mirror of
https://github.com/grafana/grafana.git
synced 2024-12-29 10:21:41 -06:00
pkg/web: restrict handler types (#48495)
Makes `pkg/web` only accept handles from the following set: ```go handlerStd = func(http.ResponseWriter, *http.Request) handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context) handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext) handlerReqCtx = func(*models.ReqContext) handlerReqCtxRes = func(*models.ReqContext) Response handlerCtx = func(*web.Context) ``` This is a first step to reducing above set to only `http.Handler`. --- Due to a cyclic import situation between `pkg/models` and `pkg/web`, parts of this PR were put into `pkg/api/response`, even though they definitely do not belong there. This however is _temporary_ until we untangle `models.ReqContext`.
This commit is contained in:
parent
c980655f08
commit
3d5d8c785b
@ -27,6 +27,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/services/auth"
|
"github.com/grafana/grafana/pkg/services/auth"
|
||||||
"github.com/grafana/grafana/pkg/services/contexthandler"
|
"github.com/grafana/grafana/pkg/services/contexthandler"
|
||||||
"github.com/grafana/grafana/pkg/services/contexthandler/authproxy"
|
"github.com/grafana/grafana/pkg/services/contexthandler/authproxy"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/services/dashboards"
|
"github.com/grafana/grafana/pkg/services/dashboards"
|
||||||
dashboardsstore "github.com/grafana/grafana/pkg/services/dashboards/database"
|
dashboardsstore "github.com/grafana/grafana/pkg/services/dashboards/database"
|
||||||
dashboardservice "github.com/grafana/grafana/pkg/services/dashboards/service"
|
dashboardservice "github.com/grafana/grafana/pkg/services/dashboards/service"
|
||||||
@ -411,6 +412,9 @@ func setupHTTPServerWithCfgDb(t *testing.T, useFakeAccessControl, enableAccessCo
|
|||||||
initCtx.Context = c
|
initCtx.Context = c
|
||||||
initCtx.Logger = log.New("api-test")
|
initCtx.Logger = log.New("api-test")
|
||||||
c.Map(initCtx)
|
c.Map(initCtx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), initCtx))
|
||||||
|
c.Map(c.Req)
|
||||||
})
|
})
|
||||||
|
|
||||||
m.Use(accesscontrol.LoadPermissionsMiddleware(hs.AccessControl))
|
m.Use(accesscontrol.LoadPermissionsMiddleware(hs.AccessControl))
|
||||||
|
62
pkg/api/response/web_hack.go
Normal file
62
pkg/api/response/web_hack.go
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
//nolint:unused,deadcode
|
||||||
|
package response
|
||||||
|
|
||||||
|
//NOTE: This file belongs into pkg/web, but due to cyclic imports that are hard to resolve at the current time, it temporarily lives here.
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
|
"github.com/grafana/grafana/pkg/models"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
|
"github.com/grafana/grafana/pkg/web"
|
||||||
|
)
|
||||||
|
|
||||||
|
type (
|
||||||
|
handlerStd = func(http.ResponseWriter, *http.Request)
|
||||||
|
handlerStdCtx = func(http.ResponseWriter, *http.Request, *web.Context)
|
||||||
|
handlerStdReqCtx = func(http.ResponseWriter, *http.Request, *models.ReqContext)
|
||||||
|
handlerReqCtx = func(*models.ReqContext)
|
||||||
|
handlerReqCtxRes = func(*models.ReqContext) Response
|
||||||
|
handlerCtx = func(*web.Context)
|
||||||
|
)
|
||||||
|
|
||||||
|
func wrap_handler(h web.Handler) http.HandlerFunc {
|
||||||
|
switch handle := h.(type) {
|
||||||
|
case handlerStd:
|
||||||
|
return handle
|
||||||
|
case handlerStdCtx:
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
handle(w, r, web.FromContext(r.Context()))
|
||||||
|
}
|
||||||
|
case handlerStdReqCtx:
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
handle(w, r, getReqCtx(r.Context()))
|
||||||
|
}
|
||||||
|
