cascade/ipfs-cluster
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8c9899b8f5
ipfs-cluster/api/common/api.go

854 lines
22 KiB
Go
Raw Normal View History

API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// Package common implements all the things that an IPFS Cluster API component
// must do, except the actual routes that it handles.
//
// This is meant for re-use when implementing actual REST APIs by saving most
// of the efforts and automatically getting a lot of the setup and things like
// authentication handled.
//
// The API exposes the routes in two ways: the first is through a regular
// HTTP(s) listener. The second is by tunneling HTTP through a libp2p stream
// (thus getting an encrypted channel without the need to setup TLS). Both
// ways can be used at the same time, or disabled.
//
// This is used by rest and pinsvc packages.
package common
import (
"context"
"crypto/tls"
"encoding/json"
"errors"
"fmt"
"net"
"net/http"
"net/url"
"strings"
"sync"
tls has also been consolidated on go-libp2p (#1712) * Depedencies: tls security has also been consolidated on go-libp2p * build(deps): bump github.com/urfave/cli/v2 from 2.5.1 to 2.10.1 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.5.1 to 2.10.1. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.5.1...v2.10.1) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/multiformats/go-multicodec Bumps [github.com/multiformats/go-multicodec](https://github.com/multiformats/go-multicodec) from 0.4.1 to 0.5.0. - [Release notes](https://github.com/multiformats/go-multicodec/releases) - [Commits](https://github.com/multiformats/go-multicodec/compare/v0.4.1...v0.5.0) --- updated-dependencies: - dependency-name: github.com/multiformats/go-multicodec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.1 Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](https://github.com/hashicorp/go-hclog/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/urfave/cli/v2 from 2.10.1 to 2.10.2 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.10.1 to 2.10.2. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.10.1...v2.10.2) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-20 19:14:45 +00:00
jwt "github.com/golang-jwt/jwt/v4"
Migrate from ipfs/ipfs-cluster to ipfs-cluster/ipfs-cluster This performs the necessary renamings.
2022-06-15 09:19:17 +00:00
types "github.com/ipfs-cluster/ipfs-cluster/api"
state "github.com/ipfs-cluster/ipfs-cluster/state"
chore: upgrade to boxo
2023-03-27 19:49:08 +00:00
gopath "github.com/ipfs/boxo/path"
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
logging "github.com/ipfs/go-log/v2"
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
libp2p "github.com/libp2p/go-libp2p"
rpc "github.com/libp2p/go-libp2p-gorpc"
gostream "github.com/libp2p/go-libp2p-gostream"
p2phttp "github.com/libp2p/go-libp2p-http"
api: return errors on stream response requests with 0 items This fixes a bug in API code that made it return 204-No content when the RPC methods failed with an error before any items were returned on the channel.
2022-09-15 14:37:40 +00:00
host "github.com/libp2p/go-libp2p/core/host"
peer "github.com/libp2p/go-libp2p/core/peer"
Dependency upgrades (#1711) Updates to libp2p and go-cid. Cluster now conforms with go-ipfs 0.13.0 changes to block/put.
2022-06-20 16:23:50 +00:00
noise "github.com/libp2p/go-libp2p/p2p/security/noise"
tls has also been consolidated on go-libp2p (#1712) * Depedencies: tls security has also been consolidated on go-libp2p * build(deps): bump github.com/urfave/cli/v2 from 2.5.1 to 2.10.1 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.5.1 to 2.10.1. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.5.1...v2.10.1) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/multiformats/go-multicodec Bumps [github.com/multiformats/go-multicodec](https://github.com/multiformats/go-multicodec) from 0.4.1 to 0.5.0. - [Release notes](https://github.com/multiformats/go-multicodec/releases) - [Commits](https://github.com/multiformats/go-multicodec/compare/v0.4.1...v0.5.0) --- updated-dependencies: - dependency-name: github.com/multiformats/go-multicodec dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/hashicorp/go-hclog from 1.2.0 to 1.2.1 Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 1.2.0 to 1.2.1. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](https://github.com/hashicorp/go-hclog/compare/v1.2.0...v1.2.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/urfave/cli/v2 from 2.10.1 to 2.10.2 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.10.1 to 2.10.2. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.10.1...v2.10.2) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-20 19:14:45 +00:00
libp2ptls "github.com/libp2p/go-libp2p/p2p/security/tls"
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
manet "github.com/multiformats/go-multiaddr/net"
handlers "github.com/gorilla/handlers"
mux "github.com/gorilla/mux"
"github.com/rs/cors"
"go.opencensus.io/plugin/ochttp"
"go.opencensus.io/plugin/ochttp/propagation/tracecontext"
"go.opencensus.io/trace"
)
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
// StreamChannelSize is used to define buffer sizes for channels.
