mirror of https://github.com/perkeep/perkeep.git
977 lines
30 KiB
Go
977 lines
30 KiB
Go
/*
|
|
Copyright 2011 The Perkeep Authors
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
// Package serverinit is responsible for mapping from a Perkeep
|
|
// configuration file and instantiating HTTP Handlers for all the
|
|
// necessary endpoints.
|
|
package serverinit // import "perkeep.org/pkg/serverinit"
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/json"
|
|
"errors"
|
|
"expvar"
|
|
"fmt"
|
|
"io"
|
|
"log"
|
|
"net"
|
|
"net/http"
|
|
"net/http/pprof"
|
|
"os"
|
|
"reflect"
|
|
"regexp"
|
|
"runtime"
|
|
"runtime/debug"
|
|
rpprof "runtime/pprof"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"perkeep.org/internal/httputil"
|
|
"perkeep.org/internal/osutil"
|
|
"perkeep.org/pkg/auth"
|
|
"perkeep.org/pkg/blobserver"
|
|
"perkeep.org/pkg/blobserver/handlers"
|
|
"perkeep.org/pkg/index"
|
|
"perkeep.org/pkg/jsonsign/signhandler"
|
|
"perkeep.org/pkg/server"
|
|
"perkeep.org/pkg/server/app"
|
|
"perkeep.org/pkg/types/serverconfig"
|
|
|
|
"cloud.google.com/go/compute/metadata"
|
|
"go4.org/jsonconfig"
|
|
)
|
|
|
|
const camliPrefix = "/camli/"
|
|
|
|
var ErrCamliPath = errors.New("invalid Perkeep request path")
|
|
|
|
type handlerConfig struct {
|
|
prefix string // "/foo/"
|
|
htype string // "localdisk", etc
|
|
conf jsonconfig.Obj // never nil
|
|
internal bool // if true, not accessible over HTTP
|
|
|
|
settingUp, setupDone bool
|
|
}
|
|
|
|
// handlerLoader implements blobserver.Loader.
|
|
type handlerLoader struct {
|
|
installer HandlerInstaller
|
|
baseURL string
|
|
config map[string]*handlerConfig // prefix -> config
|
|
handler map[string]interface{} // prefix -> http.Handler / func / blobserver.Storage
|
|
curPrefix string
|
|
closers []io.Closer
|
|
prefixStack []string
|
|
}
|
|
|
|
var _ blobserver.Loader = (*handlerLoader)(nil)
|
|
|
|
// A HandlerInstaller is anything that can register an HTTP Handler at
|
|
// a prefix path. Both *http.ServeMux and perkeep.org/pkg/webserver.Server
|
|
// implement HandlerInstaller.
|
|
type HandlerInstaller interface {
|
|
Handle(path string, h http.Handler)
|
|
}
|
|
|
|
type storageAndConfig struct {
|
|
blobserver.Storage
|
|
config *blobserver.Config
|
|
}
|
|
|
|
// parseCamliPath looks for "/camli/" in the path and returns
|
|
// what follows it (the action).
|
|
func parseCamliPath(path string) (action string, err error) {
|
|
camIdx := strings.Index(path, camliPrefix)
|
|
if camIdx == -1 {
|
|
return "", ErrCamliPath
|
|
}
|
|
action = path[camIdx+len(camliPrefix):]
|
|
return
|
|
}
|
|
|
|
func unsupportedHandler(rw http.ResponseWriter, req *http.Request) {
|
|
httputil.BadRequestError(rw, "Unsupported Perkeep path or method.")
|
|
}
|
|
|
|
func (s *storageAndConfig) Config() *blobserver.Config {
|
|
return s.config
|
|
}
|
|
|
|
// GetStorage returns the unwrapped blobserver.Storage interface value for
|
|
// callers to type-assert optional interface implementations on. (e.g. EnumeratorConfig)
|
|
func (s *storageAndConfig) GetStorage() blobserver.Storage {
|
|
return s.Storage
|
|
}
|
|
|
|
// action is the part following "/camli/" in the URL. It's either a
|
|
// string like "enumerate-blobs", "stat", "upload", or a blobref.
