Merge branch '16118-arvboot-fixes'
[arvados.git] / services / keep-web / handler.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package main
6
7 import (
8         "encoding/json"
9         "html"
10         "html/template"
11         "io"
12         "net/http"
13         "net/url"
14         "os"
15         "path/filepath"
16         "sort"
17         "strconv"
18         "strings"
19         "sync"
20
21         "git.arvados.org/arvados.git/sdk/go/arvados"
22         "git.arvados.org/arvados.git/sdk/go/arvadosclient"
23         "git.arvados.org/arvados.git/sdk/go/auth"
24         "git.arvados.org/arvados.git/sdk/go/ctxlog"
25         "git.arvados.org/arvados.git/sdk/go/health"
26         "git.arvados.org/arvados.git/sdk/go/httpserver"
27         "git.arvados.org/arvados.git/sdk/go/keepclient"
28         "github.com/sirupsen/logrus"
29         "golang.org/x/net/webdav"
30 )
31
32 type handler struct {
33         Config        *Config
34         MetricsAPI    http.Handler
35         clientPool    *arvadosclient.ClientPool
36         setupOnce     sync.Once
37         healthHandler http.Handler
38         webdavLS      webdav.LockSystem
39 }
40
41 // parseCollectionIDFromDNSName returns a UUID or PDH if s begins with
42 // a UUID or URL-encoded PDH; otherwise "".
43 func parseCollectionIDFromDNSName(s string) string {
44         // Strip domain.
45         if i := strings.IndexRune(s, '.'); i >= 0 {
46                 s = s[:i]
47         }
48         // Names like {uuid}--collections.example.com serve the same
49         // purpose as {uuid}.collections.example.com but can reduce
50         // cost/effort of using [additional] wildcard certificates.
51         if i := strings.Index(s, "--"); i >= 0 {
52                 s = s[:i]
53         }
54         if arvadosclient.UUIDMatch(s) {
55                 return s
56         }
57         if pdh := strings.Replace(s, "-", "+", 1); arvadosclient.PDHMatch(pdh) {
58                 return pdh
59         }
60         return ""
61 }
62
63 var urlPDHDecoder = strings.NewReplacer(" ", "+", "-", "+")
64
65 // parseCollectionIDFromURL returns a UUID or PDH if s is a UUID or a
66 // PDH (even if it is a PDH with "+" replaced by " " or "-");
67 // otherwise "".
68 func parseCollectionIDFromURL(s string) string {
69         if arvadosclient.UUIDMatch(s) {
70                 return s
71         }
72         if pdh := urlPDHDecoder.Replace(s); arvadosclient.PDHMatch(pdh) {
73                 return pdh
74         }
75         return ""
76 }
77
78 func (h *handler) setup() {
79         // Errors will be handled at the client pool.
80         arv, _ := arvados.NewClientFromConfig(h.Config.cluster)
81         h.clientPool = arvadosclient.MakeClientPoolWith(arv)
82
83         keepclient.RefreshServiceDiscoveryOnSIGHUP()
84         keepclient.DefaultBlockCache.MaxBlocks = h.Config.cluster.Collections.WebDAVCache.MaxBlockEntries
85
86         h.healthHandler = &health.Handler{
87                 Token:  h.Config.cluster.ManagementToken,
88                 Prefix: "/_health/",
89         }
90
91         // Even though we don't accept LOCK requests, every webdav
92         // handler must have a non-nil LockSystem.
93         h.webdavLS = &noLockSystem{}
94 }
95
96 func (h *handler) serveStatus(w http.ResponseWriter, r *http.Request) {
97         json.NewEncoder(w).Encode(struct{ Version string }{version})
98 }
99
100 // updateOnSuccess wraps httpserver.ResponseWriter. If the handler
101 // sends an HTTP header indicating success, updateOnSuccess first
102 // calls the provided update func. If the update func fails, a 500
103 // response is sent, and the status code and body sent by the handler
104 // are ignored (all response writes return the update error).