const StreamChannelSize = 1024
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// Common errors
var (
// ErrNoEndpointEnabled is returned when the API is created but
// no HTTPListenAddr, nor libp2p configuration fields, nor a libp2p
// Host are provided.
ErrNoEndpointsEnabled = errors.New("neither the libp2p nor the HTTP endpoints are enabled")
// ErrHTTPEndpointNotEnabled is returned when trying to perform
// operations that rely on the HTTPEndpoint but it is disabled.
ErrHTTPEndpointNotEnabled = errors.New("the HTTP endpoint is not enabled")
)
Adopt api.Cid type - replaces cid.Cid everwhere. This commit introduces an api.Cid type and replaces the usage of cid.Cid everywhere. The main motivation here is to override MarshalJSON so that Cids are JSON-ified as '"Qm...."' instead of '{ "/": "Qm....." }', as this "ipld" representation of IDs is horrible to work with, and our APIs are not issuing IPLD objects to start with. Unfortunately, there is no way to do this cleanly, and the best way is to just switch everything to our own type.
2022-04-07 11:53:30 +00:00
// SetStatusAutomatically can be passed to SendResponse(), so that it will
// figure out which http status to set by itself.
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
const SetStatusAutomatically = -1
// API implements an API and aims to provides
// a RESTful HTTP API for Cluster.
type API struct {
ctx context.Context
cancel func()
config *Config
rpcClient *rpc.Client
rpcReady chan struct{}
router *mux.Router
routes func(*rpc.Client) []Route
server *http.Server
host host.Host
httpListeners []net.Listener
libp2pListener net.Listener
shutdownLock sync.Mutex
shutdown bool
wg sync.WaitGroup
}
// Route defines a REST endpoint supported by this API.
type Route struct {
Name string
Method string
Pattern string
HandlerFunc http.HandlerFunc
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
type jwtToken struct {
Token string `json:"token"`
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
type logWriter struct {
logger *logging.ZapEventLogger
}
func (lw logWriter) Write(b []byte) (int, error) {
lw.logger.Info(string(b))
return len(b), nil
}
// NewAPI creates a new common API component with the given configuration.
func NewAPI(ctx context.Context, cfg *Config, routes func(*rpc.Client) []Route) (*API, error) {
return NewAPIWithHost(ctx, cfg, nil, routes)
}
// NewAPIWithHost creates a new common API component and enables
// the libp2p-http endpoint using the given Host, if not nil.
func NewAPIWithHost(ctx context.Context, cfg *Config, h host.Host, routes func(*rpc.Client) []Route) (*API, error) {
err := cfg.Validate()
if err != nil {
return nil, err
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
ctx, cancel := context.WithCancel(ctx)
api := &API{
ctx: ctx,
cancel: cancel,
config: cfg,
host: h,
routes: routes,
rpcReady: make(chan struct{}, 2),
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// Our handler is a gorilla router wrapped with:
// - a custom strictSlashHandler that uses 307 redirects (#1415)
// - the cors handler,
// - the basic auth handler.
//
API: OPTIONS requests should bypass authentication They need to be handled directly by the CORS handler. Fixes #1512
2021-12-22 12:25:23 +00:00
// Requests will need to have valid credentials first, except
// cors-preflight requests (OPTIONS). Then requests are handled by
// CORS and potentially need to comply with it. Then they may be
// redirected if the path ends with a "/". Finally they hit one of our
// routes and handlers.
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
router := mux.NewRouter()
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
handler := api.authHandler(
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
cors.New(*cfg.CorsOptions()).