|
|
func camliHandlerUsingStorage(req *http.Request, action string, storage blobserver.StorageConfiger) (http.Handler, auth.Operation) {
|
|
var handler http.Handler
|
|
op := auth.OpAll
|
|
switch req.Method {
|
|
case "GET", "HEAD":
|
|
switch action {
|
|
case "enumerate-blobs":
|
|
handler = handlers.CreateEnumerateHandler(storage)
|
|
op = auth.OpGet
|
|
case "stat":
|
|
handler = handlers.CreateStatHandler(storage)
|
|
case "ws":
|
|
handler = nil // TODO: handlers.CreateSocketHandler(storage)
|
|
op = auth.OpDiscovery // rest of operation auth checks done in handler
|
|
default:
|
|
handler = handlers.CreateGetHandler(storage)
|
|
op = auth.OpGet
|
|
}
|
|
case "POST":
|
|
switch action {
|
|
case "stat":
|
|
handler = handlers.CreateStatHandler(storage)
|
|
op = auth.OpStat
|
|
case "upload":
|
|
handler = handlers.CreateBatchUploadHandler(storage)
|
|
op = auth.OpUpload
|
|
case "remove":
|
|
handler = handlers.CreateRemoveHandler(storage)
|
|
}
|
|
case "PUT":
|
|
handler = handlers.CreatePutUploadHandler(storage)
|
|
op = auth.OpUpload
|
|
}
|
|
if handler == nil {
|
|
handler = http.HandlerFunc(unsupportedHandler)
|
|
}
|
|
return handler, op
|
|
}
|
|
|
|
// where prefix is like "/" or "/s3/" for e.g. "/camli/" or "/s3/camli/*"
|
|
func makeCamliHandler(prefix, baseURL string, storage blobserver.Storage, hf blobserver.FindHandlerByTyper) http.Handler {
|
|
if !strings.HasSuffix(prefix, "/") {
|
|
panic("expected prefix to end in slash")
|
|
}
|
|
baseURL = strings.TrimRight(baseURL, "/")
|
|
|
|
canLongPoll := true
|
|
// TODO(bradfitz): set to false if this is App Engine, or provide some way to disable
|
|
|
|
storageConfig := &storageAndConfig{
|
|
storage,
|
|
&blobserver.Config{
|
|
Writable: true,
|
|
Readable: true,
|
|
Deletable: false,
|
|
URLBase: baseURL + prefix[:len(prefix)-1],
|
|
CanLongPoll: canLongPoll,
|
|
HandlerFinder: hf,
|
|
},
|
|
}
|
|
return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
|
action, err := parseCamliPath(req.URL.Path[len(prefix)-1:])
|
|
if err != nil {
|
|
log.Printf("Invalid request for method %q, path %q",
|
|
req.Method, req.URL.Path)
|
|
unsupportedHandler(rw, req)
|
|
return
|
|
}
|
|
handler := auth.RequireAuth(camliHandlerUsingStorage(req, action, storageConfig))
|
|
handler.ServeHTTP(rw, req)
|
|
})
|
|
}
|
|
|
|
func (hl *handlerLoader) FindHandlerByType(htype string) (prefix string, handler interface{}, err error) {
|
|
nFound := 0
|
|
for pfx, config := range hl.config {
|
|
if config.htype == htype {
|
|
nFound++
|
|
prefix, handler = pfx, hl.handler[pfx]
|
|
}
|
|
}
|
|
if nFound == 0 {
|
|
return "", nil, blobserver.ErrHandlerTypeNotFound
|
|
}
|
|
if htype == "jsonsign" && nFound > 1 {
|
|
// TODO: do this for all handler types later? audit
|
|
// callers of FindHandlerByType and see if that's
|
|
// feasible. For now I'm only paranoid about jsonsign.
|
|
return "", nil, fmt.Errorf("%d handlers found of type %q; ambiguous", nFound, htype)
|
|
}
|
|
return
|
|
}
|
|
|
|
func (hl *handlerLoader) AllHandlers() (types map[string]string, handlers map[string]interface{}) {
|
|
types = make(map[string]string)
|
|
handlers = make(map[string]interface{})
|
|
for pfx, config := range hl.config {
|
|
types[pfx] = config.htype
|
|
handlers[pfx] = hl.handler[pfx]
|
|
}
|
|
return
|
|
}
|
|
|
|
func (hl *handlerLoader) setupAll() {
|
|
for prefix := range hl.config {
|
|
hl.setupHandler(prefix)
|
|
}
|
|
}
|
|
|
|
func (hl *handlerLoader) configType(prefix string) string {
|
|
if h, ok := hl.config[prefix]; ok {
|
|
return h.htype
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (hl *handlerLoader) MyPrefix() string {
|
|
return hl.curPrefix
|
|
}
|
|
|
|
func (hl *handlerLoader) BaseURL() string {
|
|
return hl.baseURL
|
|
}
|
|
|
|
func (hl *handlerLoader) GetStorage(prefix string) (blobserver.Storage, error) {
|
|
hl.setupHandler(prefix)
|
|
if s, ok := hl.handler[prefix].(blobserver.Storage); ok {
|
|
return s, nil
|
|
}
|
|
return nil, fmt.Errorf("bogus storage handler referenced as %q", prefix)
|
|
}
|
|
|
|
func (hl *handlerLoader) GetHandler(prefix string) (interface{}, error) {
|
|
hl.setupHandler(prefix)
|
|
if s, ok := hl.handler[prefix].(blobserver.Storage); ok {
|
|
return s, nil
|
|
}
|
|
if h, ok := hl.handler[prefix].(http.Handler); ok {
|
|
return h, nil
|
|
}
|
|
return nil, fmt.Errorf("bogus http or storage handler referenced as %q", prefix)
|
|
}
|
|
|
|
func (hl *handlerLoader) GetHandlerType(prefix string) string {
|
|
return hl.configType(prefix)
|
|
}
|
|
|
|
func exitFailure(pattern string, args ...interface{}) {
|
|
if !strings.HasSuffix(pattern, "\n") {
|
|
pattern = pattern + "\n"
|
|
}
|
|
panic(fmt.Sprintf(pattern, args...))
