fix: add localnet proxy to add Access-Control-Allow-Private-Network header (#523)

* fix: add localnet proxy to add Access-Control-Allow-Private-Network header
* chore: fix audit

Author: neilcampbell

poetry.lock

@@ -56,6 +56,7 @@ def __init__(self, name: str = SANDBOX_BASE_NAME) -> None:
         self._latest_yaml = get_docker_compose_yml(name=f"algokit_{self.name}")
         self._latest_config_json = get_config_json()
         self._latest_algod_network_template = get_algod_network_template()
+        self._latest_proxy_config = get_proxy_config()
 
     @property
     def compose_file_path(self) -> Path:
@@ -73,6 +74,10 @@ def algod_config_file_path(self) -> Path:
     def algod_network_template_file_path(self) -> Path:
         return self.directory / "algod_network_template.json"
 
+    @property
+    def proxy_config_file_path(self) -> Path:
+        return self.directory / "nginx.conf"
+
     @classmethod
     def from_environment(cls) -> ComposeSandbox | None:
         try:
@@ -128,6 +133,8 @@ def compose_file_status(self) -> ComposeFileStatus:
             compose_content = self.compose_file_path.read_text()
             config_content = self.algod_config_file_path.read_text()
             algod_network_template_content = self.algod_network_template_file_path.read_text()
+            proxy_config_content = self.proxy_config_file_path.read_text()
+
         except FileNotFoundError:
             # treat as out of date if compose file exists but algod config doesn't
             # so that existing setups aren't suddenly reset
@@ -139,6 +146,7 @@ def compose_file_status(self) -> ComposeFileStatus:
                 compose_content == self._latest_yaml
                 and config_content == self._latest_config_json
                 and algod_network_template_content == self._latest_algod_network_template
+                and proxy_config_content == self._latest_proxy_config
             ):
                 return ComposeFileStatus.UP_TO_DATE
             else:
@@ -149,6 +157,7 @@ def write_compose_file(self) -> None:
         self.compose_file_path.write_text(self._latest_yaml)
         self.algod_config_file_path.write_text(self._latest_config_json)
         self.algod_network_template_file_path.write_text(self._latest_algod_network_template)
+        self.proxy_config_file_path.write_text(self._latest_proxy_config)
 
     def _run_compose_command(
         self,
@@ -424,6 +433,74 @@ def get_conduit_yaml() -> str:
 """
 
 
+def get_proxy_config(algod_port: int = DEFAULT_ALGOD_PORT, kmd_port: int = 4002) -> str:
+    return f"""worker_processes 1;
+
+events {{
+  worker_connections 1024;
+}}
+
+http {{
+  access_log off;
+
+  map $request_method$http_access_control_request_private_network $cors_allow_private_network {{
+    "OPTIONStrue" "true";
+    default "";
+  }}
+
+  add_header Access-Control-Allow-Private-Network $cors_allow_private_network;
+
+  upstream algod_api {{
+    zone upstreams 64K;
+    server algod:8080 max_fails=1 fail_timeout=2s;
+    keepalive 2;
+  }}
+
+  upstream kmd_api {{
+    zone upstreams 64K;
+    server algod:7833 max_fails=1 fail_timeout=2s;
+    keepalive 2;
+  }}
+
+  upstream indexer_api {{
+    zone upstreams 64K;
+    server indexer:8980 max_fails=1 fail_timeout=2s;
+    keepalive 2;
+  }}
+
+  server {{
+    listen {algod_port};
+
+    location / {{
+      proxy_set_header Host $host;
+      proxy_pass http://algod_api;
+      proxy_pass_header Server;
+    }}
+  }}
+
+  server {{
+    listen {kmd_port};
+
+    location / {{
+      proxy_set_header Host $host;
+      proxy_pass http://kmd_api;
+      proxy_pass_header Server;
+    }}
+  }}
+
+  server {{
+    listen 8980;
+
+    location / {{
+      proxy_set_header Host $host;
+      proxy_pass http://indexer_api;
+      proxy_pass_header Server;
+    }}
+  }}
+}}
+    """
+
+
 def get_docker_compose_yml(
     name: str = "algokit_sandbox",
     algod_port: int = DEFAULT_ALGOD_PORT,
@@ -437,8 +514,8 @@ def get_docker_compose_yml(
     container_name: "{name}_algod"
     image: {ALGORAND_IMAGE}
     ports:
-      - {algod_port}:8080
-      - {kmd_port}:7833
+      - 8080
+      - 7833
       - {tealdbg_port}:9392
     environment:
       START_KMD: 1
@@ -483,13 +560,29 @@ def get_docker_compose_yml(
     container_name: "{name}_indexer"
     image: {INDEXER_IMAGE}
     ports:
-      - "8980:8980"
+      - 8980
     restart: unless-stopped
     command: daemon --enable-all-parameters
     environment:
       INDEXER_POSTGRES_CONNECTION_STRING: "host=indexer-db port=5432 user=algorand password=algorand dbname=indexerdb sslmode=disable"
     depends_on:
       - conduit
+
+  proxy:
+    container_name: "{name}_proxy"
+    image: nginx:1.27.0-alpine
+    restart: unless-stopped
+    ports:
+      - {algod_port}:{algod_port}
+      - {kmd_port}:{kmd_port}
+      - 8980:8980
+    volumes:
+      - type: bind
+        source: ./nginx.conf
+        target: /etc/nginx/nginx.conf
+    depends_on:
+      - algod
+      - indexer
 """  # noqa: E501
 
