XKeepReplicasStored = "X-Keep-Replicas-Stored"
XKeepStorageClasses = "X-Keep-Storage-Classes"
XKeepStorageClassesConfirmed = "X-Keep-Storage-Classes-Confirmed"
+ XKeepSignature = "X-Keep-Signature"
+ XKeepLocator = "X-Keep-Locator"
)
type HTTPClient interface {
"git.arvados.org/arvados.git/sdk/go/health"
"git.arvados.org/arvados.git/sdk/go/httpserver"
"git.arvados.org/arvados.git/sdk/go/keepclient"
+ "git.arvados.org/arvados.git/services/keepstore"
"github.com/gorilla/mux"
lru "github.com/hashicorp/golang-lru"
"github.com/prometheus/client_golang/prometheus"
}
func setCORSHeaders(resp http.ResponseWriter) {
- resp.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, OPTIONS")
- resp.Header().Set("Access-Control-Allow-Origin", "*")
- resp.Header().Set("Access-Control-Allow-Headers", "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
- resp.Header().Set("Access-Control-Max-Age", "86486400")
+ keepstore.SetCORSHeaders(resp)
+ acam := "Access-Control-Allow-Methods"
+ resp.Header().Set(acam, resp.Header().Get(acam)+", POST")
}
type invalidPathHandler struct{}
locatorIn := mux.Vars(req)["locator"]
// Check if the client specified storage classes
- if req.Header.Get("X-Keep-Storage-Classes") != "" {
+ if req.Header.Get(keepclient.XKeepStorageClasses) != "" {
var scl []string
- for _, sc := range strings.Split(req.Header.Get("X-Keep-Storage-Classes"), ",") {
+ for _, sc := range strings.Split(req.Header.Get(keepclient.XKeepStorageClasses), ",") {
scl = append(scl, strings.Trim(sc, " "))
}
kc.SetStorageClasses(scl)
body, err := ioutil.ReadAll(resp.Body)
c.Check(err, IsNil)
c.Check(string(body), Equals, "")
- c.Check(resp.Header.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, POST, PUT, OPTIONS")
+ c.Check(resp.Header.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, PUT, OPTIONS, POST")
c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
}
{
resp, err := http.Get(fmt.Sprintf("http://%s/%x+3", srv.Addr, md5.Sum([]byte("foo"))))
c.Check(err, Equals, nil)
- c.Check(resp.Header.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas")
+ c.Check(resp.Header.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas, X-Keep-Signature, X-Keep-Storage-Classes")
c.Check(resp.Header.Get("Access-Control-Allow-Origin"), Equals, "*")
}
}
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/auth"
"git.arvados.org/arvados.git/sdk/go/httpserver"
+ "git.arvados.org/arvados.git/sdk/go/keepclient"
"github.com/gorilla/mux"
)
touch.HandleFunc(locatorPath, adminonly(rtr.handleBlockTouch))
delete := r.Methods(http.MethodDelete).Subrouter()
delete.HandleFunc(locatorPath, adminonly(rtr.handleBlockTrash))
+ options := r.Methods(http.MethodOptions).Subrouter()
+ options.NewRoute().PathPrefix(`/`).HandlerFunc(rtr.handleOptions)
r.NotFoundHandler = http.HandlerFunc(rtr.handleBadRequest)
r.MethodNotAllowedHandler = http.HandlerFunc(rtr.handleBadRequest)
- rtr.Handler = auth.LoadToken(r)
+ rtr.Handler = corsHandler(auth.LoadToken(r))
return rtr
}
// Intervening proxies must not return a cached GET response
// to a prior request if a X-Keep-Signature request header has
// been added or changed.