105 type updateOnSuccess struct {
106         httpserver.ResponseWriter
107         logger     logrus.FieldLogger
108         update     func() error
109         sentHeader bool
110         err        error
111 }
112
113 func (uos *updateOnSuccess) Write(p []byte) (int, error) {
114         if !uos.sentHeader {
115                 uos.WriteHeader(http.StatusOK)
116         }
117         if uos.err != nil {
118                 return 0, uos.err
119         }
120         return uos.ResponseWriter.Write(p)
121 }
122
123 func (uos *updateOnSuccess) WriteHeader(code int) {
124         if !uos.sentHeader {
125                 uos.sentHeader = true
126                 if code >= 200 && code < 400 {
127                         if uos.err = uos.update(); uos.err != nil {
128                                 code := http.StatusInternalServerError
129                                 if err, ok := uos.err.(*arvados.TransactionError); ok {
130                                         code = err.StatusCode
131                                 }
132                                 uos.logger.WithError(uos.err).Errorf("update() returned error type %T, changing response to HTTP %d", uos.err, code)
133                                 http.Error(uos.ResponseWriter, uos.err.Error(), code)
134                                 return
135                         }
136                 }
137         }
138         uos.ResponseWriter.WriteHeader(code)
139 }
140
141 var (
142         corsAllowHeadersHeader = strings.Join([]string{
143                 "Authorization", "Content-Type", "Range",
144                 // WebDAV request headers:
145                 "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
146         }, ", ")
147         writeMethod = map[string]bool{
148                 "COPY":      true,
149                 "DELETE":    true,
150                 "LOCK":      true,
151                 "MKCOL":     true,
152                 "MOVE":      true,
153                 "PROPPATCH": true,
154                 "PUT":       true,
155                 "RMCOL":     true,
156                 "UNLOCK":    true,
157         }
158         webdavMethod = map[string]bool{
159                 "COPY":      true,
160                 "DELETE":    true,
161                 "LOCK":      true,
162                 "MKCOL":     true,
163                 "MOVE":      true,
164                 "OPTIONS":   true,
165                 "PROPFIND":  true,
166                 "PROPPATCH": true,
167                 "PUT":       true,
168                 "RMCOL":     true,
169                 "UNLOCK":    true,
170         }
171         browserMethod = map[string]bool{
172                 "GET":  true,
173                 "HEAD": true,
174                 "POST": true,
175         }
176         // top-level dirs to serve with siteFS
177         siteFSDir = map[string]bool{
178                 "":      true, // root directory
179                 "by_id": true,
180                 "users": true,
181         }
182 )
183
184 // ServeHTTP implements http.Handler.
185 func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
186         h.setupOnce.Do(h.setup)
187
188         remoteAddr := r.RemoteAddr
189         if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
190                 remoteAddr = xff + "," + remoteAddr
191         }
192         if xfp := r.Header.Get("X-Forwarded-Proto"); xfp != "" && xfp != "http" {
193                 r.URL.Scheme = xfp
194         }
195
196         w := httpserver.WrapResponseWriter(wOrig)
197
198         if strings.HasPrefix(r.URL.Path, "/_health/") && r.Method == "GET" {
199                 h.healthHandler.ServeHTTP(w, r)
200                 return
201         }
202
203         if method := r.Header.Get("Access-Control-Request-Method"); method != "" && r.Method == "OPTIONS" {
204                 if !browserMethod[method] && !webdavMethod[method] {
205                         w.WriteHeader(http.StatusMethodNotAllowed)
206                         return
207                 }
208                 w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
209                 w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
210                 w.Header().Set("Access-Control-Allow-Origin", "*")
211                 w.Header().Set("Access-Control-Max-Age", "86400")
212                 return
213         }
214
215         if !browserMethod[r.Method] && !webdavMethod[r.Method] {
216                 w.WriteHeader(http.StatusMethodNotAllowed)
217                 return
218         }
219
220         if r.Header.Get("Origin") != "" {
221                 // Allow simple cross-origin requests without user
222                 // credentials ("user credentials" as defined by CORS,
223                 // i.e., cookies, HTTP authentication, and client-side
224                 // SSL certificates. See
225                 // http://www.w3.org/TR/cors/#user-credentials).
