12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075 |
- // Copyright (C) 2014 The Syncthing Authors.
- //
- // This Source Code Form is subject to the terms of the Mozilla Public
- // License, v. 2.0. If a copy of the MPL was not distributed with this file,
- // You can obtain one at https://mozilla.org/MPL/2.0/.
- package api
- import (
- "bytes"
- "context"
- "crypto/tls"
- "crypto/x509"
- "encoding/json"
- "errors"
- "fmt"
- "io"
- "log"
- "net"
- "net/http"
- "net/url"
- "os"
- "path/filepath"
- "reflect"
- "runtime"
- "runtime/pprof"
- "sort"
- "strconv"
- "strings"
- "time"
- "unicode"
- "github.com/calmh/incontainer"
- "github.com/julienschmidt/httprouter"
- "github.com/prometheus/client_golang/prometheus/promhttp"
- "github.com/rcrowley/go-metrics"
- "github.com/thejerf/suture/v4"
- "github.com/vitrun/qart/qr"
- "golang.org/x/text/runes"
- "golang.org/x/text/transform"
- "golang.org/x/text/unicode/norm"
- "github.com/syncthing/syncthing/lib/build"
- "github.com/syncthing/syncthing/lib/config"
- "github.com/syncthing/syncthing/lib/connections"
- "github.com/syncthing/syncthing/lib/db"
- "github.com/syncthing/syncthing/lib/discover"
- "github.com/syncthing/syncthing/lib/events"
- "github.com/syncthing/syncthing/lib/fs"
- "github.com/syncthing/syncthing/lib/locations"
- "github.com/syncthing/syncthing/lib/logger"
- "github.com/syncthing/syncthing/lib/model"
- "github.com/syncthing/syncthing/lib/protocol"
- "github.com/syncthing/syncthing/lib/rand"
- "github.com/syncthing/syncthing/lib/svcutil"
- "github.com/syncthing/syncthing/lib/sync"
- "github.com/syncthing/syncthing/lib/tlsutil"
- "github.com/syncthing/syncthing/lib/upgrade"
- "github.com/syncthing/syncthing/lib/ur"
- )
- const (
- // Default mask excludes these very noisy event types to avoid filling the pipe.
- // FIXME: ItemStarted and ItemFinished should be excluded for the same reason.
- DefaultEventMask = events.AllEvents &^ events.LocalChangeDetected &^ events.RemoteChangeDetected
- DiskEventMask = events.LocalChangeDetected | events.RemoteChangeDetected
- EventSubBufferSize = 1000
- defaultEventTimeout = time.Minute
- httpsCertLifetimeDays = 820
- )
- type service struct {
- suture.Service
- id protocol.DeviceID
- cfg config.Wrapper
- statics *staticsServer
- model model.Model
- eventSubs map[events.EventType]events.BufferedSubscription
- eventSubsMut sync.Mutex
- evLogger events.Logger
- discoverer discover.Manager
- connectionsService connections.Service
- fss model.FolderSummaryService
- urService *ur.Service
- noUpgrade bool
- tlsDefaultCommonName string
- configChanged chan struct{} // signals intentional listener close due to config change
- started chan string // signals startup complete by sending the listener address, for testing only
- startedOnce chan struct{} // the service has started successfully at least once
- startupErr error
- listenerAddr net.Addr
- exitChan chan *svcutil.FatalErr
- miscDB *db.NamespacedKV
- guiErrors logger.Recorder
- systemLog logger.Recorder
- }
- var _ config.Verifier = &service{}
- type Service interface {
- suture.Service
- config.Committer
- WaitForStart() error
- }
- func New(id protocol.DeviceID, cfg config.Wrapper, assetDir, tlsDefaultCommonName string, m model.Model, defaultSub, diskSub events.BufferedSubscription, evLogger events.Logger, discoverer discover.Manager, connectionsService connections.Service, urService *ur.Service, fss model.FolderSummaryService, errors, systemLog logger.Recorder, noUpgrade bool, miscDB *db.NamespacedKV) Service {
- return &service{
- id: id,
- cfg: cfg,
- statics: newStaticsServer(cfg.GUI().Theme, assetDir),
- model: m,
- eventSubs: map[events.EventType]events.BufferedSubscription{
- DefaultEventMask: defaultSub,
- DiskEventMask: diskSub,
- },
- eventSubsMut: sync.NewMutex(),
- evLogger: evLogger,
- discoverer: discoverer,
- connectionsService: connectionsService,
- fss: fss,
- urService: urService,
- guiErrors: errors,
- systemLog: systemLog,
- noUpgrade: noUpgrade,
- tlsDefaultCommonName: tlsDefaultCommonName,
- configChanged: make(chan struct{}),
- startedOnce: make(chan struct{}),
- exitChan: make(chan *svcutil.FatalErr, 1),
- miscDB: miscDB,
- }
- }
- func (s *service) WaitForStart() error {
- <-s.startedOnce
- return s.startupErr
- }
- func (s *service) getListener(guiCfg config.GUIConfiguration) (net.Listener, error) {
- httpsCertFile := locations.Get(locations.HTTPSCertFile)
- httpsKeyFile := locations.Get(locations.HTTPSKeyFile)
- cert, err := tls.LoadX509KeyPair(httpsCertFile, httpsKeyFile)
- // If the certificate has expired or will expire in the next month, fail
- // it and generate a new one.
- if err == nil {
- err = shouldRegenerateCertificate(cert)
- }
- if err != nil {
- l.Infoln("Loading HTTPS certificate:", err)
- l.Infoln("Creating new HTTPS certificate")
- // When generating the HTTPS certificate, use the system host name per
- // default. If that isn't available, use the "syncthing" default.
- var name string
- name, err = os.Hostname()
- if err != nil {
- name = s.tlsDefaultCommonName
- }
- name, err = sanitizedHostname(name)
- if err != nil {
- name = s.tlsDefaultCommonName
- }
- cert, err = tlsutil.NewCertificate(httpsCertFile, httpsKeyFile, name, httpsCertLifetimeDays)
- }
- if err != nil {
- return nil, err
- }
- tlsCfg := tlsutil.SecureDefaultWithTLS12()
- tlsCfg.Certificates = []tls.Certificate{cert}
- if guiCfg.Network() == "unix" {
- // When listening on a UNIX socket we should unlink before bind,
- // lest we get a "bind: address already in use". We don't
- // particularly care if this succeeds or not.
- os.Remove(guiCfg.Address())
- }
- rawListener, err := net.Listen(guiCfg.Network(), guiCfg.Address())
- if err != nil {
- return nil, err
- }
- if guiCfg.Network() == "unix" && guiCfg.UnixSocketPermissions() != 0 {
- // We should error if this fails under the assumption that these permissions are
- // required for operation.
- err = os.Chmod(guiCfg.Address(), guiCfg.UnixSocketPermissions())
- if err != nil {
- return nil, err
- }
- }
- listener := &tlsutil.DowngradingListener{
- Listener: rawListener,
- TLSConfig: tlsCfg,
- }
- return listener, nil
- }
- func sendJSON(w http.ResponseWriter, jsonObject interface{}) {
- w.Header().Set("Content-Type", "application/json; charset=utf-8")
- // Marshalling might fail, in which case we should return a 500 with the
- // actual error.
- bs, err := json.MarshalIndent(jsonObject, "", " ")
- if err != nil {
- // This Marshal() can't fail though.