|
|
}
|
|
|
|
func (hl *handlerLoader) setupHandler(prefix string) {
|
|
h, ok := hl.config[prefix]
|
|
if !ok {
|
|
exitFailure("invalid reference to undefined handler %q", prefix)
|
|
}
|
|
if h.setupDone {
|
|
// Already setup by something else reference it and forcing it to be
|
|
// setup before the bottom loop got to it.
|
|
return
|
|
}
|
|
hl.prefixStack = append(hl.prefixStack, prefix)
|
|
if h.settingUp {
|
|
buf := make([]byte, 1024)
|
|
buf = buf[:runtime.Stack(buf, false)]
|
|
exitFailure("loop in configuration graph; %q tried to load itself indirectly: %q\nStack:\n%s",
|
|
prefix, hl.prefixStack, buf)
|
|
}
|
|
h.settingUp = true
|
|
defer func() {
|
|
// log.Printf("Configured handler %q", prefix)
|
|
h.setupDone = true
|
|
hl.prefixStack = hl.prefixStack[:len(hl.prefixStack)-1]
|
|
r := recover()
|
|
if r == nil {
|
|
if hl.handler[prefix] == nil {
|
|
panic(fmt.Sprintf("setupHandler for %q didn't install a handler", prefix))
|
|
}
|
|
} else {
|
|
panic(r)
|
|
}
|
|
}()
|
|
|
|
hl.curPrefix = prefix
|
|
|
|
if strings.HasPrefix(h.htype, "storage-") {
|
|
// Assume a storage interface:
|
|
stype := strings.TrimPrefix(h.htype, "storage-")
|
|
pstorage, err := blobserver.CreateStorage(stype, hl, h.conf)
|
|
if err != nil {
|
|
exitFailure("error instantiating storage for prefix %q, type %q: %v",
|
|
h.prefix, stype, err)
|
|
}
|
|
if ix, ok := pstorage.(*index.Index); ok && ix.WantsReindex() {
|
|
log.Printf("Reindexing %s ...", h.prefix)
|
|
if err := ix.Reindex(); err != nil {
|
|
if ix.WantsKeepGoing() {
|
|
log.Printf("Error reindexing %s: %v", h.prefix, err)
|
|
} else {
|
|
exitFailure("Error reindexing %s: %v", h.prefix, err)
|
|
}
|
|
}
|
|
}
|
|
hl.handler[h.prefix] = pstorage
|
|
if h.internal {
|
|
hl.installer.Handle(prefix, unauthorizedHandler{})
|
|
} else {
|
|
hl.installer.Handle(prefix+"camli/", makeCamliHandler(prefix, hl.baseURL, pstorage, hl))
|
|
}
|
|
if cl, ok := pstorage.(blobserver.ShutdownStorage); ok {
|
|
hl.closers = append(hl.closers, cl)
|
|
}
|
|
return
|
|
}
|
|
|
|
var hh http.Handler
|
|
if h.htype == "app" {
|
|
// h.conf might already contain the server's baseURL, but
|
|
// perkeepd.go derives (if needed) a more useful hl.baseURL,
|
|
// after h.conf was generated, so we provide it as well to
|
|
// FromJSONConfig so NewHandler can benefit from it.
|
|
hc, err := app.FromJSONConfig(h.conf, prefix, hl.baseURL)
|
|
if err != nil {
|
|
exitFailure("error setting up app config for prefix %q: %v", h.prefix, err)
|
|
}
|
|
ap, err := app.NewHandler(hc)
|
|
if err != nil {
|
|
exitFailure("error setting up app for prefix %q: %v", h.prefix, err)
|
|
}
|
|
hh = ap
|
|
auth.AddMode(ap.AuthMode())
|
|
// TODO(mpl): this check is weak, as the user could very well
|
|
// use another binary name for the publisher app. We should
|
|
// introduce/use another identifier.
|
|
if ap.ProgramName() == "publisher" {
|
|
if err := hl.initPublisherRootNode(ap); err != nil {
|
|
exitFailure("Error looking/setting up root node for publisher on %v: %v", h.prefix, err)
|
|
}
|
|
}
|
|
} else {
|
|
var err error
|
|
hh, err = blobserver.CreateHandler(h.htype, hl, h.conf)
|
|
if err != nil {
|
|
exitFailure("error instantiating handler for prefix %q, type %q: %v",
|
|
h.prefix, h.htype, err)
|
|
}
|
|
}
|
|
|
|
hl.handler[prefix] = hh
|
|
var wrappedHandler http.Handler
|
|
if h.internal {
|
|
wrappedHandler = unauthorizedHandler{}
|
|
} else {
|
|
wrappedHandler = &httputil.PrefixHandler{Prefix: prefix, Handler: hh}
|
|
if handlerTypeWantsAuth(h.htype) {
|
|
wrappedHandler = auth.Handler{Handler: wrappedHandler}
|
|
}
|
|
}
|
|
hl.installer.Handle(prefix, wrappedHandler)
|
|
}
|
|
|
|
type unauthorizedHandler struct{}
|
|
|
|
func (unauthorizedHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized)
|
|
}
|
|
|
|
func handlerTypeWantsAuth(handlerType string) bool {
|
|
// TODO(bradfitz): ask the handler instead? This is a bit of a
|
|
// weird spot for this policy maybe?
