relay state synchronization: requestCrawl, admin endpoints (#1061)
- more complete rainbow forwarding to the relay backing it ("upstream
relay")
- do requestCrawl forwarding in relay. code in rainbow is still there,
but will remove config for rainbows deployed on new relay instances
("relay1")
- have relay also forward (some) admin endpoints to the same set of
"sibling" relays that requestCrawl gets forwarded
- HTTP header hygiene to prevent self-slurps: relay and rainbow set
`Server` and `Via` headers when appropriate, and relay checks this when
slurping. include the exact string `atproto-relay` in user-agents.
- integrate basic SSRF checks: when doing CheckHost (deciding whether to
add hostname to database), and at slurp time (when actually opening
websocket)
Expectation is that this results in the important info getting
synchronized between our multiple new prod relays, while preventing
"self-slurps" and forwarding loops:
- requestCrawl
- admin add-host
- domain bans
- account takedowns
- PDS takedowns
- PDS account limit changes
~This is marked Draft until I can self-review and test a bit more, but I
think all the pieces are here~. Don't have a test framework for this
part of relay/rainbow interaction :cry:.