- bs, _ = json.Marshal(map[string]string{"error": err.Error()})
- http.Error(w, string(bs), http.StatusInternalServerError)
- return
- }
- fmt.Fprintf(w, "%s\n", bs)
- }
- func (s *service) Serve(ctx context.Context) error {
- listener, err := s.getListener(s.cfg.GUI())
- if err != nil {
- select {
- case <-s.startedOnce:
- // We let this be a loud user-visible warning as it may be the only
- // indication they get that the GUI won't be available.
- l.Warnln("Starting API/GUI:", err)
- default:
- // This is during initialization. A failure here should be fatal
- // as there will be no way for the user to communicate with us
- // otherwise anyway.
- s.startupErr = err
- close(s.startedOnce)
- }
- return err
- }
- if listener == nil {
- // Not much we can do here other than exit quickly. The supervisor
- // will log an error at some point.
- return nil
- }
- s.listenerAddr = listener.Addr()
- defer listener.Close()
- s.cfg.Subscribe(s)
- defer s.cfg.Unsubscribe(s)
- restMux := httprouter.New()
- // The GET handlers
- restMux.HandlerFunc(http.MethodGet, "/rest/cluster/pending/devices", s.getPendingDevices) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/cluster/pending/folders", s.getPendingFolders) // [device]
- restMux.HandlerFunc(http.MethodGet, "/rest/db/completion", s.getDBCompletion) // [device] [folder]
- restMux.HandlerFunc(http.MethodGet, "/rest/db/file", s.getDBFile) // folder file
- restMux.HandlerFunc(http.MethodGet, "/rest/db/ignores", s.getDBIgnores) // folder
- restMux.HandlerFunc(http.MethodGet, "/rest/db/need", s.getDBNeed) // folder [perpage] [page]
- restMux.HandlerFunc(http.MethodGet, "/rest/db/remoteneed", s.getDBRemoteNeed) // device folder [perpage] [page]
- restMux.HandlerFunc(http.MethodGet, "/rest/db/localchanged", s.getDBLocalChanged) // folder [perpage] [page]
- restMux.HandlerFunc(http.MethodGet, "/rest/db/status", s.getDBStatus) // folder
- restMux.HandlerFunc(http.MethodGet, "/rest/db/browse", s.getDBBrowse) // folder [prefix] [dirsonly] [levels]
- restMux.HandlerFunc(http.MethodGet, "/rest/folder/versions", s.getFolderVersions) // folder
- restMux.HandlerFunc(http.MethodGet, "/rest/folder/errors", s.getFolderErrors) // folder [perpage] [page]
- restMux.HandlerFunc(http.MethodGet, "/rest/folder/pullerrors", s.getFolderErrors) // folder (deprecated)
- restMux.HandlerFunc(http.MethodGet, "/rest/events", s.getIndexEvents) // [since] [limit] [timeout] [events]
- restMux.HandlerFunc(http.MethodGet, "/rest/events/disk", s.getDiskEvents) // [since] [limit] [timeout]
- restMux.HandlerFunc(http.MethodGet, "/rest/noauth/health", s.getHealth) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/stats/device", s.getDeviceStats) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/stats/folder", s.getFolderStats) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/svc/deviceid", s.getDeviceID) // id
- restMux.HandlerFunc(http.MethodGet, "/rest/svc/lang", s.getLang) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/svc/report", s.getReport) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/svc/random/string", s.getRandomString) // [length]
- restMux.HandlerFunc(http.MethodGet, "/rest/system/browse", s.getSystemBrowse) // current
- restMux.HandlerFunc(http.MethodGet, "/rest/system/connections", s.getSystemConnections) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/discovery", s.getSystemDiscovery) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/error", s.getSystemError) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/paths", s.getSystemPaths) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/ping", s.restPing) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/status", s.getSystemStatus) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/upgrade", s.getSystemUpgrade) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/version", s.getSystemVersion) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/debug", s.getSystemDebug) // -
- restMux.HandlerFunc(http.MethodGet, "/rest/system/log", s.getSystemLog) // [since]
- restMux.HandlerFunc(http.MethodGet, "/rest/system/log.txt", s.getSystemLogTxt) // [since]
- // The POST handlers
- restMux.HandlerFunc(http.MethodPost, "/rest/db/prio", s.postDBPrio) // folder file
- restMux.HandlerFunc(http.MethodPost, "/rest/db/ignores", s.postDBIgnores) // folder
- restMux.HandlerFunc(http.MethodPost, "/rest/db/override", s.postDBOverride) // folder
- restMux.HandlerFunc(http.MethodPost, "/rest/db/revert", s.postDBRevert) // folder
- restMux.HandlerFunc(http.MethodPost, "/rest/db/scan", s.postDBScan) // folder [sub...] [delay]
- restMux.HandlerFunc(http.MethodPost, "/rest/folder/versions", s.postFolderVersionsRestore) // folder <body>
- restMux.HandlerFunc(http.MethodPost, "/rest/system/error", s.postSystemError) // <body>
- restMux.HandlerFunc(http.MethodPost, "/rest/system/error/clear", s.postSystemErrorClear) // -
- restMux.HandlerFunc(http.MethodPost, "/rest/system/ping", s.restPing) // -
- restMux.HandlerFunc(http.MethodPost, "/rest/system/reset", s.postSystemReset) // [folder]
- restMux.HandlerFunc(http.MethodPost, "/rest/system/restart", s.postSystemRestart) // -
- restMux.HandlerFunc(http.MethodPost, "/rest/system/shutdown", s.postSystemShutdown) // -
- restMux.HandlerFunc(http.MethodPost, "/rest/system/upgrade", s.postSystemUpgrade) // -
- restMux.HandlerFunc(http.MethodPost, "/rest/system/pause", s.makeDevicePauseHandler(true)) // [device]
- restMux.HandlerFunc(http.MethodPost, "/rest/system/resume", s.makeDevicePauseHandler(false)) // [device]
- restMux.HandlerFunc(http.MethodPost, "/rest/system/debug", s.postSystemDebug) // [enable] [disable]
- // The DELETE handlers
- restMux.HandlerFunc(http.MethodDelete, "/rest/cluster/pending/devices", s.deletePendingDevices) // device
- restMux.HandlerFunc(http.MethodDelete, "/rest/cluster/pending/folders", s.deletePendingFolders) // folder [device]
- // Config endpoints
- configBuilder := &configMuxBuilder{
- Router: restMux,
- id: s.id,
- cfg: s.cfg,
- }
- configBuilder.registerConfig("/rest/config")
- configBuilder.registerConfigInsync("/rest/config/insync") // deprecated
- configBuilder.registerConfigRequiresRestart("/rest/config/restart-required")
- configBuilder.registerFolders("/rest/config/folders")
- configBuilder.registerDevices("/rest/config/devices")
- configBuilder.registerFolder("/rest/config/folders/:id")
- configBuilder.registerDevice("/rest/config/devices/:id")
- configBuilder.registerDefaultFolder("/rest/config/defaults/folder")
- configBuilder.registerDefaultDevice("/rest/config/defaults/device")
- configBuilder.registerDefaultIgnores("/rest/config/defaults/ignores")
- configBuilder.registerOptions("/rest/config/options")
- configBuilder.registerLDAP("/rest/config/ldap")
- configBuilder.registerGUI("/rest/config/gui")
- // Deprecated config endpoints
- configBuilder.registerConfigDeprecated("/rest/system/config") // POST instead of PUT
- configBuilder.registerConfigInsync("/rest/system/config/insync")
- // Debug endpoints, not for general use
- debugMux := http.NewServeMux()
- debugMux.HandleFunc("/rest/debug/peerCompletion", s.getPeerCompletion)
- debugMux.HandleFunc("/rest/debug/httpmetrics", s.getSystemHTTPMetrics)
- debugMux.HandleFunc("/rest/debug/cpuprof", s.getCPUProf) // duration
- debugMux.HandleFunc("/rest/debug/heapprof", s.getHeapProf)
- debugMux.HandleFunc("/rest/debug/support", s.getSupportBundle)
- debugMux.HandleFunc("/rest/debug/file", s.getDebugFile)
- restMux.Handler(http.MethodGet, "/rest/debug/*method", s.whenDebugging(debugMux))
- // A handler that disables caching
- noCacheRestMux := noCacheMiddleware(metricsMiddleware(restMux))
- // The main routing handler
- mux := http.NewServeMux()
- mux.Handle("/rest/", noCacheRestMux)
- mux.HandleFunc("/qr/", s.getQR)
- // Serve compiled in assets unless an asset directory was set (for development)
- mux.Handle("/", s.statics)
- // Handle the special meta.js path
- mux.Handle("/meta.js", noCacheMiddleware(http.HandlerFunc(s.getJSMetadata)))
- // Handle Prometheus metrics
- promHttpHandler := promhttp.Handler()
- mux.Handle("/metrics", promHttpHandler)
- guiCfg := s.cfg.GUI()
- // Wrap everything in CSRF protection. The /rest prefix should be
- // protected, other requests will grant cookies.
