Use new Maxmind download URLs and Basic authentication scheme

[sgarner]

I recently started to see errors indicating node-geolite2 was unable to download the database files from Maxmind.

It appears Maxmind has made some changes in the last few months:
https://dev.maxmind.com/geoip/updating-databases?lang=en#directly-downloading-databases

The permalink URLs to download are different, they now redirect to a presigned URL on r2.cloudflarestorage.com, and the initial permalink request requires Basic authentication using the Account ID as username and license key as password, instead of passing the license key as a query parameter.

So this PR adds support for:

1. Reading the Maxmind Account ID from env var MAXMIND_ACCOUNT_ID or from the config as account-id
2. Sending the auth header
3. Following redirects when downloading

[runk]

I just got this from maxmind.com:

Your account has reached the daily limit for database downloads. Any additional download attempts today from your account will fail. [Learn more about database download limits.](https://support.maxmind.com/hc/en-us/articles/4408216129947-Download-and-Update-Databases?utm_source=txn_email&utm_medium=email&utm_campaign=product#h_01G3XX4YD33TBJ66DYEW7XF707)

To avoid download errors we recommend that you limit your downloads of each database to no more than once per day per server. You can [log in to your account and check your GeoIP download history](https://www.maxmind.com/en/accounts/current/geoip/downloads/history/?utm_source=txn_email&utm_medium=email&utm_campaign=product) for information on IP addresses you are downloading databases from.

To ensure that you are downloading your databases efficiently, you may consult [the update schedule for GeoIP databases](https://support.maxmind.com/hc/en-us/articles/4408216129947-Download-and-Update-Databases?utm_source=txn_email&utm_medium=email&utm_campaign=product). If you have any questions, please contact us at [support@maxmind.com](mailto:support@maxmind.com).

@oschwald is it something that is set in stone or can be tweaked on your side?

[sgarner]

I re-ran the failed tests and they are passing now.

[oschwald]

@runk, is this for the GitHub Action? We have been ratcheting down our free GeoLite download limit due to abuse. The final limit will be 30 downloads per 24-hour period. Do you have an estimate on the maximum number of downloads per day that you might need?

[sgarner]

The test suite runs against 3 versions of Node, each of which downloads 3 database editions, so that's 9 GET requests per commit pushed to this repository. (Plus the same number again of HEAD requests to check the modification time, but I don't think those are counted for the limit.)

This project itself is not very busy so could go weeks or months without a push, until there is a PR like this one with changes to discuss.

But that limit might be problematic for users of this project who are relying on the module to install GeoLite databases in their own build/deploy pipelines.

[oschwald]

I agree that the limit is unfortunate, but it was necessary given the traffic we were seeing. For instance, there were a significant number of misconfigured websites that appeared to be downloading a database on every page load, each downloading hundreds of gigabytes per day.

You are correct that HEAD requests do not count towards the download limit. If this project in particular needs an increased limit for the test suite, I think that can be arranged. I would need the account ID associated with it. You can email me at goschwald@maxmind.com.

[runk]

@oschwald emailed

[runk]

Thank you for the contribution! .. and thank you for going through messages and fixing many of them.

It's up to you whether you want to switch to fetch. You can ignore it, do it in this PR or in a follow up PR - totally up to you.

[runk]

I guess it's not a must for account id, but happy to keep this wording

[runk]

I wonder if we should switch over to fetch with nicer promise-based API and simple { redirect: 'follow' } way of handling redirects

[sgarner]

I did actually switch to fetch at one stage just to get it working, haha. But I thought this would be exceeding the scope of what was necessary here.

I'm happy to make another PR for that change

[kundan2403]

The issue is occurring intermittently in my CI/CD pipeline but not on my local machine. Is this PR related to the same, and why is it not appearing on my local machine?" Earlier it's was not occurring on CI/CD as well.

Downloading maxmind databases...
 > GeoLite2-City: Is either missing or outdated, downloading
 > GeoLite2-Country: Is either missing or outdated, downloading
node:events:495
      throw er; // Unhandled 'error' event
      ^
Error: incorrect header check
    at Zlib.zlibOnError [as onerror] (node:zlib:189:17)
Emitted 'error' event on Gunzip instance at:
    at Gunzip.onerror (node:internal/streams/readable:796:14)
    at Gunzip.emit (node:events:[51](https://gitlab.group.one/incubator/sauron/-/jobs/2714438#L51)7:28)
    at emitErrorNT (node:internal/streams/destroy:151:8)
    at emitErrorCloseNT (node:internal/streams/destroy:116:3)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  errno: -3,  
  

[sgarner]

Error: incorrect header check

@kundan2403 That was the same error I began seeing a few days ago, which this PR resolves. The error is caused by the postinstall script trying to gunzip a non-successful response body, such as a server error or redirection.

The issue is occurring intermittently in my CI/CD pipeline but not on my local machine. Is this PR related to the same, and why is it not appearing on my local machine?

Your local machine may already have the latest database files downloaded, in which case it won't download them again. You could remove the files from node_modules/geolite2/dbs and see if installing then fails.

[kundan2403]

Your local machine may already have the latest database files downloaded, in which case it won't download them again. You could remove the files from node_modules/geolite2/dbs and see if installing then fails.

@sgarner I've attempted the same, but with no luck replicating it locally.

[runk]

Is it dangling without explicit exit?

[sgarner]

Yes, I couldn't figure out why. (Maybe a stream is left open?) Explicit exit fixed it though

[runk]

Going to cross-reference another report runk/node-maxmind#826

@sgarner where things are at with this PR?

[sgarner]

@sgarner where things are at with this PR?

I'm done with it, leaving it to you to merge when you're ready

[github-actions]

🎉 This PR is included in version 3.6.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