X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/418c57bce3aac1a22548e53e1018a1547d9efee4..f29266f2fd9d2713f6b2666d13d4f706630b7215:/services/keep-web/handler.go diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go index 00af0f4eab..95948e3250 100644 --- a/services/keep-web/handler.go +++ b/services/keep-web/handler.go @@ -10,10 +10,10 @@ import ( "html" "html/template" "io" - "log" "net/http" "net/url" "os" + "path/filepath" "sort" "strconv" "strings" @@ -25,11 +25,13 @@ import ( "git.curoverse.com/arvados.git/sdk/go/health" "git.curoverse.com/arvados.git/sdk/go/httpserver" "git.curoverse.com/arvados.git/sdk/go/keepclient" + log "github.com/Sirupsen/logrus" "golang.org/x/net/webdav" ) type handler struct { Config *Config + MetricsAPI http.Handler clientPool *arvadosclient.ClientPool setupOnce sync.Once healthHandler http.Handler @@ -89,14 +91,7 @@ func (h *handler) setup() { } func (h *handler) serveStatus(w http.ResponseWriter, r *http.Request) { - status := struct { - cacheStats - Version string - }{ - cacheStats: h.Config.Cache.Stats(), - Version: version, - } - json.NewEncoder(w).Encode(status) + json.NewEncoder(w).Encode(struct{ Version string }{version}) } // updateOnSuccess wraps httpserver.ResponseWriter. If the handler @@ -112,12 +107,12 @@ type updateOnSuccess struct { } func (uos *updateOnSuccess) Write(p []byte) (int, error) { - if uos.err != nil { - return 0, uos.err - } if !uos.sentHeader { uos.WriteHeader(http.StatusOK) } + if uos.err != nil { + return 0, uos.err + } return uos.ResponseWriter.Write(p) } @@ -140,6 +135,11 @@ func (uos *updateOnSuccess) WriteHeader(code int) { } var ( + corsAllowHeadersHeader = strings.Join([]string{ + "Authorization", "Content-Type", "Range", + // WebDAV request headers: + "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout", + }, ", ") writeMethod = map[string]bool{ "COPY": true, "DELETE": true, @@ -163,6 +163,12 @@ var ( "HEAD": true, "POST": true, } + // top-level dirs to serve with siteFS + siteFSDir = map[string]bool{ + "": true, // root directory + "by_id": true, + "users": true, + } ) // ServeHTTP implements http.Handler. @@ -176,6 +182,9 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { if xff := r.Header.Get("X-Forwarded-For"); xff != "" { remoteAddr = xff + "," + remoteAddr } + if xfp := r.Header.Get("X-Forwarded-Proto"); xfp != "" && xfp != "http" { + r.URL.Scheme = xfp + } w := httpserver.WrapResponseWriter(wOrig) defer func() { @@ -184,13 +193,12 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } else if w.WroteStatus() == 0 { w.WriteHeader(statusCode) } else if w.WroteStatus() != statusCode { - httpserver.Log(r.RemoteAddr, "WARNING", + log.WithField("RequestID", r.Header.Get("X-Request-Id")).Warn( fmt.Sprintf("Our status changed from %d to %d after we sent headers", w.WroteStatus(), statusCode)) } if statusText == "" { statusText = http.StatusText(statusCode) } - httpserver.Log(remoteAddr, statusCode, statusText, w.WroteBodyBytes(), r.Method, r.Host, r.URL.Path, r.URL.RawQuery) }() if strings.HasPrefix(r.URL.Path, "/_health/") && r.Method == "GET" { @@ -203,7 +211,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { statusCode = http.StatusMethodNotAllowed return } - w.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Type, Range") + w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader) w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PUT, RMCOL") w.Header().Set("Access-Control-Allow-Origin", "*") w.Header().Set("Access-Control-Max-Age", "86400") @@ -250,7 +258,10 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } else if r.URL.Path == "/status.json" { h.serveStatus(w, r) return - } else if len(pathParts) >= 1 && pathParts[0] == "users" { + } else if strings.HasPrefix(r.URL.Path, "/metrics") { + h.MetricsAPI.ServeHTTP(w, r) + return + } else if siteFSDir[pathParts[0]] { useSiteFS = true } else if len(pathParts) >= 1 && strings.HasPrefix(pathParts[0], "c=") { // /c=ID[/PATH...] @@ -307,6 +318,14 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { return } + if useSiteFS { + if tokens == nil { + tokens = auth.CredentialsFromRequest(r).Tokens + } + h.serveSiteFS(w, r, tokens, credentialsOK, attachment) + return + } + targetPath := pathParts[stripParts:] if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") { // http://ID.example/t=TOKEN/PATH... @@ -323,16 +342,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { if tokens == nil { if credentialsOK { - reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens + reqTokens = auth.CredentialsFromRequest(r).Tokens } tokens = append(reqTokens, h.Config.AnonymousTokens...) } - if useSiteFS { - h.serveSiteFS(w, r, tokens) - return - } - if len(targetPath) > 0 && targetPath[0] == "_" { // If a collection has a directory called "t=foo" or // "_", it can be served at @@ -410,6 +424,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { statusCode, statusText = http.StatusInternalServerError, err.Error() return } + kc.RequestID = r.Header.Get("X-Request-Id") var basename string if len(targetPath) > 0 { @@ -417,11 +432,11 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } applyContentDispositionHdr(w, r, basename, attachment) - client := &arvados.Client{ + client := (&arvados.Client{ APIHost: arv.ApiServer, AuthToken: arv.ApiToken, Insecure: arv.ApiInsecure, - } + }).WithRequestID(r.Header.Get("X-Request-Id")) fs, err := collection.FileSystem(client, kc) if err != nil { @@ -499,7 +514,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } } -func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string) { +func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string, credentialsOK, attachment bool) { if len(tokens) == 0 { w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"") http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) @@ -522,24 +537,33 @@ func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []s http.Error(w, err.Error(), http.StatusInternalServerError) return } - client := &arvados.Client{ + kc.RequestID = r.Header.Get("X-Request-Id") + client := (&arvados.Client{ APIHost: arv.ApiServer, AuthToken: arv.ApiToken, Insecure: arv.ApiInsecure, - } + }).WithRequestID(r.Header.Get("X-Request-Id")) fs := client.SiteFileSystem(kc) - if f, err := fs.Open(r.URL.Path); os.IsNotExist(err) { + f, err := fs.Open(r.URL.Path) + if os.IsNotExist(err) { http.Error(w, err.Error(), http.StatusNotFound) return } else if err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return - } else if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" { - - h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false) + } + defer f.Close() + if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" { + if !strings.HasSuffix(r.URL.Path, "/") { + h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK) + } else { + h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false) + } return - } else { - f.Close() + } + if r.Method == "GET" { + _, basename := filepath.Split(r.URL.Path) + applyContentDispositionHdr(w, r, basename, attachment) } wh := webdav.Handler{ Prefix: "/", @@ -600,9 +624,9 @@ the entire directory tree with wget, try:

@@ -754,6 +778,7 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc u = newu } redir := (&url.URL{ + Scheme: r.URL.Scheme, Host: r.Host, Path: u.Path, RawQuery: redirQuery.Encode(),