// HTTPTransport creates an ingress bridge from the outside world to the passed
// server, by installing handlers for all the necessary RPCs to the passed mux.
func HTTPTransport(mux *http.ServeMux, s *Server) {
mux.HandleFunc(IDPath, idHandler(s))
mux.HandleFunc(AppendEntriesPath, appendEntriesHandler(s))
mux.HandleFunc(RequestVotePath, requestVoteHandler(s))
mux.HandleFunc(CommandPath, commandHandler(s))
mux.HandleFunc(SetConfigurationPath, setConfigurationHandler(s))
}
func handleItems(mux *http.ServeMux) {
mux.HandleFunc("/api/v2/items", func(w http.ResponseWriter, r *http.Request) {
switch r.Method {
case "POST":
defer r.Body.Close()
b, err := ioutil.ReadAll(r.Body)
if err != nil {
testutil.ResponseError(w, 500, err)
return
}
if len(b) == 0 {
testutil.ResponseAPIError(w, 500, api.ResponseError{
Type: "fatal",
Message: "empty body",
})
return
}
type Options struct {
Tweet *bool `json:"tweet"`
Gist *bool `json:"gist"`
}
var options Options
err = json.Unmarshal(b, &options)
if err != nil {
testutil.ResponseError(w, 500, err)
return
}
if options.Tweet == nil || options.Gist == nil {
testutil.ResponseError(w, 500, errors.New("tweet or gist is required"))
return
}
var post model.Post
err = json.Unmarshal(b, &post)
if err != nil {
testutil.ResponseError(w, 500, err)
return
}
post.ID = "4bd431809afb1bb99e4f"
post.URL = "https://qiita.com/yaotti/items/4bd431809afb1bb99e4f"
post.CreatedAt = model.Time{Time: time.Date(2016, 2, 1, 12, 51, 42, 0, time.UTC)}
post.UpdatedAt = post.CreatedAt
b, err = json.Marshal(post)
if err != nil {
testutil.ResponseError(w, 500, err)
return
}
_, err = w.Write(b)
if err != nil {
testutil.ResponseError(w, 500, err)
return
}
default:
w.WriteHeader(405)
}
})
}
func (s *Service) RegesterHandlers(mux *http.ServeMux) error {
mux.HandleFunc("/file/", func(w http.ResponseWriter, req *http.Request) {
s.file(w, req)
})
mux.HandleFunc("/get/", func(w http.ResponseWriter, req *http.Request) {
// o, _ := httputil.DumpRequest(req, false)
// log.Println(string(o))
if !s.auth.Auth(w, req) {
log.Println("401 Unauthorized")
return
}
s.get(w, req)
})
mux.HandleFunc("/upload/", func(w http.ResponseWriter, req *http.Request) {
s.upload(w, req)
})
mux.HandleFunc("/put-auth", func(w http.ResponseWriter, req *http.Request) {
if !s.auth.Auth(w, req) {
log.Println("401 Unauthorized")
return
}
s.putAuth(w, req)
})
mux.HandleFunc("/delete/", func(w http.ResponseWriter, req *http.Request) {
if !s.auth.Auth(w, req) {
log.Println("401 Unauthorized")
return
}
s.delete(w, req)
})
return nil
}
func InitHTTPFlv(mux *http.ServeMux, app string, sources *source.SourceManage, cb callback.FlvCallback) {
prefix := path.Join("/", app) + "/"
mux.HandleFunc(prefix, func(w http.ResponseWriter, r *http.Request) {
glog.Infof("http: get an request: %v", r.RequestURI)
if r.Method != "GET" {
return
}
r.ParseForm()
// access check.
if !cb.FlvAccessCheck(r.RemoteAddr, r.RequestURI, r.URL.Path, r.Form, r.Cookies()) {
w.WriteHeader(http.StatusForbidden)
return
}
// get path.
_, file := path.Split(r.URL.Path)
var key string
key = file[:strings.Index(file, ".flv")]
// get live source.
consumer, err := source.NewConsumer(sources, key)
if err != nil {
glog.Info("can not get source", err)
return
}
glog.Info("get source")
defer consumer.Close()
// set flv live stream http head.