- var handler http.Handler = newCsrfManager(s.id.Short().String(), "/rest", guiCfg, mux, s.miscDB)
- // Add our version and ID as a header to responses
- handler = withDetailsMiddleware(s.id, handler)
- // Wrap everything in basic auth, if user/password is set.
- if guiCfg.IsAuthEnabled() {
- sessionCookieName := "sessionid-" + s.id.Short().String()
- authMW := newBasicAuthAndSessionMiddleware(sessionCookieName, s.id.Short().String(), guiCfg, s.cfg.LDAP(), handler, s.evLogger, s.miscDB)
- handler = authMW
- restMux.Handler(http.MethodPost, "/rest/noauth/auth/password", http.HandlerFunc(authMW.passwordAuthHandler))
- // Logout is a no-op without a valid session cookie, so /noauth/ is fine here
- restMux.Handler(http.MethodPost, "/rest/noauth/auth/logout", http.HandlerFunc(authMW.handleLogout))
- }
- // Redirect to HTTPS if we are supposed to
- if guiCfg.UseTLS() {
- handler = redirectToHTTPSMiddleware(handler)
- }
- // Add the CORS handling
- handler = corsMiddleware(handler, guiCfg.InsecureAllowFrameLoading)
- if addressIsLocalhost(guiCfg.Address()) && !guiCfg.InsecureSkipHostCheck {
- // Verify source host
- handler = localhostMiddleware(handler)
- }
- handler = debugMiddleware(handler)
- srv := http.Server{
- Handler: handler,
- // ReadTimeout must be longer than SyncthingController $scope.refresh
- // interval to avoid HTTP keepalive/GUI refresh race.
- ReadTimeout: 15 * time.Second,
- // Prevent the HTTP server from logging stuff on its own. The things we
- // care about we log ourselves from the handlers.
- ErrorLog: log.New(io.Discard, "", 0),
- }
- l.Infoln("GUI and API listening on", listener.Addr())
- l.Infoln("Access the GUI via the following URL:", guiCfg.URL())
- if s.started != nil {
- // only set when run by the tests
- select {
- case <-ctx.Done(): // Shouldn't return directly due to cleanup below
- case s.started <- listener.Addr().String():
- }
- }
- // Indicate successful initial startup, to ourselves and to interested
- // listeners (i.e. the thing that starts the browser).
- select {
- case <-s.startedOnce:
- default:
- close(s.startedOnce)
- }
- // Serve in the background
- serveError := make(chan error, 1)
- go func() {
- select {
- case serveError <- srv.Serve(listener):
- case <-ctx.Done():
- }
- }()
- // Wait for stop, restart or error signals
- err = nil
- select {
- case <-ctx.Done():
- // Shutting down permanently
- l.Debugln("shutting down (stop)")
- case <-s.configChanged:
- // Soft restart due to configuration change
- l.Debugln("restarting (config changed)")
- case err = <-s.exitChan:
- case err = <-serveError:
- // Restart due to listen/serve failure
- l.Warnln("GUI/API:", err, "(restarting)")
- }
- // Give it a moment to shut down gracefully, e.g. if we are restarting
- // due to a config change through the API, let that finish successfully.
- timeout, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond)
- defer cancel()
- if err := srv.Shutdown(timeout); err == timeout.Err() {
- srv.Close()
- }
- return err
- }
- // Complete implements suture.IsCompletable, which signifies to the supervisor
- // whether to stop restarting the service.
- func (s *service) Complete() bool {
- select {
- case <-s.startedOnce:
- return s.startupErr != nil
- default:
- }
- return false
- }
- func (s *service) String() string {
- return fmt.Sprintf("api.service@%p", s)
- }
- func (*service) VerifyConfiguration(_, to config.Configuration) error {
- if to.GUI.Network() != "tcp" {
- return nil
- }
- _, err := net.ResolveTCPAddr("tcp", to.GUI.Address())
- return err
- }
- func (s *service) CommitConfiguration(from, to config.Configuration) bool {
- // No action required when this changes, so mask the fact that it changed at all.
- from.GUI.Debugging = to.GUI.Debugging
- if to.GUI == from.GUI {
- // No GUI changes, we're done here.
- return true
- }
- if to.GUI.Theme != from.GUI.Theme {
- s.statics.setTheme(to.GUI.Theme)
- }
- // Tell the serve loop to restart
- s.configChanged <- struct{}{}
- return true
- }
- func (s *service) fatal(err *svcutil.FatalErr) {
- // s.exitChan is 1-buffered and whoever is first gets handled.
- select {
- case s.exitChan <- err:
- default:
- }
- }
- func debugMiddleware(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- t0 := time.Now()
- h.ServeHTTP(w, r)
- if shouldDebugHTTP() {
- ms := 1000 * time.Since(t0).Seconds()
- // The variable `w` is most likely a *http.response, which we can't do
- // much with since it's a non exported type. We can however peek into
- // it with reflection to get at the status code and number of bytes
- // written.
- var status, written int64
- if rw := reflect.Indirect(reflect.ValueOf(w)); rw.IsValid() && rw.Kind() == reflect.Struct {
- if rf := rw.FieldByName("status"); rf.IsValid() && rf.Kind() == reflect.Int {
- status = rf.Int()
- }
- if rf := rw.FieldByName("written"); rf.IsValid() && rf.Kind() == reflect.Int64 {
- written = rf.Int()
- }
- }
- l.Debugf("http: %s %q: status %d, %d bytes in %.02f ms", r.Method, r.URL.String(), status, written, ms)
- }
- })
- }
- func corsMiddleware(next http.Handler, allowFrameLoading bool) http.Handler {
- // Handle CORS headers and CORS OPTIONS request.
- // CORS OPTIONS request are typically sent by browser during AJAX preflight
- // when the browser initiate a POST request.
- //
- // As the OPTIONS request is unauthorized, this handler must be the first
- // of the chain (hence added at the end).
- //
- // See https://www.w3.org/TR/cors/ for details.