 

src/algokit/core/sandbox.py

@@ -3,7 +3,13 @@
 from subprocess import CompletedProcess
 
 import pytest
-from algokit.core.sandbox import ALGOD_HEALTH_URL, get_algod_network_template, get_config_json, get_docker_compose_yml
+from algokit.core.sandbox import (
+    ALGOD_HEALTH_URL,
+    get_algod_network_template,
+    get_config_json,
+    get_docker_compose_yml,
+    get_proxy_config,
+)
 from pytest_httpx import HTTPXMock
 from pytest_mock import MockerFixture
 
@@ -43,6 +49,7 @@ def _setup_latest_dummy_compose(app_dir_mock: AppDirs) -> None:
     (app_dir_mock.app_config_dir / "sandbox" / "docker-compose.yml").write_text(get_docker_compose_yml())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_config.json").write_text(get_config_json())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_network_template.json").write_text(get_algod_network_template())
+    (app_dir_mock.app_config_dir / "sandbox" / "nginx.conf").write_text(get_proxy_config())
 
 
 @pytest.fixture()

tests/goal/test_goal.py

@@ -2,7 +2,7 @@
 from subprocess import CompletedProcess
 
 import pytest
-from algokit.core.sandbox import get_algod_network_template, get_config_json, get_docker_compose_yml
+from algokit.core.sandbox import get_algod_network_template, get_config_json, get_docker_compose_yml, get_proxy_config
 from pytest_mock import MockerFixture
 
 from tests.goal.test_goal import _normalize_output
@@ -25,6 +25,7 @@ def test_goal_console(
     (app_dir_mock.app_config_dir / "sandbox" / "docker-compose.yml").write_text(get_docker_compose_yml())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_config.json").write_text(get_config_json())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_network_template.json").write_text(get_algod_network_template())
+    (app_dir_mock.app_config_dir / "sandbox" / "nginx.conf").write_text(get_proxy_config())
 
     mocker.patch("algokit.core.proc.subprocess_run").return_value = CompletedProcess(
         ["docker", "exec"], 0, "STDOUT+STDERR"

tests/localnet/test_localnet_console.py

@@ -1,7 +1,7 @@
 import json
 
 import pytest
-from algokit.core.sandbox import get_algod_network_template, get_config_json, get_docker_compose_yml
+from algokit.core.sandbox import get_algod_network_template, get_config_json, get_docker_compose_yml, get_proxy_config
 
 from tests import get_combined_verify_output
 from tests.utils.app_dir_mock import AppDirs
@@ -52,6 +52,7 @@ def test_localnet_reset_with_existing_sandbox_with_up_to_date_config(app_dir_moc
     (app_dir_mock.app_config_dir / "sandbox" / "docker-compose.yml").write_text(get_docker_compose_yml())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_config.json").write_text(get_config_json())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_network_template.json").write_text(get_algod_network_template())
+    (app_dir_mock.app_config_dir / "sandbox" / "nginx.conf").write_text(get_proxy_config())
 
     result = invoke("localnet reset")
 
@@ -83,6 +84,7 @@ def test_localnet_reset_with_named_sandbox_config(app_dir_mock: AppDirs, proc_mo
     (app_dir_mock.app_config_dir / "sandbox_test" / "algod_network_template.json").write_text(
         get_algod_network_template()
     )
+    (app_dir_mock.app_config_dir / "sandbox_test" / "nginx.conf").write_text(get_proxy_config())
 
     result = invoke("localnet reset")
 