|
|
switch handlerType {
|
|
case "ui", "search", "jsonsign", "sync", "status", "help", "importer":
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// A Config is the wrapper around a Perkeep JSON configuration file.
|
|
// Files on disk can be in either high-level or low-level format, but
|
|
// the Load function always returns the Config in its low-level format
|
|
// (a.k.a. the "handler" format).
|
|
//
|
|
// TODO(bradfitz): document and/or link to the low-level format; for
|
|
// now you can see the high-level config format at https://perkeep.org/pkg/types/serverconfig/#Config
|
|
// and the the low-level format by running "camtool dumpconfig".
|
|
type Config struct {
|
|
jconf jsonconfig.Obj // low-level JSON config
|
|
|
|
httpsCert string // optional
|
|
httpsKey string // optional
|
|
https bool
|
|
baseURL string // optional, without trailing slash
|
|
listenAddr string // the optional net.Listen-style TCP listen address
|
|
|
|
installedHandlers bool // whether InstallHandlers (which validates the config too) has been called
|
|
uiPath string // Not valid until after InstallHandlers
|
|
|
|
// apps is the list of server apps configured during InstallHandlers,
|
|
// and that should be started after perkeepd has started serving.
|
|
apps []*app.Handler
|
|
// signHandler is found and configured during InstallHandlers, or nil.
|
|
// It is stored in the Config, so we can call UploadPublicKey on on it as
|
|
// soon as perkeepd is ready for it.
|
|
signHandler *signhandler.Handler
|
|
}
|
|
|
|
// UIPath returns the relative path to the server's user interface
|
|
// handler, if the UI is configured. Otherwise it returns the empty
|
|
// string. It is not valid until after a call to InstallHandlers
|
|
//
|
|
// If non-empty, the returned value will both begin and end with a slash.
|
|
func (c *Config) UIPath() string {
|
|
if !c.installedHandlers {
|
|
panic("illegal UIPath call before call to InstallHandlers")
|
|
}
|
|
return c.uiPath
|
|
}
|
|
|
|
// BaseURL returns the optional URL prefix listening the root of this server.
|
|
// It does not end in a trailing slash.
|
|
func (c *Config) BaseURL() string { return c.baseURL }
|
|
|
|
// ListenAddr returns the optional configured listen address in ":port" or "ip:port" form.
|
|
func (c *Config) ListenAddr() string { return c.listenAddr }
|
|
|
|
// HTTPSCert returns the optional path to an HTTPS public key certificate file.
|
|
func (c *Config) HTTPSCert() string { return c.httpsCert }
|
|
|
|
// HTTPSKey returns the optional path to an HTTPS private key file.
|
|
func (c *Config) HTTPSKey() string { return c.httpsKey }
|
|
|
|
// HTTPS reports whether this configuration wants to serve HTTPS.
|
|
func (c *Config) HTTPS() bool { return c.https }
|
|
|
|
// IsTailscaleListener reports whether c is configured to run in
|
|
// Tailscale tsnet mode.
|
|
func (c *Config) IsTailscaleListener() bool {
|
|
return c.listenAddr == "tailscale" || strings.HasPrefix(c.listenAddr, "tailscale:")
|
|
}
|
|
|
|
// detectConfigChange returns an informative error if conf contains obsolete keys.
|
|
func detectConfigChange(conf jsonconfig.Obj) error {
|
|
oldHTTPSKey, oldHTTPSCert := conf.OptionalString("HTTPSKeyFile", ""), conf.OptionalString("HTTPSCertFile", "")
|
|
if oldHTTPSKey != "" || oldHTTPSCert != "" {
|
|
return fmt.Errorf("config keys %q and %q have respectively been renamed to %q and %q, please fix your server config",
|
|
"HTTPSKeyFile", "HTTPSCertFile", "httpsKey", "httpsCert")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// LoadFile returns a low-level "handler config" from the provided filename.
|
|
// If the config file doesn't contain a top-level JSON key of "handlerConfig"
|
|
// with boolean value true, the configuration is assumed to be a high-level
|
|
// "user config" file, and transformed into a low-level config.
|
|
func LoadFile(filename string) (*Config, error) {
|
|
return load(filename, nil)
|
|
}
|
|
|
|
// jsonFileImpl implements jsonconfig.File using a *bytes.Reader with
|
|
// the contents slurped into memory.
|
|
type jsonFileImpl struct {
|
|
*bytes.Reader
|
|
name string
|
|
}
|
|
|
|
func (jsonFileImpl) Close() error { return nil }
|
|
func (f jsonFileImpl) Name() string { return f.name }
|
|
|
|
// Load returns a low-level "handler config" from the provided config.