Handler(
strictSlashHandler(router),
),
cfg.Logger,
)
if cfg.Tracing {
handler = &ochttp.Handler{
IsPublicEndpoint: true,
Propagation: &tracecontext.HTTPFormat{},
Handler: handler,
StartOptions: trace.StartOptions{SpanKind: trace.SpanKindServer},
FormatSpanName: func(req *http.Request) string { return req.Host + ":" + req.URL.Path + ":" + req.Method },
}
}
writer, err := cfg.LogWriter()
if err != nil {
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
cancel()
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
return nil, err
}
s := &http.Server{
ReadTimeout: cfg.ReadTimeout,
ReadHeaderTimeout: cfg.ReadHeaderTimeout,
WriteTimeout: cfg.WriteTimeout,
IdleTimeout: cfg.IdleTimeout,
Handler: handlers.LoggingHandler(writer, handler),
MaxHeaderBytes: cfg.MaxHeaderBytes,
}
// See: https://github.com/ipfs/go-ipfs/issues/5168
Migrate from ipfs/ipfs-cluster to ipfs-cluster/ipfs-cluster This performs the necessary renamings.
2022-06-15 09:19:17 +00:00
// See: https://github.com/ipfs-cluster/ipfs-cluster/issues/548
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// on why this is re-enabled.
s.SetKeepAlivesEnabled(true)
s.MaxHeaderBytes = cfg.MaxHeaderBytes
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
api.server = s
api.router = router
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// Set up api.httpListeners if enabled
err = api.setupHTTP()
if err != nil {
return nil, err
}
// Set up api.libp2pListeners if enabled
err = api.setupLibp2p()
if err != nil {
return nil, err
}
if len(api.httpListeners) == 0 && api.libp2pListener == nil {
return nil, ErrNoEndpointsEnabled
}
api.run(ctx)
return api, nil
}
func (api *API) setupHTTP() error {
if len(api.config.HTTPListenAddr) == 0 {
return nil
}
for _, listenMAddr := range api.config.HTTPListenAddr {
n, addr, err := manet.DialArgs(listenMAddr)
if err != nil {
return err
}
var l net.Listener
if api.config.TLS != nil {
l, err = tls.Listen(n, addr, api.config.TLS)
} else {
l, err = net.Listen(n, addr)
}
if err != nil {
return err
}
api.httpListeners = append(api.httpListeners, l)
}
return nil
}
func (api *API) setupLibp2p() error {
// Make new host. Override any provided existing one
// if we have config for a custom one.
if len(api.config.Libp2pListenAddr) > 0 {
// We use a new host context. We will call
// Close() on shutdown(). Avoids things like:
Migrate from ipfs/ipfs-cluster to ipfs-cluster/ipfs-cluster This performs the necessary renamings.
2022-06-15 09:19:17 +00:00
// https://github.com/ipfs-cluster/ipfs-cluster/issues/853
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
h, err := libp2p.New(
libp2p.Identity(api.config.PrivateKey),
libp2p.ListenAddrs(api.config.Libp2pListenAddr...),
libp2p.Security(noise.ID, noise.New),
libp2p.Security(libp2ptls.ID, libp2ptls.New),
)
if err != nil {
return err
}
api.host = h
}
if api.host == nil {
return nil
}
l, err := gostream.Listen(api.host, p2phttp.DefaultP2PProtocol)
if err != nil {
return err
}
api.libp2pListener = l
return nil
}
func (api *API) addRoutes() {
for _, route := range api.routes(api.rpcClient) {
api.router.
Methods(route.Method).
Path(route.Pattern).
Name(route.Name).
Handler(
ochttp.WithRouteTag(
http.HandlerFunc(route.HandlerFunc),
"/"+route.Name,
),
)
}
api.router.NotFoundHandler = ochttp.WithRouteTag(
http.HandlerFunc(api.notFoundHandler),
"/notfound",
)
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
// authHandler takes care of authentication either using basicAuth or JWT bearer tokens.
func (api *API) authHandler(h http.Handler, lggr *logging.ZapEventLogger) http.Handler {
api: Support a custom error function for custom error messages
2021-10-05 09:56:33 +00:00
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
credentials := api.config.BasicAuthCredentials
api: Support a custom error function for custom error messages
2021-10-05 09:56:33 +00:00
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
// If no credentials are set, we do nothing.
