projects / arvados.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add 'apps/arv-web/' from commit 'f9732ad8460d013c2f28363655d0d1b91894dca5'
[arvados.git] / services / keepproxy / keepproxy.go
1 package main
2
3 import (
4         "flag"
5         "fmt"
6         "git.curoverse.com/arvados.git/sdk/go/arvadosclient"
7         "git.curoverse.com/arvados.git/sdk/go/keepclient"
8         "github.com/gorilla/mux"
9         "io"
10         "io/ioutil"
11         "log"
12         "net"
13         "net/http"
14         "os"
15         "os/signal"
16         "sync"
17         "syscall"
18         "time"
19 )
20
21 // Default TCP address on which to listen for requests.
22 // Initialized by the -listen flag.
23 const DEFAULT_ADDR = ":25107"
24
25 var listener net.Listener
26
27 func main() {
28         var (
29                 listen           string
30                 no_get           bool
31                 no_put           bool
32                 default_replicas int
33                 timeout          int64
34                 pidfile          string
35         )
36
37         flagset := flag.NewFlagSet("default", flag.ExitOnError)
38
39         flagset.StringVar(
40                 &listen,
41                 "listen",
42                 DEFAULT_ADDR,
43                 "Interface on which to listen for requests, in the format "+
44                         "ipaddr:port. e.g. -listen=10.0.1.24:8000. Use -listen=:port "+
45                         "to listen on all network interfaces.")
46
47         flagset.BoolVar(
48                 &no_get,
49                 "no-get",
50                 false,
51                 "If set, disable GET operations")
52
53         flagset.BoolVar(
54                 &no_put,
55                 "no-put",
56                 false,
57                 "If set, disable PUT operations")
58
59         flagset.IntVar(
60                 &default_replicas,
61                 "default-replicas",
62                 2,
63                 "Default number of replicas to write if not specified by the client.")
64
65         flagset.Int64Var(
66                 &timeout,
67                 "timeout",
68                 15,
69                 "Timeout on requests to internal Keep services (default 15 seconds)")
70
71         flagset.StringVar(
72                 &pidfile,
73                 "pid",
74                 "",
75                 "Path to write pid file")
76
77         flagset.Parse(os.Args[1:])
78
79         arv, err := arvadosclient.MakeArvadosClient()
80         if err != nil {
81                 log.Fatalf("Error setting up arvados client %s", err.Error())
82         }
83
84         kc, err := keepclient.MakeKeepClient(&arv)
85         if err != nil {
86                 log.Fatalf("Error setting up keep client %s", err.Error())
87         }
88
89         if pidfile != "" {
90                 f, err := os.Create(pidfile)
91                 if err != nil {
92                         log.Fatalf("Error writing pid file (%s): %s", pidfile, err.Error())
93                 }
94                 fmt.Fprint(f, os.Getpid())
95                 f.Close()
96                 defer os.Remove(pidfile)
97         }
98
99         kc.Want_replicas = default_replicas
100
101         kc.Client.Timeout = time.Duration(timeout) * time.Second
102
103         listener, err = net.Listen("tcp", listen)
104         if err != nil {
105                 log.Fatalf("Could not listen on %v", listen)
106         }
107
108         go RefreshServicesList(&kc)
109
110         // Shut down the server gracefully (by closing the listener)
111         // if SIGTERM is received.
112         term := make(chan os.Signal, 1)
113         go func(sig <-chan os.Signal) {
114                 s := <-sig
115                 log.Println("caught signal:", s)
116                 listener.Close()
117         }(term)
118         signal.Notify(term, syscall.SIGTERM)
119         signal.Notify(term, syscall.SIGINT)
120
121         log.Printf("Arvados Keep proxy started listening on %v with server list %v", listener.Addr(), kc.ServiceRoots())
122
123         // Start listening for requests.
124         http.Serve(listener, MakeRESTRouter(!no_get, !no_put, &kc))
125
126         log.Println("shutting down")
127 }
128
129 type ApiTokenCache struct {
130         tokens     map[string]int64
131         lock       sync.Mutex
132         expireTime int64
133 }
134
135 // Refresh the keep service list every five minutes.
