ipn/{ipnlocal/peerapi, localapi} initial taildrop resume api plumbing (#9798)

This change:
* adds a partial files peerAPI endpoint to get a list of partial files
* adds a helper function to extract the basename of a file
* updates the peer put peerAPI endpoint
* updates the file put localapi endpoint to allow resume functionality

Updates #14772

Signed-off-by: Rhea Ghosh <rhea@tailscale.com>
This commit is contained in:
Rhea Ghosh 2023-10-16 12:36:31 -05:00 committed by GitHub
parent 95faefd1f6
commit 71271e41d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 130 additions and 24 deletions

View File

@ -301,7 +301,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
LD 💣 tailscale.com/ssh/tailssh from tailscale.com/cmd/tailscaled
tailscale.com/syncs from tailscale.com/net/netcheck+
tailscale.com/tailcfg from tailscale.com/client/tailscale/apitype+
tailscale.com/taildrop from tailscale.com/ipn/ipnlocal
tailscale.com/taildrop from tailscale.com/ipn/ipnlocal+
💣 tailscale.com/tempfork/device from tailscale.com/net/tstun/table
LD tailscale.com/tempfork/gliderlabs/ssh from tailscale.com/ssh/tailssh
tailscale.com/tempfork/heap from tailscale.com/wgengine/magicsock
@ -340,6 +340,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/util/goroutines from tailscale.com/ipn/ipnlocal
tailscale.com/util/groupmember from tailscale.com/ipn/ipnauth
💣 tailscale.com/util/hashx from tailscale.com/util/deephash
tailscale.com/util/httphdr from tailscale.com/ipn/ipnlocal+
tailscale.com/util/httpm from tailscale.com/client/tailscale+
tailscale.com/util/lineread from tailscale.com/hostinfo+
L tailscale.com/util/linuxfw from tailscale.com/net/netns+

View File

@ -41,6 +41,7 @@
"tailscale.com/taildrop"
"tailscale.com/types/views"
"tailscale.com/util/clientmetric"
"tailscale.com/util/httphdr"
"tailscale.com/wgengine/filter"
)
@ -304,6 +305,10 @@ func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Header().Set("X-Frame-Options", "DENY")
w.Header().Set("X-Content-Type-Options", "nosniff")
}
if strings.HasPrefix(r.URL.Path, "/v0/partial-files/") {
h.handlePartialFileGet(w, r)
return
}
if strings.HasPrefix(r.URL.Path, "/v0/put/") {
metricPutCalls.Add(1)
h.handlePeerPut(w, r)
@ -626,9 +631,71 @@ func (h *peerAPIHandler) peerHasCap(wantCap tailcfg.PeerCapability) bool {
return h.ps.b.PeerCaps(h.remoteAddr.Addr()).HasCapability(wantCap)
}
var errMisconfiguredInternals = errors.New("misconfigured internals")
func (h *peerAPIHandler) extractBaseName(rawPath, prefix string) (ret string, err error) {
prefix, ok := strings.CutPrefix(rawPath, prefix)
if !ok {
return "", errMisconfiguredInternals
}
if prefix == "" {
return "", taildrop.ErrInvalidFileName
}
if strings.Contains(prefix, "/") {
return "", taildrop.ErrInvalidFileName
}
baseName, err := url.PathUnescape(prefix)
if err == errMisconfiguredInternals {
return "", errMisconfiguredInternals
} else if err != nil {
return "", taildrop.ErrInvalidFileName
}
return baseName, nil
}
func (h *peerAPIHandler) handlePartialFileGet(w http.ResponseWriter, r *http.Request) {
if !h.ps.b.hasCapFileSharing() {
http.Error(w, taildrop.ErrNoTaildrop.Error(), http.StatusForbidden)
return
}
if r.Method != "GET" {
http.Error(w, "expected method GET", http.StatusMethodNotAllowed)
return
}
var resp any
var err error
id := taildrop.ClientID(h.peerNode.StableID())
if r.URL.Path == "/v0/partial-files/" {
resp, err = h.ps.taildrop.PartialFiles(id)
} else {
baseName, _ := h.extractBaseName(r.URL.EscapedPath(), "/v0/partial-files/")
ranges, ok := httphdr.ParseRange(r.Header.Get("Range"))
if !ok || len(ranges) != 1 || ranges[0].Length < 0 {
http.Error(w, "invalid Range header", http.StatusBadRequest)
return
}
offset := ranges[0].Start
length := ranges[0].Length
if length == 0 {
length = -1 // httphdr.Range.Length == 0 implies reading the rest of file
}
resp, err = h.ps.taildrop.HashPartialFile(id, baseName, offset, length)
}
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err := json.NewEncoder(w).Encode(resp); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
func (h *peerAPIHandler) handlePeerPut(w http.ResponseWriter, r *http.Request) {
if !h.canPutFile() {
http.Error(w, "Taildrop access denied", http.StatusForbidden)
http.Error(w, taildrop.ErrNoTaildrop.Error(), http.StatusForbidden)
return
}
if !h.ps.b.hasCapFileSharing() {
@ -639,28 +706,24 @@ func (h *peerAPIHandler) handlePeerPut(w http.ResponseWriter, r *http.Request) {
http.Error(w, "expected method PUT", http.StatusMethodNotAllowed)
return
}
rawPath := r.URL.EscapedPath()
suffix, ok := strings.CutPrefix(rawPath, "/v0/put/")
if !ok {
http.Error(w, "misconfigured internals", http.StatusInternalServerError)
return
}
if suffix == "" {
http.Error(w, "empty filename", http.StatusBadRequest)
return
}
if strings.Contains(suffix, "/") {
http.Error(w, "directories not supported", http.StatusBadRequest)
return
}
baseName, err := url.PathUnescape(suffix)
baseName, err := h.extractBaseName(r.URL.EscapedPath(), "/v0/put/")
if err != nil {
http.Error(w, "bad path encoding", http.StatusBadRequest)
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
t0 := h.ps.b.clock.Now()
// TODO(rhea,joetsai): Set the client ID and starting offset.
n, err := h.ps.taildrop.PutFile("", baseName, r.Body, 0, r.ContentLength)
id := taildrop.ClientID(h.peerNode.StableID())
var offset int64
if rangeHdr := r.Header.Get("Range"); rangeHdr != "" {
ranges, ok := httphdr.ParseRange(rangeHdr)
if !ok || len(ranges) != 1 || ranges[0].Length != 0 {
http.Error(w, "invalid Range header", http.StatusBadRequest)
return
}
offset = ranges[0].Start
}
n, err := h.ps.taildrop.PutFile(taildrop.ClientID(fmt.Sprint(id)), baseName, r.Body, offset, r.ContentLength)
switch err {
case nil:
d := h.ps.b.clock.Since(t0).Round(time.Second / 10)

