package main
import (
- "flag"
"fmt"
"html"
"io"
"regexp"
"strconv"
"strings"
+ "sync"
"git.curoverse.com/arvados.git/sdk/go/arvadosclient"
"git.curoverse.com/arvados.git/sdk/go/auth"
"git.curoverse.com/arvados.git/sdk/go/keepclient"
)
-type handler struct{}
-
-var (
- clientPool = arvadosclient.MakeClientPool()
- trustAllContent = false
- attachmentOnlyHost = ""
-)
-
-func init() {
- flag.StringVar(&attachmentOnlyHost, "attachment-only-host", "",
- "Accept credentials, and add \"Content-Disposition: attachment\" response headers, for requests at this hostname:port. Prohibiting inline display makes it possible to serve untrusted and non-public content from a single origin, i.e., without wildcard DNS or SSL.")
- flag.BoolVar(&trustAllContent, "trust-all-content", false,
- "Serve non-public content from a single origin. Dangerous: read docs before using!")
+type handler struct {
+ Config *Config
+ clientPool *arvadosclient.ClientPool
+ setupOnce sync.Once
}
-// return a UUID or PDH if s begins with a UUID or URL-encoded PDH;
-// otherwise return "".
+// parseCollectionIDFromDNSName returns a UUID or PDH if s begins with
+// a UUID or URL-encoded PDH; otherwise "".
func parseCollectionIDFromDNSName(s string) string {
// Strip domain.
if i := strings.IndexRune(s, '.'); i >= 0 {
var urlPDHDecoder = strings.NewReplacer(" ", "+", "-", "+")
-// return a UUID or PDH if s is a UUID or a PDH (even if it is a PDH
-// with "+" replaced by " " or "-"); otherwise return "".
+// parseCollectionIDFromURL returns a UUID or PDH if s is a UUID or a
+// PDH (even if it is a PDH with "+" replaced by " " or "-");
+// otherwise "".
func parseCollectionIDFromURL(s string) string {
if arvadosclient.UUIDMatch(s) {
return s
return ""
}
+func (h *handler) setup() {
+ h.clientPool = arvadosclient.MakeClientPool()
+}
+
+// ServeHTTP implements http.Handler.
func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
+ h.setupOnce.Do(h.setup)
+
var statusCode = 0
var statusText string
w.Header().Set("Access-Control-Allow-Origin", "*")
}
- arv := clientPool.Get()
+ arv := h.clientPool.Get()
if arv == nil {
- statusCode, statusText = http.StatusInternalServerError, "Pool failed: "+clientPool.Err().Error()
+ statusCode, statusText = http.StatusInternalServerError, "Pool failed: "+h.clientPool.Err().Error()
return
}
- defer clientPool.Put(arv)
+ defer h.clientPool.Put(arv)
pathParts := strings.Split(r.URL.Path[1:], "/")
var reqTokens []string
var pathToken bool
var attachment bool
- credentialsOK := trustAllContent
+ credentialsOK := h.Config.TrustAllContent
- if r.Host != "" && r.Host == attachmentOnlyHost {
+ if r.Host != "" && r.Host == h.Config.AttachmentOnlyHost {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
} else {
// /collections/ID/PATH...
targetID = pathParts[1]
- tokens = anonymousTokens
+ tokens = h.Config.AnonymousTokens
targetPath = pathParts[2:]
}
} else {
// It is not safe to copy the provided token
// into a cookie unless the current vhost
// (origin) serves only a single collection or
- // we are in trustAllContent mode.
+ // we are in TrustAllContent mode.
statusCode = http.StatusBadRequest
return
}
if credentialsOK {
reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
}
- tokens = append(reqTokens, anonymousTokens...)
+ tokens = append(reqTokens, h.Config.AnonymousTokens...)
}
if len(targetPath) > 0 && targetPath[0] == "_" {
projects / arvados.git / blobdiff