// TODO: let browser not cache sources.
w.Header().Add("Content-Type", "video/x-flv")
if err := consumer.Live(w); err != nil {
glog.Info("Live get an client error:", err)
}
})
}
// newMethodRouter takes the server mux that will dispatch to this router based on the matched path.
func newMethodRouter(mux *http.ServeMux, path string) *methodRouter {
mr := &methodRouter{
handlers: map[string]http.Handler{},
}
mux.Handle(path, mr)
return mr
}
func handleAuth(mux *http.ServeMux, sh *authHandler) {
mux.HandleFunc(authPrefix+"/roles", capabilityHandler(authCapability, sh.baseRoles))
mux.HandleFunc(authPrefix+"/roles/", capabilityHandler(authCapability, sh.handleRoles))
mux.HandleFunc(authPrefix+"/users", capabilityHandler(authCapability, sh.baseUsers))
mux.HandleFunc(authPrefix+"/users/", capabilityHandler(authCapability, sh.handleUsers))
mux.HandleFunc(authPrefix+"/enable", capabilityHandler(authCapability, sh.enableDisable))
}
func handleSecurity(mux *http.ServeMux, sh *securityHandler) {
mux.HandleFunc(securityPrefix+"/roles", sh.baseRoles)
mux.HandleFunc(securityPrefix+"/roles/", sh.handleRoles)
mux.HandleFunc(securityPrefix+"/users", sh.baseUsers)
mux.HandleFunc(securityPrefix+"/users/", sh.handleUsers)
mux.HandleFunc(securityPrefix+"/enable", sh.enableDisable)
}
func setMux(t *testing.T, mux *http.ServeMux, path string, thing interface{}) {
mux.HandleFunc(path, func(w http.ResponseWriter, r *http.Request) {
var data []byte
var err error
switch thing := thing.(type) {
default:
t.Errorf("Unexpected object type in SetMux: %v", thing)
case *github.Issue:
data, err = json.Marshal(thing)
case *github.PullRequest:
data, err = json.Marshal(thing)
case []github.IssueEvent:
data, err = json.Marshal(thing)
case []github.RepositoryCommit:
data, err = json.Marshal(thing)
case github.RepositoryCommit:
data, err = json.Marshal(thing)
case *github.CombinedStatus:
data, err = json.Marshal(thing)
case []github.User:
data, err = json.Marshal(thing)
}
if err != nil {
t.Errorf("%v", err)
}
if r.Method != "GET" {
t.Errorf("Unexpected method: expected: GET got: %s", r.Method)
}
w.WriteHeader(http.StatusOK)
w.Write(data)
})
}
func staticDirHandler(mux *http.ServeMux, prefix string, staticDir string) {
mux.HandleFunc(prefix, func(w http.ResponseWriter, r *http.Request) {
file := staticDir + r.URL.Path[len(prefix)-1:]
fmt.Println(file)
http.ServeFile(w, r, file)
})
}
func setupPlugin(t *testing.T, name string, mux *http.ServeMux) func() {
if err := os.MkdirAll("/etc/docker/plugins", 0755); err != nil {
t.Fatal(err)
}
server := httptest.NewServer(mux)
if server == nil {
t.Fatal("Failed to start an HTTP Server")
}
if err := ioutil.WriteFile(fmt.Sprintf("/etc/docker/plugins/%s.spec", name), []byte(server.URL), 0644); err != nil {
t.Fatal(err)
}
mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) {
w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1+json")
fmt.Fprintf(w, `{"Implements": ["%s"]}`, driverapi.NetworkPluginEndpointType)
})
return func() {
if err := os.RemoveAll("/etc/docker/plugins"); err != nil {
t.Fatal(err)
}
server.Close()
}
}
func startSecureServing(opt *options.HeapsterRunOptions, handler http.Handler, promHandler http.Handler,
mux *http.ServeMux, address string) {
if len(opt.TLSClientCAFile) > 0 {
authPprofHandler, err := newAuthHandler(opt, handler)
if err != nil {
glog.Fatalf("Failed to create authorized pprof handler: %v", err)
}
handler = authPprofHandler
authPromHandler, err := newAuthHandler(opt, promHandler)
if err != nil {
glog.Fatalf("Failed to create authorized prometheus handler: %v", err)
}
promHandler = authPromHandler
}
mux.Handle("/", handler)
mux.Handle("/metrics", promHandler)
// If allowed users is set, then we need to enable Client Authentication
if len(opt.AllowedUsers) > 0 {
server := &http.Server{
Addr: address,
Handler: mux,
TLSConfig: &tls.Config{ClientAuth: tls.RequestClientCert},
}
glog.Fatal(server.ListenAndServeTLS(opt.TLSCertFile, opt.TLSKeyFile))
} else {
glog.Fatal(http.ListenAndServeTLS(address, opt.TLSCertFile, opt.TLSKeyFile, mux))
}
}
//TODO(jdef) we use a Locker to guard against concurrent task state changes, but it would be
//really, really nice to avoid doing this. Maybe someday the registry won't return data ptrs
//but plain structs instead.