226                 w.Header().Set("Access-Control-Allow-Origin", "*")
227                 w.Header().Set("Access-Control-Expose-Headers", "Content-Range")
228         }
229
230         pathParts := strings.Split(r.URL.Path[1:], "/")
231
232         var stripParts int
233         var collectionID string
234         var tokens []string
235         var reqTokens []string
236         var pathToken bool
237         var attachment bool
238         var useSiteFS bool
239         credentialsOK := h.Config.cluster.Collections.TrustAllContent
240
241         if r.Host != "" && r.Host == h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host {
242                 credentialsOK = true
243                 attachment = true
244         } else if r.FormValue("disposition") == "attachment" {
245                 attachment = true
246         }
247
248         if collectionID = parseCollectionIDFromDNSName(r.Host); collectionID != "" {
249                 // http://ID.collections.example/PATH...
250                 credentialsOK = true
251         } else if r.URL.Path == "/status.json" {
252                 h.serveStatus(w, r)
253                 return
254         } else if strings.HasPrefix(r.URL.Path, "/metrics") {
255                 h.MetricsAPI.ServeHTTP(w, r)
256                 return
257         } else if siteFSDir[pathParts[0]] {
258                 useSiteFS = true
259         } else if len(pathParts) >= 1 && strings.HasPrefix(pathParts[0], "c=") {
260                 // /c=ID[/PATH...]
261                 collectionID = parseCollectionIDFromURL(pathParts[0][2:])
262                 stripParts = 1
263         } else if len(pathParts) >= 2 && pathParts[0] == "collections" {
264                 if len(pathParts) >= 4 && pathParts[1] == "download" {
265                         // /collections/download/ID/TOKEN/PATH...
266                         collectionID = parseCollectionIDFromURL(pathParts[2])
267                         tokens = []string{pathParts[3]}
268                         stripParts = 4
269                         pathToken = true
270                 } else {
271                         // /collections/ID/PATH...
272                         collectionID = parseCollectionIDFromURL(pathParts[1])
273                         stripParts = 2
274                         // This path is only meant to work for public
275                         // data. Tokens provided with the request are
276                         // ignored.
277                         credentialsOK = false
278                 }
279         }
280
281         if collectionID == "" && !useSiteFS {
282                 w.WriteHeader(http.StatusNotFound)
283                 return
284         }
285
286         forceReload := false
287         if cc := r.Header.Get("Cache-Control"); strings.Contains(cc, "no-cache") || strings.Contains(cc, "must-revalidate") {
288                 forceReload = true
289         }
290
291         if credentialsOK {
292                 reqTokens = auth.CredentialsFromRequest(r).Tokens
293         }
294
295         formToken := r.FormValue("api_token")
296         if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
297                 // The client provided an explicit token in the POST
298                 // body. The Origin header indicates this *might* be
299                 // an AJAX request, in which case redirect-with-cookie
300                 // won't work: we should just serve the content in the
301                 // POST response. This is safe because:
302                 //
303                 // * We're supplying an attachment, not inline
304                 //   content, so we don't need to convert the POST to
305                 //   a GET and avoid the "really resubmit form?"
306                 //   problem.
307                 //
308                 // * The token isn't embedded in the URL, so we don't
309                 //   need to worry about bookmarks and copy/paste.
310                 reqTokens = append(reqTokens, formToken)
311         } else if formToken != "" && browserMethod[r.Method] {
312                 // The client provided an explicit token in the query
313                 // string, or a form in POST body. We must put the
314                 // token in an HttpOnly cookie, and redirect to the
315                 // same URL with the query param redacted and method =
316                 // GET.
317                 h.seeOtherWithCookie(w, r, "", credentialsOK)
318                 return
319         }
320
321         if useSiteFS {
322                 h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment)
323                 return
324         }
325
326         targetPath := pathParts[stripParts:]
327         if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") {
328                 // http://ID.example/t=TOKEN/PATH...
329                 // /c=ID/t=TOKEN/PATH...
330                 //
331                 // This form must only be used to pass scoped tokens
332                 // that give permission for a single collection. See
333                 // FormValue case above.