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
if credentials == nil {
return h
}
wrap := func(w http.ResponseWriter, r *http.Request) {
api.go: update comment on auth pass-through
2023-05-11 10:11:57 +00:00
// We let CORS preflight and Health requests pass through to
// the next handler.
api.go: only pass through GET requests to /health
2023-05-11 10:11:21 +00:00
if r.Method == http.MethodOptions || (r.Method == http.MethodGet && r.URL.Path == "/health") {
API: OPTIONS requests should bypass authentication They need to be handled directly by the CORS handler. Fixes #1512
2021-12-22 12:25:23 +00:00
h.ServeHTTP(w, r)
return
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
username, password, okBasic := r.BasicAuth()
tokenString, okToken := parseBearerToken(r.Header.Get("Authorization"))
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
switch {
case okBasic:
ok := verifyBasicAuth(credentials, username, password)
if !ok {
w.Header().Set("WWW-Authenticate", wwwAuthenticate("Basic", "Restricted IPFS Cluster API", "", ""))
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized: access denied"), nil)
return
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
case okToken:
_, err := verifyToken(credentials, tokenString)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
if err != nil {
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
lggr.Debug(err)
w.Header().Set("WWW-Authenticate", wwwAuthenticate("Bearer", "Restricted IPFS Cluster API", "invalid_token", ""))
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized: invalid token"), nil)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
return
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
default:
// No authentication provided, but needed
w.Header().Add("WWW-Authenticate", wwwAuthenticate("Bearer", "Restricted IPFS Cluster API", "", ""))
w.Header().Add("WWW-Authenticate", wwwAuthenticate("Basic", "Restricted IPFS Cluster API", "", ""))
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized: no auth provided"), nil)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
return
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
// If we are here, authentication worked.
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
h.ServeHTTP(w, r)
}
return http.HandlerFunc(wrap)
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
func parseBearerToken(authHeader string) (string, bool) {
const prefix = "Bearer "
if len(authHeader) < len(prefix) || !strings.EqualFold(authHeader[:len(prefix)], prefix) {
return "", false
}
return authHeader[len(prefix):], true
}
func wwwAuthenticate(auth, realm, error, description string) string {
str := auth + ` realm="` + realm + `"`
if len(error) > 0 {
str += `, error="` + error + `"`
}
if len(description) > 0 {
str += `, error_description="` + description + `"`
}
return str
}
func verifyBasicAuth(credentials map[string]string, username, password string) bool {
if username == "" || password == "" {
return false
}
for u, p := range credentials {
if u == username && p == password {
return true
}
}
return false
}
// verify that a Bearer JWT token is valid.
func verifyToken(credentials map[string]string, tokenString string) (*jwt.Token, error) {
// The token should be signed with the basic auth credential password
// of the issuer, and should have valid standard claims otherwise.
token, err := jwt.ParseWithClaims(tokenString, &jwt.RegisteredClaims{}, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("unexpected token signing method (not HMAC)")
}
if claims, ok := token.Claims.(*jwt.RegisteredClaims); ok {
key, ok := credentials[claims.Issuer]
if !ok {
return nil, errors.New("issuer not found")
}
return []byte(key), nil
}
return nil, errors.New("no issuer set")
})
if err != nil {
return nil, err
}
if !token.Valid {
return nil, errors.New("invalid token")
}
return token, nil
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// The Gorilla muxer StrictSlash option uses a 301 permanent redirect, which
// results in POST requests becoming GET requests in most clients. Thus we
// use our own middleware that performs a 307 redirect. See issue #1415 for
// more details.
