2023-10-06 09:47:03 -05:00
|
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
|
|
|
|
|
package taildrop
|
|
|
|
|
|
|
|
|
|
import (
|
2023-10-12 09:28:46 -07:00
|
|
|
|
"crypto/sha256"
|
2025-05-20 15:30:19 -07:00
|
|
|
|
"fmt"
|
2023-10-06 09:47:03 -05:00
|
|
|
|
"io"
|
|
|
|
|
"os"
|
2023-10-17 13:46:05 -07:00
|
|
|
|
"path/filepath"
|
2023-10-06 09:47:03 -05:00
|
|
|
|
"sync"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"tailscale.com/envknob"
|
2023-11-13 10:20:28 -08:00
|
|
|
|
"tailscale.com/ipn"
|
2023-10-06 09:47:03 -05:00
|
|
|
|
"tailscale.com/tstime"
|
|
|
|
|
"tailscale.com/version/distro"
|
|
|
|
|
)
|
|
|
|
|
|
2023-10-12 09:28:46 -07:00
|
|
|
|
type incomingFileKey struct {
|
2025-05-06 20:45:28 -07:00
|
|
|
|
id clientID
|
2023-10-12 09:28:46 -07:00
|
|
|
|
name string // e.g., "foo.jpeg"
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-06 09:47:03 -05:00
|
|
|
|
type incomingFile struct {
|
2023-10-12 16:50:11 -07:00
|
|
|
|
clock tstime.DefaultClock
|
2023-10-06 09:47:03 -05:00
|
|
|
|
|
|
|
|
|
started time.Time
|
|
|
|
|
size int64 // or -1 if unknown; never 0
|
|
|
|
|
w io.Writer // underlying writer
|
|
|
|
|
sendFileNotify func() // called when done
|
|
|
|
|
partialPath string // non-empty in direct mode
|
2024-01-09 14:11:34 -06:00
|
|
|
|
finalPath string // not used in direct mode
|
2023-10-06 09:47:03 -05:00
|
|
|
|
|
|
|
|
|
mu sync.Mutex
|
|
|
|
|
copied int64
|
|
|
|
|
done bool
|
|
|
|
|
lastNotify time.Time
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (f *incomingFile) Write(p []byte) (n int, err error) {
|
|
|
|
|
n, err = f.w.Write(p)
|
|
|
|
|
|
|
|
|
|
var needNotify bool
|
|
|
|
|
defer func() {
|
|
|
|
|
if needNotify {
|
|
|
|
|
f.sendFileNotify()
|
|
|
|
|
}
|
|
|
|
|
}()
|
|
|
|
|
if n > 0 {
|
|
|
|
|
f.mu.Lock()
|
|
|
|
|
defer f.mu.Unlock()
|
|
|
|
|
f.copied += int64(n)
|
|
|
|
|
now := f.clock.Now()
|
|
|
|
|
if f.lastNotify.IsZero() || now.Sub(f.lastNotify) > time.Second {
|
|
|
|
|
f.lastNotify = now
|
|
|
|
|
needNotify = true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return n, err
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-06 20:45:28 -07:00
|
|
|
|
// PutFile stores a file into [manager.Dir] from a given client id.
|
2023-10-12 09:28:46 -07:00
|
|
|
|
// The baseName must be a base filename without any slashes.
|
|
|
|
|
// The length is the expected length of content to read from r,
|
|
|
|
|
// it may be negative to indicate that it is unknown.
|
2023-10-12 16:50:11 -07:00
|
|
|
|
// It returns the length of the entire file.
|
2023-10-12 09:28:46 -07:00
|
|
|
|
//
|
|
|
|
|
// If there is a failure reading from r, then the partial file is not deleted
|
2025-05-06 20:45:28 -07:00
|
|
|
|
// for some period of time. The [manager.PartialFiles] and [manager.HashPartialFile]
|
2023-10-12 09:28:46 -07:00
|
|
|
|
// methods may be used to list all partial files and to compute the hash for a
|
|
|
|
|
// specific partial file. This allows the client to determine whether to resume
|
|
|
|
|
// a partial file. While resuming, PutFile may be called again with a non-zero
|
|
|
|
|
// offset to specify where to resume receiving data at.
