X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/10dc1ca759592b7281265ac1378bda126c979208..76d28579bd98ef8edd2cba30c1ac019795b9ea1e:/services/keep-web/handler.go

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 912398fa64..f9e0c1a505 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -25,7 +25,7 @@ import (
 	"git.curoverse.com/arvados.git/sdk/go/health"
 	"git.curoverse.com/arvados.git/sdk/go/httpserver"
 	"git.curoverse.com/arvados.git/sdk/go/keepclient"
-	log "github.com/Sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/webdav"
 )
 
@@ -79,9 +79,10 @@ func (h *handler) setup() {
 	h.clientPool = arvadosclient.MakeClientPool()
 
 	keepclient.RefreshServiceDiscoveryOnSIGHUP()
+	keepclient.DefaultBlockCache.MaxBlocks = h.Config.cluster.Collections.WebDAVCache.MaxBlockEntries
 
 	h.healthHandler = &health.Handler{
-		Token:  h.Config.ManagementToken,
+		Token:  h.Config.cluster.ManagementToken,
 		Prefix: "/_health/",
 	}
 
@@ -141,22 +142,28 @@ var (
 		"Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout",
 	}, ", ")
 	writeMethod = map[string]bool{
-		"COPY":   true,
-		"DELETE": true,
-		"MKCOL":  true,
-		"MOVE":   true,
-		"PUT":    true,
-		"RMCOL":  true,
+		"COPY":      true,
+		"DELETE":    true,
+		"LOCK":      true,
+		"MKCOL":     true,
+		"MOVE":      true,
+		"PROPPATCH": true,
+		"PUT":       true,
+		"RMCOL":     true,
+		"UNLOCK":    true,
 	}
 	webdavMethod = map[string]bool{
-		"COPY":     true,
-		"DELETE":   true,
-		"MKCOL":    true,
-		"MOVE":     true,
-		"OPTIONS":  true,
-		"PROPFIND": true,
-		"PUT":      true,
-		"RMCOL":    true,
+		"COPY":      true,
+		"DELETE":    true,
+		"LOCK":      true,
+		"MKCOL":     true,
+		"MOVE":      true,
+		"OPTIONS":   true,
+		"PROPFIND":  true,
+		"PROPPATCH": true,
+		"PUT":       true,
+		"RMCOL":     true,
+		"UNLOCK":    true,
 	}
 	browserMethod = map[string]bool{
 		"GET":  true,
@@ -212,7 +219,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 			return
 		}
 		w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
-		w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL")
+		w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
 		w.Header().Set("Access-Control-Allow-Origin", "*")
 		w.Header().Set("Access-Control-Max-Age", "86400")
 		statusCode = http.StatusOK
@@ -243,9 +250,9 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	var pathToken bool
 	var attachment bool
 	var useSiteFS bool
-	credentialsOK := h.Config.TrustAllContent
+	credentialsOK := h.Config.cluster.Collections.TrustAllContent
 
-	if r.Host != "" && r.Host == h.Config.AttachmentOnlyHost {
+	if r.Host != "" && r.Host == h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host {
 		credentialsOK = true
 		attachment = true
 	} else if r.FormValue("disposition") == "attachment" {
@@ -277,8 +284,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		} else {
 			// /collections/ID/PATH...
 			collectionID = parseCollectionIDFromURL(pathParts[1])
-			tokens = h.Config.AnonymousTokens
 			stripParts = 2
+			// This path is only meant to work for public
+			// data. Tokens provided with the request are
+			// ignored.
+			credentialsOK = false
 		}
 	}
 
@@ -292,6 +302,10 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		forceReload = true
 	}
 
+	if credentialsOK {
+		reqTokens = auth.CredentialsFromRequest(r).Tokens
+	}
+
 	formToken := r.FormValue("api_token")
 	if formToken != "" && r.Header.Get("Origin") != "" && attachment && r.URL.Query().Get("api_token") == "" {
 		// The client provided an explicit token in the POST
@@ -307,7 +321,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 		//
 		// * The token isn't embedded in the URL, so we don't
 		//   need to worry about bookmarks and copy/paste.
-		tokens = append(tokens, formToken)
+		reqTokens = append(reqTokens, formToken)
 	} else if formToken != "" && browserMethod[r.Method] {
 		// The client provided an explicit token in the query
 		// string, or a form in POST body. We must put the
@@ -319,10 +333,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	}
 
 	if useSiteFS {
-		if tokens == nil {
-			tokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
-		}
-		h.serveSiteFS(w, r, tokens, credentialsOK, attachment)
+		h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment)
 		return
 	}
 
@@ -341,10 +352,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
 	}
 
 	if tokens == nil {
-		if credentialsOK {
-			reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens
-		}
-		tokens = append(reqTokens, h.Config.AnonymousTokens...)
+		tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken)
 	}
 
 	if len(targetPath) > 0 && targetPath[0] == "_" {