func strictSlashHandler(h http.Handler) http.Handler {
wrap := func(w http.ResponseWriter, r *http.Request) {
path := r.URL.Path
if strings.HasSuffix(path, "/") {
u, _ := url.Parse(r.URL.String())
u.Path = u.Path[:len(u.Path)-1]
http.Redirect(w, r, u.String(), http.StatusTemporaryRedirect)
return
}
h.ServeHTTP(w, r)
}
return http.HandlerFunc(wrap)
}
func (api *API) run(ctx context.Context) {
api.wg.Add(len(api.httpListeners))
for _, l := range api.httpListeners {
go func(l net.Listener) {
defer api.wg.Done()
api.runHTTPServer(ctx, l)
}(l)
}
if api.libp2pListener != nil {
api.wg.Add(1)
go func() {
defer api.wg.Done()
api.runLibp2pServer(ctx)
}()
}
}
// runs in goroutine from run()
func (api *API) runHTTPServer(ctx context.Context, l net.Listener) {
select {
case <-api.rpcReady:
case <-api.ctx.Done():
return
}
maddr, err := manet.FromNetAddr(l.Addr())
if err != nil {
api.config.Logger.Error(err)
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
var authInfo string
if api.config.BasicAuthCredentials != nil {
authInfo = " - authenticated"
}
api.config.Logger.Infof(strings.ToUpper(api.config.ConfigKey)+" (HTTP"+authInfo+"): %s", maddr)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
err = api.server.Serve(l)
if err != nil && !strings.Contains(err.Error(), "closed network connection") {
api.config.Logger.Error(err)
}
}
// runs in goroutine from run()
func (api *API) runLibp2pServer(ctx context.Context) {
select {
case <-api.rpcReady:
case <-api.ctx.Done():
return
}
listenMsg := ""
for _, a := range api.host.Addrs() {
listenMsg += fmt.Sprintf(" %s/p2p/%s\n", a, api.host.ID().Pretty())
}
api.config.Logger.Infof(strings.ToUpper(api.config.ConfigKey)+" (libp2p-http): ENABLED. Listening on:\n%s\n", listenMsg)
err := api.server.Serve(api.libp2pListener)
if err != nil && !strings.Contains(err.Error(), "context canceled") {
api.config.Logger.Error(err)
}
}
// Shutdown stops any API listeners.
func (api *API) Shutdown(ctx context.Context) error {
_, span := trace.StartSpan(ctx, "api/Shutdown")
defer span.End()
api.shutdownLock.Lock()
defer api.shutdownLock.Unlock()
if api.shutdown {
api.config.Logger.Debug("already shutdown")
return nil
}
api.config.Logger.Info("stopping Cluster API")
api.cancel()
close(api.rpcReady)
// Cancel any outstanding ops
api.server.SetKeepAlivesEnabled(false)
for _, l := range api.httpListeners {
l.Close()
}
if api.libp2pListener != nil {
api.libp2pListener.Close()
}
api.wg.Wait()
// This means we created the host
if api.config.Libp2pListenAddr != nil {
api.host.Close()
}
api.shutdown = true
return nil
}
// SetClient makes the component ready to perform RPC
// requests.
func (api *API) SetClient(c *rpc.Client) {
api.rpcClient = c
api.addRoutes()
// One notification for http server and one for libp2p server.
api.rpcReady <- struct{}{}
api.rpcReady <- struct{}{}
}
func (api *API) notFoundHandler(w http.ResponseWriter, r *http.Request) {
api.SendResponse(w, http.StatusNotFound, errors.New("not found"), nil)
}
common api: automatically set NotFound errors
2021-10-07 10:44:55 +00:00
// Context returns the API context
func (api *API) Context() context.Context {
return api.ctx
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// ParsePinPathOrFail parses a pin path and returns it or makes the request
// fail.
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
func (api *API) ParsePinPathOrFail(w http.ResponseWriter, r *http.Request) types.PinPath {
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
vars := mux.Vars(r)
urlpath := "/" + vars["keyType"] + "/" + strings.TrimSuffix(vars["path"], "/")
path, err := gopath.ParsePath(urlpath)
if err != nil {
api.SendResponse(w, http.StatusBadRequest, errors.New("error parsing path: "+err.Error()), nil)
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
return types.PinPath{}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
}
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
pinPath := types.PinPath{Path: path.String()}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
err = pinPath.PinOptions.FromQuery(r.URL.Query())
if err != nil {
api.SendResponse(w, http.StatusBadRequest, err, nil)
}
return pinPath
}
Adopt api.Cid type - replaces cid.Cid everwhere. This commit introduces an api.Cid type and replaces the usage of cid.Cid everywhere. The main motivation here is to override MarshalJSON so that Cids are JSON-ified as '"Qm...."' instead of '{ "/": "Qm....." }', as this "ipld" representation of IDs is horrible to work with, and our APIs are not issuing IPLD objects to start with. Unfortunately, there is no way to do this cleanly, and the best way is to just switch everything to our own type.
2022-04-07 11:53:30 +00:00
// ParseCidOrFail parses a Cid and returns it or makes the request fail.
