X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/43a9015c4e82f3da58f7824694ac2ef1d80fca6c..5cc1710b57f98905469225c68d975ad2e3e7e56d:/services/keep-web/handler.go diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go index 94b59ebd41..27981c487d 100644 --- a/services/keep-web/handler.go +++ b/services/keep-web/handler.go @@ -2,27 +2,29 @@ // // SPDX-License-Identifier: AGPL-3.0 -package main +package keepweb import ( "encoding/json" + "errors" + "fmt" "html" "html/template" "io" "net/http" "net/url" "os" - "path/filepath" "sort" "strconv" "strings" "sync" + "git.arvados.org/arvados.git/lib/cmd" + "git.arvados.org/arvados.git/lib/webdavfs" "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/arvadosclient" "git.arvados.org/arvados.git/sdk/go/auth" "git.arvados.org/arvados.git/sdk/go/ctxlog" - "git.arvados.org/arvados.git/sdk/go/health" "git.arvados.org/arvados.git/sdk/go/httpserver" "git.arvados.org/arvados.git/sdk/go/keepclient" "github.com/sirupsen/logrus" @@ -30,40 +32,15 @@ import ( ) type handler struct { - Config *Config - MetricsAPI http.Handler - clientPool *arvadosclient.ClientPool - setupOnce sync.Once - healthHandler http.Handler - webdavLS webdav.LockSystem -} - -// parseCollectionIDFromDNSName returns a UUID or PDH if s begins with -// a UUID or URL-encoded PDH; otherwise "". -func parseCollectionIDFromDNSName(s string) string { - // Strip domain. - if i := strings.IndexRune(s, '.'); i >= 0 { - s = s[:i] - } - // Names like {uuid}--collections.example.com serve the same - // purpose as {uuid}.collections.example.com but can reduce - // cost/effort of using [additional] wildcard certificates. - if i := strings.Index(s, "--"); i >= 0 { - s = s[:i] - } - if arvadosclient.UUIDMatch(s) { - return s - } - if pdh := strings.Replace(s, "-", "+", 1); arvadosclient.PDHMatch(pdh) { - return pdh - } - return "" + Cache cache + Cluster *arvados.Cluster + setupOnce sync.Once } var urlPDHDecoder = strings.NewReplacer(" ", "+", "-", "+") -var notFoundMessage = "404 Not found\r\n\r\nThe requested path was not found, or you do not have permission to access it.\r" -var unauthorizedMessage = "401 Unauthorized\r\n\r\nA valid Arvados token must be provided to access this resource.\r" +var notFoundMessage = "Not Found" +var unauthorizedMessage = "401 Unauthorized\n\nA valid Arvados token must be provided to access this resource." // parseCollectionIDFromURL returns a UUID or PDH if s is a UUID or a // PDH (even if it is a PDH with "+" replaced by " " or "-"); @@ -79,32 +56,23 @@ func parseCollectionIDFromURL(s string) string { } func (h *handler) setup() { - // Errors will be handled at the client pool. - arv, _ := arvados.NewClientFromConfig(h.Config.cluster) - h.clientPool = arvadosclient.MakeClientPoolWith(arv) - - keepclient.RefreshServiceDiscoveryOnSIGHUP() - keepclient.DefaultBlockCache.MaxBlocks = h.Config.cluster.Collections.WebDAVCache.MaxBlockEntries - - h.healthHandler = &health.Handler{ - Token: h.Config.cluster.ManagementToken, - Prefix: "/_health/", - } - - // Even though we don't accept LOCK requests, every webdav - // handler must have a non-nil LockSystem. - h.webdavLS = &noLockSystem{} + keepclient.DefaultBlockCache.MaxBlocks = h.Cluster.Collections.WebDAVCache.MaxBlockEntries } func (h *handler) serveStatus(w http.ResponseWriter, r *http.Request) { - json.NewEncoder(w).Encode(struct{ Version string }{version}) + json.NewEncoder(w).Encode(struct{ Version string }{cmd.Version.String()}) +} + +type errorWithHTTPStatus interface { + HTTPStatus() int } // updateOnSuccess wraps httpserver.ResponseWriter. If the handler // sends an HTTP header indicating success, updateOnSuccess first -// calls the provided update func. If the update func fails, a 500 -// response is sent, and the status code and body sent by the handler -// are ignored (all response writes return the update error). +// calls the provided update func. If the update func fails, an error +// response is sent (using the error's HTTP status or 500 if none), +// and the status code and body sent by the handler are ignored (all +// response writes return the update error). type updateOnSuccess struct { httpserver.ResponseWriter logger logrus.FieldLogger @@ -129,10 +97,10 @@ func (uos *updateOnSuccess) WriteHeader(code int) { if code >= 200 && code < 400 { if uos.err = uos.update(); uos.err != nil { code := http.StatusInternalServerError - if err, ok := uos.err.