- w.Header().Add("Vary", "X-Keep-Signature")
+ w.Header().Add("Vary", keepclient.XKeepSignature)
var localLocator func(string)
- if strings.SplitN(req.Header.Get("X-Keep-Signature"), ",", 2)[0] == "local" {
+ if strings.SplitN(req.Header.Get(keepclient.XKeepSignature), ",", 2)[0] == "local" {
localLocator = func(locator string) {
- w.Header().Set("X-Keep-Locator", locator)
+ w.Header().Set(keepclient.XKeepLocator, locator)
}
}
out := w
func (rtr *router) handleBlockWrite(w http.ResponseWriter, req *http.Request) {
dataSize, _ := strconv.Atoi(req.Header.Get("Content-Length"))
- replicas, _ := strconv.Atoi(req.Header.Get("X-Arvados-Replicas-Desired"))
+ replicas, _ := strconv.Atoi(req.Header.Get("X-Arvados-Desired-Replicas"))
resp, err := rtr.keepstore.BlockWrite(req.Context(), arvados.BlockWriteOptions{
Hash: mux.Vars(req)["locator"],
Reader: req.Body,
DataSize: dataSize,
RequestID: req.Header.Get("X-Request-Id"),
- StorageClasses: trimSplit(req.Header.Get("X-Keep-Storage-Classes"), ","),
+ StorageClasses: trimSplit(req.Header.Get(keepclient.XKeepStorageClasses), ","),
Replicas: replicas,
})
if err != nil {
rtr.handleError(w, req, err)
return
}
- w.Header().Set("X-Keep-Replicas-Stored", fmt.Sprintf("%d", resp.Replicas))
+ w.Header().Set(keepclient.XKeepReplicasStored, fmt.Sprintf("%d", resp.Replicas))
scc := ""
for k, n := range resp.StorageClasses {
if n > 0 {
scc += fmt.Sprintf("%s=%d", k, n)
}
}
- w.Header().Set("X-Keep-Storage-Classes-Confirmed", scc)
+ w.Header().Set(keepclient.XKeepStorageClassesConfirmed, scc)
w.WriteHeader(http.StatusOK)
fmt.Fprintln(w, resp.Locator)
}
http.Error(w, "Bad Request", http.StatusBadRequest)
}
+func (rtr *router) handleOptions(w http.ResponseWriter, req *http.Request) {
+}
+
func (rtr *router) handleError(w http.ResponseWriter, req *http.Request, err error) {
if req.Context().Err() != nil {
w.WriteHeader(499)
func (discardWrite) Write(p []byte) (int, error) {
return len(p), nil
}
+
+func corsHandler(h http.Handler) http.Handler {
+ return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ SetCORSHeaders(w)
+ h.ServeHTTP(w, r)
+ })
+}
+
+var corsHeaders = map[string]string{
+ "Access-Control-Allow-Methods": "GET, HEAD, PUT, OPTIONS",
+ "Access-Control-Allow-Origin": "*",
+ "Access-Control-Allow-Headers": "Authorization, Content-Length, Content-Type, " + keepclient.XKeepDesiredReplicas + ", " + keepclient.XKeepSignature + ", " + keepclient.XKeepStorageClasses,
+ "Access-Control-Expose-Headers": keepclient.XKeepLocator + ", " + keepclient.XKeepReplicasStored + ", " + keepclient.XKeepStorageClassesConfirmed,
+ "Access-Control-Max-Age": "86486400",
+}
+
+func SetCORSHeaders(w http.ResponseWriter) {
+ for k, v := range corsHeaders {
+ w.Header().Set(k, v)
+ }
+}
resp := call(router, "GET", "http://example/"+locSigned, "", nil, nil)
c.Check(resp.Code, Equals, http.StatusUnauthorized)
c.Check(resp.Body.String(), Matches, "no token provided in Authorization header\n")
+ checkCORSHeaders(c, resp.Header())
// Different token => invalid signature
resp = call(router, "GET", "http://example/"+locSigned, "badtoken", nil, nil)
c.Check(resp.Code, Equals, http.StatusBadRequest)
c.Check(resp.Body.String(), Equals, "invalid signature\n")
+ checkCORSHeaders(c, resp.Header())
// Correct token
resp = call(router, "GET", "http://example/"+locSigned, arvadostest.ActiveTokenV2, nil, nil)
c.Check(resp.Code, Equals, http.StatusOK)