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- // Process OPTIONS requests
- if r.Method == "OPTIONS" {
- // Add a generous access-control-allow-origin header for CORS requests
- w.Header().Add("Access-Control-Allow-Origin", "*")
- // Only GET/POST/OPTIONS Methods are supported
- w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS")
- // Only these headers can be set
- w.Header().Set("Access-Control-Allow-Headers", "Content-Type, X-API-Key")
- // The request is meant to be cached 10 minutes
- w.Header().Set("Access-Control-Max-Age", "600")
- // Indicate that no content will be returned
- w.WriteHeader(204)
- return
- }
- // Other security related headers that should be present.
- // https://www.owasp.org/index.php/Security_Headers
- if !allowFrameLoading {
- // We don't want to be rendered in an <iframe>,
- // <frame> or <object>. (Unless we do it ourselves.
- // This is also an escape hatch for people who serve
- // Syncthing GUI as part of their own website
- // through a proxy, so they don't need to set the
- // allowFrameLoading bool.)
- w.Header().Set("X-Frame-Options", "SAMEORIGIN")
- }
- // If the browser senses an XSS attack it's allowed to take
- // action. (How this would not always be the default I
- // don't fully understand.)
- w.Header().Set("X-XSS-Protection", "1; mode=block")
- // Our content type headers are correct. Don't guess.
- w.Header().Set("X-Content-Type-Options", "nosniff")
- // For everything else, pass to the next handler
- next.ServeHTTP(w, r)
- })
- }
- func metricsMiddleware(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- t := metrics.GetOrRegisterTimer(r.URL.Path, nil)
- t0 := time.Now()
- h.ServeHTTP(w, r)
- t.UpdateSince(t0)
- })
- }
- func redirectToHTTPSMiddleware(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if r.TLS == nil {
- // Redirect HTTP requests to HTTPS
- r.URL.Host = r.Host
- r.URL.Scheme = "https"
- http.Redirect(w, r, r.URL.String(), http.StatusTemporaryRedirect)
- } else {
- h.ServeHTTP(w, r)
- }
- })
- }
- func noCacheMiddleware(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("Cache-Control", "max-age=0, no-cache, no-store")
- w.Header().Set("Expires", time.Now().UTC().Format(http.TimeFormat))
- w.Header().Set("Pragma", "no-cache")
- h.ServeHTTP(w, r)
- })
- }
- func withDetailsMiddleware(id protocol.DeviceID, h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("X-Syncthing-Version", build.Version)
- w.Header().Set("X-Syncthing-ID", id.String())
- h.ServeHTTP(w, r)
- })
- }
- func localhostMiddleware(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if addressIsLocalhost(r.Host) {
- h.ServeHTTP(w, r)
- return
- }
- http.Error(w, "Host check error", http.StatusForbidden)
- })
- }
- func (s *service) whenDebugging(h http.Handler) http.Handler {
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
- if s.cfg.GUI().Debugging {
- h.ServeHTTP(w, r)
- return
- }
- http.Error(w, "Debugging disabled", http.StatusForbidden)
- })
- }
- func (s *service) getPendingDevices(w http.ResponseWriter, _ *http.Request) {
- devices, err := s.model.PendingDevices()
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- sendJSON(w, devices)
- }
- func (s *service) deletePendingDevices(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- device := qs.Get("device")
- deviceID, err := protocol.DeviceIDFromString(device)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- if err := s.model.DismissPendingDevice(deviceID); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- }
- func (s *service) getPendingFolders(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- device := qs.Get("device")
- deviceID, err := protocol.DeviceIDFromString(device)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- folders, err := s.model.PendingFolders(deviceID)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- sendJSON(w, folders)
- }
- func (s *service) deletePendingFolders(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- device := qs.Get("device")
- deviceID, err := protocol.DeviceIDFromString(device)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- folderID := qs.Get("folder")
- if err := s.model.DismissPendingFolder(deviceID, folderID); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- }
- func (*service) restPing(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, map[string]string{"ping": "pong"})
- }
- func (*service) getSystemPaths(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, locations.ListExpandedPaths())
- }
- func (s *service) getJSMetadata(w http.ResponseWriter, _ *http.Request) {
- meta, _ := json.Marshal(map[string]interface{}{
- "deviceID": s.id.String(),
- "deviceIDShort": s.id.Short().String(),
- "authenticated": true,
- })
- w.Header().Set("Content-Type", "application/javascript")
- fmt.Fprintf(w, "var metadata = %s;\n", meta)
- }
- func (*service) getSystemVersion(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, map[string]interface{}{
- "version": build.Version,
- "codename": build.Codename,
- "longVersion": build.LongVersion,
- "extra": build.Extra,
- "os": runtime.GOOS,
- "arch": runtime.GOARCH,
- "isBeta": build.IsBeta,
- "isCandidate": build.IsCandidate,
- "isRelease": build.IsRelease,
- "date": build.Date,
- "tags": build.TagsList(),
- "stamp": build.Stamp,
- "user": build.User,
- "container": incontainer.Detect(),
- })
- }
- func (*service) getSystemDebug(w http.ResponseWriter, _ *http.Request) {
- names := l.Facilities()
- enabled := l.FacilityDebugging()
- sort.Strings(enabled)
- sendJSON(w, map[string]interface{}{
- "facilities": names,
- "enabled": enabled,
- })
- }
- func (*service) postSystemDebug(w http.ResponseWriter, r *http.Request) {
- w.Header().Set("Content-Type", "application/json; charset=utf-8")
- q := r.URL.Query()
- for _, f := range strings.Split(q.Get("enable"), ",") {
- if f == "" || l.ShouldDebug(f) {
- continue
- }
- l.SetDebug(f, true)
- l.Infof("Enabled debug data for %q", f)
- }
- for _, f := range strings.Split(q.Get("disable"), ",") {
- if f == "" || !l.ShouldDebug(f) {
- continue
- }
- l.SetDebug(f, false)
- l.Infof("Disabled debug data for %q", f)
- }
- }
- func (s *service) getDBBrowse(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- prefix := qs.Get("prefix")
- dirsOnly := qs.Get("dirsonly") != ""
- levels, err := strconv.Atoi(qs.Get("levels"))
- if err != nil {
- levels = -1
- }
- result, err := s.model.GlobalDirectoryTree(folder, prefix, levels, dirsOnly)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- sendJSON(w, result)
- }
- func (s *service) getDBCompletion(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder") // empty means all folders
- deviceStr := qs.Get("device") // empty means local device ID
- // We will check completion status for either the local device, or a
- // specific given device ID.
- device := protocol.LocalDeviceID
- if deviceStr != "" {
- var err error
- device, err = protocol.DeviceIDFromString(deviceStr)
- if err != nil {
- http.Error(w, err.Error(), http.StatusBadRequest)
- return
- }
- }
- if comp, err := s.model.Completion(device, folder); err != nil {
- status := http.StatusInternalServerError
- if isFolderNotFound(err) {
- status = http.StatusNotFound
- }
- http.Error(w, err.Error(), status)
- } else {
- sendJSON(w, comp.Map())
- }
- }
- func (s *service) getDBStatus(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- if sum, err := s.fss.Summary(folder); err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- } else {
- sendJSON(w, sum)
- }
- }
- func (s *service) postDBOverride(_ http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- go s.model.Override(folder)
- }
- func (s *service) postDBRevert(_ http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- go s.model.Revert(folder)
- }
- func getPagingParams(qs url.Values) (int, int) {
- page, err := strconv.Atoi(qs.Get("page"))
- if err != nil || page < 1 {
- page = 1
- }
- perpage, err := strconv.Atoi(qs.Get("perpage"))
- if err != nil || perpage < 1 {
- perpage = 1 << 16
- }
- return page, perpage
- }
- func (s *service) getDBNeed(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- page, perpage := getPagingParams(qs)
- progress, queued, rest, err := s.model.NeedFolderFiles(folder, page, perpage)
- if err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- return
- }
- // Convert the struct to a more loose structure, and inject the size.
