X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/224f384d411bb1b4cccc7165c55bb64fd5c695ad..105c22f44dad79968b59f577a40737ffc8da00ec:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index 3c5bf94d2c..9826cf2f90 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -1,3 +1,9 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require 'safe_json' + module ApiTemplateOverride def allowed_to_render?(fieldset, field, model, options) return false if !super @@ -16,15 +22,18 @@ end require 'load_param' class ApplicationController < ActionController::Base - include CurrentApiClient include ThemesForRails::ActionController + include CurrentApiClient include LoadParam + include DbCurrentTime respond_to :json protect_from_forgery ERROR_ACTIONS = [:render_error, :render_not_found] + around_filter :set_current_request_id + before_filter :disable_api_methods before_filter :set_cors_headers before_filter :respond_with_json_by_default before_filter :remote_ip @@ -43,9 +52,9 @@ class ApplicationController < ActionController::Base before_filter(:render_404_if_no_object, except: [:index, :create] + ERROR_ACTIONS) - theme :select_theme + theme Rails.configuration.arvados_theme - attr_accessor :resource_attrs + attr_writer :resource_attrs begin rescue_from(Exception, @@ -58,6 +67,18 @@ class ApplicationController < ActionController::Base :with => :render_not_found) end + def initialize *args + super + @object = nil + @objects = nil + @offset = nil + @limit = nil + @select = nil + @distinct = nil + @response_resource_name = nil + @attrs = nil + end + def default_url_options if Rails.configuration.host {:host => Rails.configuration.host} @@ -67,7 +88,6 @@ class ApplicationController < ActionController::Base end def index - @objects.uniq!(&:id) if @select.nil? or @select.include? "id" if params[:eager] and params[:eager] != '0' and params[:eager] != 0 and params[:eager] != '' @objects.each(&:eager_load_associations) end @@ -81,41 +101,12 @@ class ApplicationController < ActionController::Base def create @object = model_class.new resource_attrs - if @object.respond_to? :name and params[:ensure_unique_name] - # Record the original name. See below. - name_stem = @object.name - counter = 1 + if @object.respond_to?(:name) && params[:ensure_unique_name] + @object.save_with_unique_name! + else + @object.save! end - begin - @object.save! - rescue ActiveRecord::RecordNotUnique => rn - raise unless params[:ensure_unique_name] - - # Dig into the error to determine if it is specifically calling out a - # (owner_uuid, name) uniqueness violation. In this specific case, and - # the client requested a unique name with ensure_unique_name==true, - # update the name field and try to save again. Loop as necessary to - # discover a unique name. It is necessary to handle name choosing at - # this level (as opposed to the client) to ensure that record creation - # never fails due to a race condition. - raise unless rn.original_exception.is_a? PG::UniqueViolation - - # Unfortunately ActiveRecord doesn't abstract out any of the - # necessary information to figure out if this the error is actually - # the specific case where we want to apply the ensure_unique_name - # behavior, so the following code is specialized to Postgres. - err = rn.original_exception - detail = err.result.error_field(PG::Result::PG_DIAG_MESSAGE_DETAIL) - raise unless /^Key \(owner_uuid, name\)=\([a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{15}, .*?\) already exists\./.match detail - - # OK, this exception really is just a unique name constraint - # violation, and we've been asked to ensure_unique_name. - counter += 1 - @object.uuid = nil - @object.name = "#{name_stem} (#{counter})" - redo - end while false show end @@ -184,23 +175,14 @@ class ApplicationController < ActionController::Base # The obvious render(json: ...) forces a slow JSON encoder. See # #3021 and commit logs. Might be fixed in Rails 4.1. render({ - text: Oj.dump(response, mode: :compat).html_safe, + text: SafeJSON.dump(response).html_safe, content_type: 'application/json' }.merge opts) end - def self.limit_index_columns_read - # This method returns a list of column names. - # If an index request reads that column from the database, - # find_objects_for_index will only fetch objects until it reads - # max_index_database_read bytes of data from those columns. - [] - end - def find_objects_for_index - @objects ||= model_class.readable_by(*@read_users) + @objects ||= model_class.readable_by(*@read_users, {:include_trash => (params[:include_trash] || 'untrash' == action_name)}) apply_where_limit_order_params - limit_database_read if (action_name == "index") end def apply_filters model_class=nil @@ -289,15 +271,21 @@ class ApplicationController < ActionController::Base @objects = @objects.uniq(@distinct) if not @distinct.nil? end - def limit_database_read - limit_columns = self.class.limit_index_columns_read + # limit_database_read ensures @objects (which must be an + # ActiveRelation) does not return too many results to fit in memory, + # by previewing the results and calling @objects.limit() if + # necessary. + def limit_database_read(model_class:) + return if @limit == 0 || @limit == 1 + model_class ||= self.model_class + limit_columns = model_class.limit_index_columns_read limit_columns &= model_class.columns_for_attributes(@select) if @select return if limit_columns.empty? model_class.transaction do limit_query = @objects. - except(:select). + except(:select, :distinct). select("(%s) as read_length" % - limit_columns.map { |s| "octet_length(#{s})" }.join(" + ")) + limit_columns.map { |s| "octet_length(#{model_class.table_name}.#{s})" }.join(" + ")) new_limit = 0 read_total = 0 limit_query.each do |record| @@ -305,12 +293,12 @@ class ApplicationController < ActionController::Base read_total += record.read_length.to_i if read_total >= Rails.configuration.max_index_database_read new_limit -= 1 if new_limit > 1 + @limit = new_limit break elsif new_limit >= @limit break end end - @limit = new_limit @objects = @objects.limit(@limit) # Force @objects to run its query inside this transaction. @objects.each { |_| break } @@ -385,6 +373,32 @@ class ApplicationController < ActionController::Base end end + def set_current_request_id + req_id = request.headers['X-Request-Id'] + if !req_id || req_id.length < 1 || req_id.length > 1024 + # Client-supplied ID is either missing or too long to be + # considered friendly. + req_id = "req-" + Random::DEFAULT.rand(2**128).to_s(36)[0..19] + end + response.headers['X-Request-Id'] = Thread.current[:request_id] = req_id + yield + Thread.current[:request_id] = nil + end + + def append_info_to_payload(payload) + super + payload[:request_id] = response.headers['X-Request-Id'] + payload[:client_ipaddr] = @remote_ip + payload[:client_auth] = current_api_client_authorization.andand.uuid || nil + end + + def disable_api_methods + if Rails.configuration.disable_api_methods. + include?(controller_name + "." + action_name) + send_error("Disabled", status: 404) + end + end + def set_cors_headers response.headers['Access-Control-Allow-Origin'] = '*' response.headers['Access-Control-Allow-Methods'] = 'GET, HEAD, PUT, POST, DELETE' @@ -412,7 +426,7 @@ class ApplicationController < ActionController::Base end def find_object_by_uuid - if params[:id] and params[:id].match /\D/ + if params[:id] and params[:id].match(/\D/) params[:uuid] = params.delete :id end @where = { uuid: params[:uuid] } @@ -435,7 +449,7 @@ class ApplicationController < ActionController::Base def load_json_value(hash, key, must_be_class=nil) if hash[key].is_a? String - hash[key] = Oj.strict_load(hash[key], symbol_keys: false) + hash[key] = SafeJSON.load(hash[key]) if must_be_class and !hash[key].is_a? must_be_class raise TypeError.new("parameter #{key.to_s} must be a #{must_be_class.to_s}") end @@ -465,7 +479,10 @@ class ApplicationController < ActionController::Base end accept_param_as_json :reader_tokens, Array - def object_list + def object_list(model_class:) + if @objects.respond_to?(:except) + limit_database_read(model_class: model_class) + end list = { :kind => "arvados##{(@response_resource_name || resource_name).camelize(:lower)}List", :etag => "", @@ -474,21 +491,27 @@ class ApplicationController < ActionController::Base :limit => @limit, :items => @objects.as_api_response(nil, {select: @select}) } - if @objects.respond_to? :except - list[:items_available] = @objects. - except(:limit).except(:offset). - count(:id, distinct: true) + case params[:count] + when nil, '', 'exact' + if @objects.respond_to? :except + list[:items_available] = @objects. + except(:limit).except(:offset). + count(:id, distinct: true) + end + when 'none' + else + raise ArgumentError.new("count parameter must be 'exact' or 'none'") end list end def render_list - send_json object_list + send_json object_list(model_class: self.model_class) end def remote_ip # Caveat: this is highly dependent on the proxy setup. YMMV. - if request.headers.has_key?('HTTP_X_REAL_IP') then + if request.headers.key?('HTTP_X_REAL_IP') then # We're behind a reverse proxy @remote_ip = request.headers['HTTP_X_REAL_IP'] else @@ -540,6 +563,7 @@ class ApplicationController < ActionController::Base distinct: { type: 'boolean', required: false }, limit: { type: 'integer', required: false, default: DEFAULT_LIMIT }, offset: { type: 'integer', required: false, default: 0 }, + count: { type: 'string', required: false, default: 'exact' }, } end @@ -559,10 +583,6 @@ class ApplicationController < ActionController::Base } end end - super *opts - end - - def select_theme - return Rails.configuration.arvados_theme + super(*opts) end end