Merge branch '19269-all-users-writable'
[arvados.git] / lib / controller / proxy.go
1 // Copyright (C) The Arvados Authors. All rights reserved.
2 //
3 // SPDX-License-Identifier: AGPL-3.0
4
5 package controller
6
7 import (
8         "io"
9         "net/http"
10         "net/url"
11
12         "git.arvados.org/arvados.git/sdk/go/httpserver"
13 )
14
15 type proxy struct {
16         Name string // to use in Via header
17 }
18
19 type HTTPError struct {
20         Message string
21         Code    int
22 }
23
24 func (h HTTPError) Error() string {
25         return h.Message
26 }
27
28 var dropHeaders = map[string]bool{
29         // Headers that shouldn't be forwarded when proxying. See
30         // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
31         "Connection":          true,
32         "Keep-Alive":          true,
33         "Proxy-Authenticate":  true,
34         "Proxy-Authorization": true,
35         // (comment/space here makes gofmt1.10 agree with gofmt1.11)
36         "TE":      true,
37         "Trailer": true,
38         "Upgrade": true,
39
40         // Headers that would interfere with Go's automatic
41         // compression/decompression if we forwarded them.
42         "Accept-Encoding":   true,
43         "Content-Encoding":  true,
44         "Transfer-Encoding": true,
45
46         // Content-Length depends on encoding.
47         "Content-Length": true,
48 }
49
50 type ResponseFilter func(*http.Response, error) (*http.Response, error)
51
52 // Forward a request to upstream service, and return response or error.
53 func (p *proxy) Do(
54         reqIn *http.Request,
55         urlOut *url.URL,
56         client *http.Client) (*http.Response, error) {
57
58         // Copy headers from incoming request, then add/replace proxy
59         // headers like Via and X-Forwarded-For.
60         hdrOut := http.Header{}
61         for k, v := range reqIn.Header {
62                 if !dropHeaders[k] {
63                         hdrOut[k] = v
64                 }
65         }
66         xff := ""
67         for _, xffIn := range reqIn.Header["X-Forwarded-For"] {
68                 if xffIn != "" {
69                         xff += xffIn + ","
70                 }
71         }
72         xff += reqIn.RemoteAddr
73         hdrOut.Set("X-Forwarded-For", xff)
74         if hdrOut.Get("X-Forwarded-Proto") == "" {
75                 hdrOut.Set("X-Forwarded-Proto", reqIn.URL.Scheme)
76         }
77         hdrOut.Add("Via", reqIn.Proto+" arvados-controller")
78
79         reqOut := (&http.Request{
80                 Method: reqIn.Method,
81                 URL:    urlOut,
82                 Host:   reqIn.Host,
83                 Header: hdrOut,
84                 Body:   reqIn.Body,
85         }).WithContext(reqIn.Context())
86         return client.Do(reqOut)
87 }
88
89 // Copy a response (or error) to the downstream client
90 func (p *proxy) ForwardResponse(w http.ResponseWriter, resp *http.Response, err error) (int64, error) {
91         if err != nil {
92                 if he, ok := err.(HTTPError); ok {
93                         httpserver.Error(w, he.Message, he.Code)
94                 } else {
95                         httpserver.Error(w, err.Error(), http.StatusBadGateway)
96                 }
97                 return 0, nil
98         }
99
100         defer resp.Body.Close()
101         for k, v := range resp.Header {
102                 for _, v := range v {
103                         w.Header().Add(k, v)
104                 }
105         }
106         w.WriteHeader(resp.StatusCode)
107         return io.Copy(w, resp.Body)
108 }