grafana/pkg/api/app_routes.go

package api

import (
	"crypto/tls"
	"net"
	"net/http"
	"time"

	"gopkg.in/macaron.v1"

	"github.com/grafana/grafana/pkg/api/pluginproxy"
	"github.com/grafana/grafana/pkg/log"
	"github.com/grafana/grafana/pkg/middleware"
	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/plugins"
	"github.com/grafana/grafana/pkg/util"
)

var pluginProxyTransport = &http.Transport{
	TLSClientConfig: &tls.Config{
		InsecureSkipVerify: true,
		Renegotiation:      tls.RenegotiateFreelyAsClient,
	},
	Proxy: http.ProxyFromEnvironment,
	Dial: (&net.Dialer{
		Timeout:   30 * time.Second,
		KeepAlive: 30 * time.Second,
		DualStack: true,
	}).Dial,
	TLSHandshakeTimeout: 10 * time.Second,
}

func InitAppPluginRoutes(r *macaron.Macaron) {
	for _, plugin := range plugins.Apps {
		for _, route := range plugin.Routes {
			url := util.JoinUrlFragments("/api/plugin-proxy/"+plugin.Id, route.Path)
			handlers := make([]macaron.Handler, 0)
			handlers = append(handlers, middleware.Auth(&middleware.AuthOptions{
				ReqSignedIn: true,
			}))

			if route.ReqRole != "" {
				if route.ReqRole == m.ROLE_ADMIN {
					handlers = append(handlers, middleware.RoleAuth(m.ROLE_ADMIN))
				} else if route.ReqRole == m.ROLE_EDITOR {
					handlers = append(handlers, middleware.RoleAuth(m.ROLE_EDITOR, m.ROLE_ADMIN))
				}
			}
			handlers = append(handlers, AppPluginRoute(route, plugin.Id))
			r.Route(url, route.Method, handlers...)
			log.Debug("Plugins: Adding proxy route %s", url)
		}
	}
}

func AppPluginRoute(route *plugins.AppPluginRoute, appId string) macaron.Handler {
	return func(c *middleware.Context) {
		path := c.Params("*")

		proxy := pluginproxy.NewApiPluginProxy(c, path, route, appId)
		proxy.Transport = pluginProxyTransport
		proxy.ServeHTTP(c.Resp, c.Req.Request)
	}
}
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`package api`

			`import (`
Added support for TLS client auth for datasource proxies (#5801) 2016-08-24 22:43:25 -05:00			`"crypto/tls"`
			`"net"`
			`"net/http"`
			`"time"`

fix(merge): minor merge fix 2016-01-13 08:51:47 -06:00			`"gopkg.in/macaron.v1"`

feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template 2016-02-10 09:43:35 -06:00			`"github.com/grafana/grafana/pkg/api/pluginproxy"`
refer to plugins are ExternalPlugin instead of thirdParty 2015-11-11 00:30:07 -06:00			`"github.com/grafana/grafana/pkg/log"`
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`"github.com/grafana/grafana/pkg/middleware"`
implement role access checks on external-plugin routes. 2015-11-27 02:26:30 -06:00			`m "github.com/grafana/grafana/pkg/models"`
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`"github.com/grafana/grafana/pkg/plugins"`
			`"github.com/grafana/grafana/pkg/util"`
			`)`

Added support for TLS client auth for datasource proxies (#5801) 2016-08-24 22:43:25 -05:00			`var pluginProxyTransport = &http.Transport{`
allow ssl renegotiation for datasources 2017-09-13 18:20:24 -05:00			`TLSClientConfig: &tls.Config{`
			`InsecureSkipVerify: true,`
go fmt 2017-09-24 11:59:21 -05:00			`Renegotiation: tls.RenegotiateFreelyAsClient,`
allow ssl renegotiation for datasources 2017-09-13 18:20:24 -05:00			`},`
go fmt 2017-09-24 11:59:21 -05:00			`Proxy: http.ProxyFromEnvironment,`
Added support for TLS client auth for datasource proxies (#5801) 2016-08-24 22:43:25 -05:00			`Dial: (&net.Dialer{`
			`Timeout: 30 * time.Second,`
			`KeepAlive: 30 * time.Second,`
Enable dualstack in every net.Dialer, fixes #9364 Default transport enables it: * https://github.com/golang/go/blob/d2826d3e06/src/net/http/transport.go#L42-L46 ``` DialContext: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, DualStack: true, }).DialContext, ``` See also: https://github.com/golang/go/issues/15324 2017-09-28 00:25:00 -05:00			`DualStack: true,`
Added support for TLS client auth for datasource proxies (#5801) 2016-08-24 22:43:25 -05:00			`}).Dial,`
			`TLSHandshakeTimeout: 10 * time.Second,`
			`}`

merge apiPlugins with appPlugins 2016-01-21 11:15:04 -06:00			`func InitAppPluginRoutes(r *macaron.Macaron) {`
			`for _, plugin := range plugins.Apps {`
feat(external plugins): worked on supporting external plugins better 2015-11-19 11:44:07 -06:00			`for _, route := range plugin.Routes {`
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template 2016-02-10 09:43:35 -06:00			`url := util.JoinUrlFragments("/api/plugin-proxy/"+plugin.Id, route.Path)`
implement role access checks on external-plugin routes. 2015-11-27 02:26:30 -06:00			`handlers := make([]macaron.Handler, 0)`
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template 2016-02-10 09:43:35 -06:00			`handlers = append(handlers, middleware.Auth(&middleware.AuthOptions{`
dataproxy: refactoring data source proxy to support route templates and wrote more tests for data proxy code, #9078 2017-08-23 03:52:31 -05:00			`ReqSignedIn: true,`
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template 2016-02-10 09:43:35 -06:00			`}))`

			`if route.ReqRole != "" {`
implement role access checks on external-plugin routes. 2015-11-27 02:26:30 -06:00			`if route.ReqRole == m.ROLE_ADMIN {`
			`handlers = append(handlers, middleware.RoleAuth(m.ROLE_ADMIN))`
			`} else if route.ReqRole == m.ROLE_EDITOR {`
			`handlers = append(handlers, middleware.RoleAuth(m.ROLE_EDITOR, m.ROLE_ADMIN))`
			`}`
			`}`
merge apiPlugins with appPlugins 2016-01-21 11:15:04 -06:00			`handlers = append(handlers, AppPluginRoute(route, plugin.Id))`
implement role access checks on external-plugin routes. 2015-11-27 02:26:30 -06:00			`r.Route(url, route.Method, handlers...)`
feat(instrumentation): added gauge and http endpoint 2016-06-03 09:15:36 -05:00			`log.Debug("Plugins: Adding proxy route %s", url)`
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`}`
			`}`
			`}`

merge apiPlugins with appPlugins 2016-01-21 11:15:04 -06:00			`func AppPluginRoute(route *plugins.AppPluginRoute, appId string) macaron.Handler {`
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`return func(c *middleware.Context) {`
			`path := c.Params("*")`

feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template 2016-02-10 09:43:35 -06:00			`proxy := pluginproxy.NewApiPluginProxy(c, path, route, appId)`
Added support for TLS client auth for datasource proxies (#5801) 2016-08-24 22:43:25 -05:00			`proxy.Transport = pluginProxyTransport`
fix(merge): minor merge fix 2016-01-13 08:51:47 -06:00			`proxy.ServeHTTP(c.Resp, c.Req.Request)`
initial import of thirdParty route support 2015-10-06 04:20:50 -05:00			`}`
			`}`