X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/1a17734f7264bc74463e1e6fe115cdad6ec4c521..5d081c423f314060cefafc7149850ea1dcbe098a:/services/ws/router.go diff --git a/services/ws/router.go b/services/ws/router.go index e6cec0f5f1..3f3a051d8e 100644 --- a/services/ws/router.go +++ b/services/ws/router.go @@ -1,15 +1,20 @@ +// Copyright (C) The Arvados Authors. All rights reserved. +// +// SPDX-License-Identifier: AGPL-3.0 + package main import ( - "database/sql" + "encoding/json" "io" "net/http" "strconv" "sync" + "sync/atomic" "time" - "git.curoverse.com/arvados.git/sdk/go/arvados" - log "github.com/Sirupsen/logrus" + "git.curoverse.com/arvados.git/sdk/go/ctxlog" + "github.com/Sirupsen/logrus" "golang.org/x/net/websocket" ) @@ -21,49 +26,65 @@ type wsConn interface { } type router struct { - Config *Config + Config *wsConfig + eventSource eventSource + newPermChecker func() permChecker - eventSource eventSource - mux *http.ServeMux - setupOnce sync.Once + handler *handler + mux *http.ServeMux + setupOnce sync.Once lastReqID int64 lastReqMtx sync.Mutex + + status routerDebugStatus } -type sessionFactory func(wsConn, chan<- interface{}, arvados.Client, *sql.DB) (session, error) +type routerDebugStatus struct { + ReqsReceived int64 + ReqsActive int64 +} -func (rtr *router) setup() { - rtr.mux = http.NewServeMux() - rtr.mux.Handle("/websocket", rtr.makeServer(NewSessionV0)) - rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(NewSessionV1)) +type debugStatuser interface { + DebugStatus() interface{} } -func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server { - handler := &handler{ +func (rtr *router) setup() { + rtr.handler = &handler{ PingTimeout: rtr.Config.PingTimeout.Duration(), QueueSize: rtr.Config.ClientEventQueue, - NewSession: func(ws wsConn, sendq chan<- interface{}) (session, error) { - return newSession(ws, sendq, rtr.Config.Client, rtr.eventSource.DB()) - }, } + rtr.mux = http.NewServeMux() + rtr.mux.Handle("/websocket", rtr.makeServer(newSessionV0)) + rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(newSessionV1)) + rtr.mux.Handle("/debug.json", rtr.jsonHandler(rtr.DebugStatus)) + rtr.mux.Handle("/status.json", rtr.jsonHandler(rtr.Status)) + + health := http.NewServeMux() + rtr.mux.Handle("/_health/", rtr.mgmtAuth(health)) + health.Handle("/_health/ping", rtr.jsonHandler(rtr.HealthFunc(func() error { return nil }))) + health.Handle("/_health/db", rtr.jsonHandler(rtr.HealthFunc(rtr.eventSource.DBHealth))) +} + +func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server { return &websocket.Server{ Handshake: func(c *websocket.Config, r *http.Request) error { return nil }, Handler: websocket.Handler(func(ws *websocket.Conn) { t0 := time.Now() - sink := rtr.eventSource.NewSink() - logger(ws.Request().Context()).Info("connected") + log := logger(ws.Request().Context()) + log.Info("connected") - stats := handler.Handle(ws, sink.Channel()) + stats := rtr.handler.Handle(ws, rtr.eventSource, + func(ws wsConn, sendq chan<- interface{}) (session, error) { + return newSession(ws, sendq, rtr.eventSource.DB(), rtr.newPermChecker(), &rtr.Config.Client) + }) - logger(ws.Request().Context()).WithFields(log.Fields{ - "Elapsed": time.Now().Sub(t0).Seconds(), - "Stats": stats, + log.WithFields(logrus.Fields{ + "elapsed": time.Now().Sub(t0).Seconds(), + "stats": stats, }).Info("disconnect") - - sink.Stop() ws.Close() }), } @@ -79,15 +100,79 @@ func (rtr *router) newReqID() string { return strconv.FormatInt(id, 36) } +func (rtr *router) DebugStatus() interface{} { + s := map[string]interface{}{ + "HTTP": rtr.status, + "Outgoing": rtr.handler.DebugStatus(), + } + if es, ok := rtr.eventSource.(debugStatuser); ok { + s["EventSource"] = es.DebugStatus() + } + return s +} + +var pingResponseOK = map[string]string{"health": "OK"} + +func (rtr *router) HealthFunc(f func() error) func() interface{} { + return func() interface{} { + err := f() + if err == nil { + return pingResponseOK + } + return map[string]string{ + "health": "ERROR", + "error": err.Error(), + } + } +} + +func (rtr *router) Status() interface{} { + return map[string]interface{}{ + "Clients": atomic.LoadInt64(&rtr.status.ReqsActive), + } +} + func (rtr *router) ServeHTTP(resp http.ResponseWriter, req *http.Request) { rtr.setupOnce.Do(rtr.setup) + atomic.AddInt64(&rtr.status.ReqsReceived, 1) + atomic.AddInt64(&rtr.status.ReqsActive, 1) + defer atomic.AddInt64(&rtr.status.ReqsActive, -1) + logger := logger(req.Context()). WithField("RequestID", rtr.newReqID()) - ctx := contextWithLogger(req.Context(), logger) + ctx := ctxlog.Context(req.Context(), logger) req = req.WithContext(ctx) - logger.WithFields(log.Fields{ - "RemoteAddr": req.RemoteAddr, - "X-Forwarded-For": req.Header.Get("X-Forwarded-For"), + logger.WithFields(logrus.Fields{ + "remoteAddr": req.RemoteAddr, + "reqForwardedFor": req.Header.Get("X-Forwarded-For"), }).Info("accept request") rtr.mux.ServeHTTP(resp, req) } + +func (rtr *router) mgmtAuth(h http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if rtr.Config.ManagementToken == "" { + http.Error(w, "disabled", http.StatusNotFound) + } else if ah := r.Header.Get("Authorization"); ah == "" { + http.Error(w, "authorization required", http.StatusUnauthorized) + } else if ah != "Bearer "+rtr.Config.ManagementToken { + http.Error(w, "authorization error", http.StatusForbidden) + } else { + h.ServeHTTP(w, r) + } + }) +} + +func (rtr *router) jsonHandler(fn func() interface{}) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + logger := logger(r.Context()) + w.Header().Set("Content-Type", "application/json") + enc := json.NewEncoder(w) + err := enc.Encode(fn()) + if err != nil { + msg := "encode failed" + logger.WithError(err).Error(msg) + http.Error(w, msg, http.StatusInternalServerError) + } + }) +}