|
|
// If the config doesn't contain a top-level JSON key of "handlerConfig"
|
|
// with boolean value true, the configuration is assumed to be a high-level
|
|
// "user config" file, and transformed into a low-level config.
|
|
func Load(config []byte) (*Config, error) {
|
|
return load("", func(filename string) (jsonconfig.File, error) {
|
|
if filename != "" {
|
|
return nil, errors.New("JSON files with includes not supported with jsonconfig.Load")
|
|
}
|
|
return jsonFileImpl{bytes.NewReader(config), "config file"}, nil
|
|
})
|
|
}
|
|
|
|
func load(filename string, opener func(filename string) (jsonconfig.File, error)) (*Config, error) {
|
|
c := osutil.NewJSONConfigParser()
|
|
c.Open = opener
|
|
m, err := c.ReadFile(filename)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
obj := jsonconfig.Obj(m)
|
|
conf := &Config{
|
|
jconf: obj,
|
|
}
|
|
|
|
if lowLevel := obj.OptionalBool("handlerConfig", false); lowLevel {
|
|
if err := conf.readFields(); err != nil {
|
|
return nil, err
|
|
}
|
|
return conf, nil
|
|
}
|
|
|
|
// Check whether the high-level config uses the old names.
|
|
if err := detectConfigChange(obj); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Because the original high-level config might have expanded
|
|
// through the use of functions, we re-encode the map back to
|
|
// JSON here so we can unmarshal it into the hiLevelConf
|
|
// struct later.
|
|
highExpandedJSON, err := json.Marshal(m)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Can't re-marshal high-level JSON config: %v", err)
|
|
}
|
|
|
|
var hiLevelConf serverconfig.Config
|
|
if err := json.Unmarshal(highExpandedJSON, &hiLevelConf); err != nil {
|
|
return nil, fmt.Errorf("Could not unmarshal into a serverconfig.Config: %v", err)
|
|
}
|
|
|
|
// At this point, conf.jconf.UnknownKeys() contains all the names found in
|
|
// the given high-level configuration. We check them against
|
|
// highLevelConfFields(), which gives us all the possible valid
|
|
// configuration names, to catch typos or invalid names.
|
|
allFields := highLevelConfFields()
|
|
for _, v := range conf.jconf.UnknownKeys() {
|
|
if _, ok := allFields[v]; !ok {
|
|
return nil, fmt.Errorf("unknown high-level configuration parameter: %q in file %q", v, filename)
|
|
}
|
|
}
|
|
conf, err = genLowLevelConfig(&hiLevelConf)
|
|
if err != nil {
|
|
return nil, fmt.Errorf(
|
|
"failed to transform user config file into internal handler configuration: %v",
|
|
err)
|
|
}
|
|
if v, _ := strconv.ParseBool(os.Getenv("CAMLI_DEBUG_CONFIG")); v {
|
|
jsconf, _ := json.MarshalIndent(conf.jconf, "", " ")
|
|
log.Printf("From high-level config, generated low-level config: %s", jsconf)
|
|
}
|
|
if err := conf.readFields(); err != nil {
|
|
return nil, err
|
|
}
|
|
return conf, nil
|
|
}
|
|
|
|
// readFields reads the low-level jsonconfig fields using the jsonconfig package
|
|
// and copies them into c. This marks them as known fields before a future call to InstallerHandlers
|
|
func (c *Config) readFields() error {
|
|
c.listenAddr = c.jconf.OptionalString("listen", "")
|
|
c.baseURL = strings.TrimSuffix(c.jconf.OptionalString("baseURL", ""), "/")
|
|
c.httpsCert = c.jconf.OptionalString("httpsCert", "")
|
|
c.httpsKey = c.jconf.OptionalString("httpsKey", "")
|
|
c.https = c.jconf.OptionalBool("https", false)
|
|
|
|
_, explicitHTTPS := c.jconf["https"]
|
|
if c.httpsCert != "" && !explicitHTTPS {
|
|
return errors.New("httpsCert specified but https was not")
|
|
}
|
|
if c.httpsKey != "" && !explicitHTTPS {
|
|
return errors.New("httpsKey specified but https was not")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (c *Config) checkValidAuth() error {
|
|
authConfig := c.jconf.OptionalString("auth", "")
|
|
mode, err := auth.FromConfig(authConfig)
|
|
if err == nil {
|
|
auth.SetMode(mode)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func (c *Config) SetReindex(v bool) {
|
|
prefixes, _ := c.jconf["prefixes"].(map[string]interface{})
|
|
for prefix, vei := range prefixes {
|
|
if prefix == "_knownkeys" {
|
|
continue
|
|
}
|
|
pmap, ok := vei.(map[string]interface{})
|
|
if !ok {
|
|
continue
|
|
}
|
|
pconf := jsonconfig.Obj(pmap)
|
|
typ, _ := pconf["handler"].(string)
|
|
if typ != "storage-index" {
|
|
continue
|
|
}
|
|
opts, ok := pconf["handlerArgs"].(map[string]interface{})
|
|
if ok {
|
|
opts["reindex"] = v
|
|
}
|
|
}
|
|
}
|
|
|
|
// SetKeepGoing changes each configured prefix to set "keepGoing" to true. This
|
|
// indicates that validation, reindexing, or recovery behavior should not cause
|
|
// the process to end.