|
2025-05-06 20:45:28 -07:00
|
|
|
|
func (m *manager) PutFile(id clientID, baseName string, r io.Reader, offset, length int64) (int64, error) {
|
2023-10-12 09:28:46 -07:00
|
|
|
|
switch {
|
2023-10-17 13:46:05 -07:00
|
|
|
|
case m == nil || m.opts.Dir == "":
|
2023-10-12 09:28:46 -07:00
|
|
|
|
return 0, ErrNoTaildrop
|
|
|
|
|
case !envknob.CanTaildrop():
|
|
|
|
|
return 0, ErrNoTaildrop
|
2023-10-17 13:46:05 -07:00
|
|
|
|
case distro.Get() == distro.Unraid && !m.opts.DirectFileMode:
|
2023-10-12 09:28:46 -07:00
|
|
|
|
return 0, ErrNotAccessible
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-20 15:30:19 -07:00
|
|
|
|
//Compute dstPath & avoid mid‑upload deletion
|
|
|
|
|
var dstPath string
|
|
|
|
|
if m.opts.Mode == PutModeDirect {
|
|
|
|
|
var err error
|
|
|
|
|
dstPath, err = joinDir(m.opts.Dir, baseName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, err
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
// In SAF mode, we simply use the baseName as the destination "path"
|
|
|
|
|
// (the actual directory is managed by SAF).
|
|
|
|
|
dstPath = baseName
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
m.deleter.Remove(filepath.Base(dstPath)) // avoid deleting the partial file while receiving
|
2023-10-12 09:28:46 -07:00
|
|
|
|
|
|
|
|
|
// Check whether there is an in-progress transfer for the file.
|
2025-05-20 15:30:19 -07:00
|
|
|
|
partialFileKey := incomingFileKey{id, baseName}
|
|
|
|
|
inFile, loaded := m.incomingFiles.LoadOrInit(partialFileKey, func() *incomingFile {
|
|
|
|
|
return &incomingFile{
|
2023-10-17 13:46:05 -07:00
|
|
|
|
clock: m.opts.Clock,
|
|
|
|
|
started: m.opts.Clock.Now(),
|
2023-10-12 09:28:46 -07:00
|
|
|
|
size: length,
|
2023-10-17 13:46:05 -07:00
|
|
|
|
sendFileNotify: m.opts.SendFileNotify,
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
if loaded {
|
|
|
|
|
return 0, ErrFileExists
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
defer m.incomingFiles.Delete(partialFileKey)
|
2023-10-06 09:47:03 -05:00
|
|
|
|
|
2025-05-20 15:30:19 -07:00
|
|
|
|
// Open writer & populate inFile paths
|
|
|
|
|
wc, partialPath, err := m.openWriterAndPaths(id, m.opts.Mode, inFile, baseName, dstPath, offset)
|
2023-10-06 09:47:03 -05:00
|
|
|
|
if err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return 0, m.redactAndLogError("Create", err)
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
|
|
|
|
defer func() {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
wc.Close()
|
2023-10-12 09:28:46 -07:00
|
|
|
|
if err != nil {
|
2023-10-17 13:46:05 -07:00
|
|
|
|
m.deleter.Insert(filepath.Base(partialPath)) // mark partial file for eventual deletion
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
|
|
|
|
}()
|
2023-10-12 09:28:46 -07:00
|
|
|
|
|
2023-11-13 10:20:28 -08:00
|
|
|
|
// Record that we have started to receive at least one file.
|
|
|
|
|
// This is used by the deleter upon a cold-start to scan the directory
|
|
|
|
|
// for any files that need to be deleted.
