X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/8c014223e42683d308798475c021bad7a794e998..0eb72b526bf8bbb011551ecf019f604e17a534f1:/services/ws/router.go

diff --git a/services/ws/router.go b/services/ws/router.go
index 073a398a29..3f3a051d8e 100644
--- a/services/ws/router.go
+++ b/services/ws/router.go
@@ -1,7 +1,10 @@
+// Copyright (C) The Arvados Authors. All rights reserved.
+//
+// SPDX-License-Identifier: AGPL-3.0
+
 package main
 
 import (
-	"database/sql"
 	"encoding/json"
 	"io"
 	"net/http"
@@ -10,6 +13,7 @@ import (
 	"sync/atomic"
 	"time"
 
+	"git.curoverse.com/arvados.git/sdk/go/ctxlog"
 	"github.com/Sirupsen/logrus"
 	"golang.org/x/net/websocket"
 )
@@ -22,7 +26,7 @@ type wsConn interface {
 }
 
 type router struct {
-	Config         *Config
+	Config         *wsConfig
 	eventSource    eventSource
 	newPermChecker func() permChecker
 
@@ -33,29 +37,33 @@ type router struct {
 	lastReqID  int64
 	lastReqMtx sync.Mutex
 
-	status routerStatus
+	status routerDebugStatus
 }
 
-type routerStatus struct {
+type routerDebugStatus struct {
 	ReqsReceived int64
 	ReqsActive   int64
 }
 
-type Statuser interface {
-	Status() interface{}
+type debugStatuser interface {
+	DebugStatus() interface{}
 }
 
-type sessionFactory func(wsConn, chan<- interface{}, *sql.DB, permChecker) (session, error)
-
 func (rtr *router) setup() {
 	rtr.handler = &handler{
 		PingTimeout: rtr.Config.PingTimeout.Duration(),
 		QueueSize:   rtr.Config.ClientEventQueue,
 	}
 	rtr.mux = http.NewServeMux()
-	rtr.mux.Handle("/websocket", rtr.makeServer(NewSessionV0))
-	rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(NewSessionV1))
-	rtr.mux.HandleFunc("/status.json", rtr.serveStatus)
+	rtr.mux.Handle("/websocket", rtr.makeServer(newSessionV0))
+	rtr.mux.Handle("/arvados/v1/events.ws", rtr.makeServer(newSessionV1))
+	rtr.mux.Handle("/debug.json", rtr.jsonHandler(rtr.DebugStatus))
+	rtr.mux.Handle("/status.json", rtr.jsonHandler(rtr.Status))
+
+	health := http.NewServeMux()
+	rtr.mux.Handle("/_health/", rtr.mgmtAuth(health))
+	health.Handle("/_health/ping", rtr.jsonHandler(rtr.HealthFunc(func() error { return nil })))
+	health.Handle("/_health/db", rtr.jsonHandler(rtr.HealthFunc(rtr.eventSource.DBHealth)))
 }
 
 func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server {
@@ -70,12 +78,12 @@ func (rtr *router) makeServer(newSession sessionFactory) *websocket.Server {
 
 			stats := rtr.handler.Handle(ws, rtr.eventSource,
 				func(ws wsConn, sendq chan<- interface{}) (session, error) {
-					return newSession(ws, sendq, rtr.eventSource.DB(), rtr.newPermChecker())
+					return newSession(ws, sendq, rtr.eventSource.DB(), rtr.newPermChecker(), &rtr.Config.Client)
 				})
 
 			log.WithFields(logrus.Fields{
-				"Elapsed": time.Now().Sub(t0).Seconds(),
-				"Stats":   stats,
+				"elapsed": time.Now().Sub(t0).Seconds(),
+				"stats":   stats,
 			}).Info("disconnect")
 			ws.Close()
 		}),
@@ -92,25 +100,35 @@ func (rtr *router) newReqID() string {
 	return strconv.FormatInt(id, 36)
 }
 
-func (rtr *router) Status() interface{} {
+func (rtr *router) DebugStatus() interface{} {
 	s := map[string]interface{}{
 		"HTTP":     rtr.status,
-		"Outgoing": rtr.handler.Status(),
+		"Outgoing": rtr.handler.DebugStatus(),
 	}
-	if es, ok := rtr.eventSource.(Statuser); ok {
-		s["EventSource"] = es.Status()
+	if es, ok := rtr.eventSource.(debugStatuser); ok {
+		s["EventSource"] = es.DebugStatus()
 	}
 	return s
 }
 
-func (rtr *router) serveStatus(resp http.ResponseWriter, req *http.Request) {
-	rtr.setupOnce.Do(rtr.setup)
-	logger := logger(req.Context())
-	logger.Debug("status")
-	enc := json.NewEncoder(resp)
-	err := enc.Encode(rtr.Status())
-	if err != nil {
-		logger.WithError(err).Error("status encode failed")
+var pingResponseOK = map[string]string{"health": "OK"}
+
+func (rtr *router) HealthFunc(f func() error) func() interface{} {
+	return func() interface{} {
+		err := f()
+		if err == nil {
+			return pingResponseOK
+		}
+		return map[string]string{
+			"health": "ERROR",
+			"error":  err.Error(),
+		}
+	}
+}
+
+func (rtr *router) Status() interface{} {
+	return map[string]interface{}{
+		"Clients": atomic.LoadInt64(&rtr.status.ReqsActive),
 	}
 }
 
@@ -122,11 +140,39 @@ func (rtr *router) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
 
 	logger := logger(req.Context()).
 		WithField("RequestID", rtr.newReqID())
-	ctx := contextWithLogger(req.Context(), logger)
+	ctx := ctxlog.Context(req.Context(), logger)
 	req = req.WithContext(ctx)
 	logger.WithFields(logrus.Fields{
-		"RemoteAddr":      req.RemoteAddr,
-		"X-Forwarded-For": req.Header.Get("X-Forwarded-For"),
+		"remoteAddr":      req.RemoteAddr,
+		"reqForwardedFor": req.Header.Get("X-Forwarded-For"),
 	}).Info("accept request")
 	rtr.mux.ServeHTTP(resp, req)
 }
+
+func (rtr *router) mgmtAuth(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if rtr.Config.ManagementToken == "" {
+			http.Error(w, "disabled", http.StatusNotFound)
+		} else if ah := r.Header.Get("Authorization"); ah == "" {
+			http.Error(w, "authorization required", http.StatusUnauthorized)
+		} else if ah != "Bearer "+rtr.Config.ManagementToken {
+			http.Error(w, "authorization error", http.StatusForbidden)
+		} else {
+			h.ServeHTTP(w, r)
+		}
+	})
+}
+
+func (rtr *router) jsonHandler(fn func() interface{}) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		logger := logger(r.Context())
+		w.Header().Set("Content-Type", "application/json")
+		enc := json.NewEncoder(w)
+		err := enc.Encode(fn())
+		if err != nil {
+			msg := "encode failed"
+			logger.WithError(err).Error(msg)
+			http.Error(w, msg, http.StatusInternalServerError)
+		}
+	})
+}