scripts/fix-blockscout-forge-verification.sh

#!/usr/bin/env bash
# Fix Blockscout for Forge contract verification (Etherscan-compatible API)
# 1. Adds nginx location for exact /api with internal rewrite to /api/
# 2. Sets Host to 127.0.0.1 when proxying to prevent Blockscout redirect
#
# Usage: ./scripts/fix-blockscout-forge-verification.sh

set -euo pipefail

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true

HOST="${PROXMOX_R630_02:-192.168.11.12}"
VMID=5000
IP="${IP_BLOCKSCOUT:-192.168.11.140}"

echo "=== Fix Blockscout for Forge Verification ==="

ssh -o ConnectTimeout=10 root@"$HOST" "pct exec $VMID -- bash -s" << 'ENDSSH'
set -e
CFG=/etc/nginx/sites-available/blockscout

# Ensure location = /api with rewrite exists (internal redirect, no 301)
if ! grep -q 'rewrite ^ /api/' "$CFG" 2>/dev/null; then
  # Insert before location /api/
  sed -i '/location \/api\//i\
    # Forge verify: internal redirect /api -> /api/ (avoids 301)\
    location = /api {\
        rewrite ^ /api/$is_args$args last;\
    }\
' "$CFG"
  echo "Added location = /api"
fi

# In location /api/, set Host 127.0.0.1 to avoid Blockscout redirect-by-host
sed -i '/location \/api\//,/location \/health/ {
  s|proxy_set_header Host \$host;|proxy_set_header Host 127.0.0.1;|
}' "$CFG" 2>/dev/null || true

nginx -t && systemctl reload nginx && echo "Nginx reloaded"
ENDSSH

echo ""
echo "Verifier URL: http://${IP}/api/"
echo "If forge still fails with 'module and action required', use manual verification:"
echo "  https://explorer.d-bis.org/address/<CONTRACT>#verify-contract"
echo ""
echo "Test: source smom-dbis-138/.env && ./scripts/verify-contracts-blockscout.sh"
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates - ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-12 15:46:57 -08:00			`#!/usr/bin/env bash`
			`# Fix Blockscout for Forge contract verification (Etherscan-compatible API)`
			`# 1. Adds nginx location for exact /api with internal rewrite to /api/`
			`# 2. Sets Host to 127.0.0.1 when proxying to prevent Blockscout redirect`
			`#`
			`# Usage: ./scripts/fix-blockscout-forge-verification.sh`

			`set -euo pipefail`

			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`
			`PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"`
			`source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null \|\| true`

			`HOST="${PROXMOX_R630_02:-192.168.11.12}"`
			`VMID=5000`
			`IP="${IP_BLOCKSCOUT:-192.168.11.140}"`

			`echo "=== Fix Blockscout for Forge Verification ==="`

			`ssh -o ConnectTimeout=10 root@"$HOST" "pct exec $VMID -- bash -s" << 'ENDSSH'`
			`set -e`
			`CFG=/etc/nginx/sites-available/blockscout`

			`# Ensure location = /api with rewrite exists (internal redirect, no 301)`
			`if ! grep -q 'rewrite ^ /api/' "$CFG" 2>/dev/null; then`
			`# Insert before location /api/`
			`sed -i '/location \/api\//i\`
			`# Forge verify: internal redirect /api -> /api/ (avoids 301)\`
			`location = /api {\`
			`rewrite ^ /api/$is_args$args last;\`
			`}\`
			`' "$CFG"`
			`echo "Added location = /api"`
			`fi`

			`# In location /api/, set Host 127.0.0.1 to avoid Blockscout redirect-by-host`
			`sed -i '/location \/api\//,/location \/health/ {`
			`s\|proxy_set_header Host \$host;\|proxy_set_header Host 127.0.0.1;\|`
			`}' "$CFG" 2>/dev/null \|\| true`

			`nginx -t && systemctl reload nginx && echo "Nginx reloaded"`
			`ENDSSH`

			`echo ""`
			`echo "Verifier URL: http://${IP}/api/"`
			`echo "If forge still fails with 'module and action required', use manual verification:"`
			`echo " https://explorer.d-bis.org/address/<CONTRACT>#verify-contract"`
			`echo ""`
			`echo "Test: source smom-dbis-138/.env && ./scripts/verify-contracts-blockscout.sh"`