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if st := m.opts.State; st != nil {
|
|
|
|
|
if b, _ := st.ReadState(ipn.TaildropReceivedKey); len(b) == 0 {
|
|
|
|
|
if werr := st.WriteState(ipn.TaildropReceivedKey, []byte{1}); werr != nil {
|
|
|
|
|
m.opts.Logf("WriteState error: %v", werr) // non-fatal error
|
2023-11-13 10:20:28 -08:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-20 15:30:19 -07:00
|
|
|
|
// Copy the contents of the file to the writer.
|
|
|
|
|
copyLength, err := io.Copy(wc, r)
|
2023-10-12 09:28:46 -07:00
|
|
|
|
if err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return 0, m.redactAndLogError("Copy", err)
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
2023-10-12 09:28:46 -07:00
|
|
|
|
if length >= 0 && copyLength != length {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return 0, m.redactAndLogError("Copy", fmt.Errorf("copied %d bytes; expected %d", copyLength, length))
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if err := wc.Close(); err != nil {
|
|
|
|
|
return 0, m.redactAndLogError("Close", err)
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
|
2023-10-12 09:28:46 -07:00
|
|
|
|
fileLength := offset + copyLength
|
|
|
|
|
|
2024-01-09 14:11:34 -06:00
|
|
|
|
inFile.mu.Lock()
|
|
|
|
|
inFile.done = true
|
|
|
|
|
inFile.mu.Unlock()
|
2023-10-12 09:28:46 -07:00
|
|
|
|
|
2025-05-20 15:30:19 -07:00
|
|
|
|
// Finalize rename
|
|
|
|
|
switch m.opts.Mode {
|
|
|
|
|
case PutModeDirect:
|
|
|
|
|
var finalDst string
|
|
|
|
|
finalDst, err = m.finalizeDirect(inFile, partialPath, dstPath, fileLength)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return 0, m.redactAndLogError("Rename", err)
|
|
|
|
|
}
|
|
|
|
|
inFile.finalPath = finalDst
|
|
|
|
|
|
|
|
|
|
case PutModeAndroidSAF:
|
|
|
|
|
if err = m.finalizeSAF(partialPath, baseName); err != nil {
|
|
|
|
|
return 0, m.redactAndLogError("Rename", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m.totalReceived.Add(1)
|
|
|
|
|
m.opts.SendFileNotify()
|
|
|
|
|
return fileLength, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// openWriterAndPaths opens the correct writer, seeks/truncates if needed,
|
|
|
|
|
// and sets inFile.partialPath & inFile.finalPath for later cleanup/rename.
|
|
|
|
|
// The caller is responsible for closing the file on completion.
|
|
|
|
|
func (m *manager) openWriterAndPaths(
|
|
|
|
|
id clientID,
|
|
|
|
|
mode PutMode,
|
|
|
|
|
inFile *incomingFile,
|
|
|
|
|
baseName string,
|
|
|
|
|
dstPath string,
|
|
|
|
|
offset int64,
|
|
|
|
|
) (wc io.WriteCloser, partialPath string, err error) {
|
|
|
|
|
switch mode {
|
|
|
|
|
|
|
|
|
|
case PutModeDirect:
|
|
|
|
|
partialPath = dstPath + id.partialSuffix()
|
|
|
|
|
f, err := os.OpenFile(partialPath, os.O_CREATE|os.O_RDWR, 0o666)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, "", m.redactAndLogError("Create", err)
|
|
|
|
|
}
|
|
|
|
|
if offset != 0 {
|
|
|
|
|