func InstallDebugHandlers(reg Registry, mux *http.ServeMux) {
mux.HandleFunc("/debug/registry/tasks", func(w http.ResponseWriter, r *http.Request) {
//TODO(jdef) support filtering tasks based on status
alltasks := reg.List(nil)
io.WriteString(w, fmt.Sprintf("task_count=%d\n", len(alltasks)))
for _, task := range alltasks {
if err := func() (err error) {
podName := task.Pod.Name
podNamespace := task.Pod.Namespace
offerId := ""
if task.Offer != nil {
offerId = task.Offer.Id()
}
_, err = io.WriteString(w, fmt.Sprintf("%v\t%v/%v\t%v\t%v\n", task.ID, podNamespace, podName, task.State, offerId))
return
}(); err != nil {
log.Warningf("aborting debug handler: %v", err)
break // stop listing on I/O errors
}
}
if flusher, ok := w.(http.Flusher); ok {
flusher.Flush()
}
})
}
func HandleFuncLoginOptional(
mux *http.ServeMux, path string, s *Sessions, f HandlerFuncWithUser) {
wrapped := func(w http.ResponseWriter, r *http.Request) {
f(w, r, s.GetUser(r))
}
mux.HandleFunc(path, wrapped)
}
// HandleFunc registers a handler at the given path. It's
// http.HandleFunc(), but with a wrapper around the handler that
// provides some generic per-request functionality:
//
// * Set a Replay-Nonce header.
//
// * Respond to OPTIONS requests, including CORS preflight requests.
//
// * Set a no cache header
//
// * Respond http.StatusMethodNotAllowed for HTTP methods other than
// those listed.
//
// * Set CORS headers when responding to CORS "actual" requests.
//
// * Never send a body in response to a HEAD request. Anything
// written by the handler will be discarded if the method is HEAD.
// Also, all handlers that accept GET automatically accept HEAD.
func (wfe *WebFrontEndImpl) HandleFunc(mux *http.ServeMux, pattern string, h wfeHandlerFunc, methods ...string) {
methodsMap := make(map[string]bool)
for _, m := range methods {
methodsMap[m] = true
}
if methodsMap["GET"] && !methodsMap["HEAD"] {
// Allow HEAD for any resource that allows GET
methods = append(methods, "HEAD")
methodsMap["HEAD"] = true
}
methodsStr := strings.Join(methods, ", ")
handler := http.StripPrefix(pattern, &topHandler{
log: wfe.log,
clk: clock.Default(),
wfe: wfeHandlerFunc(func(ctx context.Context, logEvent *requestEvent, response http.ResponseWriter, request *http.Request) {
// We do not propagate errors here, because (1) they should be
// transient, and (2) they fail closed.
nonce, err := wfe.nonceService.Nonce()
if err == nil {
response.Header().Set("Replay-Nonce", nonce)
logEvent.ResponseNonce = nonce
} else {
logEvent.AddError("unable to make nonce: %s", err)
}
switch request.Method {
case "HEAD":
// Go's net/http (and httptest) servers will strip out the body
// of responses for us. This keeps the Content-Length for HEAD
// requests as the same as GET requests per the spec.
case "OPTIONS":
wfe.Options(response, request, methodsStr, methodsMap)
return
}
// No cache header is set for all requests, succeed or fail.
