2014-12-29 06:36:08 -06:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2017-01-10 00:59:43 -06:00
|
|
|
"bytes"
|
|
|
|
"io/ioutil"
|
2014-12-29 06:36:08 -06:00
|
|
|
"net/http"
|
|
|
|
"net/http/httputil"
|
|
|
|
"net/url"
|
2017-02-05 09:08:35 -06:00
|
|
|
"strings"
|
2015-06-01 04:00:05 -05:00
|
|
|
"time"
|
2014-12-29 06:36:08 -06:00
|
|
|
|
2015-10-02 04:10:21 -05:00
|
|
|
"github.com/grafana/grafana/pkg/api/cloudwatch"
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
2017-01-10 00:59:43 -06:00
|
|
|
"github.com/grafana/grafana/pkg/log"
|
2016-06-03 02:17:36 -05:00
|
|
|
"github.com/grafana/grafana/pkg/metrics"
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/middleware"
|
|
|
|
m "github.com/grafana/grafana/pkg/models"
|
2015-09-09 10:21:25 -05:00
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
2015-02-05 03:37:13 -06:00
|
|
|
"github.com/grafana/grafana/pkg/util"
|
2014-12-29 06:36:08 -06:00
|
|
|
)
|
|
|
|
|
2017-01-16 05:16:41 -06:00
|
|
|
var (
|
2017-01-16 05:23:49 -06:00
|
|
|
dataproxyLogger log.Logger = log.New("data-proxy-log")
|
2017-01-16 05:16:41 -06:00
|
|
|
)
|
|
|
|
|
2015-09-09 10:21:25 -05:00
|
|
|
func NewReverseProxy(ds *m.DataSource, proxyPath string, targetUrl *url.URL) *httputil.ReverseProxy {
|
2014-12-29 06:36:08 -06:00
|
|
|
director := func(req *http.Request) {
|
2015-09-09 10:21:25 -05:00
|
|
|
req.URL.Scheme = targetUrl.Scheme
|
|
|
|
req.URL.Host = targetUrl.Host
|
|
|
|
req.Host = targetUrl.Host
|
2014-12-29 06:36:08 -06:00
|
|
|
|
|
|
|
reqQueryVals := req.URL.Query()
|
|
|
|
|
2015-02-28 01:25:13 -06:00
|
|
|
if ds.Type == m.DS_INFLUXDB_08 {
|
2015-09-09 10:21:25 -05:00
|
|
|
req.URL.Path = util.JoinUrlFragments(targetUrl.Path, "db/"+ds.Database+"/"+proxyPath)
|
2014-12-29 06:36:08 -06:00
|
|
|
reqQueryVals.Add("u", ds.User)
|
|
|
|
reqQueryVals.Add("p", ds.Password)
|
|
|
|
req.URL.RawQuery = reqQueryVals.Encode()
|
2015-02-28 01:25:13 -06:00
|
|
|
} else if ds.Type == m.DS_INFLUXDB {
|
2015-09-09 10:21:25 -05:00
|
|
|
req.URL.Path = util.JoinUrlFragments(targetUrl.Path, proxyPath)
|
2015-02-25 11:43:44 -06:00
|
|
|
req.URL.RawQuery = reqQueryVals.Encode()
|
2015-08-07 04:01:59 -05:00
|
|
|
if !ds.BasicAuth {
|
2015-09-19 05:32:35 -05:00
|
|
|
req.Header.Del("Authorization")
|
2015-08-07 04:01:59 -05:00
|
|
|
req.Header.Add("Authorization", util.GetBasicAuthHeader(ds.User, ds.Password))
|
|
|
|
}
|
2014-12-29 06:36:08 -06:00
|
|
|
} else {
|
2015-09-09 10:21:25 -05:00
|
|
|
req.URL.Path = util.JoinUrlFragments(targetUrl.Path, proxyPath)
|
2014-12-29 06:36:08 -06:00
|
|
|
}
|
2015-03-02 02:58:35 -06:00
|
|
|
|
|
|
|
if ds.BasicAuth {
|
2015-09-19 05:32:35 -05:00
|
|
|
req.Header.Del("Authorization")
|
2015-03-02 02:58:35 -06:00
|
|
|
req.Header.Add("Authorization", util.GetBasicAuthHeader(ds.BasicAuthUser, ds.BasicAuthPassword))
|
|
|
|
}
|
2015-08-10 05:11:18 -05:00
|
|
|
|
2016-05-26 00:13:29 -05:00
|
|
|
dsAuth := req.Header.Get("X-DS-Authorization")
|
|
|
|
if len(dsAuth) > 0 {
|
|
|
|
req.Header.Del("X-DS-Authorization")
|
|
|
|
req.Header.Del("Authorization")
|
|
|
|
req.Header.Add("Authorization", dsAuth)
|
|
|
|
}
|
|
|
|
|
2015-08-10 05:11:18 -05:00
|
|
|
// clear cookie headers
|
|
|
|
req.Header.Del("Cookie")
|
|
|
|
req.Header.Del("Set-Cookie")
|
2014-12-29 06:36:08 -06:00
|
|
|
}
|
|
|
|
|
2016-03-19 05:09:26 -05:00
|
|
|
return &httputil.ReverseProxy{Director: director, FlushInterval: time.Millisecond * 200}
|
2014-12-29 06:36:08 -06:00
|
|
|
}
|
|
|
|
|
2015-10-08 10:30:13 -05:00
|
|
|
func getDatasource(id int64, orgId int64) (*m.DataSource, error) {
|
|
|
|
query := m.GetDataSourceByIdQuery{Id: id, OrgId: orgId}
|
2015-03-11 11:34:11 -05:00
|
|
|
if err := bus.Dispatch(&query); err != nil {
|
2015-10-08 10:30:13 -05:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-06-06 10:11:46 -05:00
