Roman Loginov
8efcc957ea
All checks were successful
/ DCO (pull_request) Successful in 1m35s
/ Builds (1.19) (pull_request) Successful in 2m14s
/ Builds (1.20) (pull_request) Successful in 2m9s
/ Vulncheck (pull_request) Successful in 5m39s
/ Lint (pull_request) Successful in 2m49s
/ Tests (1.19) (pull_request) Successful in 7m34s
/ Tests (1.20) (pull_request) Successful in 1m44s
Signed-off-by: Roman Loginov <r.loginov@yadro.com>
295 lines
7.9 KiB
Go
295 lines
7.9 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"regexp"
|
|
"strings"
|
|
"sync"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/internal/logs"
|
|
"github.com/go-chi/chi/v5"
|
|
"github.com/google/uuid"
|
|
"go.uber.org/zap"
|
|
"google.golang.org/grpc/metadata"
|
|
)
|
|
|
|
type (
|
|
// KeyVal -- appended to ReqInfo.Tags.
|
|
KeyVal struct {
|
|
Key string
|
|
Val string
|
|
}
|
|
|
|
// ReqInfo stores the request info.
|
|
ReqInfo struct {
|
|
sync.RWMutex
|
|
RemoteHost string // Client Host/IP
|
|
Host string // Node Host/IP
|
|
UserAgent string // User Agent
|
|
DeploymentID string // random generated s3-deployment-id
|
|
RequestID string // x-amz-request-id
|
|
API string // API name -- GetObject PutObject NewMultipartUpload etc.
|
|
BucketName string // Bucket name
|
|
ObjectName string // Object name
|
|
URL *url.URL // Request url
|
|
tags []KeyVal // Any additional info not accommodated by above fields
|
|
}
|
|
|
|
// ObjectRequest represents object request data.
|
|
ObjectRequest struct {
|
|
Bucket string
|
|
Object string
|
|
Method string
|
|
}
|
|
|
|
// Key used for custom key/value in context.
|
|
contextKeyType string
|
|
)
|
|
|
|
const (
|
|
ctxRequestInfo = contextKeyType("FrostFS-S3-GW")
|
|
ctxRequestLogger = contextKeyType("FrostFS-S3-GW-Logger")
|
|
)
|
|
|
|
const HdrAmzRequestID = "x-amz-request-id"
|
|
|
|
const (
|
|
BucketURLPrm = "bucket"
|
|
)
|
|
|
|
var deploymentID = uuid.Must(uuid.NewRandom())
|
|
|
|
var (
|
|
// De-facto standard header keys.
|
|
xForwardedFor = http.CanonicalHeaderKey("X-Forwarded-For")
|
|
xRealIP = http.CanonicalHeaderKey("X-Real-IP")
|
|
|
|
// RFC7239 defines a new "Forwarded: " header designed to replace the
|
|
// existing use of X-Forwarded-* headers.
|
|
// e.g. Forwarded: for=192.0.2.60;proto=https;by=203.0.113.43.
|
|
forwarded = http.CanonicalHeaderKey("Forwarded")
|
|
// Allows for a sub-match of the first value after 'for=' to the next
|
|
// comma, semi-colon or space. The match is case-insensitive.
|
|
forRegex = regexp.MustCompile(`(?i)(?:for=)([^(;|, )]+)(.*)`)
|
|
)
|
|
|
|
// NewReqInfo returns new ReqInfo based on parameters.
|
|
func NewReqInfo(w http.ResponseWriter, r *http.Request, req ObjectRequest) *ReqInfo {
|
|
return &ReqInfo{
|
|
API: req.Method,
|
|
BucketName: req.Bucket,
|
|
ObjectName: req.Object,
|
|
UserAgent: r.UserAgent(),
|
|
RemoteHost: getSourceIP(r),
|
|
RequestID: GetRequestID(w),
|
|
DeploymentID: deploymentID.String(),
|
|
URL: r.URL,
|
|
}
|
|
}
|
|
|
|
// AppendTags -- appends key/val to ReqInfo.tags.
