Comments (4)
(Mentioning @zeorin to ensure they don't miss this issue)
I haven't used Thunderbird before, so am not 100% on the details. But (correct me if I'm wrong) it sounds like the issue is more about the calendar files being stored in S3 behind the scenes, and if the credentials for those buckets expired then the calendar files would no longer be available?
A few questions:
- could you paste the original calendar link and then what it redirects to?
- I interned with AWS quite recently so have some experience with S3, and I'm not sure that these assets do actually have any authentication protecting them, given that anyone with the GitHub link can download them without having to sign in? Can you confirm if you've had calendar files be taken down because the creds expire?
A few notes
- I don't think this will be a serious problem, although definitely something to keep an eye on(and thanks for raising it!). If release assets expired then I'm sure GitHub would note it somewhere, and I also wouldn't be able to download releases that are more than X months old (or however long the expiry is)
- if it is a problem, I can always setup a workflow to republish the same assets every X months so that the release assets are never more than X months old, resetting the expiry date each time. It wouldn't be pretty but it would work.
But thanks for raising the point! Really appreciate it.
from eskom-calendar.
Here's a look at what curl
says about the redirection:
❯ curl -q -D - https://github.com/beyarkay/eskom-calendar/releases/download/latest/eastern-cape-tarkastad.ics
HTTP/2 302
server: GitHub.com
date: Thu, 28 Jul 2022 13:26:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
permissions-policy: interest-cohort=()
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/513533067/c76a5dce-6d39-4d20-8765-4d8de7cf5ea6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220728%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220728T132632Z&X-Amz-Expires=300&X-Amz-Signature=3a1ceec7b06d6454d7f2ab21ee3911026012ff58031fb06811b0d98d8e2c9f56&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=513533067&response-content-disposition=attachment%3B%20filename%3Deastern-cape-tarkastad.ics&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 991E:38C3:184D0CA:1A43E9E:62E28E88
These are the response headers. You'll see the location:
header pointing to objects.githubusercontent.com with various -Amz-
query parameters. It's these query parameters that include access credentials that are time sensitive. My suspicion is that the redirect target URL is dynamically generated either: every time the source URL is requested, periodically, or if the previous one's creds are now stale.
Based on reading those query parameters, my guess is that the redirect target URL's query params are valid for 5 minutes (300
seconds).
Trying the redirect URL a little later leads to a 401:
❯ curl -q -D - "https://objects.githubusercontent.com/github-production-release-asset-2e65be/513533067/c76a5dce-6d39-4d20-8765-4d8de7cf5ea6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220728%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220728T132632Z&X-Amz-Expires=300&X-Amz-Signature=3a1ceec7b06d6454d7f2ab21ee3911026012ff58031fb06811b0d98d8e2c9f56&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=513533067&response-content-disposition=attachment%3B%20filename%3Deastern-cape-tarkastad.ics&response-content-type=application%2Foctet-stream"
HTTP/2 401
x-github-backend: Kubernetes
x-github-request-id: 5E00:190B:AA22:55A80:62E292E1
accept-ranges: bytes
date: Thu, 28 Jul 2022 13:45:06 GMT
via: 1.1 varnish
x-served-by: cache-jnb7023-JNB
x-cache: MISS
x-cache-hits: 0
x-timer: S1659015906.511180,VS0,VE1338
content-length: 0
from eskom-calendar.
@zeorin You'll probably be interested in this new section in the README which describes a new feature that allows you to access the parsed loadshedding data in a more machine friendly way (via a CSV file that's updated along with the ICS files).
Does this solve the issue of the expiring S3 credentials? (I assume you wanted to redirect URLs because of some automation scripts or similar?)
from eskom-calendar.
Closing as I'm not sure this is an issue anymore
from eskom-calendar.
Related Issues (20)
- Missing: Vorna Valley (3) HOT 1
- No areas found that match `eskom-direct-13-odd` HOT 4
- City Power Update Needed HOT 1
- Block 9 Ennerdale calendar incorrect HOT 1
- Missing area schedule HOT 2
- Ennerdale Block 10 - Missing area schedule HOT 1
- Schedule not accurate HOT 2
- Add a Pull-request check that ensures the CSVs are properly formatted
- Machine_friendly.csv is out of date. HOT 1
- eskom-calendar blank HOT 2
- Ennerdale Block 10 calendar issue
- Events not appearing in calendar HOT 3
- API ERROR - CERT_HAS_EXPIRED HOT 4
- Missing area schedule
- mossel bay
- Issue with time for 20:00 slot for City Power
- No areas found that match
- City Power 2 HOT 2
- Project is running but is not responding correctly. Try to restart it
- Maintaining the repo HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from eskom-calendar.