|
|
func (c *Config) SetKeepGoing(v bool) {
|
|
prefixes, _ := c.jconf["prefixes"].(map[string]interface{})
|
|
for prefix, vei := range prefixes {
|
|
if prefix == "_knownkeys" {
|
|
continue
|
|
}
|
|
pmap, ok := vei.(map[string]interface{})
|
|
if !ok {
|
|
continue
|
|
}
|
|
pconf := jsonconfig.Obj(pmap)
|
|
typ, _ := pconf["handler"].(string)
|
|
if typ != "storage-index" && typ != "storage-blobpacked" {
|
|
continue
|
|
}
|
|
opts, ok := pconf["handlerArgs"].(map[string]interface{})
|
|
if ok {
|
|
opts["keepGoing"] = v
|
|
}
|
|
}
|
|
}
|
|
|
|
// InstallHandlers creates and registers all the HTTP Handlers needed
|
|
// by config into the provided HandlerInstaller and validates that the
|
|
// configuration is valid.
|
|
//
|
|
// baseURL is required and specifies the root of this webserver, without trailing slash.
|
|
//
|
|
// The returned shutdown value can be used to cleanly shut down the
|
|
// handlers.
|
|
func (c *Config) InstallHandlers(hi HandlerInstaller, baseURL string) (shutdown io.Closer, err error) {
|
|
config := c
|
|
defer func() {
|
|
if e := recover(); e != nil {
|
|
log.Printf("Caught panic installer handlers: %v", e)
|
|
debug.PrintStack()
|
|
err = fmt.Errorf("Caught panic: %v", e)
|
|
}
|
|
}()
|
|
|
|
if err := config.checkValidAuth(); err != nil {
|
|
return nil, fmt.Errorf("error while configuring auth: %v", err)
|
|
}
|
|
prefixes := config.jconf.RequiredObject("prefixes")
|
|
if err := config.jconf.Validate(); err != nil {
|
|
return nil, fmt.Errorf("configuration error in root object's keys: %v", err)
|
|
}
|
|
|
|
if v := os.Getenv("CAMLI_PPROF_START"); v != "" {
|
|
cpuf := mustCreate(v + ".cpu")
|
|
defer cpuf.Close()
|
|
memf := mustCreate(v + ".mem")
|
|
defer memf.Close()
|
|
rpprof.StartCPUProfile(cpuf)
|
|
defer rpprof.StopCPUProfile()
|
|
defer rpprof.WriteHeapProfile(memf)
|
|
}
|
|
|
|
hl := &handlerLoader{
|
|
installer: hi,
|
|
baseURL: baseURL,
|
|
config: make(map[string]*handlerConfig),
|
|
handler: make(map[string]interface{}),
|
|
}
|
|
|
|
for prefix, vei := range prefixes {
|
|
if prefix == "_knownkeys" {
|
|
continue
|
|
}
|
|
if !strings.HasPrefix(prefix, "/") {
|
|
exitFailure("prefix %q doesn't start with /", prefix)
|
|
}
|
|
if !strings.HasSuffix(prefix, "/") {
|
|
exitFailure("prefix %q doesn't end with /", prefix)
|
|
}
|
|
pmap, ok := vei.(map[string]interface{})
|
|
if !ok {
|
|
exitFailure("prefix %q value is a %T, not an object", prefix, vei)
|
|
}
|
|
pconf := jsonconfig.Obj(pmap)
|
|
enabled := pconf.OptionalBool("enabled", true)
|
|
if !enabled {
|
|
continue
|
|
}
|
|
handlerType := pconf.RequiredString("handler")
|
|
handlerArgs := pconf.OptionalObject("handlerArgs")
|
|
internal := pconf.OptionalBool("internal", false)
|
|
if err := pconf.Validate(); err != nil {
|
|
exitFailure("configuration error in prefix %s: %v", prefix, err)
|
|
}
|
|
h := &handlerConfig{
|
|
prefix: prefix,
|
|
htype: handlerType,
|
|
conf: handlerArgs,
|
|
internal: internal,
|
|
}
|
|
hl.config[prefix] = h
|
|
|
|
if handlerType == "ui" {
|
|
config.uiPath = prefix
|
|
}
|
|
}
|
|
hl.setupAll()
|
|
|
|
// Now that everything is setup, run any handlers' InitHandler
|
|
// methods.
|
|
// And register apps that will be started later.