case handlerReqCtx:
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
handle(getReqCtx(r.Context()))
|
||||||
|
}
|
||||||
|
case handlerReqCtxRes:
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
ctx := getReqCtx(r.Context())
|
||||||
|
res := handle(ctx)
|
||||||
|
res.WriteTo(ctx)
|
||||||
|
}
|
||||||
|
case handlerCtx:
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
handle(web.FromContext(r.Context()))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
panic(fmt.Sprintf("unexpected handler type: %T", h))
|
||||||
|
}
|
||||||
|
|
||||||
|
func getReqCtx(ctx context.Context) *models.ReqContext {
|
||||||
|
reqCtx, ok := ctx.Value(ctxkey.Key{}).(*models.ReqContext)
|
||||||
|
if !ok {
|
||||||
|
panic("no *models.ReqContext found")
|
||||||
|
}
|
||||||
|
return reqCtx
|
||||||
|
}
|
@ -9,6 +9,7 @@ import (
|
|||||||
|
|
||||||
"github.com/grafana/grafana/pkg/infra/log"
|
"github.com/grafana/grafana/pkg/infra/log"
|
||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
|
"github.com/grafana/grafana/pkg/services/sqlstore/mockstore"
|
||||||
"github.com/grafana/grafana/pkg/setting"
|
"github.com/grafana/grafana/pkg/setting"
|
||||||
"github.com/grafana/grafana/pkg/web"
|
"github.com/grafana/grafana/pkg/web"
|
||||||
@ -103,5 +104,8 @@ func contextProvider(tc *testContext) web.Handler {
|
|||||||
Logger: log.New("test"),
|
Logger: log.New("test"),
|
||||||
}
|
}
|
||||||
c.Map(reqCtx)
|
c.Map(reqCtx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), reqCtx))
|
||||||
|
c.Map(c.Req)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||||
"github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
"github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/web"
|
"github.com/grafana/grafana/pkg/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -90,5 +91,8 @@ func contextProvider() web.Handler {
|
|||||||
SkipCache: true,
|
SkipCache: true,
|
||||||
}
|
}
|
||||||
c.Map(reqCtx)
|
c.Map(reqCtx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), reqCtx))
|
||||||
|
c.Map(c.Req)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/infra/log"
|
"github.com/grafana/grafana/pkg/infra/log"
|
||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/services/sqlstore"
|
"github.com/grafana/grafana/pkg/services/sqlstore"
|
||||||
"github.com/grafana/grafana/pkg/setting"
|
"github.com/grafana/grafana/pkg/setting"
|
||||||
"github.com/grafana/grafana/pkg/web"
|
"github.com/grafana/grafana/pkg/web"
|
||||||
@ -500,6 +501,9 @@ func contextProvider(tc *testContext) web.Handler {
|
|||||||
Logger: log.New("test"),
|
Logger: log.New("test"),
|
||||||
}
|
}
|
||||||
c.Map(reqCtx)
|
c.Map(reqCtx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), reqCtx))
|
||||||
|
c.Map(c.Req)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/middleware/cookies"
|
"github.com/grafana/grafana/pkg/middleware/cookies"
|
||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
"github.com/grafana/grafana/pkg/services/contexthandler/authproxy"
|
"github.com/grafana/grafana/pkg/services/contexthandler/authproxy"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/services/login"
|
"github.com/grafana/grafana/pkg/services/login"
|
||||||
"github.com/grafana/grafana/pkg/services/rendering"
|
"github.com/grafana/grafana/pkg/services/rendering"
|
||||||
"github.com/grafana/grafana/pkg/services/sqlstore"
|
"github.com/grafana/grafana/pkg/services/sqlstore"
|
||||||
@ -69,7 +70,7 @@ type ContextHandler struct {
|
|||||||
GetTime func() time.Time
|
GetTime func() time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
type reqContextKey struct{}
|
type reqContextKey = ctxkey.Key
|
||||||
|
|
||||||
// FromContext returns the ReqContext value stored in a context.Context, if any.