334                 tokens = []string{targetPath[0][2:]}
335                 pathToken = true
336                 targetPath = targetPath[1:]
337                 stripParts++
338         }
339
340         if tokens == nil {
341                 tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken)
342         }
343
344         if len(targetPath) > 0 && targetPath[0] == "_" {
345                 // If a collection has a directory called "t=foo" or
346                 // "_", it can be served at
347                 // //collections.example/_/t=foo/ or
348                 // //collections.example/_/_/ respectively:
349                 // //collections.example/t=foo/ won't work because
350                 // t=foo will be interpreted as a token "foo".
351                 targetPath = targetPath[1:]
352                 stripParts++
353         }
354
355         arv := h.clientPool.Get()
356         if arv == nil {
357                 http.Error(w, "client pool error: "+h.clientPool.Err().Error(), http.StatusInternalServerError)
358                 return
359         }
360         defer h.clientPool.Put(arv)
361
362         var collection *arvados.Collection
363         tokenResult := make(map[string]int)
364         for _, arv.ApiToken = range tokens {
365                 var err error
366                 collection, err = h.Config.Cache.Get(arv, collectionID, forceReload)
367                 if err == nil {
368                         // Success
369                         break
370                 }
371                 if srvErr, ok := err.(arvadosclient.APIServerError); ok {
372                         switch srvErr.HttpStatusCode {
373                         case 404, 401:
374                                 // Token broken or insufficient to
375                                 // retrieve collection
376                                 tokenResult[arv.ApiToken] = srvErr.HttpStatusCode
377                                 continue
378                         }
379                 }
380                 // Something more serious is wrong
381                 http.Error(w, "cache error: "+err.Error(), http.StatusInternalServerError)
382                 return
383         }
384         if collection == nil {
385                 if pathToken || !credentialsOK {
386                         // Either the URL is a "secret sharing link"
387                         // that didn't work out (and asking the client
388                         // for additional credentials would just be
389                         // confusing), or we don't even accept
390                         // credentials at this path.
391                         w.WriteHeader(http.StatusNotFound)
392                         return
393                 }
394                 for _, t := range reqTokens {
395                         if tokenResult[t] == 404 {
396                                 // The client provided valid token(s), but the
397                                 // collection was not found.
398                                 w.WriteHeader(http.StatusNotFound)
399                                 return
400                         }
401                 }
402                 // The client's token was invalid (e.g., expired), or
403                 // the client didn't even provide one.  Propagate the
404                 // 401 to encourage the client to use a [different]
405                 // token.
406                 //
407                 // TODO(TC): This response would be confusing to
408                 // someone trying (anonymously) to download public
409                 // data that has been deleted.  Allow a referrer to
410                 // provide this context somehow?
411                 w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"")
412                 w.WriteHeader(http.StatusUnauthorized)
413                 return
414         }
415
416         kc, err := keepclient.MakeKeepClient(arv)
417         if err != nil {
418                 http.Error(w, "error setting up keep client: "+err.Error(), http.StatusInternalServerError)
419                 return
420         }
421         kc.RequestID = r.Header.Get("X-Request-Id")
422
423         var basename string
424         if len(targetPath) > 0 {
425                 basename = targetPath[len(targetPath)-1]
426         }
427         applyContentDispositionHdr(w, r, basename, attachment)
428
429         client := (&arvados.Client{
430                 APIHost:   arv.ApiServer,
431                 AuthToken: arv.ApiToken,
432                 Insecure:  arv.ApiInsecure,
433         }).WithRequestID(r.Header.Get("X-Request-Id"))
434
435         fs, err := collection.FileSystem(client, kc)
436         if err != nil {
437                 http.Error(w, "error creating collection filesystem: "+err.Error(), http.StatusInternalServerError)
438                 return
439         }
440
441         writefs, writeOK := fs.(arvados.CollectionFileSystem)
442         targetIsPDH := arvadosclient.PDHMatch(collectionID)
443         if (targetIsPDH || !writeOK) && writeMethod[r.Method] {
444                 http.Error(w, errReadOnly.Error(), http.StatusMethodNotAllowed)
445                 return
446         }
447
448         if webdavMethod[r.Method] {
449                 if writeMethod[r.Method] {
450                         // Save the collection only if/when all
451                         // webdav->filesystem operations succeed --
452                         // and send a 500 error if the modified
453                         // collection can't be saved.