|
|
|
return query.Result, nil
|
2015-10-08 10:30:13 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func ProxyDataSourceRequest(c *middleware.Context) {
|
2016-06-03 02:17:36 -05:00
|
|
|
c.TimeRequest(metrics.M_DataSource_ProxyReq_Timer)
|
|
|
|
|
2015-10-08 10:30:13 -05:00
|
|
|
ds, err := getDatasource(c.ParamsInt64(":id"), c.OrgId)
|
2016-06-03 02:17:36 -05:00
|
|
|
|
2015-10-08 10:30:13 -05:00
|
|
|
if err != nil {
|
2014-12-29 06:36:08 -06:00
|
|
|
c.JsonApiErr(500, "Unable to load datasource meta data", err)
|
2015-03-11 11:34:11 -05:00
|
|
|
return
|
2014-12-29 06:36:08 -06:00
|
|
|
}
|
|
|
|
|
2016-07-22 06:15:18 -05:00
|
|
|
if ds.Type == m.DS_CLOUDWATCH {
|
|
|
|
cloudwatch.HandleRequest(c, ds)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-10-22 03:03:02 -05:00
|
|
|
if ds.Type == m.DS_INFLUXDB {
|
|
|
|
if c.Query("db") != ds.Database {
|
|
|
|
c.JsonApiErr(403, "Datasource is not configured to allow this database", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-09-09 10:21:25 -05:00
|
|
|
targetUrl, _ := url.Parse(ds.Url)
|
|
|
|
if len(setting.DataProxyWhiteList) > 0 {
|
|
|
|
if _, exists := setting.DataProxyWhiteList[targetUrl.Host]; !exists {
|
|
|
|
c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-22 06:15:18 -05:00
|
|
|
proxyPath := c.Params("*")
|
2016-09-13 08:04:21 -05:00
|
|
|
|
2017-02-05 09:08:35 -06:00
|
|
|
if ds.Type == m.DS_PROMETHEUS {
|
2017-02-07 04:03:57 -06:00
|
|
|
if c.Req.Request.Method != http.MethodGet || !strings.HasPrefix(proxyPath, "api/") {
|
2017-02-05 09:08:35 -06:00
|
|
|
c.JsonApiErr(403, "GET is only allowed on proxied Prometheus datasource", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-13 08:04:21 -05:00
|
|
|
if ds.Type == m.DS_ES {
|
|
|
|
if c.Req.Request.Method == "DELETE" {
|
|
|
|
c.JsonApiErr(403, "Deletes not allowed on proxied Elasticsearch datasource", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if c.Req.Request.Method == "PUT" {
|
|
|
|
c.JsonApiErr(403, "Puts not allowed on proxied Elasticsearch datasource", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if c.Req.Request.Method == "POST" && proxyPath != "_msearch" {
|
|
|
|
c.JsonApiErr(403, "Posts not allowed on proxied Elasticsearch datasource except on /_msearch", nil)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-22 06:15:18 -05:00
|
|
|
proxy := NewReverseProxy(ds, proxyPath, targetUrl)
|
2016-12-07 04:10:42 -06:00
|
|
|
proxy.Transport, err = ds.GetHttpTransport()
|
2016-08-24 22:43:25 -05:00
|
|
|
if err != nil {
|
|
|
|
c.JsonApiErr(400, "Unable to load TLS certificate", err)
|
|
|
|
return
|
|
|
|
}
|
2017-01-10 00:59:43 -06:00
|
|
|
|
2017-01-16 05:23:49 -06:00
|
|
|
logProxyRequest(ds.Type, c)
|
2016-07-22 06:15:18 -05:00
|
|
|
proxy.ServeHTTP(c.Resp, c.Req.Request)
|
|
|
|
c.Resp.Header().Del("Set-Cookie")
|
2014-12-29 06:36:08 -06:00
|
|
|
}
|
2017-01-10 00:59:43 -06:00
|
|
|
|
2017-01-16 05:23:49 -06:00
|
|
|
func logProxyRequest(dataSourceType string, c *middleware.Context) {
|
|
|
|
if !setting.DataProxyLogging {
|
|
|
|
return
|
|
|
|
}
|
2017-01-10 00:59:43 -06:00
|
|
|
|
2017-01-16 05:24:08 -06:00
|
|
|
var body string
|
|
|
|
if c.Req.Request.Body != nil {
|
|
|
|
buffer, err := ioutil.ReadAll(c.Req.Request.Body)
|
|
|
|
if err == nil {
|
2017-01-11 09:22:57 -06:00
|
|
|
c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer))
|
|
|
|
body = string(buffer)
|
|
|
|
}
|
|
|
|
}
|
2017-01-16 05:23:49 -06:00
|
|
|
|
|
|
|
dataproxyLogger.Info("Proxying incoming request",
|
|
|
|
"userid", c.UserId,
|
|
|
|
"orgid", c.OrgId,
|
|
|
|
"username", c.Login,
|
|
|
|
"datasource", dataSourceType,
|
|
|
|
"uri", c.Req.RequestURI,
|
|
|
|
"method", c.Req.Request.Method,
|
|
|
|
"body", body)
|
2017-01-10 00:59:43 -06:00
|
|
|
}
|