X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/acf545571425b2a2d8a26cb703f75926b6b2a987..2ea729f97166cb5fda4a6ca0818f0a0ab15388ab:/lib/controller/handler.go diff --git a/lib/controller/handler.go b/lib/controller/handler.go index c50f98273c..53125ae554 100644 --- a/lib/controller/handler.go +++ b/lib/controller/handler.go @@ -5,6 +5,7 @@ package controller import ( + "context" "database/sql" "errors" "net" @@ -35,6 +36,26 @@ type Handler struct { func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { h.setupOnce.Do(h.setup) + if req.Method != "GET" && req.Method != "HEAD" { + // http.ServeMux returns 301 with a cleaned path if + // the incoming request has a double slash. Some + // clients (including the Go standard library) change + // the request method to GET when following a 301 + // redirect if the original method was not HEAD + // (RFC7231 6.4.2 specifically allows this in the case + // of POST). Thus "POST //foo" gets misdirected to + // "GET /foo". To avoid this, eliminate double slashes + // before passing the request to ServeMux. + for strings.Contains(req.URL.Path, "//") { + req.URL.Path = strings.Replace(req.URL.Path, "//", "/", -1) + } + } + if h.Cluster.HTTPRequestTimeout > 0 { + ctx, cancel := context.WithDeadline(req.Context(), time.Now().Add(time.Duration(h.Cluster.HTTPRequestTimeout))) + req = req.WithContext(ctx) + defer cancel() + } + h.handlerStack.ServeHTTP(w, req) } @@ -44,6 +65,8 @@ func (h *Handler) CheckHealth() error { return err } +func neverRedirect(*http.Request, []*http.Request) error { return http.ErrUseLastResponse } + func (h *Handler) setup() { mux := http.NewServeMux() mux.Handle("/_health/", &health.Handler{ @@ -52,21 +75,20 @@ func (h *Handler) setup() { }) hs := http.NotFoundHandler() hs = prepend(hs, h.proxyRailsAPI) - hs = prepend(hs, h.proxyRemoteCluster) + hs = h.setupProxyRemoteCluster(hs) mux.Handle("/", hs) h.handlerStack = mux sc := *arvados.DefaultSecureClient - sc.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + sc.CheckRedirect = neverRedirect h.secureClient = &sc ic := *arvados.InsecureHTTPClient - ic.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout) + ic.CheckRedirect = neverRedirect h.insecureClient = &ic h.proxy = &proxy{ - Name: "arvados-controller", - RequestTimeout: time.Duration(h.Cluster.HTTPRequestTimeout), + Name: "arvados-controller", } } @@ -103,11 +125,10 @@ func prepend(next http.Handler, middleware middlewareFunc) http.Handler { }) } -func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) { +func (h *Handler) localClusterRequest(req *http.Request) (*http.Response, error) { urlOut, insecure, err := findRailsAPI(h.Cluster, h.NodeProfile) if err != nil { - httpserver.Error(w, err.Error(), http.StatusInternalServerError) - return + return nil, err } urlOut = &url.URL{ Scheme: urlOut.Scheme, @@ -120,7 +141,15 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next h if insecure { client = h.insecureClient } - h.proxy.Do(w, req, urlOut, client) + return h.proxy.Do(req, urlOut, client) +} + +func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) { + resp, err := h.localClusterRequest(req) + n, err := h.proxy.ForwardResponse(w, resp, err) + if err != nil { + httpserver.Logger(req).WithError(err).WithField("bytesCopied", n).Error("error copying response body") + } } // For now, findRailsAPI always uses the rails API running on this