454                         w = &updateOnSuccess{
455                                 ResponseWriter: w,
456                                 logger:         ctxlog.FromContext(r.Context()),
457                                 update: func() error {
458                                         return h.Config.Cache.Update(client, *collection, writefs)
459                                 }}
460                 }
461                 h := webdav.Handler{
462                         Prefix: "/" + strings.Join(pathParts[:stripParts], "/"),
463                         FileSystem: &webdavFS{
464                                 collfs:        fs,
465                                 writing:       writeMethod[r.Method],
466                                 alwaysReadEOF: r.Method == "PROPFIND",
467                         },
468                         LockSystem: h.webdavLS,
469                         Logger: func(_ *http.Request, err error) {
470                                 if err != nil {
471                                         ctxlog.FromContext(r.Context()).WithError(err).Error("error reported by webdav handler")
472                                 }
473                         },
474                 }
475                 h.ServeHTTP(w, r)
476                 return
477         }
478
479         openPath := "/" + strings.Join(targetPath, "/")
480         if f, err := fs.Open(openPath); os.IsNotExist(err) {
481                 // Requested non-existent path
482                 w.WriteHeader(http.StatusNotFound)
483         } else if err != nil {
484                 // Some other (unexpected) error
485                 http.Error(w, "open: "+err.Error(), http.StatusInternalServerError)
486         } else if stat, err := f.Stat(); err != nil {
487                 // Can't get Size/IsDir (shouldn't happen with a collectionFS!)
488                 http.Error(w, "stat: "+err.Error(), http.StatusInternalServerError)
489         } else if stat.IsDir() && !strings.HasSuffix(r.URL.Path, "/") {
490                 // If client requests ".../dirname", redirect to
491                 // ".../dirname/". This way, relative links in the
492                 // listing for "dirname" can always be "fnm", never
493                 // "dirname/fnm".
494                 h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK)
495         } else if stat.IsDir() {
496                 h.serveDirectory(w, r, collection.Name, fs, openPath, true)
497         } else {
498                 http.ServeContent(w, r, basename, stat.ModTime(), f)
499                 if wrote := int64(w.WroteBodyBytes()); wrote != stat.Size() && r.Header.Get("Range") == "" {
500                         // If we wrote fewer bytes than expected, it's
501                         // too late to change the real response code
502                         // or send an error message to the client, but
503                         // at least we can try to put some useful
504                         // debugging info in the logs.
505                         n, err := f.Read(make([]byte, 1024))
506                         ctxlog.FromContext(r.Context()).Errorf("stat.Size()==%d but only wrote %d bytes; read(1024) returns %d, %s", stat.Size(), wrote, n, err)
507
508                 }
509         }
510 }
511
512 func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string, credentialsOK, attachment bool) {
513         if len(tokens) == 0 {
514                 w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"")
515                 http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
516                 return
517         }
518         if writeMethod[r.Method] {
519                 http.Error(w, errReadOnly.Error(), http.StatusMethodNotAllowed)
520                 return
521         }
522         arv := h.clientPool.Get()