addNoCacheHeader(response)
if !methodsMap[request.Method] {
response.Header().Set("Allow", methodsStr)
wfe.sendError(response, logEvent, probs.MethodNotAllowed(), nil)
return
}
wfe.setCORSHeaders(response, request, "")
timeout := wfe.RequestTimeout
if timeout == 0 {
timeout = 5 * time.Minute
}
ctx, cancel := context.WithTimeout(ctx, timeout)
// TODO(riking): add request context using WithValue
// Call the wrapped handler.
h(ctx, logEvent, response, request)
cancel()
}),
})
mux.Handle(pattern, handler)
}
func Handler(mux *http.ServeMux) {
mux.HandleFunc("/debug", debug)
mux.HandleFunc("/archive", archiveHandler)
mux.HandleFunc("/delete", deleteHandler)
mux.HandleFunc("/star", starHandler)
mux.HandleFunc("/", serve)
}
func RedirectHandler(mux *http.ServeMux) {
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
req.URL.Host = req.Host
req.URL.Scheme = "https"
http.Redirect(w, req, req.URL.String(), 301)
})
}
// Create the individual API (app) specs based on live configurations and assign middleware
func loadApps(APISpecs []APISpec, Muxer *http.ServeMux) {
// load the APi defs
log.Info("Loading API configurations.")
for _, spec := range APISpecs {
// Create a new handler for each API spec
remote, err := url.Parse(spec.APIDefinition.Proxy.TargetURL)
if err != nil {
log.Error("Culdn't parse target URL")
log.Error(err)
}
if spec.UseOauth2 {
addOAuthHandlers(spec, Muxer, false)
}
proxy := TykNewSingleHostReverseProxy(remote)
spec.target = remote
proxyHandler := http.HandlerFunc(ProxyHandler(proxy, spec))
tykMiddleware := TykMiddleware{spec, proxy}
if spec.APIDefinition.UseKeylessAccess {
// for KeyLessAccess we can't support rate limiting, versioning or access rules
chain := alice.New().Then(proxyHandler)
Muxer.Handle(spec.Proxy.ListenPath, chain)
} else {
// Select the keying method to use for setting session states
var keyCheck func(http.Handler) http.Handler
if spec.APIDefinition.UseOauth2 {
// Oauth2
keyCheck = CreateMiddleware(&Oauth2KeyExists{tykMiddleware}, tykMiddleware)
} else if spec.APIDefinition.UseBasicAuth {
// Basic Auth
keyCheck = CreateMiddleware(&BasicAuthKeyIsValid{tykMiddleware}, tykMiddleware)
} else if spec.EnableSignatureChecking {
// HMAC Auth
keyCheck = CreateMiddleware(&HMACMiddleware{tykMiddleware}, tykMiddleware)
} else {
// Auth key
keyCheck = CreateMiddleware(&AuthKey{tykMiddleware}, tykMiddleware)
}
// Use CreateMiddleware(&ModifiedMiddleware{tykMiddleware}, tykMiddleware) to run custom middleware
chain := alice.New(
keyCheck,
CreateMiddleware(&KeyExpired{tykMiddleware}, tykMiddleware),
CreateMiddleware(&VersionCheck{tykMiddleware}, tykMiddleware),
CreateMiddleware(&AccessRightsCheck{tykMiddleware}, tykMiddleware),
CreateMiddleware(&RateLimitAndQuotaCheck{tykMiddleware}, tykMiddleware)).Then(proxyHandler)
Muxer.Handle(spec.Proxy.ListenPath, chain)
}
}
}
func TestHandleFunc(t *testing.T) {
wfe := setupWFE(t)
var mux *http.ServeMux
var rw *httptest.ResponseRecorder
var stubCalled bool
runWrappedHandler := func(req *http.Request, allowed ...string) {
mux = http.NewServeMux()
rw = httptest.NewRecorder()
stubCalled = false
wfe.HandleFunc(mux, "/test", func(http.ResponseWriter, *http.Request) {
stubCalled = true
}, allowed...)
req.URL = mustParseURL("/test")
mux.ServeHTTP(rw, req)
}
// Plain requests (no CORS)
type testCase struct {
allowed []string
reqMethod string
shouldSucceed bool
}
var lastNonce string
for _, c := range []testCase{
{[]string{"GET", "POST"}, "GET", true},
{[]string{"GET", "POST"}, "POST", true},
{[]string{"GET"}, "", false},
{[]string{"GET"}, "POST", false},
{[]string{"GET"}, "OPTIONS", false}, // TODO, #469
{[]string{"GET"}, "MAKE-COFFEE", false}, // 405, or 418?