- sendJSON(w, map[string]interface{}{
- "progress": toJsonFileInfoSlice(progress),
- "queued": toJsonFileInfoSlice(queued),
- "rest": toJsonFileInfoSlice(rest),
- "page": page,
- "perpage": perpage,
- })
- }
- func (s *service) getDBRemoteNeed(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- device := qs.Get("device")
- deviceID, err := protocol.DeviceIDFromString(device)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- page, perpage := getPagingParams(qs)
- files, err := s.model.RemoteNeedFolderFiles(folder, deviceID, page, perpage)
- if err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- return
- }
- sendJSON(w, map[string]interface{}{
- "files": toJsonFileInfoSlice(files),
- "page": page,
- "perpage": perpage,
- })
- }
- func (s *service) getDBLocalChanged(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- page, perpage := getPagingParams(qs)
- files, err := s.model.LocalChangedFolderFiles(folder, page, perpage)
- if err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- return
- }
- sendJSON(w, map[string]interface{}{
- "files": toJsonFileInfoSlice(files),
- "page": page,
- "perpage": perpage,
- })
- }
- func (s *service) getSystemConnections(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, s.model.ConnectionStats())
- }
- func (s *service) getDeviceStats(w http.ResponseWriter, _ *http.Request) {
- stats, err := s.model.DeviceStatistics()
- if err != nil {
- http.Error(w, "Internal Server Error", http.StatusInternalServerError)
- return
- }
- sendJSON(w, stats)
- }
- func (s *service) getFolderStats(w http.ResponseWriter, _ *http.Request) {
- stats, err := s.model.FolderStatistics()
- if err != nil {
- http.Error(w, "Internal Server Error", http.StatusInternalServerError)
- return
- }
- sendJSON(w, stats)
- }
- func (s *service) getDBFile(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- file := qs.Get("file")
- errStatus := http.StatusInternalServerError
- gf, gfOk, err := s.model.CurrentGlobalFile(folder, file)
- if err != nil {
- if isFolderNotFound(err) {
- errStatus = http.StatusNotFound
- }
- http.Error(w, err.Error(), errStatus)
- return
- }
- lf, lfOk, err := s.model.CurrentFolderFile(folder, file)
- if err != nil {
- if isFolderNotFound(err) {
- errStatus = http.StatusNotFound
- }
- http.Error(w, err.Error(), errStatus)
- return
- }
- if !(gfOk || lfOk) {
- // This file for sure does not exist.
- http.Error(w, "No such object in the index", http.StatusNotFound)
- return
- }
- av, err := s.model.Availability(folder, gf, protocol.BlockInfo{})
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- mtimeMapping, mtimeErr := s.model.GetMtimeMapping(folder, file)
- sendJSON(w, map[string]interface{}{
- "global": jsonFileInfo(gf),
- "local": jsonFileInfo(lf),
- "availability": av,
- "mtime": map[string]interface{}{
- "err": mtimeErr,
- "value": mtimeMapping,
- },
- })
- }
- func (s *service) getDebugFile(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- file := qs.Get("file")
- snap, err := s.model.DBSnapshot(folder)
- if err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- return
- }
- mtimeMapping, mtimeErr := s.model.GetMtimeMapping(folder, file)
- lf, _ := snap.Get(protocol.LocalDeviceID, file)
- gf, _ := snap.GetGlobal(file)
- av := snap.Availability(file)
- vl := snap.DebugGlobalVersions(file)
- sendJSON(w, map[string]interface{}{
- "global": jsonFileInfo(gf),
- "local": jsonFileInfo(lf),
- "availability": av,
- "globalVersions": vl.String(),
- "mtime": map[string]interface{}{
- "err": mtimeErr,
- "value": mtimeMapping,
- },
- })
- }
- func (s *service) postSystemRestart(w http.ResponseWriter, _ *http.Request) {
- s.flushResponse(`{"ok": "restarting"}`, w)
- s.fatal(&svcutil.FatalErr{
- Err: errors.New("restart initiated by rest API"),
- Status: svcutil.ExitRestart,
- })
- }
- func (s *service) postSystemReset(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- if len(folder) > 0 {
- if _, ok := s.cfg.Folders()[folder]; !ok {
- http.Error(w, "Invalid folder ID", http.StatusInternalServerError)
- return
- }
- }
- if folder == "" {
- // Reset all folders.
- for folder := range s.cfg.Folders() {
- if err := s.model.ResetFolder(folder); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- }
- s.flushResponse(`{"ok": "resetting database"}`, w)
- } else {
- // Reset a specific folder, assuming it's supposed to exist.
- if err := s.model.ResetFolder(folder); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- s.flushResponse(`{"ok": "resetting folder `+folder+`"}`, w)
- }
- s.fatal(&svcutil.FatalErr{
- Err: errors.New("restart after db reset initiated by rest API"),
- Status: svcutil.ExitRestart,
- })
- }
- func (s *service) postSystemShutdown(w http.ResponseWriter, _ *http.Request) {
- s.flushResponse(`{"ok": "shutting down"}`, w)
- s.fatal(&svcutil.FatalErr{
- Err: errors.New("shutdown initiated by rest API"),
- Status: svcutil.ExitSuccess,
- })
- }
- func (*service) flushResponse(resp string, w http.ResponseWriter) {
- w.Write([]byte(resp + "\n"))
- f := w.(http.Flusher)
- f.Flush()
- }
- func (s *service) getSystemStatus(w http.ResponseWriter, _ *http.Request) {
- var m runtime.MemStats
- runtime.ReadMemStats(&m)
- tilde, _ := fs.ExpandTilde("~")
- res := make(map[string]interface{})
- res["myID"] = s.id.String()
- res["goroutines"] = runtime.NumGoroutine()
- res["alloc"] = m.Alloc
- res["sys"] = m.Sys - m.HeapReleased
- res["tilde"] = tilde
- if s.cfg.Options().LocalAnnEnabled || s.cfg.Options().GlobalAnnEnabled {
- res["discoveryEnabled"] = true
- discoStatus := s.discoverer.ChildErrors()
- res["discoveryStatus"] = discoveryStatusMap(discoStatus)
- res["discoveryMethods"] = len(discoStatus) // DEPRECATED: Redundant, only for backwards compatibility, should be removed.
- discoErrors := make(map[string]*string, len(discoStatus))
- for s, e := range discoStatus {
- if e != nil {
- discoErrors[s] = errorString(e)
- }
- }
- res["discoveryErrors"] = discoErrors // DEPRECATED: Redundant, only for backwards compatibility, should be removed.