|
|
for pfx, handler := range hl.handler {
|
|
if starter, ok := handler.(*app.Handler); ok {
|
|
config.apps = append(config.apps, starter)
|
|
}
|
|
if helpHandler, ok := handler.(*server.HelpHandler); ok {
|
|
helpHandler.SetServerConfig(config.jconf)
|
|
}
|
|
if signHandler, ok := handler.(*signhandler.Handler); ok {
|
|
config.signHandler = signHandler
|
|
}
|
|
if in, ok := handler.(blobserver.HandlerIniter); ok {
|
|
if err := in.InitHandler(hl); err != nil {
|
|
return nil, fmt.Errorf("Error calling InitHandler on %s: %v", pfx, err)
|
|
}
|
|
}
|
|
}
|
|
|
|
if v, _ := strconv.ParseBool(os.Getenv("CAMLI_HTTP_EXPVAR")); v {
|
|
hi.Handle("/debug/vars", expvarHandler{})
|
|
}
|
|
if v, _ := strconv.ParseBool(os.Getenv("CAMLI_HTTP_PPROF")); v {
|
|
hi.Handle("/debug/pprof/", profileHandler{})
|
|
}
|
|
hi.Handle("/debug/goroutines", auth.RequireAuth(http.HandlerFunc(dumpGoroutines), auth.OpRead))
|
|
hi.Handle("/debug/config", auth.RequireAuth(configHandler{config}, auth.OpAll))
|
|
hi.Handle("/debug/logs/", auth.RequireAuth(http.HandlerFunc(logsHandler), auth.OpAll))
|
|
config.installedHandlers = true
|
|
return multiCloser(hl.closers), nil
|
|
}
|
|
|
|
func dumpGoroutines(w http.ResponseWriter, r *http.Request) {
|
|
buf := make([]byte, 2<<20)
|
|
buf = buf[:runtime.Stack(buf, true)]
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
w.Write(buf)
|
|
}
|
|
|
|
// StartApps starts all the server applications that were configured
|
|
// during InstallHandlers. It should only be called after perkeepd
|
|
// has started serving, since these apps might request some configuration
|
|
// from Perkeep to finish initializing.
|
|
func (c *Config) StartApps() error {
|
|
for _, ap := range c.apps {
|
|
if err := ap.Start(); err != nil {
|
|
return fmt.Errorf("error starting app %v: %v", ap.ProgramName(), err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// UploadPublicKey uploads the public key blob with the sign handler that was
|
|
// configured during InstallHandlers.
|
|
func (c *Config) UploadPublicKey(ctx context.Context) error {
|
|
if c.signHandler == nil {
|
|
return nil
|
|
}
|
|
return c.signHandler.UploadPublicKey(ctx)
|
|
}
|
|
|
|
// AppURL returns a map of app name to app base URL for all the configured
|
|
// server apps.
|
|
func (c *Config) AppURL() map[string]string {
|
|
appURL := make(map[string]string, len(c.apps))
|
|
for _, ap := range c.apps {
|
|
appURL[ap.ProgramName()] = ap.BackendURL()
|
|
}
|
|
return appURL
|
|
}
|
|
|
|
func mustCreate(path string) *os.File {
|
|
f, err := os.Create(path)
|
|
if err != nil {
|
|
log.Fatalf("Failed to create %s: %v", path, err)
|
|
}
|
|
return f
|
|
}
|
|
|
|
type multiCloser []io.Closer
|
|
|
|
func (s multiCloser) Close() (err error) {
|
|
for _, cl := range s {
|
|
if err1 := cl.Close(); err == nil && err1 != nil {
|
|
err = err1
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
// expvarHandler publishes expvar stats.
|
|
type expvarHandler struct{}
|
|
|
|
func (expvarHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|
w.Header().Set("Content-Type", "application/json; charset=utf-8")
|
|
fmt.Fprintf(w, "{\n")
|
|
first := true
|
|
expvar.Do(func(kv expvar.KeyValue) {
|
|
if !first {
|
|
fmt.Fprintf(w, ",\n")
|
|
}
|
|
first = false
|
|
fmt.Fprintf(w, "%q: %s", kv.Key, kv.Value)
|
|
})
|
|
fmt.Fprintf(w, "\n}\n")
|
|
}
|
|
|
|
type configHandler struct {
|
|
c *Config
|
|
}
|
|
|
|
var (
|
|
knownKeys = regexp.MustCompile(`(?ms)^\s+"_knownkeys": {.+?},?\n`)
|
|
sensitiveLine = regexp.MustCompile(`(?m)^\s+\"(auth|aws_secret_access_key|password|client_secret|application_key|passphrase)\": "[^\"]+".*\n`)
|
|
trailingComma = regexp.MustCompile(`,(\n\s*\})`)
|
|
)
|
|
|
|
func (h configHandler) ServeHTTP(w http.ResponseWriter, _ *http.Request) {
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
b, _ := json.MarshalIndent(h.c.jconf, "", " ")
|
|
b = knownKeys.ReplaceAll(b, nil)
|
|
b = trailingComma.ReplaceAll(b, []byte("$1"))
|
|
b = sensitiveLine.ReplaceAllFunc(b, func(ln []byte) []byte {
|
|
i := bytes.IndexByte(ln, ':')
|
|
r := string(ln[:i+1]) + ` "REDACTED"`
|
|
if bytes.HasSuffix(bytes.TrimSpace(ln), []byte{','}) {
|
|
r += ","
|
|
}
|
|
return []byte(r + "\n")
|
|
})
|
|
w.Write(b)
|
|
}
|
|
|
|
// profileHandler publishes server profile information.
