Merge branch '3787-docker-docs' closes #3787

[arvados.git] / services / keepstore / handlers.go

diff --git a/services/keepstore/handlers.go b/services/keepstore/handlers.go
index 035b50f48036b9ea060428f203caafef7e7901a5..27d1e908c56ab46d535fc97bc1f2b79bf349387a 100644 (file)
--- a/services/keepstore/handlers.go
+++ b/services/keepstore/handlers.go
@@ -118,8 +118,6 @@ func FindKeepVolumes() []string {
 func GetBlockHandler(resp http.ResponseWriter, req *http.Request) {
        hash := mux.Vars(req)["hash"]
 
-       log.Printf("%s %s", req.Method, hash)
-
        hints := mux.Vars(req)["hints"]
 
        // Parse the locator string and hints from the request.
@@ -138,6 +136,7 @@ func GetBlockHandler(resp http.ResponseWriter, req *http.Request) {
                                // presumed to be valid and ignored, to permit forward compatibility.
                        } else {
                                // Unknown format; not a valid locator.
+                               log.Printf("%s %s %d %s", req.Method, hash, BadRequestError.HTTPCode, "-")
                                http.Error(resp, BadRequestError.Error(), BadRequestError.HTTPCode)
                                return
                        }
@@ -148,14 +147,17 @@ func GetBlockHandler(resp http.ResponseWriter, req *http.Request) {
        // request's permission signature.
        if enforce_permissions {
                if signature == "" || timestamp == "" {
+                       log.Printf("%s %s %d %s", req.Method, hash, PermissionError.HTTPCode, "-")
                        http.Error(resp, PermissionError.Error(), PermissionError.HTTPCode)
                        return
                } else if IsExpired(timestamp) {
+                       log.Printf("%s %s %d %s", req.Method, hash, ExpiredError.HTTPCode, "-")
                        http.Error(resp, ExpiredError.Error(), ExpiredError.HTTPCode)
                        return
                } else {
                        req_locator := req.URL.Path[1:] // strip leading slash
                        if !VerifySignature(req_locator, GetApiToken(req)) {
+                               log.Printf("%s %s %d %s", req.Method, hash, PermissionError.HTTPCode, "-")
                                http.Error(resp, PermissionError.Error(), PermissionError.HTTPCode)
                                return
                        }
@@ -176,6 +178,7 @@ func GetBlockHandler(resp http.ResponseWriter, req *http.Request) {
                if err == NotFoundError {
                        log.Printf("%s: not found, giving up\n", hash)
                }
+               log.Printf("%s %s %d %s", req.Method, hash, err.(*KeepError).HTTPCode, "-")
                http.Error(resp, err.Error(), err.(*KeepError).HTTPCode)
                return
        }
@@ -184,7 +187,9 @@ func GetBlockHandler(resp http.ResponseWriter, req *http.Request) {
 
        _, err = resp.Write(block)
        if err != nil {
-               log.Printf("GetBlockHandler: writing response: %s", err)
+               log.Printf("%s %s %d %s", req.Method, hash, err.(*KeepError).HTTPCode, len(block), "-")
+       } else {
+               log.Printf("%s %s %d %d", req.Method, hash, 200, len(block))
        }
 
        return
@@ -197,12 +202,11 @@ func PutBlockHandler(resp http.ResponseWriter, req *http.Request) {
 
        hash := mux.Vars(req)["hash"]
 
-       log.Printf("%s %s", req.Method, hash)
-
        // Read the block data to be stored.
        // If the request exceeds BLOCKSIZE bytes, issue a HTTP 500 error.
        //
        if req.ContentLength > BLOCKSIZE {
+               log.Printf("%s %s %d %d", req.Method, hash, TooLongError.HTTPCode, req.ContentLength)
                http.Error(resp, TooLongError.Error(), TooLongError.HTTPCode)
                return
        }
@@ -210,8 +214,10 @@ func PutBlockHandler(resp http.ResponseWriter, req *http.Request) {
        buf := make([]byte, req.ContentLength)
        nread, err := io.ReadFull(req.Body, buf)
        if err != nil {
+               log.Printf("%s %s %d %d", req.Method, hash, 500, req.ContentLength)
                http.Error(resp, err.Error(), 500)
        } else if int64(nread) < req.ContentLength {
+               log.Printf("%s %s %d %d", req.Method, hash, 500, req.ContentLength)
                http.Error(resp, "request truncated", 500)
        } else {
                if err := PutBlock(buf, hash); err == nil {
@@ -223,9 +229,11 @@ func PutBlockHandler(resp http.ResponseWriter, req *http.Request) {
                                expiry := time.Now().Add(permission_ttl)
                                return_hash = SignLocator(return_hash, api_token, expiry)
                        }
+                       log.Printf("%s %s %d %d", req.Method, hash, 200, req.ContentLength)
                        resp.Write([]byte(return_hash + "\n"))
                } else {
                        ke := err.(*KeepError)
+                       log.Printf("%s %s %d %d", req.Method, hash, ke.HTTPCode, req.ContentLength)
                        http.Error(resp, ke.Error(), ke.HTTPCode)
                }
        }
@@ -236,18 +244,15 @@ func PutBlockHandler(resp http.ResponseWriter, req *http.Request) {
 //     A HandleFunc to address /index and /index/{prefix} requests.
 //
 func IndexHandler(resp http.ResponseWriter, req *http.Request) {
-       prefix := mux.Vars(req)["prefix"]
-
-       // Only the data manager may issue /index requests,
-       // and only if enforce_permissions is enabled.
-       // All other requests return 403 Forbidden.
-       api_token := GetApiToken(req)
-       if !enforce_permissions ||
-               api_token == "" ||
-               data_manager_token != api_token {
-               http.Error(resp, PermissionError.Error(), PermissionError.HTTPCode)
+       // Reject unauthorized requests.
+       if !IsDataManagerToken(GetApiToken(req)) {
+               http.Error(resp, UnauthorizedError.Error(), UnauthorizedError.HTTPCode)
+               log.Printf("%s %s: %s\n", req.Method, req.URL, UnauthorizedError.Error())
                return
        }
+
+       prefix := mux.Vars(req)["prefix"]
+
        var index string
        for _, vol := range KeepVM.Volumes() {
                index = index + vol.Index(prefix)