1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
17 "git.curoverse.com/arvados.git/sdk/go/arvados"
18 "git.curoverse.com/arvados.git/sdk/go/health"
19 "git.curoverse.com/arvados.git/sdk/go/httpserver"
23 Cluster *arvados.Cluster
24 NodeProfile *arvados.NodeProfile
27 handlerStack http.Handler
28 proxyClient *arvados.Client
31 func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
32 h.setupOnce.Do(h.setup)
33 h.handlerStack.ServeHTTP(w, req)
36 func (h *Handler) CheckHealth() error {
37 h.setupOnce.Do(h.setup)
38 _, err := findRailsAPI(h.Cluster, h.NodeProfile)
42 func (h *Handler) setup() {
43 mux := http.NewServeMux()
44 mux.Handle("/_health/", &health.Handler{
45 Token: h.Cluster.ManagementToken,
48 mux.Handle("/", http.HandlerFunc(h.proxyRailsAPI))
51 // Changing the global isn't the right way to do this, but a
52 // proper solution would conflict with an impending 13493
53 // merge anyway, so this will do for now.
54 arvados.InsecureHTTPClient.CheckRedirect = func(*http.Request, []*http.Request) error { return http.ErrUseLastResponse }
57 // headers that shouldn't be forwarded when proxying. See
58 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
59 var dropHeaders = map[string]bool{
62 "Proxy-Authenticate": true,
63 "Proxy-Authorization": true,
66 "Transfer-Encoding": true,
70 func (h *Handler) proxyRailsAPI(w http.ResponseWriter, reqIn *http.Request) {
71 urlOut, err := findRailsAPI(h.Cluster, h.NodeProfile)
73 httpserver.Error(w, err.Error(), http.StatusInternalServerError)
77 Scheme: urlOut.Scheme,
80 RawPath: reqIn.URL.RawPath,
81 RawQuery: reqIn.URL.RawQuery,
84 // Copy headers from incoming request, then add/replace proxy
85 // headers like Via and X-Forwarded-For.
86 hdrOut := http.Header{}
87 for k, v := range reqIn.Header {
92 xff := reqIn.RemoteAddr
93 if xffIn := reqIn.Header.Get("X-Forwarded-For"); xffIn != "" {
94 xff = xffIn + "," + xff
96 hdrOut.Set("X-Forwarded-For", xff)
97 hdrOut.Add("Via", reqIn.Proto+" arvados-controller")
99 ctx := reqIn.Context()
100 if timeout := h.Cluster.HTTPRequestTimeout; timeout > 0 {
101 var cancel context.CancelFunc
102 ctx, cancel = context.WithDeadline(ctx, time.Now().Add(time.Duration(timeout)))
106 reqOut := (&http.Request{
107 Method: reqIn.Method,
113 resp, err := arvados.InsecureHTTPClient.Do(reqOut)
115 httpserver.Error(w, err.Error(), http.StatusInternalServerError)
118 for k, v := range resp.Header {
119 for _, v := range v {
123 w.WriteHeader(resp.StatusCode)
124 n, err := io.Copy(w, resp.Body)
126 httpserver.Logger(reqIn).WithError(err).WithField("bytesCopied", n).Error("error copying response body")
130 // For now, findRailsAPI always uses the rails API running on this
132 func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, error) {
133 hostport := np.RailsAPI.Listen
134 if len(hostport) > 1 && hostport[0] == ':' && strings.TrimRight(hostport[1:], "0123456789") == "" {
135 // ":12345" => connect to indicated port on localhost
136 hostport = "localhost" + hostport
137 } else if _, _, err := net.SplitHostPort(hostport); err == nil {
138 // "[::1]:12345" => connect to indicated address & port
146 return url.Parse(proto + "://" + hostport)