136 func RefreshServicesList(kc *keepclient.KeepClient) {
137         for {
138                 time.Sleep(300 * time.Second)
139                 oldservices := kc.ServiceRoots()
140                 kc.DiscoverKeepServers()
141                 newservices := kc.ServiceRoots()
142                 s1 := fmt.Sprint(oldservices)
143                 s2 := fmt.Sprint(newservices)
144                 if s1 != s2 {
145                         log.Printf("Updated server list to %v", s2)
146                 }
147         }
148 }
149
150 // Cache the token and set an expire time.  If we already have an expire time
151 // on the token, it is not updated.
152 func (this *ApiTokenCache) RememberToken(token string) {
153         this.lock.Lock()
154         defer this.lock.Unlock()
155
156         now := time.Now().Unix()
157         if this.tokens[token] == 0 {
158                 this.tokens[token] = now + this.expireTime
159         }
160 }
161
162 // Check if the cached token is known and still believed to be valid.
163 func (this *ApiTokenCache) RecallToken(token string) bool {
164         this.lock.Lock()
165         defer this.lock.Unlock()
166
167         now := time.Now().Unix()
168         if this.tokens[token] == 0 {
169                 // Unknown token
170                 return false
171         } else if now < this.tokens[token] {
172                 // Token is known and still valid
173                 return true
174         } else {
175                 // Token is expired
176                 this.tokens[token] = 0
177                 return false
178         }
179 }
180
181 func GetRemoteAddress(req *http.Request) string {
182         if realip := req.Header.Get("X-Real-IP"); realip != "" {
183                 if forwarded := req.Header.Get("X-Forwarded-For"); forwarded != realip {
184                         return fmt.Sprintf("%s (X-Forwarded-For %s)", realip, forwarded)
185                 } else {
186                         return realip
187                 }
188         }
189         return req.RemoteAddr
190 }
191
192 func CheckAuthorizationHeader(kc keepclient.KeepClient, cache *ApiTokenCache, req *http.Request) (pass bool, tok string) {
193         var auth string
194         if auth = req.Header.Get("Authorization"); auth == "" {
195                 return false, ""
196         }
197
198         _, err := fmt.Sscanf(auth, "OAuth2 %s", &tok)
199         if err != nil {
200                 // Scanning error
201                 return false, ""
202         }
203
204         if cache.RecallToken(tok) {
205                 // Valid in the cache, short circut
206                 return true, tok
207         }
208
209         arv := *kc.Arvados
210         arv.ApiToken = tok
211         if err := arv.Call("HEAD", "users", "", "current", nil, nil); err != nil {
212                 log.Printf("%s: CheckAuthorizationHeader error: %v", GetRemoteAddress(req), err)
213                 return false, ""
214         }
215
216         // Success!  Update cache
217         cache.RememberToken(tok)
218
219         return true, tok
220 }
221
222 type GetBlockHandler struct {
223         *keepclient.KeepClient
224         *ApiTokenCache
225 }
226
227 type PutBlockHandler struct {
228         *keepclient.KeepClient
229         *ApiTokenCache
230 }
231
232 type InvalidPathHandler struct{}
233
234 type OptionsHandler struct{}
235
236 // MakeRESTRouter
237 //     Returns a mux.Router that passes GET and PUT requests to the
238 //     appropriate handlers.