curr, err := f.Seek(0, io.SeekEnd)
|
|
|
|
|
if err != nil {
|
|
|
|
|
f.Close()
|
|
|
|
|
return nil, "", m.redactAndLogError("Seek", err)
|
|
|
|
|
}
|
|
|
|
|
if offset < 0 || offset > curr {
|
|
|
|
|
f.Close()
|
|
|
|
|
return nil, "", m.redactAndLogError("Seek", fmt.Errorf("offset %d out of range", offset))
|
|
|
|
|
}
|
|
|
|
|
if _, err := f.Seek(offset, io.SeekStart); err != nil {
|
|
|
|
|
f.Close()
|
|
|
|
|
return nil, "", m.redactAndLogError("Seek", err)
|
|
|
|
|
}
|
|
|
|
|
if err := f.Truncate(offset); err != nil {
|
|
|
|
|
f.Close()
|
|
|
|
|
return nil, "", m.redactAndLogError("Truncate", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
inFile.w = f
|
|
|
|
|
wc = f
|
|
|
|
|
inFile.partialPath = partialPath
|
|
|
|
|
inFile.finalPath = dstPath
|
|
|
|
|
return wc, partialPath, nil
|
|
|
|
|
|
|
|
|
|
case PutModeAndroidSAF:
|
|
|
|
|
if m.opts.FileOps == nil {
|
|
|
|
|
return nil, "", m.redactAndLogError("Create (SAF)", fmt.Errorf("missing FileOps"))
|
|
|
|
|
}
|
|
|
|
|
writer, uri, err := m.opts.FileOps.OpenFileWriter(baseName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, "", m.redactAndLogError("Create (SAF)", fmt.Errorf("failed to open file for writing via SAF"))
|
|
|
|
|
}
|
|
|
|
|
if writer == nil || uri == "" {
|
|
|
|
|
return nil, "", fmt.Errorf("invalid SAF writer or URI")
|
|
|
|
|
}
|
|
|
|
|
// SAF mode does not support resuming, so enforce offset == 0.
|
|
|
|
|
if offset != 0 {
|
|
|
|
|
writer.Close()
|
|
|
|
|
return nil, "", m.redactAndLogError("Seek", fmt.Errorf("resuming is not supported in SAF mode"))
|
|
|
|
|
}
|
|
|
|
|
inFile.w = writer
|
|
|
|
|
wc = writer
|
|
|
|
|
partialPath = uri
|
|
|
|
|
inFile.partialPath = uri
|
|
|
|
|
inFile.finalPath = baseName
|
|
|
|
|
return wc, partialPath, nil
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return nil, "", fmt.Errorf("unsupported PutMode: %v", mode)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// finalizeDirect atomically renames or dedups the partial file, retrying
|
|
|
|
|
// under new names up to 10 times. It returns the final path that succeeded.
|
|
|
|
|
func (m *manager) finalizeDirect(
|
|
|
|
|
inFile *incomingFile,
|
|
|
|
|
partialPath string,
|
|
|
|
|
initialDst string,
|
|
|
|
|
fileLength int64,
|
|
|
|
|
) (string, error) {
|
|
|
|
|
var (
|
|
|
|
|
once sync.Once
|
|
|
|
|
cachedSum [sha256.Size]byte
|
|
|
|
|
cacheErr error
|
|
|
|
|
computeSum = func() ([sha256.Size]byte, error) {
|
|
|
|
|
once.Do(func() { cachedSum, cacheErr = sha256File(partialPath) })
|
|
|
|
|
return cachedSum, cacheErr
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
dstPath := initialDst
|
|
|
|
|
const maxRetries = 10
|
|
|
|
|
for i := 0; i < maxRetries; i++ {
|
2023-10-12 09:28:46 -07:00
|
|
|
|
// Atomically rename the partial file as the destination file if it doesn't exist.
|
|
|
|
|
// Otherwise, it returns the length of the current destination file.
|
|
|
|
|
// The operation is atomic.