523         if arv == nil {
524                 http.Error(w, "Pool failed: "+h.clientPool.Err().Error(), http.StatusInternalServerError)
525                 return
526         }
527         defer h.clientPool.Put(arv)
528         arv.ApiToken = tokens[0]
529
530         kc, err := keepclient.MakeKeepClient(arv)
531         if err != nil {
532                 http.Error(w, "error setting up keep client: "+err.Error(), http.StatusInternalServerError)
533                 return
534         }
535         kc.RequestID = r.Header.Get("X-Request-Id")
536         client := (&arvados.Client{
537                 APIHost:   arv.ApiServer,
538                 AuthToken: arv.ApiToken,
539                 Insecure:  arv.ApiInsecure,
540         }).WithRequestID(r.Header.Get("X-Request-Id"))
541         fs := client.SiteFileSystem(kc)
542         fs.ForwardSlashNameSubstitution(h.Config.cluster.Collections.ForwardSlashNameSubstitution)
543         f, err := fs.Open(r.URL.Path)
544         if os.IsNotExist(err) {
545                 http.Error(w, err.Error(), http.StatusNotFound)
546                 return
547         } else if err != nil {
548                 http.Error(w, err.Error(), http.StatusInternalServerError)
549                 return
550         }
551         defer f.Close()
552         if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" {
553                 if !strings.HasSuffix(r.URL.Path, "/") {
554                         h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK)
555                 } else {
556                         h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false)
557                 }
558                 return
559         }
560         if r.Method == "GET" {
561                 _, basename := filepath.Split(r.URL.Path)
562                 applyContentDispositionHdr(w, r, basename, attachment)
563         }
564         wh := webdav.Handler{
565                 Prefix: "/",
566                 FileSystem: &webdavFS{
567                         collfs:        fs,
568                         writing:       writeMethod[r.Method],
569                         alwaysReadEOF: r.Method == "PROPFIND",
570                 },
571                 LockSystem: h.webdavLS,
572                 Logger: func(_ *http.Request, err error) {
573                         if err != nil {
574                                 ctxlog.FromContext(r.Context()).WithError(err).Error("error reported by webdav handler")
575                         }
576                 },
577         }
578         wh.ServeHTTP(w, r)
579 }
580
581 var dirListingTemplate = `<!DOCTYPE HTML>
582 <HTML><HEAD>
583   <META name="robots" content="NOINDEX">
584   <TITLE>{{ .CollectionName }}</TITLE>
585   <STYLE type="text/css">
586     body {
587       margin: 1.5em;
588     }
589     pre {
590       background-color: #D9EDF7;
591       border-radius: .25em;
592       padding: .75em;
593       overflow: auto;
594     }
595     .footer p {
596       font-size: 82%;
597     }
598     ul {
599       padding: 0;
600     }
601     ul li {
602       font-family: monospace;
603       list-style: none;
604     }
605   </STYLE>
606 </HEAD>
607 <BODY>
608
609 <H1>{{ .CollectionName }}</H1>
610
611 <P>This collection of data files is being shared with you through
612 Arvados.  You can download individual files listed below.  To download
613 the entire directory tree with wget, try:</P>
614
615 <PRE>$ wget --mirror --no-parent --no-host --cut-dirs={{ .StripParts }} https://{{ .Request.Host }}{{ .Request.URL.Path }}</PRE>
616
617 <H2>File Listing</H2>
618
619 {{if .Files}}
620 <UL>
621 {{range .Files}}
622 {{if .IsDir }}
623   <LI>{{" " | printf "%15s  " | nbsp}}<A href="{{print "./" .Name}}/">{{.Name}}/</A></LI>
624 {{else}}
625   <LI>{{.Size | printf "%15d  " | nbsp}}<A href="{{print "./" .Name}}">{{.Name}}</A></LI>