@@ -98,6 +100,7 @@ def test_localnet_reset_with_existing_sandbox_with_up_to_date_config_with_pull(a
     (app_dir_mock.app_config_dir / "sandbox" / "docker-compose.yml").write_text(get_docker_compose_yml())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_config.json").write_text(get_config_json())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_network_template.json").write_text(get_algod_network_template())
+    (app_dir_mock.app_config_dir / "sandbox" / "nginx.conf").write_text(get_proxy_config())
 
     result = invoke("localnet reset --update")
 

tests/localnet/test_localnet_reset.py

@@ -33,8 +33,8 @@ services:
     container_name: "algokit_sandbox_algod"
     image: algorand/algod:latest
     ports:
-      - 4001:8080
-      - 4002:7833
+      - 8080
+      - 7833
       - 9392:9392
     environment:
       START_KMD: 1
@@ -79,13 +79,29 @@ services:
     container_name: "algokit_sandbox_indexer"
     image: algorand/indexer:latest
     ports:
-      - "8980:8980"
+      - 8980
     restart: unless-stopped
     command: daemon --enable-all-parameters
     environment:
       INDEXER_POSTGRES_CONNECTION_STRING: "host=indexer-db port=5432 user=algorand password=algorand dbname=indexerdb sslmode=disable"
     depends_on:
       - conduit
 
+  proxy:
+    container_name: "algokit_sandbox_proxy"
+    image: nginx:1.27.0-alpine
+    restart: unless-stopped
+    ports:
+      - 4001:4001
+      - 4002:4002
+      - 8980:8980
+    volumes:
+      - type: bind
+        source: ./nginx.conf
+        target: /etc/nginx/nginx.conf
+    depends_on:
+      - algod
+      - indexer
+
 {app_config}/sandbox/algod_config.json
 { "Version": 12, "GossipFanout": 1, "EndpointAddress": "0.0.0.0:8080", "DNSBootstrapID": "", "IncomingConnectionsLimit": 0, "Archival":true, "isIndexerActive":false, "EnableDeveloperAPI":true}

tests/localnet/test_localnet_reset.test_localnet_reset_with_existing_sandbox_with_out_of_date_config.approved.txt

@@ -25,8 +25,8 @@ services:
     container_name: "algokit_sandbox_algod"
     image: algorand/algod:latest
     ports:
-      - 4001:8080
-      - 4002:7833
+      - 8080
+      - 7833
       - 9392:9392
     environment:
       START_KMD: 1
@@ -71,10 +71,26 @@ services:
     container_name: "algokit_sandbox_indexer"
     image: algorand/indexer:latest
     ports:
-      - "8980:8980"
+      - 8980
     restart: unless-stopped
     command: daemon --enable-all-parameters
     environment:
       INDEXER_POSTGRES_CONNECTION_STRING: "host=indexer-db port=5432 user=algorand password=algorand dbname=indexerdb sslmode=disable"
     depends_on:
       - conduit
+
+  proxy:
+    container_name: "algokit_sandbox_proxy"
+    image: nginx:1.27.0-alpine
+    restart: unless-stopped
+    ports:
+      - 4001:4001
+      - 4002:4002
+      - 8980:8980
+    volumes:
+      - type: bind
+        source: ./nginx.conf
+        target: /etc/nginx/nginx.conf
+    depends_on:
+      - algod
+      - indexer

tests/localnet/test_localnet_reset.test_localnet_reset_without_existing_sandbox.approved.txt

@@ -9,6 +9,7 @@
     get_algod_network_template,
     get_config_json,
     get_docker_compose_yml,
+    get_proxy_config,
 )
 from pytest_httpx import HTTPXMock
 
@@ -142,6 +143,7 @@ def test_localnet_start_up_to_date_definition(app_dir_mock: AppDirs) -> None:
     (app_dir_mock.app_config_dir / "sandbox" / "docker-compose.yml").write_text(get_docker_compose_yml())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_config.json").write_text(get_config_json())
     (app_dir_mock.app_config_dir / "sandbox" / "algod_network_template.json").write_text(get_algod_network_template())
+    (app_dir_mock.app_config_dir / "sandbox" / "nginx.conf").write_text(get_proxy_config())
 
     result = invoke("localnet start")