|
|
func (r *ReqInfo) AppendTags(key string, val string) *ReqInfo {
|
|
if r == nil {
|
|
return nil
|
|
}
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
r.tags = append(r.tags, KeyVal{key, val})
|
|
return r
|
|
}
|
|
|
|
// SetTags -- sets key/val to ReqInfo.tags.
|
|
func (r *ReqInfo) SetTags(key string, val string) *ReqInfo {
|
|
if r == nil {
|
|
return nil
|
|
}
|
|
r.Lock()
|
|
defer r.Unlock()
|
|
// Search for a tag key already existing in tags
|
|
var updated bool
|
|
for _, tag := range r.tags {
|
|
if tag.Key == key {
|
|
tag.Val = val
|
|
updated = true
|
|
break
|
|
}
|
|
}
|
|
if !updated {
|
|
// Append to the end of tags list
|
|
r.tags = append(r.tags, KeyVal{key, val})
|
|
}
|
|
return r
|
|
}
|
|
|
|
// GetTags -- returns the user defined tags.
|
|
func (r *ReqInfo) GetTags() []KeyVal {
|
|
if r == nil {
|
|
return nil
|
|
}
|
|
r.RLock()
|
|
defer r.RUnlock()
|
|
return append([]KeyVal(nil), r.tags...)
|
|
}
|
|
|
|
// GetRequestID returns the request ID from the response writer or the context.
|
|
func GetRequestID(v interface{}) string {
|
|
switch t := v.(type) {
|
|
case context.Context:
|
|
return GetReqInfo(t).RequestID
|
|
case http.ResponseWriter:
|
|
return t.Header().Get(HdrAmzRequestID)
|
|
default:
|
|
panic("unknown type")
|
|
}
|
|
}
|
|
|
|
// SetReqInfo sets ReqInfo in the context.
|
|
func SetReqInfo(ctx context.Context, req *ReqInfo) context.Context {
|
|
if ctx == nil {
|
|
return nil
|
|
}
|
|
return context.WithValue(ctx, ctxRequestInfo, req)
|
|
}
|
|
|
|
// GetReqInfo returns ReqInfo if set.
|
|
// If ReqInfo isn't set returns new empty ReqInfo.
|
|
func GetReqInfo(ctx context.Context) *ReqInfo {
|
|
if ctx == nil {
|
|
return &ReqInfo{}
|
|
} else if r, ok := ctx.Value(ctxRequestInfo).(*ReqInfo); ok {
|
|
return r
|
|
}
|
|
return &ReqInfo{}
|
|
}
|
|
|
|
// SetReqLogger sets child zap.Logger in the context.
|
|
func SetReqLogger(ctx context.Context, log *zap.Logger) context.Context {
|
|
if ctx == nil {
|
|
return nil
|
|
}
|
|
return context.WithValue(ctx, ctxRequestLogger, log)
|
|
}
|
|
|
|
// GetReqLog returns log if set.
|
|
// If zap.Logger isn't set returns nil.
|
|
func GetReqLog(ctx context.Context) *zap.Logger {
|
|
if ctx == nil {
|
|
return nil
|
|
} else if r, ok := ctx.Value(ctxRequestLogger).(*zap.Logger); ok {
|
|
return r
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func Request(log *zap.Logger) Func {
|
|
return func(h http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
// generate random UUIDv4
|
|
id, _ := uuid.NewRandom()
|
|
|
|
// set request id into response header
|
|
// also we have to set request id here
|
|
// to be able to get it in NewReqInfo
|
|
w.Header().Set(HdrAmzRequestID, id.String())
|
|
|
|
// set request info into context
|
|
// bucket name and object will be set in reqInfo later (limitation of go-chi)
|
|
reqInfo := NewReqInfo(w, r, ObjectRequest{})
|
|
r = r.WithContext(SetReqInfo(r.Context(), reqInfo))
|
|
|
|
// set request id into gRPC meta header
|
|
r = r.WithContext(metadata.AppendToOutgoingContext(
|
|
r.Context(), HdrAmzRequestID, reqInfo.RequestID,
|
|
))
|
|
|
|
reqLogger := log.With(zap.String("request_id", reqInfo.RequestID))
|
|
r = r.WithContext(SetReqLogger(r.Context(), reqLogger))
|
|
|
|
reqLogger.Info(logs.RequestStart, zap.String("host", r.Host),
|
|
zap.String("remote_host", reqInfo.RemoteHost))
|
|
|
|
// continue execution
|
|
h.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|
|
|
|
// AddBucketName adds bucket name to ReqInfo from context.
