diff --git a/conn.go b/conn.go
index b6e03268c..8c71c54c4 100644
--- a/conn.go
+++ b/conn.go
@@ -19,6 +19,7 @@ package main
import (
"bytes"
+ "crypto/rsa"
"encoding/json"
"errors"
"fmt"
@@ -79,111 +80,114 @@ type Upload struct {
var uploadStatusStr = "ProgrammerStatus"
-func uploadHandler(c *gin.Context) {
- data := new(Upload)
- if err := c.BindJSON(data); err != nil {
- c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error()))
- return
- }
-
- log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename)
-
- if data.Port == "" {
- c.String(http.StatusBadRequest, "port is required")
- return
- }
-
- if data.Board == "" {
- c.String(http.StatusBadRequest, "board is required")
- log.Error("board is required")
- return
- }
-
- if !data.Extra.Network {
- if data.Signature == "" {
- c.String(http.StatusBadRequest, "signature is required")
+func uploadHandler(pubKey *rsa.PublicKey) func(*gin.Context) {
+ return func(c *gin.Context) {
+ data := new(Upload)
+ if err := c.BindJSON(data); err != nil {
+ c.String(http.StatusBadRequest, fmt.Sprintf("err with the payload. %v", err.Error()))
return
}
- if data.Commandline == "" {
- c.String(http.StatusBadRequest, "commandline is required for local board")
+ log.Printf("%+v %+v %+v %+v %+v %+v", data.Port, data.Board, data.Rewrite, data.Commandline, data.Extra, data.Filename)
+
+ if data.Port == "" {
+ c.String(http.StatusBadRequest, "port is required")
return
}
- err := utilities.VerifyInput(data.Commandline, data.Signature)
-
- if err != nil {
- c.String(http.StatusBadRequest, "signature is invalid")
+ if data.Board == "" {
+ c.String(http.StatusBadRequest, "board is required")
+ log.Error("board is required")
return
}
- }
- buffer := bytes.NewBuffer(data.Hex)
+ if !data.Extra.Network {
+ if data.Signature == "" {
+ c.String(http.StatusBadRequest, "signature is required")
+ return
+ }
- filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer)
- if err != nil {
- c.String(http.StatusBadRequest, err.Error())
- return
- }
+ if data.Commandline == "" {
+ c.String(http.StatusBadRequest, "commandline is required for local board")
+ return
+ }
- tmpdir, err := os.MkdirTemp("", "extrafiles")
- if err != nil {
- c.String(http.StatusBadRequest, err.Error())
- return
- }
+ err := utilities.VerifyInput(data.Commandline, data.Signature, pubKey)
- for _, extraFile := range data.ExtraFiles {
- path, err := utilities.SafeJoin(tmpdir, extraFile.Filename)
- if err != nil {
- c.String(http.StatusBadRequest, err.Error())
- return
+ if err != nil {
+ log.WithField("err", err).Error("Error verifying the command")
+ c.String(http.StatusBadRequest, "signature is invalid")
+ return
+ }
}
- log.Printf("Saving %s on %s", extraFile.Filename, path)
- err = os.MkdirAll(filepath.Dir(path), 0744)
- if err != nil {
- c.String(http.StatusBadRequest, err.Error())
- return
- }
+ buffer := bytes.NewBuffer(data.Hex)
- err = os.WriteFile(path, extraFile.Hex, 0644)
+ filePath, err := utilities.SaveFileonTempDir(data.Filename, buffer)
if err != nil {
c.String(http.StatusBadRequest, err.Error())
return
}
- }
- if data.Rewrite != "" {
- data.Board = data.Rewrite
- }
-
- go func() {
- // Resolve commandline
- commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools)
+ tmpdir, err := os.MkdirTemp("", "extrafiles")
if err != nil {
- send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()})
+ c.String(http.StatusBadRequest, err.Error())
return
}
- l := PLogger{Verbose: true}
-
- // Upload
- if data.Extra.Network {
- err = errors.New("network upload is not supported anymore, pease use OTA instead")
- } else {
