Git Product home page Git Product logo

Comments (4)

beyarkay avatar beyarkay commented on August 25, 2024

(Mentioning @zeorin to ensure they don't miss this issue)

I haven't used Thunderbird before, so am not 100% on the details. But (correct me if I'm wrong) it sounds like the issue is more about the calendar files being stored in S3 behind the scenes, and if the credentials for those buckets expired then the calendar files would no longer be available?

A few questions:

  • could you paste the original calendar link and then what it redirects to?
  • I interned with AWS quite recently so have some experience with S3, and I'm not sure that these assets do actually have any authentication protecting them, given that anyone with the GitHub link can download them without having to sign in? Can you confirm if you've had calendar files be taken down because the creds expire?

A few notes

  • I don't think this will be a serious problem, although definitely something to keep an eye on(and thanks for raising it!). If release assets expired then I'm sure GitHub would note it somewhere, and I also wouldn't be able to download releases that are more than X months old (or however long the expiry is)
  • if it is a problem, I can always setup a workflow to republish the same assets every X months so that the release assets are never more than X months old, resetting the expiry date each time. It wouldn't be pretty but it would work.

But thanks for raising the point! Really appreciate it.

from eskom-calendar.

zeorin avatar zeorin commented on August 25, 2024

Here's a look at what curl says about the redirection:

❯ curl -q -D - https://github.com/beyarkay/eskom-calendar/releases/download/latest/eastern-cape-tarkastad.ics
HTTP/2 302
server: GitHub.com
date: Thu, 28 Jul 2022 13:26:32 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
permissions-policy: interest-cohort=()
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/513533067/c76a5dce-6d39-4d20-8765-4d8de7cf5ea6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220728%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220728T132632Z&X-Amz-Expires=300&X-Amz-Signature=3a1ceec7b06d6454d7f2ab21ee3911026012ff58031fb06811b0d98d8e2c9f56&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=513533067&response-content-disposition=attachment%3B%20filename%3Deastern-cape-tarkastad.ics&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src render.githubusercontent.com viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 991E:38C3:184D0CA:1A43E9E:62E28E88

These are the response headers. You'll see the location: header pointing to objects.githubusercontent.com with various -Amz- query parameters. It's these query parameters that include access credentials that are time sensitive. My suspicion is that the redirect target URL is dynamically generated either: every time the source URL is requested, periodically, or if the previous one's creds are now stale.

Based on reading those query parameters, my guess is that the redirect target URL's query params are valid for 5 minutes (300 seconds).

Trying the redirect URL a little later leads to a 401:

❯ curl -q -D - "https://objects.githubusercontent.com/github-production-release-asset-2e65be/513533067/c76a5dce-6d39-4d20-8765-4d8de7cf5ea6?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220728%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220728T132632Z&X-Amz-Expires=300&X-Amz-Signature=3a1ceec7b06d6454d7f2ab21ee3911026012ff58031fb06811b0d98d8e2c9f56&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=513533067&response-content-disposition=attachment%3B%20filename%3Deastern-cape-tarkastad.ics&response-content-type=application%2Foctet-stream"
HTTP/2 401
x-github-backend: Kubernetes
x-github-request-id: 5E00:190B:AA22:55A80:62E292E1
accept-ranges: bytes
date: Thu, 28 Jul 2022 13:45:06 GMT
via: 1.1 varnish
x-served-by: cache-jnb7023-JNB
x-cache: MISS
x-cache-hits: 0
x-timer: S1659015906.511180,VS0,VE1338
content-length: 0

from eskom-calendar.

beyarkay avatar beyarkay commented on August 25, 2024

@zeorin You'll probably be interested in this new section in the README which describes a new feature that allows you to access the parsed loadshedding data in a more machine friendly way (via a CSV file that's updated along with the ICS files).

Does this solve the issue of the expiring S3 credentials? (I assume you wanted to redirect URLs because of some automation scripts or similar?)

from eskom-calendar.

beyarkay avatar beyarkay commented on August 25, 2024

Closing as I'm not sure this is an issue anymore

from eskom-calendar.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.