(*arvados.TransactionError); ok { - code = err.StatusCode + if he := errorWithHTTPStatus(nil); errors.As(uos.err, &he) { + code = he.HTTPStatus() } - uos.logger.WithError(uos.err).Errorf("update() returned error type %T, changing response to HTTP %d", uos.err, code) + uos.logger.WithError(uos.err).Errorf("update() returned %T error, changing response to HTTP %d", uos.err, code) http.Error(uos.ResponseWriter, uos.err.Error(), code) return } @@ -145,7 +113,7 @@ var ( corsAllowHeadersHeader = strings.Join([]string{ "Authorization", "Content-Type", "Range", // WebDAV request headers: - "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout", + "Depth", "Destination", "If", "Lock-Token", "Overwrite", "Timeout", "Cache-Control", }, ", ") writeMethod = map[string]bool{ "COPY": true, @@ -184,6 +152,26 @@ var ( } ) +func stripDefaultPort(host string) string { + // Will consider port 80 and port 443 to be the same vhost. I think that's fine. + u := &url.URL{Host: host} + if p := u.Port(); p == "80" || p == "443" { + return strings.ToLower(u.Hostname()) + } else { + return strings.ToLower(host) + } +} + +// CheckHealth implements service.Handler. +func (h *handler) CheckHealth() error { + return nil +} + +// Done implements service.Handler. +func (h *handler) Done() <-chan struct{} { + return nil +} + // ServeHTTP implements http.Handler. func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { h.setupOnce.Do(h.setup) @@ -194,11 +182,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { w := httpserver.WrapResponseWriter(wOrig) - if strings.HasPrefix(r.URL.Path, "/_health/") && r.Method == "GET" { - h.healthHandler.ServeHTTP(w, r) - return - } - if method := r.Header.Get("Access-Control-Request-Method"); method != "" && r.Method == "OPTIONS" { if !browserMethod[method] && !webdavMethod[method] { w.WriteHeader(http.StatusMethodNotAllowed) @@ -230,7 +213,26 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { return } - pathParts := strings.Split(r.URL.Path[1:], "/") + webdavPrefix := "" + arvPath := r.URL.Path + if prefix := r.Header.Get("X-Webdav-Prefix"); prefix != "" { + // Enable a proxy (e.g., container log handler in + // controller) to satisfy a request for path + // "/foo/bar/baz.txt" using content from + // "//abc123-4.internal/bar/baz.txt", by adding a + // request header "X-Webdav-Prefix: /foo" + if !strings.HasPrefix(arvPath, prefix) { + http.Error(w, "X-Webdav-Prefix header is not a prefix of the requested path", http.StatusBadRequest) + return + } + arvPath = r.URL.Path[len(prefix):] + if arvPath == "" { + arvPath = "/" + } + w.Header().Set("Vary", "X-Webdav-Prefix, "+w.Header().Get("Vary")) + webdavPrefix = prefix + } + pathParts := strings.Split(arvPath[1:], "/") var stripParts int var collectionID string @@ -239,24 +241,27 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { var pathToken bool var attachment bool var useSiteFS bool - credentialsOK := h.Config.cluster.Collections.TrustAllContent + credentialsOK := h.Cluster.Collections.TrustAllContent + reasonNotAcceptingCredentials := "" - if r.Host != "" && r.Host == h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host { + if r.Host != "" && stripDefaultPort(r.Host) == stripDefaultPort(h.Cluster.Services.WebDAVDownload.ExternalURL.Host) { credentialsOK = true attachment = true } else if r.FormValue("disposition") == "attachment" { attachment = true } - if collectionID = parseCollectionIDFromDNSName(r.Host); collectionID != "" { + if !credentialsOK { + reasonNotAcceptingCredentials = fmt.Sprintf("vhost %q does not specify a single collection ID or match Services.WebDAVDownload.ExternalURL %q, and Collections.TrustAllContent is false", + r.Host, h.Cluster.Services.WebDAVDownload.ExternalURL) + } + + if collectionID = arvados.CollectionIDFromDNSName(r.Host); collectionID != "" { // http://ID.collections.example/PATH... credentialsOK = true } else if r.URL.Path == "/status.json" { h.serveStatus(w, r) return - } else if strings.HasPrefix(r.URL.Path, "/metrics") { - h.MetricsAPI.ServeHTTP(w, r) - return } else if siteFSDir[pathParts[0]] { useSiteFS = true } else if len(pathParts) >= 1 && strings.HasPrefix(pathParts[0], "c=") { @@ -278,14 +283,10 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { // data. Tokens provided with the request are // ignored. credentialsOK = false + reasonNotAcceptingCredentials = "the '/collections/UUID/PATH' form only works for public data" } } - if collectionID == "" && !useSiteFS { - http.Error(w, notFoundMessage, http.StatusNotFound) - return - } - forceReload := false if cc := r.Header.Get("Cache-Control"); strings.Contains(cc, "no-cache") || strings.Contains(cc, "must-revalidate") { forceReload = true @@ -326,11 +327,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { return } - if useSiteFS { - h.serveSiteFS(w, r, reqTokens, credentialsOK, attachment) - return - } - targetPath := pathParts[stripParts:] if tokens == nil && len(targetPath) > 0 && strings.HasPrefix(targetPath[0], "t=") { // http://ID.example/t=TOKEN/PATH... @@ -345,8 +341,34 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { stripParts++ } + fsprefix := "" + if useSiteFS { + if writeMethod[r.Method] { + http.Error(w, webdavfs.ErrReadOnly.Error(), http.StatusMethodNotAllowed) + return + } + if len(reqTokens) == 0 { + w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"") + http.Error(w, unauthorizedMessage, http.StatusUnauthorized) + return + } + tokens = reqTokens + } else if collectionID == "" { + http.Error(w, notFoundMessage, http.StatusNotFound) + return + } else { + fsprefix = "by_id/" + collectionID + "/" + } + + if src := r.Header.Get("X-Webdav-Source"); strings.HasPrefix(src, "/") && !strings.Contains(src, "//") && !strings.Contains(src, "/../") { + fsprefix += src[1:] + } + if tokens == nil { - tokens = append(reqTokens, h.Config.cluster.Users.AnonymousUserToken) + tokens = reqTokens + if h.Cluster.Users.AnonymousUserToken != "" { + tokens = append(tokens, h.Cluster.Users.AnonymousUserToken) + } } if len(targetPath) > 0 && targetPath[0] == "_" { @@ -360,241 +382,241 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { stripParts++ } - arv := h.clientPool.Get() - if arv == nil { - http.Error(w, "client pool error: "+h.clientPool.Err().Error(), http.StatusInternalServerError) - return + dirOpenMode := os.O_RDONLY + if writeMethod[r.Method] { + dirOpenMode = os.O_RDWR + } + + var tokenValid bool + var tokenScopeProblem bool + var token string + var tokenUser *arvados.User + var sessionFS arvados.CustomFileSystem + var session *cachedSession + var collectionDir arvados.File + for _, token = range tokens { + var statusErr errorWithHTTPStatus + fs, sess, user, err := h.Cache.GetSession(token) + if errors.As(err, &statusErr) && statusErr.HTTPStatus() == http.StatusUnauthorized { + // bad token + continue + } else if err != nil { + http.Error(w, "cache error: "+err.Error(), http.StatusInternalServerError) + return + } + if token != h.Cluster.Users.AnonymousUserToken { + tokenValid = true + } + f, err := fs.OpenFile(fsprefix, dirOpenMode, 0) + if errors.As(err, &statusErr) && + statusErr.HTTPStatus() == http.StatusForbidden && + token != h.Cluster.Users.AnonymousUserToken { + // collection id is outside scope of supplied + // token + tokenScopeProblem = true + continue + } else if os.IsNotExist(err) { + // collection does not exist or is not + // readable using this token + continue + } else if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer f.Close() + + collectionDir, sessionFS, session, tokenUser = f, fs, sess, user + break } - defer h.clientPool.Put(arv) - - var collection *arvados.Collection - tokenResult := make(map[string]int) - for _, arv.ApiToken = range tokens { - var err error - collection, err = h.Config.Cache.Get(arv, collectionID, forceReload) - if err == nil { - // Success - break - } - if srvErr, ok := err.