View File

@ -173,7 +173,7 @@ func TestHandlePeerAPI(t *testing.T) {
reqs: []*http.Request{httptest.NewRequest("PUT", "/v0/put/foo", nil)},
checks: checks(
httpStatus(http.StatusForbidden),
bodyContains("Taildrop access denied"),
bodyContains("Taildrop disabled"),
),
},
{
@ -280,7 +280,7 @@ func TestHandlePeerAPI(t *testing.T) {
reqs: []*http.Request{httptest.NewRequest("PUT", "/v0/put/", nil)},
checks: checks(
httpStatus(400),
bodyContains("empty filename"),
bodyContains("invalid filename"),
),
},
{
@ -290,7 +290,7 @@ func TestHandlePeerAPI(t *testing.T) {
reqs: []*http.Request{httptest.NewRequest("PUT", "/v0/put/foo/bar", nil)},
checks: checks(
httpStatus(400),
bodyContains("directories not supported"),
bodyContains("invalid filename"),
),
},
{

View File

@ -37,6 +37,7 @@
"tailscale.com/net/netutil"
"tailscale.com/net/portmapper"
"tailscale.com/tailcfg"
"tailscale.com/taildrop"
"tailscale.com/tka"
"tailscale.com/tstime"
"tailscale.com/types/key"
@ -45,6 +46,7 @@
"tailscale.com/types/ptr"
"tailscale.com/types/tkatype"
"tailscale.com/util/clientmetric"
"tailscale.com/util/httphdr"
"tailscale.com/util/httpm"
"tailscale.com/util/mak"
"tailscale.com/util/osdiag"
@ -1293,12 +1295,52 @@ func (h *Handler) serveFilePut(w http.ResponseWriter, r *http.Request) {
http.Error(w, "bogus peer URL", http.StatusInternalServerError)
return
}
outReq, err := http.NewRequestWithContext(r.Context(), "PUT", "http://peer/v0/put/"+filenameEscaped, r.Body)
// Before we PUT a file we check to see if there are any existing partial file and if so,
// we resume the upload from where we left off by sending the remaining file instead of
// the full file.
offset, remainingBody, err := taildrop.ResumeReader(r.Body, func(offset, length int64) (taildrop.FileChecksums, error) {
client := &http.Client{
Transport: h.b.Dialer().PeerAPITransport(),
Timeout: 10 * time.Second,
}
req, err := http.NewRequestWithContext(r.Context(), "GET", "http://peer/v0/partial-files/"+filenameEscaped, nil)
if err != nil {
return taildrop.FileChecksums{}, err
}
rangeHdr, ok := httphdr.FormatRange([]httphdr.Range{{Start: offset, Length: length}})
if !ok {
return taildrop.FileChecksums{}, fmt.Errorf("invalid offset and length")
}
req.Header.Set("Range", rangeHdr)
resp, err := client.Do(req)
if err != nil {
return taildrop.FileChecksums{}, err
}
var checksums taildrop.FileChecksums
err = json.NewDecoder(resp.Body).Decode(&checksums)
return checksums, err
})
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
outReq, err := http.NewRequestWithContext(r.Context(), "PUT", "http://peer/v0/put/"+filenameEscaped, remainingBody)
if err != nil {
http.Error(w, "bogus outreq", http.StatusInternalServerError)
return
}
outReq.ContentLength = r.ContentLength
if offset > 0 {
rangeHdr, _ := httphdr.FormatRange([]httphdr.Range{{offset, 0}})
outReq.Header.Set("Range", rangeHdr)
if outReq.ContentLength >= 0 {
outReq.ContentLength -= offset
}
}
rp := httputil.NewSingleHostReverseProxy(dstURL)
rp.Transport = h.b.Dialer().PeerAPITransport()