"html"
"html/template"
"io"
- "log"
"net/http"
"net/url"
"os"
+ "path/filepath"
"sort"
"strconv"
"strings"
"git.curoverse.com/arvados.git/sdk/go/health"
"git.curoverse.com/arvados.git/sdk/go/httpserver"
"git.curoverse.com/arvados.git/sdk/go/keepclient"
+ log "github.com/sirupsen/logrus"
"golang.org/x/net/webdav"
)
type handler struct {
Config *Config
+ MetricsAPI http.Handler
clientPool *arvadosclient.ClientPool
setupOnce sync.Once
healthHandler http.Handler
keepclient.RefreshServiceDiscoveryOnSIGHUP()
h.healthHandler = &health.Handler{
- Token: h.Config.ManagementToken,
+ Token: h.Config.cluster.ManagementToken,
Prefix: "/_health/",
}
}
func (h *handler) serveStatus(w http.ResponseWriter, r *http.Request) {
- status := struct {
- cacheStats
- Version string
- }{
- cacheStats: h.Config.Cache.Stats(),
- Version: version,
- }
- json.NewEncoder(w).Encode(status)
+ json.NewEncoder(w).Encode(struct{ Version string }{version})
}
// updateOnSuccess wraps httpserver.ResponseWriter. If the handler
}
func (uos *updateOnSuccess) Write(p []byte) (int, error) {
- if uos.err != nil {
- return 0, uos.err
- }
if !uos.sentHeader {
uos.WriteHeader(http.StatusOK)
}
+ if uos.err != nil {
+ return 0, uos.err
+ }
return uos.ResponseWriter.Write(p)
}
}
var (
+ corsAllowHeadersHeader = strings.Join([]string{
+ "Authorization", "Content-Type", "Range",
+ // WebDAV request headers:
+ "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
+ }, ", ")
writeMethod = map[string]bool{
- "COPY": true,
- "DELETE": true,
- "MKCOL": true,
- "MOVE": true,
- "PUT": true,
- "RMCOL": true,
+ "COPY": true,
+ "DELETE": true,
+ "LOCK": true,
+ "MKCOL": true,
+ "MOVE": true,
+ "PROPPATCH": true,
+ "PUT": true,
+ "RMCOL": true,
+ "UNLOCK": true,
}
webdavMethod = map[string]bool{
- "COPY": true,
- "DELETE": true,
- "MKCOL": true,
- "MOVE": true,
- "OPTIONS": true,
- "PROPFIND": true,
- "PUT": true,
- "RMCOL": true,
+ "COPY": true,
+ "DELETE": true,
+ "LOCK": true,
+ "MKCOL": true,
+ "MOVE": true,
+ "OPTIONS": true,
+ "PROPFIND": true,
+ "PROPPATCH": true,
+ "PUT": true,
+ "RMCOL": true,
+ "UNLOCK": true,
}
browserMethod = map[string]bool{
"GET": true,
"HEAD": true,
"POST": true,
}
+ // top-level dirs to serve with siteFS
+ siteFSDir = map[string]bool{
+ "": true, // root directory
+ "by_id": true,
+ "users": true,
+ }
)
// ServeHTTP implements http.Handler.
if xff := r.Header.Get("X-Forwarded-For"); xff != "" {
remoteAddr = xff + "," + remoteAddr
}
+ if xfp := r.Header.Get("X-Forwarded-Proto"); xfp != "" && xfp != "http" {
+ r.URL.Scheme = xfp
+ }
w := httpserver.WrapResponseWriter(wOrig)
defer func() {
} else if w.WroteStatus() == 0 {
w.WriteHeader(statusCode)
} else if w.WroteStatus() != statusCode {
- httpserver.Log(r.RemoteAddr, "WARNING",
+ log.WithField("RequestID", r.Header.Get("X-Request-Id")).Warn(
fmt.Sprintf("Our status changed from %d to %d after we sent headers", w.WroteStatus(), statusCode))
}
if statusText == "" {
statusText = http.StatusText(statusCode)
}
- httpserver.Log(remoteAddr, statusCode, statusText, w.WroteBodyBytes(), r.Method, r.Host, r.URL.Path, r.URL.RawQuery)
}()
if strings.HasPrefix(r.URL.Path, "/_health/") && r.Method == "GET" {
statusCode = http.StatusMethodNotAllowed
return
}
- w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range")
- w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
+ w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
+ w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Max-Age", "86400")
statusCode = http.StatusOK
var pathToken bool
var attachment bool
var useSiteFS bool
- credentialsOK := h.Config.TrustAllContent
+ credentialsOK := h.Config.cluster.Collections.TrustAllContent
- if r.Host != "" && r.Host == h.Config.AttachmentOnlyHost {
+ if r.Host != "" && r.Host == h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
} else if r.URL.Path == "/status.json" {
h.serveStatus(w, r)
return
- } else if len(pathParts) >= 1 && pathParts[0] == "users" {
+ } else if strings.HasPrefix(r.URL.Path, "/metrics") {
+ h.MetricsAPI.ServeHTTP(w, r)
+ return
+ } else if siteFSDir[pathParts[0]] {
useSiteFS = true
} else if len(pathParts) >= 1 && strings.HasPrefix(pathParts[0], "c=") {
// /c=ID[/PATH...]