} {
runWrappedHandler(&http.Request{Method: c.reqMethod}, c.allowed...)
test.AssertEquals(t, stubCalled, c.shouldSucceed)
if c.shouldSucceed {
test.AssertEquals(t, rw.Code, http.StatusOK)
} else {
test.AssertEquals(t, rw.Code, http.StatusMethodNotAllowed)
test.AssertEquals(t, sortHeader(rw.Header().Get("Allow")), strings.Join(c.allowed, ", "))
test.AssertEquals(t,
rw.Body.String(),
`{"type":"urn:acme:error:malformed","detail":"Method not allowed"}`)
}
nonce := rw.Header().Get("Replay-Nonce")
test.AssertNotEquals(t, nonce, lastNonce)
lastNonce = nonce
}
// Disallowed method returns error JSON in body
runWrappedHandler(&http.Request{Method: "PUT"}, "GET", "POST")
test.AssertEquals(t, rw.Header().Get("Content-Type"), "application/problem+json")
test.AssertEquals(t, rw.Body.String(), `{"type":"urn:acme:error:malformed","detail":"Method not allowed"}`)
test.AssertEquals(t, sortHeader(rw.Header().Get("Allow")), "GET, POST")
// Disallowed method special case: response to HEAD has got no body
runWrappedHandler(&http.Request{Method: "HEAD"}, "GET", "POST")
test.AssertEquals(t, stubCalled, false)
test.AssertEquals(t, rw.Body.String(), "")
test.AssertEquals(t, sortHeader(rw.Header().Get("Allow")), "GET, POST")
}
func Register(mux *http.ServeMux) {
if mux == nil {
mux = http.DefaultServeMux
}
mux.HandleFunc("/irc", home)
mux.Handle("/irc/ws", websocket.Handler(connect))
log.Printf("registered irc at /irc and /irc/ws")
}
func Register(mux *http.ServeMux) {
if mux == nil {
mux = http.DefaultServeMux
}
mux.HandleFunc("/webclock", index)
mux.Handle("/webclock/ws", websocket.Handler(handle))
log.Printf("registered webclock at /webclock and /webclock/ws")
}
func SetupWebsocket(mux *http.ServeMux) chan commons.Notification {
wsSlice = make([]*webSocketWrapper, 0)
conChan = make(chan *webSocketWrapper)
notifChan = make(chan commons.Notification)
go handleIncomingConnection()
mux.Handle("/websocket", websocket.Handler(webSocketHandler))
return notifChan
}
// Set up default Tyk control API endpoints - these are global, so need to be added first
func loadAPIEndpoints(Muxer *http.ServeMux) {
// set up main API handlers
Muxer.HandleFunc("/tyk/keys/create", CheckIsAPIOwner(createKeyHandler))
Muxer.HandleFunc("/tyk/keys/", CheckIsAPIOwner(keyHandler))
Muxer.HandleFunc("/tyk/reload/", CheckIsAPIOwner(resetHandler))
Muxer.HandleFunc("/tyk/oauth/clients/create", CheckIsAPIOwner(createOauthClient))
Muxer.HandleFunc("/tyk/oauth/clients/", CheckIsAPIOwner(oAuthClientHandler))
}
// SetHTTPTransport accept a http multiplexer to handle other peers'
// RPCs like RequestVote and AppendEntry, etc.
// Run this before running server.Start().