- send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"})
- err = upload.Serial(data.Port, commandline, data.Extra, l)
+ for _, extraFile := range data.ExtraFiles {
+ path, err := utilities.SafeJoin(tmpdir, extraFile.Filename)
+ if err != nil {
+ c.String(http.StatusBadRequest, err.Error())
+ return
+ }
+ log.Printf("Saving %s on %s", extraFile.Filename, path)
+
+ err = os.MkdirAll(filepath.Dir(path), 0744)
+ if err != nil {
+ c.String(http.StatusBadRequest, err.Error())
+ return
+ }
+
+ err = os.WriteFile(path, extraFile.Hex, 0644)
+ if err != nil {
+ c.String(http.StatusBadRequest, err.Error())
+ return
+ }
}
- // Handle result
- if err != nil {
- send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()})
- return
+ if data.Rewrite != "" {
+ data.Board = data.Rewrite
}
- send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"})
- }()
- c.String(http.StatusAccepted, "")
+ go func() {
+ // Resolve commandline
+ commandline, err := upload.PartiallyResolve(data.Board, filePath, tmpdir, data.Commandline, data.Extra, Tools)
+ if err != nil {
+ send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()})
+ return
+ }
+
+ l := PLogger{Verbose: true}
+
+ // Upload
+ if data.Extra.Network {
+ err = errors.New("network upload is not supported anymore, pease use OTA instead")
+ } else {
+ send(map[string]string{uploadStatusStr: "Starting", "Cmd": "Serial"})
+ err = upload.Serial(data.Port, commandline, data.Extra, l)
+ }
+
+ // Handle result
+ if err != nil {
+ send(map[string]string{uploadStatusStr: "Error", "Msg": err.Error()})
+ return
+ }
+ send(map[string]string{uploadStatusStr: "Done", "Flash": "Ok"})
+ }()
+
+ c.String(http.StatusAccepted, "")
+ }
}
// PLogger sends the info from the upload to the websocket
diff --git a/globals/globals.go b/globals/globals.go
index d7cb09a17..ac4c14666 100644
--- a/globals/globals.go
+++ b/globals/globals.go
@@ -15,8 +15,15 @@
package globals
-// DefaultIndexURL is the default index url
var (
- // SignatureKey is the public key used to verify commands and url sent by the builder
- SignatureKey = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF\nIE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1\nZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1\npFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z\nCeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn\n2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9\ntwIDAQAB\n-----END PUBLIC KEY-----"
+ // ArduinoSignaturePubKey is the public key used to verify commands and url sent by the builder
+ ArduinoSignaturePubKey = `-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc0yZr1yUSen7qmE3cxF
+IE12rCksDnqR+Hp7o0nGi9123eCSFcJ7CkIRC8F+8JMhgI3zNqn4cUEn47I3RKD1
+ZChPUCMiJCvbLbloxfdJrUi7gcSgUXrlKQStOKF5Iz7xv1M4XOP3JtjXLGo3EnJ1
+pFgdWTOyoSrA8/w1rck4c/ISXZSinVAggPxmLwVEAAln6Itj6giIZHKvA2fL2o8z
+CeK057Lu8X6u2CG8tRWSQzVoKIQw/PKK6CNXCAy8vo4EkXudRutnEYHEJlPkVgPn
+2qP06GI+I+9zKE37iqj0k1/wFaCVXHXIvn06YrmjQw6I0dDj/60Wvi500FuRVpn9
+twIDAQAB
+-----END PUBLIC KEY-----`
)
diff --git a/main.go b/main.go
index 1ca857b02..41f824b1b 100755
--- a/main.go
+++ b/main.go
@@ -81,7 +81,7 @@ var (
logDump = iniConf.String("log", "off", "off = (default)")
origins = iniConf.String("origins", "", "Allowed origin list for CORS")
portsFilterRegexp = iniConf.String("regex", "usb|acm|com", "Regular expression to filter serial port list")
- signatureKey = iniConf.String("signatureKey", globals.SignatureKey, "Pem-encoded public key to verify signed commandlines")
+ signatureKey = iniConf.String("signatureKey", globals.ArduinoSignaturePubKey, "Pem-encoded public key to verify signed commandlines")
