Skip to content

feat: add panic recovery middleware #3687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Aug 29, 2022
Merged

feat: add panic recovery middleware #3687

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5a1a196
feat: add panic recovery middleware
sreya Aug 24, 2022
5d37630
add some more tests
sreya Aug 24, 2022
f9d48b3
pr comments
sreya Aug 25, 2022
1fc5987
Merge branch 'main' into jon/fixpanic
sreya Aug 25, 2022
1086ff9
unexport ResponseBody
sreya Aug 29, 2022
8493dfe
Merge branch 'main' into jon/fixpanic
sreya Aug 29, 2022
2814949
fix unique constraint
sreya Aug 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 2 additions & 17 deletions coderd/coderd.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
package coderd

import (
"context"
"crypto/x509"
"fmt"
"io"
"net/http"
"net/url"
Expand Down Expand Up @@ -125,11 +123,8 @@ func New(options *Options) *API {
apiKeyMiddleware := httpmw.ExtractAPIKey(options.Database, oauthConfigs, false)

r.Use(
func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
next.ServeHTTP(middleware.NewWrapResponseWriter(w, r.ProtoMajor), r)
})
},
httpmw.Recover(api.Logger),
httpmw.Logger(api.Logger),
httpmw.Prometheus(options.PrometheusRegistry),
)

Expand Down Expand Up @@ -159,7 +154,6 @@ func New(options *Options) *API {
r.Use(
// Specific routes can specify smaller limits.
httpmw.RateLimitPerMinute(options.APIRateLimit),
debugLogRequest(api.Logger),
tracing.HTTPMW(api.TracerProvider, "coderd.http"),
)
r.Get("/", func(w http.ResponseWriter, r *http.Request) {
Expand Down Expand Up @@ -438,15 +432,6 @@ func (api *API) Close() error {
return api.workspaceAgentCache.Close()
}

func debugLogRequest(log slog.Logger) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
log.Debug(context.Background(), fmt.Sprintf("%s %s", r.Method, r.URL.Path))
next.ServeHTTP(rw, r)
})
}
}

func compressHandler(h http.Handler) http.Handler {
cmp := middleware.NewCompressor(5,
"text/*",
Expand Down
12 changes: 12 additions & 0 deletions coderd/httpapi/httpapi.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,18 @@ func Forbidden(rw http.ResponseWriter) {
})
}

func InternalServerError(rw http.ResponseWriter, err error) {
var details string
if err != nil {
details = err.Error()
}

Write(rw, http.StatusInternalServerError, codersdk.Response{
Message: "An internal server error occurred.",
Detail: details,
})
}

// Write outputs a standardized format to an HTTP response body.
func Write(rw http.ResponseWriter, status int, response interface{}) {
buf := &bytes.Buffer{}
Expand Down
35 changes: 35 additions & 0 deletions coderd/httpapi/httpapi_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,46 @@ import (

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/xerrors"

"github.com/coder/coder/coderd/httpapi"
"github.com/coder/coder/codersdk"
)

func TestInternalServerError(t *testing.T) {
t.Parallel()

t.Run("NoError", func(t *testing.T) {
t.Parallel()
w := httptest.NewRecorder()
httpapi.InternalServerError(w, nil)

var resp codersdk.Response
err := json.NewDecoder(w.Body).Decode(&resp)
require.NoError(t, err)
require.Equal(t, http.StatusInternalServerError, w.Code)
require.NotEmpty(t, resp.Message)
require.Empty(t, resp.Detail)
})

t.Run("WithError", func(t *testing.T) {
t.Parallel()
var (
w = httptest.NewRecorder()
httpErr = xerrors.New("error!")
)

httpapi.InternalServerError(w, httpErr)

var resp codersdk.Response
err := json.NewDecoder(w.Body).Decode(&resp)
require.NoError(t, err)
require.Equal(t, http.StatusInternalServerError, w.Code)
require.NotEmpty(t, resp.Message)
require.Equal(t, httpErr.Error(), resp.Detail)
})
}

func TestWrite(t *testing.T) {
t.Parallel()
t.Run("NoErrors", func(t *testing.T) {
Expand Down
30 changes: 30 additions & 0 deletions coderd/httpapi/request.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package httpapi

import "net/http"

const (
// XForwardedHostHeader is a header used by proxies to indicate the
// original host of the request.
XForwardedHostHeader = "X-Forwarded-Host"
)

// RequestHost returns the name of the host from the request. It prioritizes
// 'X-Forwarded-Host' over r.Host since most requests are being proxied.
func RequestHost(r *http.Request) string {
host := r.Header.Get(XForwardedHostHeader)
if host != "" {
return host
}

return r.Host
}

func IsWebsocketUpgrade(r *http.Request) bool {
vs := r.Header.Values("Upgrade")
for _, v := range vs {
if v == "websocket" {
return true
}
}
return false
}
74 changes: 74 additions & 0 deletions coderd/httpapi/status_writer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
package httpapi

import (
"bufio"
"net"
"net/http"

"golang.org/x/xerrors"
)

var _ http.ResponseWriter = (*StatusWriter)(nil)
var _ http.Hijacker = (*StatusWriter)(nil)

// StatusWriter intercepts the status of the request and the response body up
// to maxBodySize if Status >= 400. It is guaranteed to be the ResponseWriter
// directly downstream from Middleware.
type StatusWriter struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion (non-blocking): I think it could be beneficial to make this a package-private type and expose the fields via functions.