} else {
// /collections/ID/PATH...
collectionID = parseCollectionIDFromURL(pathParts[1])
- tokens = h.Config.AnonymousTokens
stripParts = 2
+ // This path is only meant to work for public
+ // data. Tokens provided with the request are
+ // ignored.
+ credentialsOK = false
}
}
forceReload = true
}
+ if credentialsOK {
+ reqTokens = auth.CredentialsFromRequest(r).Tokens
+ }
+
formToken := r.FormValue("api_token")
if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
// The client provided an explicit token in the POST
//
// * The token isn't embedded in the URL, so we don't
// need to worry about bookmarks and copy/paste.
- tokens = append(tokens, formToken)
+ reqTokens = append(reqTokens, formToken)
} else if formToken != "" && browserMethod[r.Method] {
// The client provided an explicit token in the query
// string, or a form in POST body. We must put the
return
}
+ if useSiteFS {
+ h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment)
+ return
+ }
+
targetPath := pathParts[stripParts:]
if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") {
// http://ID.example/t=TOKEN/PATH...
}
if tokens == nil {
- if credentialsOK {
- reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
- }
- tokens = append(reqTokens, h.Config.AnonymousTokens...)
- }
-
- if useSiteFS {
- h.serveSiteFS(w, r, tokens)
- return
+ tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken)
}
if len(targetPath) > 0 && targetPath[0] == "_" {
statusCode, statusText = http.StatusInternalServerError, err.Error()
return
}
+ kc.RequestID = r.Header.Get("X-Request-Id")
var basename string
if len(targetPath) > 0 {
}
applyContentDispositionHdr(w, r, basename, attachment)
- client := &arvados.Client{
+ client := (&arvados.Client{
APIHost: arv.ApiServer,
AuthToken: arv.ApiToken,
Insecure: arv.ApiInsecure,
- }
+ }).WithRequestID(r.Header.Get("X-Request-Id"))
fs, err := collection.FileSystem(client, kc)
if err != nil {
}
}
-func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string) {
+func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string, credentialsOK, attachment bool) {
if len(tokens) == 0 {
w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"")
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
- client := &arvados.Client{
+ kc.RequestID = r.Header.Get("X-Request-Id")
+ client := (&arvados.Client{
APIHost: arv.ApiServer,
AuthToken: arv.ApiToken,
Insecure: arv.ApiInsecure,
- }
+ }).WithRequestID(r.Header.Get("X-Request-Id"))
fs := client.SiteFileSystem(kc)
- if f, err := fs.Open(r.URL.Path); os.IsNotExist(err) {
+ f, err := fs.Open(r.URL.Path)
+ if os.IsNotExist(err) {
http.Error(w, err.Error(), http.StatusNotFound)
return
} else if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
- } else if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" {
-
- h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false)
+ }
+ defer f.Close()
+ if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" {
+ if !strings.HasSuffix(r.URL.Path, "/") {
+ h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK)
+ } else {
+ h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false)
+ }
return
- } else {
- f.Close()
+ }
+ if r.Method == "GET" {
+ _, basename := filepath.Split(r.URL.Path)
+ applyContentDispositionHdr(w, r, basename, attachment)
}
wh := webdav.Handler{
Prefix: "/",
<UL>
{{range .Files}}
{{if .IsDir }}
- <LI>{{" " | printf "%15s " | nbsp}}<A href="{{.Name}}/">{{.Name}}/</A></LI>
+ <LI>{{" " | printf "%15s " | nbsp}}<A href="{{print "./" .Name}}/">{{.Name}}/</A></LI>
{{else}}
- <LI>{{.Size | printf "%15d " | nbsp}}<A href="{{.Name}}">{{.Name}}</A></LI>
+ <LI>{{.Size | printf "%15d " | nbsp}}<A href="{{print "./" .Name}}">{{.Name}}</A></LI>
{{end}}
{{end}}
</UL>
u = newu
}
redir := (&url.URL{
+ Scheme: r.URL.Scheme,
Host: r.Host,
Path: u.Path,
RawQuery: redirQuery.Encode(),
projects / arvados.git / blobdiff