|
// FromContext returns the ReqContext value stored in a context.Context, if any.
|
||||||
func FromContext(c context.Context) *models.ReqContext {
|
func FromContext(c context.Context) *models.ReqContext {
|
||||||
@ -94,7 +95,7 @@ func (h *ContextHandler) Middleware(mContext *web.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Inject ReqContext into a request context and replace the request instance in the macaron context
|
// Inject ReqContext into a request context and replace the request instance in the macaron context
|
||||||
mContext.Req = mContext.Req.WithContext(context.WithValue(mContext.Req.Context(), reqContextKey{}, reqContext))
|
mContext.Req = mContext.Req.WithContext(ctxkey.Set(mContext.Req.Context(), reqContext))
|
||||||
mContext.Map(mContext.Req)
|
mContext.Map(mContext.Req)
|
||||||
|
|
||||||
traceID := tracing.TraceIDFromContext(mContext.Req.Context(), false)
|
traceID := tracing.TraceIDFromContext(mContext.Req.Context(), false)
|
||||||
|
13
pkg/services/contexthandler/ctxkey/key.go
Normal file
13
pkg/services/contexthandler/ctxkey/key.go
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
package ctxkey
|
||||||
|
|
||||||
|
import "context"
|
||||||
|
|
||||||
|
type Key struct{}
|
||||||
|
|
||||||
|
func Set(ctx context.Context, data interface{}) context.Context {
|
||||||
|
return context.WithValue(ctx, Key{}, data)
|
||||||
|
}
|
||||||
|
|
||||||
|
func Get(ctx context.Context) interface{} {
|
||||||
|
return ctx.Value(Key{})
|
||||||
|
}
|
@ -4,6 +4,9 @@ import (
|
|||||||
"crypto/tls"
|
"crypto/tls"
|
||||||
|
|
||||||
"gopkg.in/ldap.v3"
|
"gopkg.in/ldap.v3"
|
||||||
|
|
||||||
|
//TODO(sh0rez): remove once import cycle resolved
|
||||||
|
_ "github.com/grafana/grafana/pkg/api/response"
|
||||||
)
|
)
|
||||||
|
|
||||||
type searchFunc = func(request *ldap.SearchRequest) (*ldap.SearchResult, error)
|
type searchFunc = func(request *ldap.SearchRequest) (*ldap.SearchResult, error)
|
||||||
|
@ -8,6 +8,9 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/services/ldap"
|
"github.com/grafana/grafana/pkg/services/ldap"
|
||||||
|
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
//TODO(sh0rez): remove once import cycle resolved
|
||||||
|
_ "github.com/grafana/grafana/pkg/api/response"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestMultiLDAP(t *testing.T) {
|
func TestMultiLDAP(t *testing.T) {
|
||||||
|
@ -15,6 +15,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
"github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||||
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
accesscontrolmock "github.com/grafana/grafana/pkg/services/accesscontrol/mock"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||||
"github.com/grafana/grafana/pkg/services/serviceaccounts"
|
"github.com/grafana/grafana/pkg/services/serviceaccounts"
|
||||||
"github.com/grafana/grafana/pkg/services/serviceaccounts/database"
|
"github.com/grafana/grafana/pkg/services/serviceaccounts/database"
|
||||||
@ -238,6 +239,9 @@ func setupTestServer(t *testing.T, svc *tests.ServiceAccountMock,
|
|||||||
Logger: log.New("serviceaccounts-test"),
|
Logger: log.New("serviceaccounts-test"),
|
||||||
}
|
}
|
||||||
c.Map(ctx)
|
c.Map(ctx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), ctx))
|
||||||
|
c.Map(c.Req)
|
||||||
})
|
})
|
||||||
a.RouterRegister.Register(m.Router)
|
a.RouterRegister.Register(m.Router)
|
||||||
return m, a
|
return m, a
|
||||||
|
@ -19,9 +19,10 @@
|
|||||||
package web
|
package web
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
_ "unsafe"
|
||||||
|
|
||||||
"context"
|
"context"
|
||||||
"net/http"
|
"net/http"
|
||||||
"reflect"
|
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -47,31 +48,14 @@ func Version() string {
|
|||||||
// and panics if an argument could not be fulfilled via dependency injection.