626 {{end}}
627 {{end}}
628 </UL>
629 {{else}}
630 <P>(No files; this collection is empty.)</P>
631 {{end}}
632
633 <HR noshade>
634 <DIV class="footer">
635   <P>
636     About Arvados:
637     Arvados is a free and open source software bioinformatics platform.
638     To learn more, visit arvados.org.
639     Arvados is not responsible for the files listed on this page.
640   </P>
641 </DIV>
642
643 </BODY>
644 `
645
646 type fileListEnt struct {
647         Name  string
648         Size  int64
649         IsDir bool
650 }
651
652 func (h *handler) serveDirectory(w http.ResponseWriter, r *http.Request, collectionName string, fs http.FileSystem, base string, recurse bool) {
653         var files []fileListEnt
654         var walk func(string) error
655         if !strings.HasSuffix(base, "/") {
656                 base = base + "/"
657         }
658         walk = func(path string) error {
659                 dirname := base + path
660                 if dirname != "/" {
661                         dirname = strings.TrimSuffix(dirname, "/")
662                 }
663                 d, err := fs.Open(dirname)
664                 if err != nil {
665                         return err
666                 }
667                 ents, err := d.Readdir(-1)
668                 if err != nil {
669                         return err
670                 }
671                 for _, ent := range ents {
672                         if recurse && ent.IsDir() {
673                                 err = walk(path + ent.Name() + "/")
674                                 if err != nil {
675                                         return err
676                                 }
677                         } else {
678                                 files = append(files, fileListEnt{
679                                         Name:  path + ent.Name(),
680                                         Size:  ent.Size(),
681                                         IsDir: ent.IsDir(),
682                                 })
683                         }
684                 }
685                 return nil
686         }
687         if err := walk(""); err != nil {
688                 http.Error(w, "error getting directory listing: "+err.Error(), http.StatusInternalServerError)
689                 return
690         }
691
692         funcs := template.FuncMap{
693                 "nbsp": func(s string) template.HTML {
694                         return template.HTML(strings.Replace(s, " ", "&nbsp;", -1))
695                 },
696         }
697         tmpl, err := template.New("dir").Funcs(funcs).Parse(dirListingTemplate)
698         if err != nil {
699                 http.Error(w, "error parsing template: "+err.Error(), http.StatusInternalServerError)
700                 return
701         }
702         sort.Slice(files, func(i, j int) bool {
703                 return files[i].Name < files[j].Name
704         })
705         w.WriteHeader(http.StatusOK)
706         tmpl.Execute(w, map[string]interface{}{
707                 "CollectionName": collectionName,
708                 "Files":          files,
709                 "Request":        r,
710                 "StripParts":     strings.Count(strings.TrimRight(r.URL.Path, "/"), "/"),
711         })
712 }
713
714 func applyContentDispositionHdr(w http.ResponseWriter, r *http.Request, filename string, isAttachment bool) {
715         disposition := "inline"
716         if isAttachment {
717                 disposition = "attachment"
718         }
719         if strings.ContainsRune(r.RequestURI, '?') {
720                 // Help the UA realize that the filename is just
721                 // "filename.txt", not
722                 // "filename.txt?disposition=attachment".
723                 //
724                 // TODO(TC): Follow advice at RFC 6266 appendix D
725                 disposition += "; filename=" + strconv.QuoteToASCII(filename)
726         }
727         if disposition != "inline" {
728                 w.Header().Set("Content-Disposition", disposition)
729         }
730 }
731
732 func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, location string, credentialsOK bool) {
733         if formToken := r.FormValue("api_token"); formToken != "" {
734                 if !credentialsOK {
735                         // It is not safe to copy the provided token
736                         // into a cookie unless the current vhost
737                         // (origin) serves only a single collection or
738                         // we are in TrustAllContent mode.
739                         http.Error(w, "cannot serve inline content at this URL (possible configuration error; see https://doc.arvados.org/install/install-keep-web.html#dns)", http.StatusBadRequest)
740                         return
741                 }
742
743                 // The HttpOnly flag is necessary to prevent
744                 // JavaScript code (included in, or loaded by, a page
745                 // in the collection being served) from employing the
746                 // user's token beyond reading other files in the same
747                 // domain, i.e., same collection.
748                 //
749                 // The 303 redirect is necessary in the case of a GET
750                 // request to avoid exposing the token in the Location
751                 // bar, and in the case of a POST request to avoid
752                 // raising warnings when the user refreshes the
753                 // resulting page.
754                 http.SetCookie(w, &http.Cookie{
755                         Name:     "arvados_api_token",
756                         Value:    auth.EncodeTokenCookie([]byte(formToken)),
757                         Path:     "/",
758                         HttpOnly: true,
759                 })
760         }
761
762         // Propagate query parameters (except api_token) from
763         // the original request.
764         redirQuery := r.URL.Query()
765         redirQuery.Del("api_token")
766
767         u := r.URL
768         if location != "" {
769                 newu, err := u.Parse(location)
770                 if err != nil {
771                         http.Error(w, "error resolving redirect target: "+err.Error(), http.StatusInternalServerError)
772                         return
773                 }
774                 u = newu
775         }
776         redir := (&url.URL{
777                 Scheme:   r.URL.Scheme,
778                 Host:     r.Host,
779                 Path:     u.Path,
780                 RawQuery: redirQuery.Encode(),
781         }).String()
782
783         w.Header().Add("Location", redir)
784         w.WriteHeader(http.StatusSeeOther)
785         io.WriteString(w, `<A href="`)
786         io.WriteString(w, html.EscapeString(redir))
787         io.WriteString(w, `">Continue</A>`)
788 }