updateURL = iniConf.String("updateUrl", "", "")
verbose = iniConf.Bool("v", true, "show debug logging")
crashreport = iniConf.Bool("crashreport", false, "enable crashreport logging")
@@ -278,9 +278,17 @@ func loop() {
}
}
+ if signatureKey == nil || len(*signatureKey) == 0 {
+ log.Panicf("signature public key should be set")
+ }
+ signaturePubKey, err := utilities.ParseRsaPublicKey([]byte(*signatureKey))
+ if err != nil {
+ log.Panicf("cannot parse signature key '%s'. %s", *signatureKey, err)
+ }
+
// Instantiate Index and Tools
Index = index.Init(*indexURL, config.GetDataDir())
- Tools = tools.New(config.GetDataDir(), Index, logger)
+ Tools = tools.New(config.GetDataDir(), Index, logger, signaturePubKey)
// see if we are supposed to wait 5 seconds
if *isLaunchSelf {
@@ -454,7 +462,7 @@ func loop() {
r.LoadHTMLFiles("templates/nofirefox.html")
r.GET("/", homeHandler)
- r.POST("/upload", uploadHandler)
+ r.POST("/upload", uploadHandler(signaturePubKey))
r.GET("/socket.io/", socketHandler)
r.POST("/socket.io/", socketHandler)
r.Handle("WS", "/socket.io/", socketHandler)
@@ -464,7 +472,7 @@ func loop() {
r.POST("/update", updateHandler)
// Mount goa handlers
- goa := v2.Server(config.GetDataDir().String(), Index)
+ goa := v2.Server(config.GetDataDir().String(), Index, signaturePubKey)
r.Any("/v2/*path", gin.WrapH(goa))
go func() {
diff --git a/main_test.go b/main_test.go
index d6f23fcec..1387fd221 100644
--- a/main_test.go
+++ b/main_test.go
@@ -30,8 +30,10 @@ import (
"github.com/arduino/arduino-create-agent/config"
"github.com/arduino/arduino-create-agent/gen/tools"
+ "github.com/arduino/arduino-create-agent/globals"
"github.com/arduino/arduino-create-agent/index"
"github.com/arduino/arduino-create-agent/upload"
+ "github.com/arduino/arduino-create-agent/utilities"
v2 "github.com/arduino/arduino-create-agent/v2"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/require"
@@ -54,7 +56,7 @@ func TestValidSignatureKey(t *testing.T) {
func TestUploadHandlerAgainstEvilFileNames(t *testing.T) {
r := gin.New()
- r.POST("/", uploadHandler)
+ r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))))
ts := httptest.NewServer(r)
uploadEvilFileName := Upload{
@@ -90,7 +92,7 @@ func TestUploadHandlerAgainstEvilFileNames(t *testing.T) {
func TestUploadHandlerAgainstBase64WithoutPaddingMustFail(t *testing.T) {
r := gin.New()
- r.POST("/", uploadHandler)
+ r.POST("/", uploadHandler(utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey))))
ts := httptest.NewServer(r)
defer ts.Close()
@@ -119,7 +121,7 @@ func TestInstallToolV2(t *testing.T) {
Index := index.Init(indexURL, config.GetDataDir())
r := gin.New()
- goa := v2.Server(config.GetDataDir().String(), Index)
+ goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
r.Any("/v2/*path", gin.WrapH(goa))
ts := httptest.NewServer(r)
@@ -213,7 +215,7 @@ func TestInstalledHead(t *testing.T) {
Index := index.Init(indexURL, config.GetDataDir())
r := gin.New()
- goa := v2.Server(config.GetDataDir().String(), Index)
+ goa := v2.Server(config.GetDataDir().String(), Index, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
r.Any("/v2/*path", gin.WrapH(goa))
ts := httptest.NewServer(r)
diff --git a/tools/download_test.go b/tools/download_test.go
index 7cf2fab0d..96a105fd7 100644
--- a/tools/download_test.go
+++ b/tools/download_test.go
@@ -21,7 +21,9 @@ import (
"testing"
"time"
+ "github.com/arduino/arduino-create-agent/globals"
"github.com/arduino/arduino-create-agent/index"
+ "github.com/arduino/arduino-create-agent/utilities"
"github.com/arduino/arduino-create-agent/v2/pkgs"
"github.com/arduino/go-paths-helper"