|
// and panics if an argument could not be fulfilled via dependency injection.
|
||||||
type Handler interface{}
|
type Handler interface{}
|
||||||
|
|
||||||
// handlerFuncInvoker is an inject.FastInvoker wrapper of func(http.ResponseWriter, *http.Request).
|
//go:linkname hack_wrap github.com/grafana/grafana/pkg/api/response.wrap_handler
|
||||||
type handlerFuncInvoker func(http.ResponseWriter, *http.Request)
|
func hack_wrap(Handler) http.HandlerFunc
|
||||||
|
|
||||||
func (invoke handlerFuncInvoker) Invoke(params []interface{}) ([]reflect.Value, error) {
|
|
||||||
invoke(params[0].(http.ResponseWriter), params[1].(*http.Request))
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// validateAndWrapHandler makes sure a handler is a callable function, it panics if not.
|
// validateAndWrapHandler makes sure a handler is a callable function, it panics if not.
|
||||||
// When the handler is also potential to be any built-in inject.FastInvoker,
|
// When the handler is also potential to be any built-in inject.FastInvoker,
|
||||||
// it wraps the handler automatically to have some performance gain.
|
// it wraps the handler automatically to have some performance gain.
|
||||||
func validateAndWrapHandler(h Handler) Handler {
|
func validateAndWrapHandler(h Handler) Handler {
|
||||||
if reflect.TypeOf(h).Kind() != reflect.Func {
|
return hack_wrap(h)
|
||||||
panic("Macaron handler must be a callable function")
|
|
||||||
}
|
|
||||||
|
|
||||||
if !IsFastInvoker(h) {
|
|
||||||
switch v := h.(type) {
|
|
||||||
case func(*Context):
|
|
||||||
return ContextInvoker(v)
|
|
||||||
case func(http.ResponseWriter, *http.Request):
|
|
||||||
return handlerFuncInvoker(v)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return h
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// validateAndWrapHandlers preforms validation and wrapping for each input handler.
|
// validateAndWrapHandlers preforms validation and wrapping for each input handler.
|
||||||
|
2
pkg/web/macaron.s
Normal file
2
pkg/web/macaron.s
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
// ./hack/hack.go pushes its Wrap function as hack_wrap into this package.
|
||||||
|
// This .s file is required to allow hack_wrap to be defined without having a function body.
|
@ -11,6 +11,7 @@ import (
|
|||||||
"github.com/grafana/grafana/pkg/api/routing"
|
"github.com/grafana/grafana/pkg/api/routing"
|
||||||
"github.com/grafana/grafana/pkg/infra/log"
|
"github.com/grafana/grafana/pkg/infra/log"
|
||||||
"github.com/grafana/grafana/pkg/models"
|
"github.com/grafana/grafana/pkg/models"
|
||||||
|
"github.com/grafana/grafana/pkg/services/contexthandler/ctxkey"
|
||||||
"github.com/grafana/grafana/pkg/web"
|
"github.com/grafana/grafana/pkg/web"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -33,6 +34,9 @@ func NewServer(t testing.TB, routeRegister routing.RouteRegister) *Server {
|
|||||||
initCtx.Context = c
|
initCtx.Context = c
|
||||||
initCtx.Logger = log.New("api-test")
|
initCtx.Logger = log.New("api-test")
|
||||||
c.Map(initCtx)
|
c.Map(initCtx)
|
||||||
|
|
||||||
|
c.Req = c.Req.WithContext(ctxkey.Set(c.Req.Context(), initCtx))
|
||||||
|
c.Map(c.Req)
|
||||||
})
|
})
|
||||||
|
|
||||||
m.Use(requestContextMiddleware())
|
m.Use(requestContextMiddleware())
|
||||||
|
Loading…
Reference in New Issue
Block a user