(arvadosclient.APIServerError); ok { - switch srvErr.HttpStatusCode { - case 404, 401: - // Token broken or insufficient to - // retrieve collection - tokenResult[arv.ApiToken] = srvErr.HttpStatusCode - continue + if forceReload && collectionDir != nil { + err := collectionDir.Sync() + if err != nil { + if he := errorWithHTTPStatus(nil); errors.As(err, &he) { + http.Error(w, err.Error(), he.HTTPStatus()) + } else { + http.Error(w, err.Error(), http.StatusInternalServerError) } + return } - // Something more serious is wrong - http.Error(w, "cache error: "+err.Error(), http.StatusInternalServerError) - return } - if collection == nil { - if pathToken || !credentialsOK { - // Either the URL is a "secret sharing link" - // that didn't work out (and asking the client - // for additional credentials would just be - // confusing), or we don't even accept - // credentials at this path. + if session == nil { + if pathToken { + // The URL is a "secret sharing link" that + // didn't work out. Asking the client for + // additional credentials would just be + // confusing. http.Error(w, notFoundMessage, http.StatusNotFound) return } - for _, t := range reqTokens { - if tokenResult[t] == 404 { - // The client provided valid token(s), but the - // collection was not found. - http.Error(w, notFoundMessage, http.StatusNotFound) - return - } + if tokenValid { + // The client provided valid token(s), but the + // collection was not found. + http.Error(w, notFoundMessage, http.StatusNotFound) + return + } + if tokenScopeProblem { + // The client provided a valid token but + // fetching a collection returned 401, which + // means the token scope doesn't permit + // fetching that collection. + http.Error(w, notFoundMessage, http.StatusForbidden) + return } // The client's token was invalid (e.g., expired), or - // the client didn't even provide one. Propagate the - // 401 to encourage the client to use a [different] - // token. + // the client didn't even provide one. Redirect to + // workbench2's login-and-redirect-to-download url if + // this is a browser navigation request. (The redirect + // flow can't preserve the original method if it's not + // GET, and doesn't make sense if the UA is a + // command-line tool, is trying to load an inline + // image, etc.; in these cases, there's nothing we can + // do, so return 401 unauthorized.) + // + // Note Sec-Fetch-Mode is sent by all non-EOL + // browsers, except Safari. + // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode // // TODO(TC): This response would be confusing to // someone trying (anonymously) to download public // data that has been deleted. Allow a referrer to // provide this context somehow? + if r.Method == http.MethodGet && r.Header.Get("Sec-Fetch-Mode") == "navigate" { + target := url.URL(h.Cluster.Services.Workbench2.ExternalURL) + redirkey := "redirectToPreview" + if attachment { + redirkey = "redirectToDownload" + } + callback := "/c=" + collectionID + "/" + strings.Join(targetPath, "/") + // target.RawQuery = url.Values{redirkey: + // {target}}.Encode() would be the obvious + // thing to do here, but wb2 doesn't decode + // this as a query param -- it takes + // everything after "${redirkey}=" as the + // target URL. If we encode "/" as "%2F" etc., + // the redirect won't work. + target.RawQuery = redirkey + "=" + callback + w.Header().Add("Location", target.String()) + w.WriteHeader(http.StatusSeeOther) + return + } + if !credentialsOK { + http.Error(w, fmt.Sprintf("Authorization tokens are not accepted here: %v, and no anonymous user token is configured.", reasonNotAcceptingCredentials), http.StatusUnauthorized) + return + } + // If none of the above cases apply, suggest the + // user-agent (which is either a non-browser agent + // like wget, or a browser that can't redirect through + // a login flow) prompt the user for credentials. w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"") http.Error(w, unauthorizedMessage, http.StatusUnauthorized) return } - kc, err := keepclient.MakeKeepClient(arv) - if err != nil { - http.Error(w, "error setting up keep client: "+err.Error(), http.StatusInternalServerError) - return + if r.Method == http.MethodGet || r.Method == http.MethodHead { + targetfnm := fsprefix + strings.Join(pathParts[stripParts:], "/") + if fi, err := sessionFS.Stat(targetfnm); err == nil && fi.IsDir() { + if !strings.HasSuffix(r.URL.Path, "/") { + h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK) + } else { + h.serveDirectory(w, r, fi.Name(), sessionFS, targetfnm, !useSiteFS) + } + return + } } - kc.RequestID = r.Header.Get("X-Request-Id") var basename string if len(targetPath) > 0 { basename = targetPath[len(targetPath)-1] } - applyContentDispositionHdr(w, r, basename, attachment) - - client := (&arvados.Client{ - APIHost: arv.ApiServer, - AuthToken: arv.ApiToken, - Insecure: arv.ApiInsecure, - }).WithRequestID(r.Header.Get("X-Request-Id")) - - fs, err := collection.FileSystem(client, kc) - if err != nil { - http.Error(w, "error creating collection filesystem: "+err.Error(), http.StatusInternalServerError) + if arvadosclient.PDHMatch(collectionID) && writeMethod[r.Method] { + http.Error(w, webdavfs.ErrReadOnly.Error(), http.StatusMethodNotAllowed) return } - - writefs, writeOK := fs.(arvados.CollectionFileSystem) - targetIsPDH := arvadosclient.PDHMatch(collectionID) - if (targetIsPDH || !writeOK) && writeMethod[r.Method] { - http.Error(w, errReadOnly.Error(), http.StatusMethodNotAllowed) + if !h.userPermittedToUploadOrDownload(r.Method, tokenUser) { + http.Error(w, "Not permitted", http.StatusForbidden) return } + h.logUploadOrDownload(r, session.arvadosclient, sessionFS, fsprefix+strings.Join(targetPath, "/"), nil, tokenUser) - if webdavMethod[r.Method] { - if writeMethod[r.Method] { - // Save the collection only if/when all - // webdav->filesystem operations succeed -- - // and send a 500 error if the modified - // collection can't be saved. - w = &updateOnSuccess{ - ResponseWriter: w, - logger: ctxlog.FromContext(r.Context()), - update: func() error { - return h.Config.Cache.Update(client, *collection, writefs) - }} - } - h := webdav.Handler{ - Prefix: "/" + strings.Join(pathParts[:stripParts], "/"), - FileSystem: &webdavFS{ - collfs: fs, - writing: writeMethod[r.Method], - alwaysReadEOF: r.Method == "PROPFIND", - }, - LockSystem: h.webdavLS, - Logger: func(_ *http.Request, err error) { - if err != nil { - ctxlog.FromContext(r.Context()).WithError(err).Error("error reported by webdav handler") - } - }, - } - h.ServeHTTP(w, r) - return - } - - openPath := "/" + strings.Join(targetPath, "/") - f, err := fs.Open(openPath) - if os.IsNotExist(err) { - // Requested non-existent path - http.Error(w, notFoundMessage, http.StatusNotFound) - return - } else if err != nil { - // Some other (unexpected) error - http.Error(w, "open: "+err.Error(), http.StatusInternalServerError) - return - } - defer f.Close() - if stat, err := f.Stat(); err != nil { - // Can't get Size/IsDir (shouldn't happen with a collectionFS!) - http.Error(w, "stat: "+err.Error(), http.StatusInternalServerError) - } else if stat.IsDir() && !strings.HasSuffix(r.URL.Path, "/") { - // If client requests ".../dirname", redirect to - // ".../dirname/". This way, relative links in the - // listing for "dirname" can always be "fnm", never - // "dirname/fnm". - h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK) - } else if stat.IsDir() { - h.serveDirectory(w, r, collection.Name, fs, openPath, true) - } else { - http.ServeContent(w, r, basename, stat.ModTime(), f) - if wrote := int64(w.WroteBodyBytes()); wrote != stat.Size() && w.WroteStatus() == http.StatusOK { - // If we wrote fewer bytes than expected, it's - // too late to change the real response code - // or send an error message to the client, but - // at least we can try to put some useful - // debugging info in the logs. - n, err := f.Read(make([]byte, 1024)) - ctxlog.FromContext(r.Context()).Errorf("stat.Size()==%d but only wrote %d bytes; read(1024) returns %d, %v", stat.Size(), wrote, n, err) - } - } -} - -func (h *handler) getClients(reqID, token string) (arv *arvadosclient.ArvadosClient, kc *keepclient.KeepClient, client *arvados.Client, release func(), err error) { - arv = h.clientPool.Get() - if arv == nil { - err = h.clientPool.Err() - return - } - release = func() { h.clientPool.Put(arv) } - arv.ApiToken = token - kc, err = keepclient.MakeKeepClient(arv) - if err != nil { - release() - return - } - kc.RequestID = reqID - client = (&arvados.Client{ - APIHost: arv.ApiServer, - AuthToken: arv.ApiToken, - Insecure: arv.ApiInsecure, - }).WithRequestID(reqID) - return -} - -func (h *handler) serveSiteFS(w http.ResponseWriter, r *http.Request, tokens []string, credentialsOK, attachment bool) { - if len(tokens) == 0 { - w.Header().Add("WWW-Authenticate", "Basic realm=\"collections\"") - http.Error(w, unauthorizedMessage, http.StatusUnauthorized) - return - } if writeMethod[r.Method] { - http.Error(w, errReadOnly.Error(), http.StatusMethodNotAllowed) - return - } - fs, err := h.Config.Cache.GetSession(tokens[0]) - if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - fs.ForwardSlashNameSubstitution(h.Config.cluster.Collections.ForwardSlashNameSubstitution) - f, err := fs.Open(r.URL.Path) - if os.IsNotExist(err) { - http.Error(w, err.Error(), http.StatusNotFound) - return - } else if err != nil { - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - defer f.Close() - if fi, err := f.Stat(); err == nil && fi.IsDir() && r.Method == "GET" { - if !strings.HasSuffix(r.URL.Path, "/") { - h.seeOtherWithCookie(w, r, r.URL.Path+"/", credentialsOK) - } else { - h.serveDirectory(w, r, fi.Name(), fs, r.URL.Path, false) + // Save the collection only if/when all + // webdav->filesystem operations succeed -- + // and send a 500 error if the modified + // collection can't be saved. + // + // Perform the write in a separate sitefs, so + // concurrent read operations on the same + // collection see the previous saved + // state. After the write succeeds and the + // collection record is updated, we reset the + // session so the updates are visible in + // subsequent read requests. + client := session.client.WithRequestID(r.Header.Get("X-Request-Id")) + sessionFS = client.SiteFileSystem(session.keepclient) + writingDir, err := sessionFS.OpenFile(fsprefix, os.O_RDONLY, 0) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return } - return + defer writingDir.Close() + w = &updateOnSuccess{ + ResponseWriter: w, + logger: ctxlog.FromContext(r.Context()), + update: func() error { + err := writingDir.Sync() + var te arvados.TransactionError + if errors.As(err, &te) { + err = te + } + if err != nil { + return err + } + // Sync the changes to the persistent + // sessionfs for this token. + snap, err := writingDir.Snapshot() + if err != nil { + return err + } + collectionDir.Splice(snap) + return nil + }} } - if r.Method == "GET" { - _, basename := filepath.Split(r.URL.Path) + if r.Method == http.MethodGet { applyContentDispositionHdr(w, r, basename, attachment) } + if webdavPrefix == "" { + webdavPrefix = "/" + strings.Join(pathParts[:stripParts], "/") + } wh := webdav.Handler{ - Prefix: "/", - FileSystem: &webdavFS{ - collfs: fs, - writing: writeMethod[r.Method], - alwaysReadEOF: r.Method == "PROPFIND", + Prefix: webdavPrefix, + FileSystem: &webdavfs.FS{ + FileSystem: sessionFS, + Prefix: fsprefix, + Writing: writeMethod[r.Method], + AlwaysReadEOF: r.Method == "PROPFIND", }, - LockSystem: h.webdavLS, - Logger: func(_ *http.Request, err error) { - if err != nil { + LockSystem: webdavfs.NoLockSystem, + Logger: func(r *http.Request, err error) { + if err != nil && !os.IsNotExist(err) { ctxlog.FromContext(r.Context()).WithError(err).Error("error reported by webdav handler") } }, } wh.ServeHTTP(w, r) + if r.Method == http.MethodGet && w.WroteStatus() == http.StatusOK { + wrote := int64(w.WroteBodyBytes()) + fnm := strings.Join(pathParts[stripParts:], "/") + fi, err := wh.FileSystem.Stat(r.Context(), fnm) + if err == nil && fi.Size() != wrote { + var n int + f, err := wh.FileSystem.OpenFile(r.Context(), fnm, os.O_RDONLY, 0) + if err == nil { + n, err = f.Read(make([]byte, 1024)) + f.Close() + } + ctxlog.FromContext(r.Context()).Errorf("stat.Size()==%d but only wrote %d bytes; read(1024) returns %d, %v", fi.Size(), wrote, n, err) + } + } } var