"github.com/stretchr/testify/require"
@@ -128,7 +130,7 @@ func TestDownload(t *testing.T) {
IndexFile: *paths.New("testdata", "test_tool_index.json"),
LastRefresh: time.Now(),
}
- testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) })
+ testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
for _, tc := range testCases {
t.Run(tc.name+"-"+tc.version, func(t *testing.T) {
@@ -175,7 +177,7 @@ func TestCorruptedInstalled(t *testing.T) {
defer fileJSON.Close()
_, err = fileJSON.Write([]byte("Hello"))
require.NoError(t, err)
- testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) })
+ testTools := New(tempDirPath, &testIndex, func(msg string) { t.Log(msg) }, utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
// Download the tool
err = testTools.Download("arduino-test", "avrdude", "6.3.0-arduino17", "keep")
require.NoError(t, err)
diff --git a/tools/tools.go b/tools/tools.go
index 5cecc5089..f371126b5 100644
--- a/tools/tools.go
+++ b/tools/tools.go
@@ -16,6 +16,7 @@
package tools
import (
+ "crypto/rsa"
"encoding/json"
"path/filepath"
"strings"
@@ -55,14 +56,14 @@ type Tools struct {
// The New functions accept the directory to use to host the tools,
// an index (used to download the tools),
// and a logger to log the operations
-func New(directory *paths.Path, index *index.Resource, logger func(msg string)) *Tools {
+func New(directory *paths.Path, index *index.Resource, logger func(msg string), signPubKey *rsa.PublicKey) *Tools {
t := &Tools{
directory: directory,
index: index,
logger: logger,
installed: map[string]string{},
mutex: sync.RWMutex{},
- tools: pkgs.New(index, directory.String(), "replace"),
+ tools: pkgs.New(index, directory.String(), "replace", signPubKey),
}
_ = t.readMap()
return t
diff --git a/utilities/utilities.go b/utilities/utilities.go
index 5979732d4..662672da7 100644
--- a/utilities/utilities.go
+++ b/utilities/utilities.go
@@ -30,8 +30,6 @@ import (
"os/exec"
"path/filepath"
"strings"
-
- "github.com/arduino/arduino-create-agent/globals"
)
// SaveFileonTempDir creates a temp directory and saves the file data as the
@@ -131,23 +129,44 @@ func SafeJoin(parent, subdir string) (string, error) {
return res, nil
}
-// VerifyInput will verify an input against a signature
+// VerifyInput will verify an input against a signature using the public key.
// A valid signature is indicated by returning a nil error.
-func VerifyInput(input string, signature string) error {
+func VerifyInput(input string, signature string, pubKey *rsa.PublicKey) error {
sign, _ := hex.DecodeString(signature)
- block, _ := pem.Decode([]byte(globals.SignatureKey))
+ h := sha256.New()
+ h.Write([]byte(input))
+ d := h.Sum(nil)
+ return rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, d, sign)
+}
+
+// ParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object.
+// Returns an error if the key is invalid.
+func ParseRsaPublicKey(key []byte) (*rsa.PublicKey, error) {
+ block, _ := pem.Decode(key)
if block == nil {
- return errors.New("invalid key")
+ return nil, errors.New("invalid key")
}
- key, err := x509.ParsePKIXPublicKey(block.Bytes)
+
+ parsedKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
- return err
+ return nil, err
}
- rsaKey := key.(*rsa.PublicKey)
- h := sha256.New()
- h.Write([]byte(input))
- d := h.Sum(nil)
- return rsa.VerifyPKCS1v15(rsaKey, crypto.SHA256, d, sign)
+
+ publicKey, ok := parsedKey.(*rsa.PublicKey)
+ if !ok {
+ return nil, fmt.Errorf("not an rsa key")
+ }
+ return publicKey, nil
+}
+
+// MustParseRsaPublicKey parses a public key in PEM format and returns the rsa.PublicKey object.
+// Panics if the key is invalid.