239 //
240 func MakeRESTRouter(
241         enable_get bool,
242         enable_put bool,
243         kc *keepclient.KeepClient) *mux.Router {
244
245         t := &ApiTokenCache{tokens: make(map[string]int64), expireTime: 300}
246
247         rest := mux.NewRouter()
248
249         if enable_get {
250                 rest.Handle(`/{hash:[0-9a-f]{32}}+{hints}`,
251                         GetBlockHandler{kc, t}).Methods("GET", "HEAD")
252                 rest.Handle(`/{hash:[0-9a-f]{32}}`, GetBlockHandler{kc, t}).Methods("GET", "HEAD")
253         }
254
255         if enable_put {
256                 rest.Handle(`/{hash:[0-9a-f]{32}}+{hints}`, PutBlockHandler{kc, t}).Methods("PUT")
257                 rest.Handle(`/{hash:[0-9a-f]{32}}`, PutBlockHandler{kc, t}).Methods("PUT")
258                 rest.Handle(`/`, PutBlockHandler{kc, t}).Methods("POST")
259                 rest.Handle(`/{any}`, OptionsHandler{}).Methods("OPTIONS")
260                 rest.Handle(`/`, OptionsHandler{}).Methods("OPTIONS")
261         }
262
263         rest.NotFoundHandler = InvalidPathHandler{}
264
265         return rest
266 }
267
268 func SetCorsHeaders(resp http.ResponseWriter) {
269         resp.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, OPTIONS")
270         resp.Header().Set("Access-Control-Allow-Origin", "*")
271         resp.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
272         resp.Header().Set("Access-Control-Max-Age", "86486400")
273 }
274
275 func (this InvalidPathHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
276         log.Printf("%s: %s %s unroutable", GetRemoteAddress(req), req.Method, req.URL.Path)
277         http.Error(resp, "Bad request", http.StatusBadRequest)
278 }
279
280 func (this OptionsHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
281         log.Printf("%s: %s %s", GetRemoteAddress(req), req.Method, req.URL.Path)
282         SetCorsHeaders(resp)
283 }
284
285 func (this GetBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
286         SetCorsHeaders(resp)
287
288         kc := *this.KeepClient
289
290         hash := mux.Vars(req)["hash"]
291         hints := mux.Vars(req)["hints"]
292
293         locator := keepclient.MakeLocator2(hash, hints)
294
295         log.Printf("%s: %s %s begin", GetRemoteAddress(req), req.Method, hash)
296
297         var pass bool
298         var tok string
299         if pass, tok = CheckAuthorizationHeader(kc, this.ApiTokenCache, req); !pass {
300                 http.Error(resp, "Missing or invalid Authorization header", http.StatusForbidden)
301                 return
302         }
303
304         // Copy ArvadosClient struct and use the client's API token
305         arvclient := *kc.Arvados
306         arvclient.ApiToken = tok
307         kc.Arvados = &arvclient
308
309         var reader io.ReadCloser
310         var err error
311         var blocklen int64
312
313         if req.Method == "GET" {
314                 reader, blocklen, _, err = kc.AuthorizedGet(hash, locator.Signature, locator.Timestamp)
315                 defer reader.Close()
316         } else if req.Method == "HEAD" {
317                 blocklen, _, err = kc.AuthorizedAsk(hash, locator.Signature, locator.Timestamp)
318         }
319
320         if blocklen > -1 {
321                 resp.Header().Set("Content-Length", fmt.Sprint(blocklen))
322         } else {
323                 log.Printf("%s: %s %s Keep server did not return Content-Length",
324                         GetRemoteAddress(req), req.Method, hash)
325         }
326
327         var status = 0
328         switch err {
329         case nil:
330                 status = http.StatusOK
331                 if reader != nil {
332                         n, err2 := io.Copy(resp, reader)
333                         if blocklen > -1 && n != blocklen {
334                                 log.Printf("%s: %s %s %v %v mismatched copy size expected Content-Length: %v",
335                                         GetRemoteAddress(req), req.Method, hash, status, n, blocklen)
336                         } else if err2 == nil {
337                                 log.Printf("%s: %s %s %v %v",
338                                         GetRemoteAddress(req), req.Method, hash, status, n)
339                         } else {
340                                 log.Printf("%s: %s %s %v %v copy error: %v",
341                                         GetRemoteAddress(req), req.Method, hash, status, n, err2.Error())
342                         }
343                 } else {
344                         log.Printf("%s: %s %s %v 0", GetRemoteAddress(req), req.Method, hash, status)
345                 }
346         case keepclient.BlockNotFound:
347                 status = http.StatusNotFound
348                 http.Error(resp, "Not found", http.StatusNotFound)
349         default:
350                 status = http.StatusBadGateway
351                 http.Error(resp, err.Error(), http.StatusBadGateway)
352         }
353