dirListingTemplate = ` @@ -806,3 +828,124 @@ func (h *handler) seeOtherWithCookie(w http.ResponseWriter, r *http.Request, loc io.WriteString(w, html.EscapeString(redir)) io.WriteString(w, `">Continue`) } + +func (h *handler) userPermittedToUploadOrDownload(method string, tokenUser *arvados.User) bool { + var permitDownload bool + var permitUpload bool + if tokenUser != nil && tokenUser.IsAdmin { + permitUpload = h.Cluster.Collections.WebDAVPermission.Admin.Upload + permitDownload = h.Cluster.Collections.WebDAVPermission.Admin.Download + } else { + permitUpload = h.Cluster.Collections.WebDAVPermission.User.Upload + permitDownload = h.Cluster.Collections.WebDAVPermission.User.Download + } + if (method == "PUT" || method == "POST") && !permitUpload { + // Disallow operations that upload new files. + // Permit webdav operations that move existing files around. + return false + } else if method == "GET" && !permitDownload { + // Disallow downloading file contents. + // Permit webdav operations like PROPFIND that retrieve metadata + // but not file contents. + return false + } + return true +} + +func (h *handler) logUploadOrDownload( + r *http.Request, + client *arvadosclient.ArvadosClient, + fs arvados.CustomFileSystem, + filepath string, + collection *arvados.Collection, + user *arvados.User) { + + log := ctxlog.FromContext(r.Context()) + props := make(map[string]string) + props["reqPath"] = r.URL.Path + var useruuid string + if user != nil { + log = log.WithField("user_uuid", user.UUID). + WithField("user_full_name", user.FullName) + useruuid = user.UUID + } else { + useruuid = fmt.Sprintf("%s-tpzed-anonymouspublic", h.Cluster.ClusterID) + } + if collection == nil && fs != nil { + collection, filepath = h.determineCollection(fs, filepath) + } + if collection != nil { + log = log.WithField("collection_file_path", filepath) + props["collection_file_path"] = filepath + // h.determineCollection populates the collection_uuid + // prop with the PDH, if this collection is being + // accessed via PDH. For logging, we use a different + // field depending on whether it's a UUID or PDH. + if len(collection.UUID) > 32 { + log = log.WithField("portable_data_hash", collection.UUID) + props["portable_data_hash"] = collection.UUID + } else { + log = log.WithField("collection_uuid", collection.UUID) + props["collection_uuid"] = collection.UUID + } + } + if r.Method == "PUT" || r.Method == "POST" { + log.Info("File upload") + if h.Cluster.Collections.WebDAVLogEvents { + go func() { + lr := arvadosclient.Dict{"log": arvadosclient.Dict{ + "object_uuid": useruuid, + "event_type": "file_upload", + "properties": props}} + err := client.Create("logs", lr, nil) + if err != nil { + log.WithError(err).Error("Failed to create upload log event on API server") + } + }() + } + } else if r.Method == "GET" { + if collection != nil && collection.PortableDataHash != "" { + log = log.WithField("portable_data_hash", collection.PortableDataHash) + props["portable_data_hash"] = collection.PortableDataHash + } + log.Info("File download") + if h.Cluster.Collections.WebDAVLogEvents { + go func() { + lr := arvadosclient.Dict{"log": arvadosclient.Dict{ + "object_uuid": useruuid, + "event_type": "file_download", + "properties": props}} + err := client.Create("logs", lr, nil) + if err != nil { + log.WithError(err).Error("Failed to create download log event on API server") + } + }() + } + } +} + +func (h *handler) determineCollection(fs arvados.CustomFileSystem, path string) (*arvados.Collection, string) { + target := strings.TrimSuffix(path, "/") + for cut := len(target); cut >= 0; cut = strings.LastIndexByte(target, '/') { + target = target[:cut] + fi, err := fs.Stat(target) + if os.IsNotExist(err) { + // creating a new file/dir, or download + // destined to fail + continue + } else if err != nil { + return nil, "" + } + switch src := fi.Sys().(type) { + case *arvados.Collection: + return src, strings.TrimPrefix(path[len(target):], "/") + case *arvados.Group: + return nil, "" + default: + if _, ok := src.(error); ok { + return nil, "" + } + } + } + return nil, "" +}