X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/9b90fe97f8e92794856e3d730811953e1c13ea25..29cb16bdd726b09f8cded0d245ed6a72c62eaf8b:/services/keep-web/handler.go diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go index 6f5f66ae0e..42c37b8eeb 100644 --- a/services/keep-web/handler.go +++ b/services/keep-web/handler.go @@ -1,17 +1,18 @@ package main import ( - "flag" + "encoding/json" "fmt" "html" "io" - "mime" "net/http" "net/url" "os" - "regexp" + "path" "strconv" "strings" + "sync" + "time" "git.curoverse.com/arvados.git/sdk/go/arvadosclient" "git.curoverse.com/arvados.git/sdk/go/auth" @@ -19,23 +20,14 @@ import ( "git.curoverse.com/arvados.git/sdk/go/keepclient" ) -type handler struct{} - -var ( - clientPool = arvadosclient.MakeClientPool() - trustAllContent = false - attachmentOnlyHost = "" -) - -func init() { - flag.StringVar(&attachmentOnlyHost, "attachment-only-host", "", - "Accept credentials, and add \"Content-Disposition: attachment\" response headers, for requests at this hostname:port. Prohibiting inline display makes it possible to serve untrusted and non-public content from a single origin, i.e., without wildcard DNS or SSL.") - flag.BoolVar(&trustAllContent, "trust-all-content", false, - "Serve non-public content from a single origin. Dangerous: read docs before using!") +type handler struct { + Config *Config + clientPool *arvadosclient.ClientPool + setupOnce sync.Once } -// return a UUID or PDH if s begins with a UUID or URL-encoded PDH; -// otherwise return "". +// parseCollectionIDFromDNSName returns a UUID or PDH if s begins with +// a UUID or URL-encoded PDH; otherwise "". func parseCollectionIDFromDNSName(s string) string { // Strip domain. if i := strings.IndexRune(s, '.'); i >= 0 { @@ -58,8 +50,9 @@ func parseCollectionIDFromDNSName(s string) string { var urlPDHDecoder = strings.NewReplacer(" ", "+", "-", "+") -// return a UUID or PDH if s is a UUID or a PDH (even if it is a PDH -// with "+" replaced by " " or "-"); otherwise return "". +// parseCollectionIDFromURL returns a UUID or PDH if s is a UUID or a +// PDH (even if it is a PDH with "+" replaced by " " or "-"); +// otherwise "". func parseCollectionIDFromURL(s string) string { if arvadosclient.UUIDMatch(s) { return s @@ -70,7 +63,24 @@ func parseCollectionIDFromURL(s string) string { return "" } +func (h *handler) setup() { + h.clientPool = arvadosclient.MakeClientPool() + keepclient.RefreshServiceDiscoveryOnSIGHUP() +} + +func (h *handler) serveStatus(w http.ResponseWriter, r *http.Request) { + status := struct { + cacheStats + }{ + cacheStats: h.Config.Cache.Stats(), + } + json.NewEncoder(w).Encode(status) +} + +// ServeHTTP implements http.Handler. func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { + h.setupOnce.Do(h.setup) + var statusCode = 0 var statusText string @@ -95,6 +105,20 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { httpserver.Log(remoteAddr, statusCode, statusText, w.WroteBodyBytes(), r.Method, r.Host, r.URL.Path, r.URL.RawQuery) }() + if r.Method == "OPTIONS" { + method := r.Header.Get("Access-Control-Request-Method") + if method != "GET" && method != "POST" { + statusCode = http.StatusMethodNotAllowed + return + } + w.Header().Set("Access-Control-Allow-Headers", "Range") + w.Header().Set("Access-Control-Allow-Methods", "GET, POST") + w.Header().Set("Access-Control-Allow-Origin", "*") + w.Header().Set("Access-Control-Max-Age", "86400") + statusCode = http.StatusOK + return + } + if r.Method != "GET" && r.Method != "POST" { statusCode, statusText = http.StatusMethodNotAllowed, r.Method return @@ -109,12 +133,12 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { w.Header().Set("Access-Control-Allow-Origin", "*") } - arv := clientPool.Get() + arv := h.clientPool.Get() if arv == nil { - statusCode, statusText = http.StatusInternalServerError, "Pool failed: "+clientPool.Err().Error() + statusCode, statusText = http.StatusInternalServerError, "Pool failed: "+h.clientPool.Err().Error() return } - defer clientPool.Put(arv) + defer h.clientPool.Put(arv) pathParts := strings.Split(r.URL.Path[1:], "/") @@ -124,9 +148,9 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { var reqTokens []string var pathToken bool var attachment bool - credentialsOK := trustAllContent + credentialsOK := h.Config.TrustAllContent - if r.Host != "" && r.Host == attachmentOnlyHost { + if r.Host != "" && r.Host == h.Config.AttachmentOnlyHost { credentialsOK = true attachment = true } else if r.FormValue("disposition") == "attachment" { @@ -137,6 +161,9 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { // http://ID.collections.example/PATH... credentialsOK = true targetPath = pathParts + } else if r.URL.Path == "/status.json" { + h.serveStatus(w, r) + return } else if len(pathParts) >= 2 && strings.HasPrefix(pathParts[0], "c=") { // /c=ID/PATH... targetID = parseCollectionIDFromURL(pathParts[0][2:]) @@ -144,17 +171,19 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } else if len(pathParts) >= 3 && pathParts[0] == "collections" { if len(pathParts) >= 5 && pathParts[1] == "download" { // /collections/download/ID/TOKEN/PATH... - targetID = pathParts[2] + targetID = parseCollectionIDFromURL(pathParts[2]) tokens = []string{pathParts[3]} targetPath = pathParts[4:] pathToken = true } else { // /collections/ID/PATH... - targetID = pathParts[1] - tokens = anonymousTokens + targetID = parseCollectionIDFromURL(pathParts[1]) + tokens = h.Config.AnonymousTokens targetPath = pathParts[2:] } - } else { + } + + if targetID == "" { statusCode = http.StatusNotFound return } @@ -186,7 +215,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { // It is not safe to copy the provided token // into a cookie unless the current vhost // (origin) serves only a single collection or - // we are in trustAllContent mode. + // we are in TrustAllContent mode. statusCode = http.StatusBadRequest return } @@ -246,7 +275,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { if credentialsOK { reqTokens = auth.NewCredentialsFromHTTPRequest(r).Tokens } - tokens = append(reqTokens, anonymousTokens...) + tokens = append(reqTokens, h.Config.AnonymousTokens...) } if len(targetPath) > 0 && targetPath[0] == "_" { @@ -259,11 +288,17 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { targetPath = targetPath[1:] } + forceReload := false + if cc := r.Header.Get("Cache-Control"); strings.Contains(cc, "no-cache") || strings.Contains(cc, "must-revalidate") { + forceReload = true + } + + var collection map[string]interface{} tokenResult := make(map[string]int) - collection := make(map[string]interface{}) found := false for _, arv.ApiToken = range tokens { - err := arv.Get("collections", targetID, nil, &collection) + var err error + collection, err = h.Config.Cache.Get(arv, targetID, forceReload) if err == nil { // Success found = true @@ -320,12 +355,6 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { statusCode, statusText = http.StatusInternalServerError, err.Error() return } - if kc.Client != nil && kc.Client.Transport != nil { - // Workaround for https://dev.arvados.org/issues/9005 - if t, ok := kc.Client.Transport.(*http.Transport); ok { - defer t.CloseIdleConnections() - } - } rdr, err := kc.CollectionFileReader(collection, filename) if os.IsNotExist(err) { statusCode = http.StatusNotFound @@ -336,51 +365,15 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { } defer rdr.Close() - basenamePos := strings.LastIndex(filename, "/") - if basenamePos < 0 { - basenamePos = 0 - } - extPos := strings.LastIndex(filename, ".") - if extPos > basenamePos { - // Now extPos is safely >= 0. - if t := mime.TypeByExtension(filename[extPos:]); t != "" { - w.Header().Set("Content-Type", t) - } - } - if rdr, ok := rdr.(keepclient.ReadCloserWithLen); ok { - w.Header().Set("Content-Length", fmt.Sprintf("%d", rdr.Len())) - } - - applyContentDispositionHdr(w, r, filename[basenamePos:], attachment) - rangeRdr, statusCode := applyRangeHdr(w, r, rdr) + basename := path.Base(filename) + applyContentDispositionHdr(w, r, basename, attachment) - w.WriteHeader(statusCode) - _, err = io.Copy(w, rangeRdr) + modstr, _ := collection["modified_at"].(string) + modtime, err := time.Parse(time.RFC3339Nano, modstr) if err != nil { - statusCode, statusText = http.StatusBadGateway, err.Error() - } -} - -var rangeRe = regexp.MustCompile(`^bytes=0-([0-9]*)$`) - -func applyRangeHdr(w http.ResponseWriter, r *http.Request, rdr keepclient.ReadCloserWithLen) (io.Reader, int) { - w.Header().Set("Accept-Ranges", "bytes") - hdr := r.Header.Get("Range") - fields := rangeRe.FindStringSubmatch(hdr) - if fields == nil { - return rdr, http.StatusOK - } - rangeEnd, err := strconv.ParseInt(fields[1], 10, 64) - if err != nil { - // Empty or too big for int64 == send entire content - return rdr, http.StatusOK - } - if uint64(rangeEnd) >= rdr.Len() { - return rdr, http.StatusOK + modtime = time.Now() } - w.Header().Set("Content-Length", fmt.Sprintf("%d", rangeEnd+1)) - w.Header().Set("Content-Range", fmt.Sprintf("bytes %d-%d/%d", 0, rangeEnd, rdr.Len())) - return &io.LimitedReader{R: rdr, N: rangeEnd + 1}, http.StatusPartialContent + http.ServeContent(w, r, basename, modtime, rdr) } func applyContentDispositionHdr(w http.ResponseWriter, r *http.Request, filename string, isAttachment bool) {