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
func (api *API) ParseCidOrFail(w http.ResponseWriter, r *http.Request) types.Pin {
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
vars := mux.Vars(r)
hash := vars["hash"]
Adopt api.Cid type - replaces cid.Cid everwhere. This commit introduces an api.Cid type and replaces the usage of cid.Cid everywhere. The main motivation here is to override MarshalJSON so that Cids are JSON-ified as '"Qm...."' instead of '{ "/": "Qm....." }', as this "ipld" representation of IDs is horrible to work with, and our APIs are not issuing IPLD objects to start with. Unfortunately, there is no way to do this cleanly, and the best way is to just switch everything to our own type.
2022-04-07 11:53:30 +00:00
c, err := types.DecodeCid(hash)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
if err != nil {
api.SendResponse(w, http.StatusBadRequest, errors.New("error decoding Cid: "+err.Error()), nil)
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
return types.Pin{}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
}
opts := types.PinOptions{}
err = opts.FromQuery(r.URL.Query())
if err != nil {
api.SendResponse(w, http.StatusBadRequest, err, nil)
}
pin := types.PinWithOpts(c, opts)
pin.MaxDepth = -1 // For now, all pins are recursive
return pin
}
// ParsePidOrFail parses a PID and returns it or makes the request fail.
func (api *API) ParsePidOrFail(w http.ResponseWriter, r *http.Request) peer.ID {
vars := mux.Vars(r)
idStr := vars["peer"]
pid, err := peer.Decode(idStr)
if err != nil {
api.SendResponse(w, http.StatusBadRequest, errors.New("error decoding Peer ID: "+err.Error()), nil)
return ""
}
return pid
}
API: Support JWT bearer token authorization The Pinning Services API standard mandates Bearer token authentication. This adds JWT bearer token authentication to the IPFS Cluster REST and PINSVC APIs. The basic_auth_credentials configuration option needs to be not null and have at least one username/passwords entry. A user authenticated via Basic Auth can then "POST /token" and obtain a json object: ```json { "token" : "<JWTtoken>" } ``` The JWT token has the "iss" (issuer) field set to the Basic auth user that authorized its creation and is HMAC-signed with its password. When basic-auth-credentials are set, the APIs will verify that requests come with either Basic Auth authorization header or with a Bearer token authorization header. Bearer tokens will be decoded and the signature will be verified against the password of the issuer. At the moment we provide no support to revoke tokens, set "expiration date", "not before" etc, but this may come in the future.
2022-06-17 12:25:19 +00:00
// GenerateTokenHandler is a handle to obtain a new JWT token
func (api *API) GenerateTokenHandler(w http.ResponseWriter, r *http.Request) {
if api.config.BasicAuthCredentials == nil {
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized"), nil)
return
}
var issuer string
// We do not verify as we assume it is already done!
user, _, okBasic := r.BasicAuth()
tokenString, okToken := parseBearerToken(r.Header.Get("Authorization"))
if okBasic {
issuer = user
} else if okToken {
token, err := verifyToken(api.config.BasicAuthCredentials, tokenString)
if err != nil { // I really hope not because it should be verified
api.config.Logger.Error("verify token failed in GetTokenHandler!")