+func MustParseRsaPublicKey(key []byte) *rsa.PublicKey {
+ parsedKey, err := ParseRsaPublicKey(key)
+ if err != nil {
+ panic(err)
+ }
+ return parsedKey
}
// UserPrompt executes an osascript and returns the pressed button
diff --git a/v2/http.go b/v2/http.go
index 390ec3989..2b47b93a8 100644
--- a/v2/http.go
+++ b/v2/http.go
@@ -17,6 +17,7 @@ package v2
import (
"context"
+ "crypto/rsa"
"encoding/json"
"net/http"
@@ -31,7 +32,7 @@ import (
)
// Server is the actual server
-func Server(directory string, index *index.Resource) http.Handler {
+func Server(directory string, index *index.Resource, pubKey *rsa.PublicKey) http.Handler {
mux := goahttp.NewMuxer()
// Instantiate logger
@@ -40,7 +41,7 @@ func Server(directory string, index *index.Resource) http.Handler {
logAdapter := LogAdapter{Logger: logger}
// Mount tools
- toolsSvc := pkgs.New(index, directory, "replace")
+ toolsSvc := pkgs.New(index, directory, "replace", pubKey)
toolsEndpoints := toolssvc.NewEndpoints(toolsSvc)
toolsServer := toolssvr.New(toolsEndpoints, mux, CustomRequestDecoder, goahttp.ResponseEncoder, errorHandler(logger), nil)
toolssvr.Mount(mux, toolsServer)
diff --git a/v2/pkgs/tools.go b/v2/pkgs/tools.go
index f09dc3f0a..7f34e3d08 100644
--- a/v2/pkgs/tools.go
+++ b/v2/pkgs/tools.go
@@ -18,6 +18,7 @@ package pkgs
import (
"bytes"
"context"
+ "crypto/rsa"
"crypto/sha256"
"encoding/hex"
"encoding/json"
@@ -58,23 +59,25 @@ var (
//
// It requires an Index Resource to search for tools
type Tools struct {
- index *index.Resource
- folder string
- behaviour string
- installed map[string]string
- mutex sync.RWMutex
+ index *index.Resource
+ folder string
+ behaviour string
+ installed map[string]string
+ mutex sync.RWMutex
+ verifySignaturePubKey *rsa.PublicKey // public key used to verify the signature of a command sent to the boards
}
// New will return a Tool object, allowing the caller to execute operations on it.
// The New function will accept an index as parameter (used to download the indexes)
// and a folder used to download the indexes
-func New(index *index.Resource, folder, behaviour string) *Tools {
+func New(index *index.Resource, folder, behaviour string, verifySignaturePubKey *rsa.PublicKey) *Tools {
t := &Tools{
- index: index,
- folder: folder,
- behaviour: behaviour,
- installed: map[string]string{},
- mutex: sync.RWMutex{},
+ index: index,
+ folder: folder,
+ behaviour: behaviour,
+ installed: map[string]string{},
+ mutex: sync.RWMutex{},
+ verifySignaturePubKey: verifySignaturePubKey,
}
t.readInstalled()
return t
@@ -166,7 +169,7 @@ func (t *Tools) Install(ctx context.Context, payload *tools.ToolPayload) (*tools
//if URL is defined and is signed we verify the signature and override the name, payload, version parameters
if payload.URL != nil && payload.Signature != nil && payload.Checksum != nil {
- err := utilities.VerifyInput(*payload.URL, *payload.Signature)
+ err := utilities.VerifyInput(*payload.URL, *payload.Signature, t.verifySignaturePubKey)
if err != nil {
return nil, err
}
diff --git a/v2/pkgs/tools_test.go b/v2/pkgs/tools_test.go
index edd575fc8..7bf0ff0e3 100644
--- a/v2/pkgs/tools_test.go
+++ b/v2/pkgs/tools_test.go
@@ -25,7 +25,9 @@ import (
"github.com/arduino/arduino-create-agent/config"
"github.com/arduino/arduino-create-agent/gen/tools"
+ "github.com/arduino/arduino-create-agent/globals"
"github.com/arduino/arduino-create-agent/index"
+ "github.com/arduino/arduino-create-agent/utilities"
"github.com/arduino/arduino-create-agent/v2/pkgs"
"github.com/arduino/go-paths-helper"
"github.com/stretchr/testify/require"
@@ -45,7 +47,7 @@ func TestTools(t *testing.T) {
// Instantiate Index
Index := index.Init(indexURL, config.GetDataDir())
- service := pkgs.New(Index, tmp, "replace")
+ service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
ctx := context.Background()
@@ -126,7 +128,7 @@ func TestEvilFilename(t *testing.T) {
// Instantiate Index
Index := index.Init(indexURL, config.GetDataDir())
- service := pkgs.New(Index, tmp, "replace")
+ service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
ctx := context.Background()
@@ -195,7 +197,7 @@ func TestInstalledHead(t *testing.T) {
// Instantiate Index
Index := index.Init(indexURL, config.GetDataDir())
- service := pkgs.New(Index, tmp, "replace")
+ service := pkgs.New(Index, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
ctx := context.Background()
@@ -216,7 +218,7 @@ func TestInstall(t *testing.T) {
LastRefresh: time.Now(),
}
- tool := pkgs.New(testIndex, tmp, "replace")
+ tool := pkgs.New(testIndex, tmp, "replace", utilities.MustParseRsaPublicKey([]byte(globals.ArduinoSignaturePubKey)))
ctx := context.Background()
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy