1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
18 "git.curoverse.com/arvados.git/sdk/go/arvados"
19 "git.curoverse.com/arvados.git/sdk/go/health"
20 "git.curoverse.com/arvados.git/sdk/go/httpserver"
24 Cluster *arvados.Cluster
25 NodeProfile *arvados.NodeProfile
28 handlerStack http.Handler
29 proxyClient *arvados.Client
32 func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
33 h.setupOnce.Do(h.setup)
34 h.handlerStack.ServeHTTP(w, req)
37 func (h *Handler) CheckHealth() error {
38 h.setupOnce.Do(h.setup)
39 _, err := findRailsAPI(h.Cluster, h.NodeProfile)
43 func (h *Handler) setup() {
44 mux := http.NewServeMux()
45 mux.Handle("/_health/", &health.Handler{
46 Token: h.Cluster.ManagementToken,
49 hs := http.NotFoundHandler()
50 hs = prepend(hs, h.proxyRailsAPI)
51 hs = prepend(hs, h.proxyRemoteCluster)
56 // headers that shouldn't be forwarded when proxying. See
57 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
58 var dropHeaders = map[string]bool{
61 "Proxy-Authenticate": true,
62 "Proxy-Authorization": true,
65 "Transfer-Encoding": true,
69 type middlewareFunc func(http.ResponseWriter, *http.Request, http.Handler)
71 func prepend(next http.Handler, middleware middlewareFunc) http.Handler {
72 return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
73 middleware(w, req, next)
77 var wfRe = regexp.MustCompile(`^/arvados/v1/workflows/([0-9a-z]{5})-[^/]+$`)
79 func (h *Handler) proxyRemoteCluster(w http.ResponseWriter, req *http.Request, next http.Handler) {
80 m := wfRe.FindStringSubmatch(req.URL.Path)
81 if len(m) < 2 || m[1] == h.Cluster.ClusterID {
82 next.ServeHTTP(w, req)
86 remote, ok := h.Cluster.RemoteClusters[remoteID]
88 httpserver.Error(w, "no proxy available for cluster "+remoteID, http.StatusNotFound)
91 scheme := remote.Scheme
99 RawPath: req.URL.RawPath,
100 RawQuery: req.URL.RawQuery,
102 err := h.saltAuthToken(req, remoteID)
104 httpserver.Error(w, err.Error(), http.StatusBadRequest)
107 h.proxy(w, req, urlOut)
110 func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) {
111 urlOut, err := findRailsAPI(h.Cluster, h.NodeProfile)
113 httpserver.Error(w, err.Error(), http.StatusInternalServerError)
117 Scheme: urlOut.Scheme,
120 RawPath: req.URL.RawPath,
121 RawQuery: req.URL.RawQuery,
123 h.proxy(w, req, urlOut)
126 func (h *Handler) proxy(w http.ResponseWriter, reqIn *http.Request, urlOut *url.URL) {
127 // Copy headers from incoming request, then add/replace proxy
128 // headers like Via and X-Forwarded-For.
129 hdrOut := http.Header{}
130 for k, v := range reqIn.Header {
135 xff := reqIn.RemoteAddr
136 if xffIn := reqIn.Header.Get("X-Forwarded-For"); xffIn != "" {
137 xff = xffIn + "," + xff
139 hdrOut.Set("X-Forwarded-For", xff)
140 hdrOut.Add("Via", reqIn.Proto+" arvados-controller")
142 ctx := reqIn.Context()
143 if timeout := h.Cluster.HTTPRequestTimeout; timeout > 0 {
144 var cancel context.CancelFunc
145 ctx, cancel = context.WithDeadline(ctx, time.Now().Add(time.Duration(timeout)))
149 reqOut := (&http.Request{
150 Method: reqIn.Method,
155 resp, err := arvados.InsecureHTTPClient.Do(reqOut)
157 httpserver.Error(w, err.Error(), http.StatusInternalServerError)
160 for k, v := range resp.Header {
161 for _, v := range v {
165 w.WriteHeader(resp.StatusCode)
166 n, err := io.Copy(w, resp.Body)
168 httpserver.Logger(reqIn).WithError(err).WithField("bytesCopied", n).Error("error copying response body")
172 // For now, findRailsAPI always uses the rails API running on this
174 func findRailsAPI(cluster *arvados.Cluster, np *arvados.NodeProfile) (*url.URL, error) {
175 hostport := np.RailsAPI.Listen
176 if len(hostport) > 1 && hostport[0] == ':' && strings.TrimRight(hostport[1:], "0123456789") == "" {
177 // ":12345" => connect to indicated port on localhost
178 hostport = "localhost" + hostport
179 } else if _, _, err := net.SplitHostPort(hostport); err == nil {
180 // "[::1]:12345" => connect to indicated address & port
188 return url.Parse(proto + "://" + hostport)