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized"), nil)
return
}
if claims, ok := token.Claims.(*jwt.RegisteredClaims); ok {
issuer = claims.Issuer
} else {
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized"), nil)
return
}
} else { // no issuer
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized"), nil)
return
}
pass, okPass := api.config.BasicAuthCredentials[issuer]
if !okPass { // another place that should never be reached
api.SendResponse(w, http.StatusUnauthorized, errors.New("unauthorized"), nil)
return
}
ss, err := generateSignedTokenString(issuer, pass)
if err != nil {
api.SendResponse(w, SetStatusAutomatically, err, nil)
return
}
tokenObj := jwtToken{Token: ss}
api.SendResponse(w, SetStatusAutomatically, nil, tokenObj)
}
func generateSignedTokenString(issuer, pass string) (string, error) {
key := []byte(pass)
claims := jwt.RegisteredClaims{
Issuer: issuer,
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(key)
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// SendResponse wraps all the logic for writing the response to a request:
// * Write configured headers
// * Write application/json content type
// * Write status: determined automatically if given "SetStatusAutomatically"
// * Write an error if there is or write the response if there is
func (api *API) SendResponse(
w http.ResponseWriter,
status int,
err error,
resp interface{},
) {
api.SetHeaders(w)
enc := json.NewEncoder(w)
// Send an error
if err != nil {
common api: automatically set NotFound errors
2021-10-07 10:44:55 +00:00
if status == SetStatusAutomatically || status < 400 {
if err.Error() == state.ErrNotFound.Error() {
status = http.StatusNotFound
} else {
status = http.StatusInternalServerError
}
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
}
w.WriteHeader(status)
api: Support a custom error function for custom error messages
2021-10-05 09:56:33 +00:00
errorResp := api.config.APIErrorFunc(err, status)
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
api.config.Logger.Errorf("sending error response: %d: %s", status, err.Error())
if err := enc.Encode(errorResp); err != nil {
api.config.Logger.Error(err)
}
return
}
// Send a body
if resp != nil {
if status == SetStatusAutomatically {
status = http.StatusOK
}
w.WriteHeader(status)
if err = enc.Encode(resp); err != nil {
api.config.Logger.Error(err)
}
return
}
// Empty response
if status == SetStatusAutomatically {
status = http.StatusNoContent
}
w.WriteHeader(status)
}
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
// StreamIterator is a function that returns the next item. It is used in
// StreamResponse.
type StreamIterator func() (interface{}, bool, error)
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
// StreamResponse reads from an iterator and sends the response.
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
func (api *API) StreamResponse(w http.ResponseWriter, next StreamIterator, errCh chan error) {
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
api.SetHeaders(w)
enc := json.NewEncoder(w)
flusher, flush := w.(http.Flusher)
w.Header().Set("Trailer", "X-Stream-Error")
total := 0
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
var err error
var ok bool
var item interface{}
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
for {
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
item, ok, err = next()
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
if total == 0 {
if err != nil {
st := http.StatusInternalServerError
w.WriteHeader(st)
errorResp := api.config.APIErrorFunc(err, st)
api.config.Logger.Errorf("sending error response: %d: %s", st, err.Error())
if err := enc.Encode(errorResp); err != nil {
api.config.Logger.Error(err)
}
return
}
api: return errors on stream response requests with 0 items This fixes a bug in API code that made it return 204-No content when the RPC methods failed with an error before any items were returned on the channel.
2022-09-15 14:37:40 +00:00
if !ok {
// nothing in the channel, check for errors
for err = range errCh {
if err == nil {
continue
}
st := http.StatusInternalServerError
w.WriteHeader(st)
errorResp := api.config.APIErrorFunc(err, st)
if err := enc.Encode(errorResp); err != nil {
api.config.Logger.Error(err)
}
// This is correct, here we just process
// the first error in the channel.
return
}
// No errors at all, then NoContent.
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
w.WriteHeader(http.StatusNoContent)
return
}
api: return errors on stream response requests with 0 items This fixes a bug in API code that made it return 204-No content when the RPC methods failed with an error before any items were returned on the channel.
2022-09-15 14:37:40 +00:00
// There is at least one item and no error, start with
// a 200 response.
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
w.WriteHeader(http.StatusOK)
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
}
if err != nil {
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
break
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
}
// finish just fine
if !ok {
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
break
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
}
// we have an item
total++
err = enc.Encode(item)
if err != nil {
api.config.Logger.Error(err)
break
}
if flush {
flusher.Flush()
}
}
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
if err != nil {
w.Header().Set("X-Stream-Error", err.Error())
Always include the X-Stream-Error trailer (even without errors) This is to potentially address things like this: https://github.com/nodejs/undici/issues/432#issuecomment-1047931107
2022-04-04 10:09:54 +00:00
} else {
// Due to some Javascript-browser-land stuff, we set the header
// even when there is no error.
w.Header().Set("X-Stream-Error", "")
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
}
// check for function errors
for funcErr := range errCh {
if funcErr != nil {
w.Header().Add("X-Stream-Error", funcErr.Error())
}
}
Pinset streaming and method type revamp This commit introduces the new go-libp2p-gorpc streaming capabilities for Cluster. The main aim is to work towards heavily reducing memory usage when working with very large pinsets. As a side-effect, it takes the chance to revampt all types for all public methods so that pointers to static what should be static objects are not used anymore. This should heavily reduce heap allocations and GC activity. The main change is that state.List now returns a channel from which to read the pins, rather than pins being all loaded into a huge slice. Things reading pins have been all updated to iterate on the channel rather than on the slice. The full pinset is no longer fully loaded onto memory for things that run regularly like StateSync(). Additionally, the /allocations endpoint of the rest API no longer returns an array of pins, but rather streams json-encoded pin objects directly. This change has extended to the restapi client (which puts pins into a channel as they arrive) and to ipfs-cluster-ctl. There are still pending improvements like StatusAll() calls which should also stream responses, and specially BlockPut calls which should stream blocks directly into IPFS on a single call. These are coming up in future commits.