func (s *Server) SetHTTPTransport(mux *http.ServeMux, port int) {
mux.HandleFunc(idPath, idHandleFunc(s))
mux.HandleFunc(appendEntriesPath, appendEntriesHandler(s))
mux.HandleFunc(requestVotePath, requestVoteHandler(s))
mux.HandleFunc(commandPath, commandHandler(s))
mux.HandleFunc(setConfigPath, setConfigHandler(s))
go http.ListenAndServe(fmt.Sprintf(":%d", port), mux)
}
func handlePathRedirects(mux *http.ServeMux, redirects map[string]string, prefix string) {
for source, target := range redirects {
h := Handler(prefix + target + "/")
p := prefix + source
mux.Handle(p, h)
mux.Handle(p+"/", h)
}
}
// Serve all files in the current directory, or only a few select filetypes (html, css, js, png and txt)
func registerHandlers(mux *http.ServeMux, handlePath, servedir string, perm pinterface.IPermissions, luapool *lStatePool, cache *FileCache, addDomain bool) {
// Handle all requests with this function
allRequests := func(w http.ResponseWriter, req *http.Request) {
if perm.Rejected(w, req) {
// Get and call the Permission Denied function
perm.DenyFunction()(w, req)
// Reject the request by returning
return
}
// Local to this function
servedir := servedir
// Look for the directory that is named the same as the host
if addDomain {
servedir = filepath.Join(servedir, getDomain(req))
}
urlpath := req.URL.Path
filename := url2filename(servedir, urlpath)
// Remove the trailing slash from the filename, if any
noslash := filename
if strings.HasSuffix(filename, pathsep) {
noslash = filename[:len(filename)-1]
}
hasdir := fs.exists(filename) && fs.isDir(filename)
dirname := filename
hasfile := fs.exists(noslash)
// Set the server header.
serverHeaders(w)
// Share the directory or file
if hasdir {
dirPage(w, req, servedir, dirname, perm, luapool, cache)
return
} else if !hasdir && hasfile {
// Share a single file instead of a directory
filePage(w, req, noslash, perm, luapool, cache)
return
}
// Not found
w.WriteHeader(http.StatusNotFound)
fmt.Fprint(w, noPage(filename))
}
// Handle requests differently depending on if rate limiting is enabled or not
if disableRateLimiting {
mux.HandleFunc(handlePath, allRequests)
} else {
limiter := tollbooth.NewLimiter(limitRequests, time.Second)
limiter.MessageContentType = "text/html; charset=utf-8"
limiter.Message = easyPage("Rate-limit exceeded", "<div style='color:red'>You have reached the maximum request limit.</div>")
mux.Handle(handlePath, tollbooth.LimitFuncHandler(limiter, allRequests))
}
}
func Register(mux *http.ServeMux, volMap volume.VolumeDriver) {
// http server.
mux.HandleFunc("/Plugin.Activate", pluginActivate)
mux.Handle("/VolumeDriver.Create", pluginHandler{Fn: volMap.Create, VMap: volMap})
mux.Handle("/VolumeDriver.Remove", pluginHandler{Fn: volMap.Remove, VMap: volMap})
mux.Handle("/VolumeDriver.Mount", pluginHandler{Fn: volMap.Mount, VMap: volMap})
mux.Handle("/VolumeDriver.Unmount", pluginHandler{Fn: volMap.Unmount, VMap: volMap})
mux.Handle("/VolumeDriver.Path", pluginHandler{Fn: volMap.Path, VMap: volMap})
}
func RegisterRPCFuncs(mux *http.ServeMux, funcMap map[string]*RPCFunc) {
// HTTP endpoints
for funcName, rpcFunc := range funcMap {
mux.HandleFunc("/"+funcName, makeHTTPHandler(rpcFunc))
}
// JSONRPC endpoints
mux.HandleFunc("/", makeJSONRPCHandler(funcMap))
}
// handleHTTPRequest is a wrapper function that handles all incoming calls to
// the API.
func handleHTTPRequest(mux *http.ServeMux, url string, handler http.HandlerFunc) {
mux.HandleFunc(url, func(w http.ResponseWriter, req *http.Request) {
if !strings.Contains(req.UserAgent(), "Sia-Agent") {
writeError(w, "Browser access disabled due to security vulnerability. Use Sia-UI or siac.", http.StatusBadRequest)
return
}
handler(w, req)
})
}
func staticDirHandler(mux *http.ServeMux, prefix string, staticDir string, flags int) {
mux.HandleFunc(prefix,
func(w http.ResponseWriter, r *http.Request) {
log.Println(r.URL.Path)
file := root + r.URL.Path
log.Println(file)
http.ServeFile(w, r, file)
})
}
func NewTHTTPServerFromMux(
mux *http.ServeMux,
pattern string,
) (*THTTPServer, error) {
server := &THTTPServer{deliveries: make(chan *THTTPRequest)}
mux.Handle(pattern, &HTTPHandler{server})
return server, nil
}