|
|
func AddBucketName(l *zap.Logger) Func {
|
|
return func(h http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
|
|
reqInfo := GetReqInfo(ctx)
|
|
reqInfo.BucketName = chi.URLParam(r, BucketURLPrm)
|
|
|
|
reqLogger := reqLogOrDefault(ctx, l)
|
|
r = r.WithContext(SetReqLogger(ctx, reqLogger.With(zap.String("bucket", reqInfo.BucketName))))
|
|
|
|
h.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|
|
|
|
// AddObjectName adds objects name to ReqInfo from context.
|
|
func AddObjectName(l *zap.Logger) Func {
|
|
return func(h http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
ctx := r.Context()
|
|
reqInfo := GetReqInfo(ctx)
|
|
|
|
rctx := chi.RouteContext(ctx)
|
|
// trim leading slash (always present)
|
|
reqInfo.ObjectName = rctx.RoutePath[1:]
|
|
|
|
reqLogger := reqLogOrDefault(ctx, l)
|
|
r = r.WithContext(SetReqLogger(ctx, reqLogger.With(zap.String("object", reqInfo.ObjectName))))
|
|
|
|
h.ServeHTTP(w, r)
|
|
})
|
|
}
|
|
}
|
|
|
|
// getSourceIP retrieves the IP from the X-Forwarded-For, X-Real-IP and RFC7239
|
|
// Forwarded headers (in that order), falls back to r.RemoteAddr when everything
|
|
// else fails.
|
|
func getSourceIP(r *http.Request) string {
|
|
var addr string
|
|
|
|
if fwd := r.Header.Get(xForwardedFor); fwd != "" {
|
|
// Only grabs the first (client) address. Note that '192.168.0.1,
|
|
// 10.1.1.1' is a valid key for X-Forwarded-For where addresses after
|
|
// the first one may represent forwarding proxies earlier in the chain.
|
|
s := strings.Index(fwd, ", ")
|
|
if s == -1 {
|
|
s = len(fwd)
|
|
}
|
|
addr = fwd[:s]
|
|
} else if fwd := r.Header.Get(xRealIP); fwd != "" {
|
|
// X-Real-IP should only contain one IP address (the client making the
|
|
// request).
|
|
addr = fwd
|
|
} else if fwd := r.Header.Get(forwarded); fwd != "" {
|
|
// match should contain at least two elements if the protocol was
|
|
// specified in the Forwarded header. The first element will always be
|
|
// the 'for=' capture, which we ignore. In the case of multiple IP
|
|
// addresses (for=8.8.8.8, 8.8.4.4, 172.16.1.20 is valid) we only
|
|
// extract the first, which should be the client IP.
|
|
if match := forRegex.FindStringSubmatch(fwd); len(match) > 1 {
|
|
// IPv6 addresses in Forwarded headers are quoted-strings. We strip
|
|
// these quotes.
|
|
addr = strings.Trim(match[1], `"`)
|
|
}
|
|
}
|
|
|
|
if addr != "" {
|
|
return addr
|
|
}
|
|
|
|
// Default to remote address if headers not set.
|
|
addr, _, _ = net.SplitHostPort(r.RemoteAddr)
|
|
return addr
|
|
}
|