- }
- res["connectionServiceStatus"] = s.connectionsService.ListenerStatus()
- res["lastDialStatus"] = s.connectionsService.ConnectionStatus()
- res["cpuPercent"] = 0 // deprecated from API
- res["pathSeparator"] = string(filepath.Separator)
- res["urVersionMax"] = ur.Version
- res["uptime"] = s.urService.UptimeS()
- res["startTime"] = ur.StartTime
- res["guiAddressOverridden"] = s.cfg.GUI().IsOverridden()
- res["guiAddressUsed"] = s.listenerAddr.String()
- sendJSON(w, res)
- }
- func (s *service) getSystemError(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, map[string][]logger.Line{
- "errors": s.guiErrors.Since(time.Time{}),
- })
- }
- func (*service) postSystemError(_ http.ResponseWriter, r *http.Request) {
- bs, _ := io.ReadAll(r.Body)
- r.Body.Close()
- l.Warnln(string(bs))
- }
- func (s *service) postSystemErrorClear(_ http.ResponseWriter, _ *http.Request) {
- s.guiErrors.Clear()
- }
- func (s *service) getSystemLog(w http.ResponseWriter, r *http.Request) {
- q := r.URL.Query()
- since, err := time.Parse(time.RFC3339, q.Get("since"))
- if err != nil {
- l.Debugln(err)
- }
- sendJSON(w, map[string][]logger.Line{
- "messages": s.systemLog.Since(since),
- })
- }
- func (s *service) getSystemLogTxt(w http.ResponseWriter, r *http.Request) {
- q := r.URL.Query()
- since, err := time.Parse(time.RFC3339, q.Get("since"))
- if err != nil {
- l.Debugln(err)
- }
- w.Header().Set("Content-Type", "text/plain; charset=utf-8")
- for _, line := range s.systemLog.Since(since) {
- fmt.Fprintf(w, "%s: %s\n", line.When.Format(time.RFC3339), line.Message)
- }
- }
- type fileEntry struct {
- name string
- data []byte
- }
- func (s *service) getSupportBundle(w http.ResponseWriter, r *http.Request) {
- var files []fileEntry
- // Redacted configuration as a JSON
- if jsonConfig, err := json.MarshalIndent(getRedactedConfig(s), "", " "); err != nil {
- l.Warnln("Support bundle: failed to create config.json:", err)
- } else {
- files = append(files, fileEntry{name: "config.json.txt", data: jsonConfig})
- }
- // Log as a text
- var buflog bytes.Buffer
- for _, line := range s.systemLog.Since(time.Time{}) {
- fmt.Fprintf(&buflog, "%s: %s\n", line.When.Format(time.RFC3339), line.Message)
- }
- files = append(files, fileEntry{name: "log-inmemory.txt", data: buflog.Bytes()})
- // Errors as a JSON
- if errs := s.guiErrors.Since(time.Time{}); len(errs) > 0 {
- if jsonError, err := json.MarshalIndent(errs, "", " "); err != nil {
- l.Warnln("Support bundle: failed to create errors.json:", err)
- } else {
- files = append(files, fileEntry{name: "errors.json.txt", data: jsonError})
- }
- }
- // Panic files
- if panicFiles, err := filepath.Glob(filepath.Join(locations.GetBaseDir(locations.ConfigBaseDir), "panic*")); err == nil {
- for _, f := range panicFiles {
- if panicFile, err := os.ReadFile(f); err != nil {
- l.Warnf("Support bundle: failed to load %s: %s", filepath.Base(f), err)
- } else {
- files = append(files, fileEntry{name: filepath.Base(f), data: panicFile})
- }
- }
- }
- // Archived log (default on Windows)
- if logFile, err := os.ReadFile(locations.Get(locations.LogFile)); err == nil {
- files = append(files, fileEntry{name: "log-ondisk.txt", data: logFile})
- }
- // Version and platform information as a JSON
- if versionPlatform, err := json.MarshalIndent(map[string]string{
- "now": time.Now().Format(time.RFC3339),
- "version": build.Version,
- "codename": build.Codename,
- "longVersion": build.LongVersion,
- "os": runtime.GOOS,
- "arch": runtime.GOARCH,
- }, "", " "); err == nil {
- files = append(files, fileEntry{name: "version-platform.json.txt", data: versionPlatform})
- } else {
- l.Warnln("Failed to create versionPlatform.json: ", err)
- }
- // Report Data as a JSON
- if r, err := s.urService.ReportDataPreview(r.Context(), ur.Version); err != nil {
- l.Warnln("Support bundle: failed to create usage-reporting.json.txt:", err)
- } else {
- if usageReportingData, err := json.MarshalIndent(r, "", " "); err != nil {
- l.Warnln("Support bundle: failed to serialize usage-reporting.json.txt", err)
- } else {
- files = append(files, fileEntry{name: "usage-reporting.json.txt", data: usageReportingData})
- }
- }
- // Metrics data as text
- buf := bytes.NewBuffer(nil)
- wr := bufferedResponseWriter{Writer: buf}
- promhttp.Handler().ServeHTTP(wr, &http.Request{Method: http.MethodGet})
- files = append(files, fileEntry{name: "metrics.txt", data: buf.Bytes()})
- // Connection data as JSON
- connStats := s.model.ConnectionStats()
- if connStatsJSON, err := json.MarshalIndent(connStats, "", " "); err != nil {
- l.Warnln("Support bundle: failed to serialize connection-stats.json.txt", err)
- } else {
- files = append(files, fileEntry{name: "connection-stats.json.txt", data: connStatsJSON})
- }
- // Heap and CPU Proofs as a pprof extension
- var heapBuffer, cpuBuffer bytes.Buffer
- filename := fmt.Sprintf("syncthing-heap-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, build.Version, time.Now().Format("150405")) // hhmmss
- runtime.GC()
- if err := pprof.WriteHeapProfile(&heapBuffer); err == nil {
- files = append(files, fileEntry{name: filename, data: heapBuffer.Bytes()})
- }
- const duration = 4 * time.Second
- filename = fmt.Sprintf("syncthing-cpu-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, build.Version, time.Now().Format("150405")) // hhmmss
- if err := pprof.StartCPUProfile(&cpuBuffer); err == nil {
- time.Sleep(duration)
- pprof.StopCPUProfile()
- files = append(files, fileEntry{name: filename, data: cpuBuffer.Bytes()})
- }
- // Add buffer files to buffer zip
- var zipFilesBuffer bytes.Buffer
- if err := writeZip(&zipFilesBuffer, files); err != nil {
- l.Warnln("Support bundle: failed to create support bundle zip:", err)
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- // Set zip file name and path
- zipFileName := fmt.Sprintf("support-bundle-%s-%s.zip", s.id.Short().String(), time.Now().Format("2006-01-02T150405"))
- zipFilePath := filepath.Join(locations.GetBaseDir(locations.ConfigBaseDir), zipFileName)
- // Write buffer zip to local zip file (back up)
- if err := os.WriteFile(zipFilePath, zipFilesBuffer.Bytes(), 0o600); err != nil {
- l.Warnln("Support bundle: support bundle zip could not be created:", err)
- }
- // Serve the buffer zip to client for download
- w.Header().Set("Content-Type", "application/zip")
- w.Header().Set("Content-Disposition", "attachment; filename="+zipFileName)
- io.Copy(w, &zipFilesBuffer)
- }
- func (*service) getSystemHTTPMetrics(w http.ResponseWriter, _ *http.Request) {
- stats := make(map[string]interface{})
- metrics.Each(func(name string, intf interface{}) {
- if m, ok := intf.(*metrics.StandardTimer); ok {
- pct := m.Percentiles([]float64{0.50, 0.95, 0.99})
- for i := range pct {
- pct[i] /= 1e6 // ns to ms
- }
- stats[name] = map[string]interface{}{
- "count": m.Count(),
- "sumMs": m.Sum() / 1e6, // ns to ms
- "ratesPerS": []float64{m.Rate1(), m.Rate5(), m.Rate15()},
- "percentilesMs": pct,
- }
- }
- })
- bs, _ := json.MarshalIndent(stats, "", " ")
- w.Write(bs)
- }
- func (s *service) getSystemDiscovery(w http.ResponseWriter, _ *http.Request) {
- devices := make(map[string]discover.CacheEntry)
- if s.discoverer != nil {
- // Device ids can't be marshalled as keys so we need to manually
- // rebuild this map using strings. Discoverer may be nil if discovery
- // has not started yet.