|
2025-05-20 15:30:19 -07:00
|
|
|
|
lengthOnDisk, err := func() (int64, error) {
|
2023-10-12 09:28:46 -07:00
|
|
|
|
m.renameMu.Lock()
|
|
|
|
|
defer m.renameMu.Unlock()
|
2025-05-20 15:30:19 -07:00
|
|
|
|
fi, statErr := os.Stat(dstPath)
|
|
|
|
|
if os.IsNotExist(statErr) {
|
|
|
|
|
// dst missing → rename partial into place
|
2023-10-12 09:28:46 -07:00
|
|
|
|
return -1, os.Rename(partialPath, dstPath)
|
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if statErr != nil {
|
|
|
|
|
return -1, statErr
|
|
|
|
|
}
|
|
|
|
|
return fi.Size(), nil
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}()
|
|
|
|
|
if err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return "", err
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if lengthOnDisk < 0 {
|
|
|
|
|
// successfully moved
|
|
|
|
|
inFile.finalPath = dstPath
|
|
|
|
|
return dstPath, nil
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Avoid the final rename if a destination file has the same contents.
|
2024-01-09 14:11:34 -06:00
|
|
|
|
//
|
|
|
|
|
// Note: this is best effort and copying files from iOS from the Media Library
|
|
|
|
|
// results in processing on the iOS side which means the size and shas of the
|
|
|
|
|
// same file can be different.
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if lengthOnDisk == fileLength {
|
|
|
|
|
partSum, err := computeSum()
|
2023-10-12 09:28:46 -07:00
|
|
|
|
if err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return "", err
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
|
|
|
|
dstSum, err := sha256File(dstPath)
|
|
|
|
|
if err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return "", err
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
if partSum == dstSum {
|
|
|
|
|
// same content → drop the partial
|
2023-10-12 09:28:46 -07:00
|
|
|
|
if err := os.Remove(partialPath); err != nil {
|
2025-05-20 15:30:19 -07:00
|
|
|
|
return "", err
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
inFile.finalPath = dstPath
|
|
|
|
|
return dstPath, nil
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|
|
|
|
|
|
2023-10-12 09:28:46 -07:00
|
|
|
|
// Choose a new destination filename and try again.
|
2025-05-06 20:45:28 -07:00
|
|
|
|
dstPath = nextFilename(dstPath)
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
|
|
|
|
|
return "", fmt.Errorf("too many retries trying to rename a partial file %q", initialDst)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// finalizeSAF retries RenamePartialFile up to 10 times, generating a new
|
|
|
|
|
// name on each failure until the SAF URI changes.
|
|
|
|
|
func (m *manager) finalizeSAF(
|
|
|
|
|
partialPath, finalName string,
|
|
|
|
|
) error {
|
|
|
|
|
if m.opts.FileOps == nil {
|
|
|
|
|
return fmt.Errorf("missing FileOps for SAF finalize")
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
2025-05-20 15:30:19 -07:00
|
|
|
|
const maxTries = 10
|
|
|
|
|
name := finalName
|
|
|
|
|
for i := 0; i < maxTries; i++ {
|
|
|
|
|
newURI, err := m.opts.FileOps.RenamePartialFile(partialPath, m.opts.Dir, name)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if newURI != "" && newURI != name {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
name = nextFilename(name)
|
|
|
|
|
}
|
|
|
|
|
return fmt.Errorf("failed to finalize SAF file after %d retries", maxTries)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *manager) redactAndLogError(stage string, err error) error {
|
|
|
|
|
err = redactError(err)
|
|
|
|
|
m.opts.Logf("put %s error: %v", stage, err)
|
|
|
|
|
return err
|
2023-10-12 09:28:46 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func sha256File(file string) (out [sha256.Size]byte, err error) {
|
|
|
|
|
h := sha256.New()
|
|
|
|
|
f, err := os.Open(file)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return out, err
|
|
|
|
|
}
|
|
|
|
|
defer f.Close()
|
|
|
|
|
if _, err := io.Copy(h, f); err != nil {
|
|
|
|
|
return out, err
|
|
|
|
|
}
|
|
|
|
|
return [sha256.Size]byte(h.Sum(nil)), nil
|
2023-10-06 09:47:03 -05:00
|
|
|
|
}
|