Benefit is that a caller can't access the underlying ResponseWriter (bypassing StatusWriter), but can still test for the values via if s, ok := rw.(interface{Status() int}); ok { s.Status() }

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I'm following. Do you just want to create a StatusWriter interface and unexport the current struct? Alternatively we could simply unexport the ResponseWriter on the struct.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, sorry it was unclear, I was suggesting two changes:

  1. Unexport ResponseWriter => responseWriter
  2. Change fields from Status => func(*statusWriter) Status() int

Number 1 was the main thing (to protect from direct ResponseWriter access), number 2 was a little extra which would allow the values to be inspected outside the package, if the need ever arises. But not necessary by any means.

In the case of 2, my example of if s, ok := rw.(interface{Status() int}); ok { s.Status() } was hinting at that we don't need to export anything from this package. If that need ever arises (inspect value outside package), it could be done with an inline interface.

I could've omitted that part though, I don't think it will be needed. 😄

http.ResponseWriter
Status int
Hijacked bool
responseBody []byte

wroteHeader bool
}

func (w *StatusWriter) WriteHeader(status int) {
if !w.wroteHeader {
w.Status = status
w.wroteHeader = true
}
w.ResponseWriter.WriteHeader(status)
}

func (w *StatusWriter) Write(b []byte) (int, error) {
const maxBodySize = 4096

if !w.wroteHeader {
w.Status = http.StatusOK
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically this will be true once we hit Write below, a later call to WriteHeader might overwrite the actual status otherwise.

Suggested change
w.Status = http.StatusOK
w.Status = http.StatusOK
w.wroteHeader = true

w.wroteHeader = true
}

if w.Status >= http.StatusBadRequest {
// This is technically wrong as multiple calls to write
// will simply overwrite w.ResponseBody but given that
// we typically only write to the response body once
// and this field is only used for logging I'm leaving
// this as-is.
w.responseBody = make([]byte, minInt(len(b), maxBodySize))
copy(w.responseBody, b)
}

return w.ResponseWriter.Write(b)
}

func minInt(a, b int) int {
if a < b {
return a
}
return b
}

func (w *StatusWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) {
hijacker, ok := w.ResponseWriter.(http.Hijacker)
if !ok {
return nil, nil, xerrors.Errorf("%T is not a http.Hijacker", w.ResponseWriter)
}
w.Hijacked = true

return hijacker.Hijack()
}

func (w *StatusWriter) ResponseBody() []byte {
return w.responseBody
}
129 changes: 129 additions & 0 deletions coderd/httpapi/status_writer_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
package httpapi_test

import (
"bufio"
"crypto/rand"
"net"
"net/http"
"net/http/httptest"
"testing"

"github.com/stretchr/testify/require"
"golang.org/x/xerrors"

"github.com/coder/coder/coderd/httpapi"
)

func TestStatusWriter(t *testing.T) {
t.Parallel()

t.Run("WriteHeader", func(t *testing.T) {
t.Parallel()

var (
rec = httptest.NewRecorder()
w = &httpapi.StatusWriter{ResponseWriter: rec}
)

w.WriteHeader(http.StatusOK)
require.Equal(t, http.StatusOK, w.Status)
// Validate that the code is written to the underlying Response.
require.Equal(t, http.StatusOK, rec.Code)
})

t.Run("WriteHeaderTwice", func(t *testing.T) {
t.Parallel()

var (
rec = httptest.NewRecorder()
w = &httpapi.StatusWriter{ResponseWriter: rec}
code = http.StatusNotFound
)

w.WriteHeader(code)
w.WriteHeader(http.StatusOK)
// Validate that we only record the first status code.
require.Equal(t, code, w.Status)
// Validate that the code is written to the underlying Response.
require.Equal(t, code, rec.Code)
})

t.Run("WriteNoHeader", func(t *testing.T) {
t.Parallel()
var (
rec = httptest.NewRecorder()
w = &httpapi.StatusWriter{ResponseWriter: rec}
body = []byte("hello")
)

_, err := w.Write(body)
require.NoError(t, err)

// Should set the status to OK.
require.Equal(t, http.StatusOK, w.Status)
// We don't record the body for codes <400.
require.Equal(t, []byte(nil), w.ResponseBody())
require.Equal(t, body, rec.Body.Bytes())
})

t.Run("WriteAfterHeader", func(t *testing.T) {
t.Parallel()
var (
rec = httptest.NewRecorder()
w = &httpapi.StatusWriter{ResponseWriter: rec}
body = []byte("hello")
code = http.StatusInternalServerError
)

w.WriteHeader(code)
_, err := w.Write(body)
require.NoError(t, err)

require.Equal(t, code, w.Status)
require.Equal(t, body, w.ResponseBody())
require.Equal(t, body, rec.Body.Bytes())
})

t.Run("WriteMaxBody", func(t *testing.T) {
t.Parallel()
var (
rec = httptest.NewRecorder()
w = &httpapi.StatusWriter{ResponseWriter: rec}
// 8kb body.
body = make([]byte, 8<<10)
code = http.StatusInternalServerError
)

_, err := rand.Read(body)
require.NoError(t, err)

w.WriteHeader(code)
_, err = w.Write(body)
require.NoError(t, err)

require.Equal(t, code, w.Status)
require.Equal(t, body, rec.Body.Bytes())
require.Equal(t, body[:4096], w.ResponseBody())
})

t.Run("Hijack", func(t *testing.T) {
t.Parallel()
var (
rec = httptest.NewRecorder()
)

w := &httpapi.StatusWriter{ResponseWriter: hijacker{rec}}

_, _, err := w.Hijack()
require.Error(t, err)
require.Equal(t, "hijacked", err.Error())
})
}

type hijacker struct {
http.ResponseWriter
}

func (hijacker) Hijack() (net.Conn, *bufio.ReadWriter, error) {
return nil, nil, xerrors.New("hijacked")
}
Loading