2022-03-19 01:52:46 +00:00
}
Pintracker: streaming methods This commit continues the work of taking advantage of the streaming capabilities in go-libp2p-gorpc by improving the ipfsconnector and pintracker components. StatusAll and RecoverAll methods are now streaming methods, with the REST API output changing accordingly to produce a stream of GlobalPinInfos rather than a json array. pin/ls request to the ipfs daemon now use ?stream=true and avoid having to load the full pinset map on memory. StatusAllLocal and RecoverAllLocal requests to the pin tracker stream all the way and no longer store the full pinset, and the full PinInfo status slice before sending it out. We have additionally switched to a pattern where streaming methods receive the channel as an argument, allowing the caller to decide on whether to launch a goroutine, do buffering etc.
2022-03-22 09:56:16 +00:00
// SetHeaders sets all the headers that are common to all responses
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
// from this API. Called automatically from SendResponse().
func (api *API) SetHeaders(w http.ResponseWriter) {
for header, values := range api.config.Headers {
for _, val := range values {
w.Header().Add(header, val)
}
}
w.Header().Add("Content-Type", "application/json")
}
// These functions below are mostly used in tests.
// HTTPAddresses returns the HTTP(s) listening address
// in host:port format. Useful when configured to start
// on a random port (0). Returns error when the HTTP endpoint
// is not enabled.
func (api *API) HTTPAddresses() ([]string, error) {
if len(api.httpListeners) == 0 {
return nil, ErrHTTPEndpointNotEnabled
}
var addrs []string
for _, l := range api.httpListeners {
addrs = append(addrs, l.Addr().String())
}
return addrs, nil
}
// Host returns the libp2p Host used by the API, if any.
// The result is either the host provided during initialization,
// a default Host created with options from the configuration object,
// or nil.
func (api *API) Host() host.Host {
return api.host
}
// Headers returns the configured Headers.
// Useful for testing.
func (api *API) Headers() map[string][]string {
return api.config.Headers
}
Adopt api.Cid type - replaces cid.Cid everwhere. This commit introduces an api.Cid type and replaces the usage of cid.Cid everywhere. The main motivation here is to override MarshalJSON so that Cids are JSON-ified as '"Qm...."' instead of '{ "/": "Qm....." }', as this "ipld" representation of IDs is horrible to work with, and our APIs are not issuing IPLD objects to start with. Unfortunately, there is no way to do this cleanly, and the best way is to just switch everything to our own type.
2022-04-07 11:53:30 +00:00
// SetKeepAlivesEnabled controls the HTTP server Keep Alive settings. Useful
// for testing.
API: Refactor REST API. Extract all functionality. This is a preparatory PR to add additional APIs (Pinning Service API) easily to cluster. Instead of copy-pasting most of what the REST API does, I have refactored so that the whole configuration, routing and request-handling utilities can be re-used. The worst part has been to divide the test between tests that test core (common.API) functionality and tests that test specific REST API endpoint functionality. I could not get away without an additional common/test package to provide functions that are used from both places. This is a side effect of testing both http and libp2p endpoints for every request etc.
2021-09-15 17:53:09 +00:00
func (api *API) SetKeepAlivesEnabled(b bool) {
api.server.SetKeepAlivesEnabled(b)
}
feat: add health endpoint
2023-04-20 11:18:38 +00:00
Avoid using rand.Seed as it is deprecated
2023-08-10 16:33:30 +00:00
func (api *API) HealthHandler(w http.ResponseWriter, r *http.Request) {
api.SendResponse(w, http.StatusNoContent, nil, nil)
Add end of line to api.go
2023-05-11 10:10:50 +00:00
}
Reference in New Issue Copy Permalink