- for device, entry := range s.discoverer.Cache() {
- devices[device.String()] = entry
- }
- }
- sendJSON(w, devices)
- }
- func (s *service) getReport(w http.ResponseWriter, r *http.Request) {
- version := ur.Version
- if val, _ := strconv.Atoi(r.URL.Query().Get("version")); val > 0 {
- version = val
- }
- if r, err := s.urService.ReportDataPreview(context.TODO(), version); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- } else {
- sendJSON(w, r)
- }
- }
- func (*service) getRandomString(w http.ResponseWriter, r *http.Request) {
- length := 32
- if val, _ := strconv.Atoi(r.URL.Query().Get("length")); val > 0 {
- length = val
- }
- str := rand.String(length)
- sendJSON(w, map[string]string{"random": str})
- }
- func (s *service) getDBIgnores(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- lines, patterns, err := s.model.LoadIgnores(folder)
- sendJSON(w, map[string]interface{}{
- "ignore": lines,
- "expanded": patterns,
- "error": errorString(err),
- })
- }
- func (s *service) postDBIgnores(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- bs, err := io.ReadAll(r.Body)
- r.Body.Close()
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- var data map[string][]string
- err = json.Unmarshal(bs, &data)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- err = s.model.SetIgnores(qs.Get("folder"), data["ignore"])
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- s.getDBIgnores(w, r)
- }
- func (s *service) getIndexEvents(w http.ResponseWriter, r *http.Request) {
- mask := s.getEventMask(r.URL.Query().Get("events"))
- sub := s.getEventSub(mask)
- s.getEvents(w, r, sub)
- }
- func (s *service) getDiskEvents(w http.ResponseWriter, r *http.Request) {
- sub := s.getEventSub(DiskEventMask)
- s.getEvents(w, r, sub)
- }
- func (*service) getEvents(w http.ResponseWriter, r *http.Request, eventSub events.BufferedSubscription) {
- qs := r.URL.Query()
- sinceStr := qs.Get("since")
- limitStr := qs.Get("limit")
- timeoutStr := qs.Get("timeout")
- since, _ := strconv.Atoi(sinceStr)
- limit, _ := strconv.Atoi(limitStr)
- timeout := defaultEventTimeout
- if timeoutSec, timeoutErr := strconv.Atoi(timeoutStr); timeoutErr == nil && timeoutSec >= 0 { // 0 is a valid timeout
- timeout = time.Duration(timeoutSec) * time.Second
- }
- // Flush before blocking, to indicate that we've received the request and
- // that it should not be retried. Must set Content-Type header before
- // flushing.
- w.Header().Set("Content-Type", "application/json; charset=utf-8")
- f := w.(http.Flusher)
- f.Flush()
- // If there are no events available return an empty slice, as this gets serialized as `[]`
- evs := eventSub.Since(since, []events.Event{}, timeout)
- if 0 < limit && limit < len(evs) {
- evs = evs[len(evs)-limit:]
- }
- sendJSON(w, evs)
- }
- func (*service) getEventMask(evs string) events.EventType {
- eventMask := DefaultEventMask
- if evs != "" {
- eventList := strings.Split(evs, ",")
- eventMask = 0
- for _, ev := range eventList {
- eventMask |= events.UnmarshalEventType(strings.TrimSpace(ev))
- }
- }
- return eventMask
- }
- func (s *service) getEventSub(mask events.EventType) events.BufferedSubscription {
- s.eventSubsMut.Lock()
- bufsub, ok := s.eventSubs[mask]
- if !ok {
- evsub := s.evLogger.Subscribe(mask)
- bufsub = events.NewBufferedSubscription(evsub, EventSubBufferSize)
- s.eventSubs[mask] = bufsub
- }
- s.eventSubsMut.Unlock()
- return bufsub
- }
- func (s *service) getSystemUpgrade(w http.ResponseWriter, _ *http.Request) {
- if s.noUpgrade {
- http.Error(w, upgrade.ErrUpgradeUnsupported.Error(), http.StatusNotImplemented)
- return
- }
- opts := s.cfg.Options()
- rel, err := upgrade.LatestRelease(opts.ReleasesURL, build.Version, opts.UpgradeToPreReleases)
- if err != nil {
- httpError(w, err)
- return
- }
- res := make(map[string]interface{})
- res["running"] = build.Version
- res["latest"] = rel.Tag
- res["newer"] = upgrade.CompareVersions(rel.Tag, build.Version) == upgrade.Newer
- res["majorNewer"] = upgrade.CompareVersions(rel.Tag, build.Version) == upgrade.MajorNewer
- sendJSON(w, res)
- }
- func (*service) getDeviceID(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- idStr := qs.Get("id")
- id, err := protocol.DeviceIDFromString(idStr)
- if err == nil {
- sendJSON(w, map[string]string{
- "id": id.String(),
- })
- } else {
- sendJSON(w, map[string]string{
- "error": err.Error(),
- })
- }
- }
- func (*service) getLang(w http.ResponseWriter, r *http.Request) {
- lang := r.Header.Get("Accept-Language")
- var langs []string
- for _, l := range strings.Split(lang, ",") {
- parts := strings.SplitN(l, ";", 2)
- langs = append(langs, strings.ToLower(strings.TrimSpace(parts[0])))
- }
- sendJSON(w, langs)
- }
- func (s *service) postSystemUpgrade(w http.ResponseWriter, _ *http.Request) {
- opts := s.cfg.Options()
- rel, err := upgrade.LatestRelease(opts.ReleasesURL, build.Version, opts.UpgradeToPreReleases)
- if err != nil {
- httpError(w, err)
- return
- }
- if upgrade.CompareVersions(rel.Tag, build.Version) > upgrade.Equal {
- err = upgrade.To(rel)
- if err != nil {
- l.Warnln("upgrading:", err)
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- s.flushResponse(`{"ok": "restarting"}`, w)
- s.fatal(&svcutil.FatalErr{
- Err: errors.New("exit after upgrade initiated by rest API"),
- Status: svcutil.ExitUpgrade,
- })
- }
- }
- func (s *service) makeDevicePauseHandler(paused bool) http.HandlerFunc {
- return func(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- deviceStr := qs.Get("device")
- var msg string
- var status int
- _, err := s.cfg.Modify(func(cfg *config.Configuration) {
- if deviceStr == "" {
- for i := range cfg.Devices {
- cfg.Devices[i].Paused = paused
- }
- return
- }
- device, err := protocol.DeviceIDFromString(deviceStr)
- if err != nil {
- msg = err.Error()
- status = 500
- return
- }
- _, i, ok := cfg.Device(device)
- if !ok {
- msg = "not found"
- status = http.StatusNotFound
- return
- }
- cfg.Devices[i].Paused = paused
- })
- if msg != "" {
- http.Error(w, msg, status)
- } else if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- }
- }
- func (s *service) postDBScan(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- if folder != "" {
- subs := qs["sub"]
- err := s.model.ScanFolderSubdirs(folder, subs)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- nextStr := qs.Get("next")
- next, err := strconv.Atoi(nextStr)
- if err == nil {
- s.model.DelayScan(folder, time.Duration(next)*time.Second)
- }
- } else {
- errors := s.model.ScanFolders()
- if len(errors) > 0 {
- http.Error(w, "Error scanning folders", http.StatusInternalServerError)
- sendJSON(w, errors)
- return
- }
- }
- }
- func (s *service) postDBPrio(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- file := qs.Get("file")
- s.model.BringToFront(folder, file)
- s.getDBNeed(w, r)
