projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '8784-dir-listings'
[arvados.git] / services / ws / router.go
diff --git a/services/ws/router.go b/services/ws/router.go
index 15b825f2abfa293f8ba2734f57508ba9306a03af..3f3a051d8eba54e8574416290ba71f8777f47b30 100644 (file)
--- a/services/ws/router.go
+++ b/services/ws/router.go
@@ -1,3 +1,7 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
 package main
 
 import (
@@ -53,8 +57,13 @@ func (rtr *router) setup() {
        rtr.mux = http.NewServeMux()
        rtr.mux.Handle("/websocket", rtr.makeServer(newSessionV0))
        rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(newSessionV1))
-       rtr.mux.HandleFunc("/debug.json", jsonHandler(rtr.DebugStatus))
-       rtr.mux.HandleFunc("/status.json", jsonHandler(rtr.Status))
+       rtr.mux.Handle("/debug.json", rtr.jsonHandler(rtr.DebugStatus))
+       rtr.mux.Handle("/status.json", rtr.jsonHandler(rtr.Status))
+
+       health := http.NewServeMux()
+       rtr.mux.Handle("/_health/", rtr.mgmtAuth(health))
+       health.Handle("/_health/ping", rtr.jsonHandler(rtr.HealthFunc(func() error { return nil })))
+       health.Handle("/_health/db", rtr.jsonHandler(rtr.HealthFunc(rtr.eventSource.DBHealth)))
 }
 
 func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server {
@@ -102,6 +111,21 @@ func (rtr *router) DebugStatus() interface{} {
        return s
 }
 
+var pingResponseOK = map[string]string{"health": "OK"}
+
+func (rtr *router) HealthFunc(f func() error) func() interface{} {
+       return func() interface{} {
+               err := f()
+               if err == nil {
+                       return pingResponseOK
+               }
+               return map[string]string{
+                       "health": "ERROR",
+                       "error":  err.Error(),
+               }
+       }
+}
+
 func (rtr *router) Status() interface{} {
        return map[string]interface{}{
                "Clients": atomic.LoadInt64(&rtr.status.ReqsActive),
@@ -125,16 +149,30 @@ func (rtr *router) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
        rtr.mux.ServeHTTP(resp, req)
 }
 
-func jsonHandler(fn func() interface{}) http.HandlerFunc {
-       return func(resp http.ResponseWriter, req *http.Request) {
-               logger := logger(req.Context())
-               resp.Header().Set("Content-Type", "application/json")
-               enc := json.NewEncoder(resp)
+func (rtr *router) mgmtAuth(h http.Handler) http.Handler {
+       return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               if rtr.Config.ManagementToken == "" {
+                       http.Error(w, "disabled", http.StatusNotFound)
+               } else if ah := r.Header.Get("Authorization"); ah == "" {
+                       http.Error(w, "authorization required", http.StatusUnauthorized)
+               } else if ah != "Bearer "+rtr.Config.ManagementToken {
+                       http.Error(w, "authorization error", http.StatusForbidden)
+               } else {
+                       h.ServeHTTP(w, r)
+               }
+       })
+}
+
+func (rtr *router) jsonHandler(fn func() interface{}) http.Handler {
+       return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+               logger := logger(r.Context())
+               w.Header().Set("Content-Type", "application/json")
+               enc := json.NewEncoder(w)
                err := enc.Encode(fn())
                if err != nil {
                        msg := "encode failed"
                        logger.WithError(err).Error(msg)
-                       http.Error(resp, msg, http.StatusInternalServerError)
+                       http.Error(w, msg, http.StatusInternalServerError)
                }
-       }
+       })
 }