|
|
type profileHandler struct{}
|
|
|
|
func (profileHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|
switch req.URL.Path {
|
|
case "/debug/pprof/cmdline":
|
|
pprof.Cmdline(rw, req)
|
|
case "/debug/pprof/profile":
|
|
pprof.Profile(rw, req)
|
|
case "/debug/pprof/symbol":
|
|
pprof.Symbol(rw, req)
|
|
default:
|
|
pprof.Index(rw, req)
|
|
}
|
|
}
|
|
|
|
func logsHandler(w http.ResponseWriter, r *http.Request) {
|
|
suffix := strings.TrimPrefix(r.URL.Path, "/debug/logs/")
|
|
switch suffix {
|
|
case "perkeepd":
|
|
projID, err := metadata.ProjectID()
|
|
if err != nil {
|
|
httputil.ServeError(w, r, fmt.Errorf("Error getting project ID: %v", err))
|
|
return
|
|
}
|
|
http.Redirect(w, r,
|
|
"https://console.developers.google.com/logs?project="+projID+"&service=custom.googleapis.com&logName=perkeepd-stderr",
|
|
http.StatusFound)
|
|
case "system":
|
|
c := &http.Client{
|
|
Transport: &http.Transport{
|
|
Dial: func(network, addr string) (net.Conn, error) {
|
|
return net.Dial("unix", "/run/camjournald.sock")
|
|
},
|
|
},
|
|
}
|
|
res, err := c.Get("http://journal/entries")
|
|
if err != nil {
|
|
http.Error(w, err.Error(), 500)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "text/plain; charset=utf-8")
|
|
io.Copy(w, res.Body)
|
|
default:
|
|
http.Error(w, "no such logs", 404)
|
|
}
|
|
}
|
|
|
|
// highLevelConfFields returns all the possible fields of a serverconfig.Config,
|
|
// in their JSON form. This allows checking that the parameters in the high-level
|
|
// server configuration file are at least valid names, which is useful to catch
|
|
// typos.
|
|
func highLevelConfFields() map[string]bool {
|
|
knownFields := make(map[string]bool)
|
|
var c serverconfig.Config
|
|
s := reflect.ValueOf(&c).Elem()
|
|
for i := 0; i < s.NumField(); i++ {
|
|
f := s.Type().Field(i)
|
|
jsonTag, ok := f.Tag.Lookup("json")
|
|
if !ok {
|
|
panic(fmt.Sprintf("%q field in serverconfig.Config does not have a json tag", f.Name))
|
|
}
|
|
jsonFields := strings.Split(strings.TrimSuffix(strings.TrimPrefix(jsonTag, `"`), `"`), ",")
|
|
jsonName := jsonFields[0]
|
|
if jsonName == "" {
|
|
panic(fmt.Sprintf("no json field name for %q field in serverconfig.Config", f.Name))
|
|
}
|
|
knownFields[jsonName] = true
|
|
}
|
|
return knownFields
|
|
}
|
|
|
|
// KeyRingAndId returns the GPG identity keyring path and the user's
|
|
// GPG keyID (TODO: length/case), if configured. TODO: which error
|
|
// value if not configured?
|
|
func (c *Config) KeyRingAndId() (keyRing, keyId string, err error) {
|
|
prefixes := c.jconf.RequiredObject("prefixes")
|
|
if len(prefixes) == 0 {
|
|
return "", "", fmt.Errorf("no prefixes object in config")
|
|
}
|
|
sighelper := prefixes.OptionalObject("/sighelper/")
|
|
if len(sighelper) == 0 {
|
|
return "", "", fmt.Errorf("no sighelper object in prefixes")
|
|
}
|
|
handlerArgs := sighelper.OptionalObject("handlerArgs")
|
|
if len(handlerArgs) == 0 {
|
|
return "", "", fmt.Errorf("no handlerArgs object in sighelper")
|
|
}
|
|
keyId = handlerArgs.OptionalString("keyId", "")
|
|
if keyId == "" {
|
|
return "", "", fmt.Errorf("no keyId in sighelper")
|
|
}
|
|
keyRing = handlerArgs.OptionalString("secretRing", "")
|
|
if keyRing == "" {
|
|
return "", "", fmt.Errorf("no secretRing in sighelper")
|
|
}
|
|
return keyRing, keyId, nil
|
|
}
|
|
|
|
// LowLevelJSONConfig returns the config's underlying low-level JSON form
|
|
// for debugging.
|
|
//
|
|
// Deprecated: this is provided for debugging only and will be going away
|
|
// as the move to TOML-based configuration progresses. Do not depend on this.
|
|
func (c *Config) LowLevelJSONConfig() map[string]interface{} {
|
|
// Make a shallow clone of c.jconf so we can mutate the
|
|
// handlerConfig key to make it explicitly true, without
|
|
// modifying anybody's else view of it.
|
|
ret := map[string]interface{}{}
|
|
for k, v := range c.jconf {
|
|
ret[k] = v
|
|
}
|
|
ret["handlerConfig"] = true
|
|
return ret
|
|
}
|