c.Check(resp.Body.String(), Equals, "foo")
+ checkCORSHeaders(c, resp.Header())
// HEAD
resp = call(router, "HEAD", "http://example/"+locSigned, arvadostest.ActiveTokenV2, nil, nil)
c.Check(resp.Code, Equals, http.StatusOK)
c.Check(resp.Result().ContentLength, Equals, int64(3))
c.Check(resp.Body.String(), Equals, "")
+ checkCORSHeaders(c, resp.Header())
}
// As a special case we allow HEAD requests that only provide a hash
}
c.Check(resp.Body.Len(), Not(Equals), len(gooddata))
c.Check(resp.Result().ContentLength, Equals, int64(len(gooddata)))
+ checkCORSHeaders(c, resp.Header())
resp = call(router, "HEAD", "http://example/"+locSigned, arvadostest.ActiveTokenV2, nil, nil)
c.Check(resp.Code, Equals, http.StatusBadGateway)
+ checkCORSHeaders(c, resp.Header())
hashSigned := router.keepstore.signLocator(arvadostest.ActiveTokenV2, hash)
resp = call(router, "HEAD", "http://example/"+hashSigned, arvadostest.ActiveTokenV2, nil, nil)
c.Check(resp.Code, Equals, http.StatusBadGateway)
+ checkCORSHeaders(c, resp.Header())
}
}
resp := call(router, "PUT", "http://example/"+fooHash, arvadostest.ActiveTokenV2, []byte("foo"), nil)
c.Check(resp.Code, Equals, http.StatusOK)
+ checkCORSHeaders(c, resp.Header())
locator := strings.TrimSpace(resp.Body.String())
resp = call(router, "GET", "http://example/"+locator, arvadostest.ActiveTokenV2, nil, nil)
router, cancel := testRouter(c, s.cluster, nil)
defer cancel()
- resp := call(router, "PUT", "http://example/"+fooHash, arvadostest.ActiveTokenV2, []byte("foo"), http.Header{"X-Arvados-Replicas-Desired": []string{"2"}})
+ resp := call(router, "PUT", "http://example/"+fooHash, arvadostest.ActiveTokenV2, []byte("foo"), http.Header{"X-Arvados-Desired-Replicas": []string{"2"}})
c.Check(resp.Code, Equals, http.StatusOK)
c.Check(resp.Header().Get("X-Keep-Replicas-Stored"), Equals, "1")
c.Check(sortCommaSeparated(resp.Header().Get("X-Keep-Storage-Classes-Confirmed")), Equals, "testclass1=1")
c.Check(resp.Code, Equals, http.StatusOK)
c.Check(strings.Split(resp.Body.String(), "\n"), HasLen, 5)
}
-
}
// Check that the context passed to a volume method gets cancelled
c.Check(resp.Code, Equals, 499)
}
+func (s *routerSuite) TestCORSPreflight(c *C) {
+ router, cancel := testRouter(c, s.cluster, nil)
+ defer cancel()
+
+ for _, path := range []string{"/", "/whatever", "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa+123"} {
+ c.Logf("=== %s", path)
+ resp := call(router, http.MethodOptions, "http://example"+path, arvadostest.ActiveTokenV2, nil, nil)
+ c.Check(resp.Code, Equals, http.StatusOK)
+ c.Check(resp.Body.String(), Equals, "")
+ checkCORSHeaders(c, resp.Header())
+ }
+}
+
func call(handler http.Handler, method, path, tok string, body []byte, hdr http.Header) *httptest.ResponseRecorder {
resp := httptest.NewRecorder()
req, err := http.NewRequest(method, path, bytes.NewReader(body))
handler.ServeHTTP(resp, req)
return resp
}
+
+func checkCORSHeaders(c *C, h http.Header) {
+ c.Check(h.Get("Access-Control-Allow-Methods"), Equals, "GET, HEAD, PUT, OPTIONS")
+ c.Check(h.Get("Access-Control-Allow-Origin"), Equals, "*")
+ c.Check(h.Get("Access-Control-Allow-Headers"), Equals, "Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas, X-Keep-Signature, X-Keep-Storage-Classes")
+ c.Check(h.Get("Access-Control-Expose-Headers"), Equals, "X-Keep-Locator, X-Keep-Replicas-Stored, X-Keep-Storage-Classes-Confirmed")
+}
projects / arvados.git / commitdiff