        let mut decompressed = Vec::new();
+
+        Decompressor::new(body.as_slice(), 4096)
+          .read_to_end(&mut decompressed)
+          .map_err(|err| ServerError::Internal(err.into()))?;
+
+        return Ok(Some((headers, decompressed)));
+      } else if accept_encoding.is_acceptable(&content_encoding) {
+        headers.insert(header::CONTENT_ENCODING, content_encoding);
+      } else {
+        return Err(ServerError::NotAcceptable {
+          accept_encoding,
+          content_encoding,
+        });
+      }
+    }
+
     let Some(body) = inscription.into_body() else {
       return Ok(None);
     };
@@ -1079,6 +1105,7 @@ impl Server {
     Extension(index): Extension<Arc<Index>>,
     Extension(config): Extension<Arc<Config>>,
     Extension(page_config): Extension<Arc<PageConfig>>,
+    Extension(server_config): Extension<Arc<ServerConfig>>,
     Path(inscription_id): Path<InscriptionId>,
     accept_encoding: AcceptEncoding,
   ) -> ServerResult<Response> {
@@ -1116,7 +1143,7 @@ impl Server {
           .into_response(),
       ),
       Media::Iframe => Ok(
-        Self::content_response(inscription, accept_encoding, &page_config)?
+        Self::content_response(inscription, accept_encoding, &page_config, &server_config)?
           .ok_or_not_found(|| format!("inscription {inscription_id} content"))?
           .into_response(),
       ),
@@ -3264,6 +3291,7 @@ mod tests {
         Inscription::new(Some("text/plain".as_bytes().to_vec()), None),
         AcceptEncoding::default(),
         &PageConfig::default(),
+        &ServerConfig::default(),
       )
       .unwrap(),
       None
@@ -3276,6 +3304,7 @@ mod tests {
       Inscription::new(Some("text/plain".as_bytes().to_vec()), Some(vec![1, 2, 3])),
       AcceptEncoding::default(),
       &PageConfig::default(),
+      &ServerConfig::default(),
     )
     .unwrap()
     .unwrap();
@@ -3290,6 +3319,7 @@ mod tests {
       Inscription::new(Some("text/plain".as_bytes().to_vec()), Some(vec![1, 2, 3])),
       AcceptEncoding::default(),
       &PageConfig::default(),
+      &ServerConfig::default(),
     )
     .unwrap()
     .unwrap();
@@ -3309,6 +3339,7 @@ mod tests {
         csp_origin: Some("https://ordinals.com".into()),
         ..Default::default()
       },
+      &ServerConfig::default(),
     )
     .unwrap()
     .unwrap();
@@ -3347,6 +3378,7 @@ mod tests {
       Inscription::new(None, Some(Vec::new())),
       AcceptEncoding::default(),
       &PageConfig::default(),
+      &ServerConfig::default(),
     )
     .unwrap()
     .unwrap();
@@ -3361,6 +3393,7 @@ mod tests {
       Inscription::new(Some("\n".as_bytes().to_vec()), Some(Vec::new())),
       AcceptEncoding::default(),
       &PageConfig::default(),
+      &ServerConfig::default(),
     )
     .unwrap()
     .unwrap();

src/subcommand/server/accept_encoding.rs

@@ -58,6 +58,7 @@ mod tests {
       &mut req.into_parts().0,
       &Arc::new(ServerConfig {
         is_json_api_enabled: false,
+        decompress_brotli: false,
       }),
     )
     .await
@@ -77,6 +78,7 @@ mod tests {
       &mut req.into_parts().0,
       &Arc::new(ServerConfig {
         is_json_api_enabled: false,
+        decompress_brotli: false,
       }),
     )
     .await
@@ -104,6 +106,7 @@ mod tests {
       &mut req.into_parts().0,
       &Arc::new(ServerConfig {
         is_json_api_enabled: false,
+        decompress_brotli: false,
       }),
     )
     .await

tests/wallet/inscribe.rs

@@ -1739,3 +1739,62 @@ fn batch_inscribe_with_fee_rate() {
     output.total_fees
   );
 }
+
+#[test]
+fn server_can_decompress_brotli() {
+  let rpc_server = test_bitcoincore_rpc::spawn();
+  rpc_server.mine_blocks(1);
+
+  create_wallet(&rpc_server);
+
+  let Inscribe { inscriptions, .. } =
+    CommandBuilder::new("wallet inscribe --compress --file foo.txt --fee-rate 1".to_string())
+      .write("foo.txt", [0; 350_000])
+      .rpc_server(&rpc_server)
+      .run_and_deserialize_output();
+
+  let inscription = inscriptions[0].id;
+
+  rpc_server.mine_blocks(1);
+
+  let test_server = TestServer::spawn_with_server_args(&rpc_server, &[], &[]);
+
+  test_server.sync_server();
+
+  let client = reqwest::blocking::Client::builder()
+    .brotli(false)
+    .build()
+    .unwrap();
+
+  let response = client
+    .get(
+      test_server
+        .url()
+        .join(format!("/content/{inscription}",).as_ref())
+        .unwrap(),
+    )
+    .send()
+    .unwrap();
+
+  assert_eq!(response.status(), StatusCode::NOT_ACCEPTABLE);
+
+  let test_server = TestServer::spawn_with_server_args(&rpc_server, &[], &["--decompress-brotli"]);
+
+  let client = reqwest::blocking::Client::builder()
+    .brotli(false)
+    .build()
+    .unwrap();
+
+  let response = client
+    .get(
+      test_server
+        .url()
+        .join(format!("/content/{inscription}",).as_ref())
+        .unwrap(),
+    )
+    .send()
+    .unwrap();
+
+  assert_eq!(response.status(), StatusCode::OK);
+  assert_eq!(response.bytes().unwrap().deref(), [0; 350_000]);
+}