354         if err != nil {
355                 log.Printf("%s: %s %s %v error: %v",
356                         GetRemoteAddress(req), req.Method, hash, status, err.Error())
357         }
358 }
359
360 func (this PutBlockHandler) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
361         SetCorsHeaders(resp)
362
363         kc := *this.KeepClient
364
365         hash := mux.Vars(req)["hash"]
366         hints := mux.Vars(req)["hints"]
367
368         locator := keepclient.MakeLocator2(hash, hints)
369
370         var contentLength int64 = -1
371         if req.Header.Get("Content-Length") != "" {
372                 _, err := fmt.Sscanf(req.Header.Get("Content-Length"), "%d", &contentLength)
373                 if err != nil {
374                         resp.Header().Set("Content-Length", fmt.Sprintf("%d", contentLength))
375                 }
376
377         }
378
379         log.Printf("%s: %s %s Content-Length %v", GetRemoteAddress(req), req.Method, hash, contentLength)
380
381         if contentLength < 0 {
382                 http.Error(resp, "Must include Content-Length header", http.StatusLengthRequired)
383                 return
384         }
385
386         if locator.Size > 0 && int64(locator.Size) != contentLength {
387                 http.Error(resp, "Locator size hint does not match Content-Length header", http.StatusBadRequest)
388                 return
389         }
390
391         var pass bool
392         var tok string
393         if pass, tok = CheckAuthorizationHeader(kc, this.ApiTokenCache, req); !pass {
394                 http.Error(resp, "Missing or invalid Authorization header", http.StatusForbidden)
395                 return
396         }
397
398         // Copy ArvadosClient struct and use the client's API token
399         arvclient := *kc.Arvados
400         arvclient.ApiToken = tok
401         kc.Arvados = &arvclient
402
403         // Check if the client specified the number of replicas
404         if req.Header.Get("X-Keep-Desired-Replicas") != "" {
405                 var r int
406                 _, err := fmt.Sscanf(req.Header.Get(keepclient.X_Keep_Desired_Replicas), "%d", &r)
407                 if err != nil {
408                         kc.Want_replicas = r
409                 }
410         }
411
412         // Now try to put the block through
413         var replicas int
414         var put_err error
415         if hash == "" {
416                 if bytes, err := ioutil.ReadAll(req.Body); err != nil {
417                         msg := fmt.Sprintf("Error reading request body: %s", err)
418                         log.Printf(msg)
419                         http.Error(resp, msg, http.StatusInternalServerError)
420                         return
421                 } else {
422                         hash, replicas, put_err = kc.PutB(bytes)
423                 }
424         } else {
425                 hash, replicas, put_err = kc.PutHR(hash, req.Body, contentLength)
426         }
427
428         // Tell the client how many successful PUTs we accomplished
429         resp.Header().Set(keepclient.X_Keep_Replicas_Stored, fmt.Sprintf("%d", replicas))
430
431         switch put_err {
432         case nil:
433                 // Default will return http.StatusOK
434                 log.Printf("%s: %s %s finished, stored %v replicas (desired %v)", GetRemoteAddress(req), req.Method, hash, replicas, kc.Want_replicas)
435                 n, err2 := io.WriteString(resp, hash)
436                 if err2 != nil {
437                         log.Printf("%s: wrote %v bytes to response body and got error %v", n, err2.Error())
438                 }
439
440         case keepclient.OversizeBlockError:
441                 // Too much data
442                 http.Error(resp, fmt.Sprintf("Exceeded maximum blocksize %d", keepclient.BLOCKSIZE), http.StatusRequestEntityTooLarge)
443
444         case keepclient.InsufficientReplicasError:
445                 if replicas > 0 {
446                         // At least one write is considered success.  The
447                         // client can decide if getting less than the number of
448                         // replications it asked for is a fatal error.
449                         // Default will return http.StatusOK
450                         n, err2 := io.WriteString(resp, hash)
451                         if err2 != nil {
452                                 log.Printf("%s: wrote %v bytes to response body and got error %v", n, err2.Error())
453                         }
454                 } else {
455                         http.Error(resp, put_err.Error(), http.StatusServiceUnavailable)
456                 }
457
458         default:
459                 http.Error(resp, put_err.Error(), http.StatusBadGateway)
460         }
461
462         if put_err != nil {
463                 log.Printf("%s: %s %s stored %v replicas (desired %v) got error %v", GetRemoteAddress(req), req.Method, hash, replicas, kc.Want_replicas, put_err.Error())
464         }
465
466 }