- }
- func (*service) getHealth(w http.ResponseWriter, _ *http.Request) {
- sendJSON(w, map[string]string{"status": "OK"})
- }
- func (*service) getQR(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- text := qs.Get("text")
- code, err := qr.Encode(text, qr.M)
- if err != nil {
- http.Error(w, "Invalid", http.StatusInternalServerError)
- return
- }
- w.Header().Set("Content-Type", "image/png")
- w.Write(code.PNG())
- }
- func (s *service) getPeerCompletion(w http.ResponseWriter, _ *http.Request) {
- tot := map[string]float64{}
- count := map[string]float64{}
- for _, folder := range s.cfg.Folders() {
- for _, device := range folder.DeviceIDs() {
- deviceStr := device.String()
- if s.model.ConnectedTo(device) {
- comp, err := s.model.Completion(device, folder.ID)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- tot[deviceStr] += comp.CompletionPct
- } else {
- tot[deviceStr] = 0
- }
- count[deviceStr]++
- }
- }
- comp := map[string]int{}
- for device := range tot {
- comp[device] = int(tot[device] / count[device])
- }
- sendJSON(w, comp)
- }
- func (s *service) getFolderVersions(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- versions, err := s.model.GetFolderVersions(qs.Get("folder"))
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- sendJSON(w, versions)
- }
- func (s *service) postFolderVersionsRestore(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- bs, err := io.ReadAll(r.Body)
- r.Body.Close()
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- var versions map[string]time.Time
- err = json.Unmarshal(bs, &versions)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- ferr, err := s.model.RestoreFolderVersions(qs.Get("folder"), versions)
- if err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
- }
- sendJSON(w, errorStringMap(ferr))
- }
- func (s *service) getFolderErrors(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- folder := qs.Get("folder")
- page, perpage := getPagingParams(qs)
- errors, err := s.model.FolderErrors(folder)
- if err != nil {
- http.Error(w, err.Error(), http.StatusNotFound)
- return
- }
- start := (page - 1) * perpage
- if start >= len(errors) {
- errors = nil
- } else {
- errors = errors[start:]
- if perpage < len(errors) {
- errors = errors[:perpage]
- }
- }
- sendJSON(w, map[string]interface{}{
- "folder": folder,
- "errors": errors,
- "page": page,
- "perpage": perpage,
- })
- }
- func (*service) getSystemBrowse(w http.ResponseWriter, r *http.Request) {
- qs := r.URL.Query()
- current := qs.Get("current")
- // Default value or in case of error unmarshalling ends up being basic fs.
- var fsType fs.FilesystemType
- fsType.UnmarshalText([]byte(qs.Get("filesystem")))
- sendJSON(w, browse(fsType, current))
- }
- func browse(fsType fs.FilesystemType, current string) []string {
- if current == "" {
- return browseRoots(fsType)
- }
- parent, base := parentAndBase(current)
- ffs := fs.NewFilesystem(fsType, parent)
- files := browseFiles(ffs, base)
- for i := range files {
- files[i] = filepath.Join(parent, files[i])
- }
- return files
- }
- const (
- matchExact int = iota
- matchCaseIns
- noMatch
- )
- func checkPrefixMatch(s, prefix string) int {
- if strings.HasPrefix(s, prefix) {
- return matchExact
- }
- if strings.HasPrefix(strings.ToLower(s), strings.ToLower(prefix)) {
- return matchCaseIns
- }
- return noMatch
- }
- func browseRoots(fsType fs.FilesystemType) []string {
- filesystem := fs.NewFilesystem(fsType, "")
- if roots, err := filesystem.Roots(); err == nil {
- return roots
- }
- return nil
- }
- // parentAndBase returns the parent directory and the remaining base of the
- // path. The base may be empty if the path ends with a path separator.
- func parentAndBase(current string) (string, string) {
- search, _ := fs.ExpandTilde(current)
- pathSeparator := string(fs.PathSeparator)
- if strings.HasSuffix(current, pathSeparator) && !strings.HasSuffix(search, pathSeparator) {
- search = search + pathSeparator
- }
- searchDir := filepath.Dir(search)
- // The searchFile should be the last component of search, or empty if it
- // ends with a path separator
- var searchFile string
- if !strings.HasSuffix(search, pathSeparator) {
- searchFile = filepath.Base(search)
- }
- return searchDir, searchFile
- }
- func browseFiles(ffs fs.Filesystem, search string) []string {
- subdirectories, _ := ffs.DirNames(".")
- pathSeparator := string(fs.PathSeparator)
- exactMatches := make([]string, 0, len(subdirectories))
- caseInsMatches := make([]string, 0, len(subdirectories))
- for _, subdirectory := range subdirectories {
- info, err := ffs.Stat(subdirectory)
- if err != nil || !info.IsDir() {
- continue
- }
- switch checkPrefixMatch(subdirectory, search) {
- case matchExact:
- exactMatches = append(exactMatches, subdirectory+pathSeparator)
- case matchCaseIns:
- caseInsMatches = append(caseInsMatches, subdirectory+pathSeparator)
- }
- }
- // sort to return matches in deterministic order (don't depend on file system order)
- sort.Strings(exactMatches)
- sort.Strings(caseInsMatches)
- return append(exactMatches, caseInsMatches...)
- }
- func (*service) getCPUProf(w http.ResponseWriter, r *http.Request) {
- duration, err := time.ParseDuration(r.FormValue("duration"))
- if err != nil {
- duration = 30 * time.Second
- }
- filename := fmt.Sprintf("syncthing-cpu-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, build.Version, time.Now().Format("150405")) // hhmmss
- w.Header().Set("Content-Type", "application/octet-stream")
- w.Header().Set("Content-Disposition", "attachment; filename="+filename)
- if err := pprof.StartCPUProfile(w); err == nil {
- time.Sleep(duration)
- pprof.StopCPUProfile()
- }
- }
- func (*service) getHeapProf(w http.ResponseWriter, _ *http.Request) {
- filename := fmt.Sprintf("syncthing-heap-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, build.Version, time.Now().Format("150405")) // hhmmss
- w.Header().Set("Content-Type", "application/octet-stream")
- w.Header().Set("Content-Disposition", "attachment; filename="+filename)
- runtime.GC()
- pprof.WriteHeapProfile(w)
- }
- func toJsonFileInfoSlice(fs []db.FileInfoTruncated) []jsonFileInfoTrunc {
- res := make([]jsonFileInfoTrunc, len(fs))
- for i, f := range fs {
- res[i] = jsonFileInfoTrunc(f)
- }
- return res
- }
- // Type wrappers for nice JSON serialization
- type jsonFileInfo protocol.FileInfo
- func (f jsonFileInfo) MarshalJSON() ([]byte, error) {
- m := fileIntfJSONMap(protocol.FileInfo(f))
- m["numBlocks"] = len(f.Blocks)
- return json.Marshal(m)
- }
- type jsonFileInfoTrunc db.FileInfoTruncated
- func (f jsonFileInfoTrunc) MarshalJSON() ([]byte, error) {
- m := fileIntfJSONMap(db.FileInfoTruncated(f))
- m["numBlocks"] = nil // explicitly unknown
- return json.Marshal(m)
- }
- func fileIntfJSONMap(f protocol.FileIntf) map[string]interface{} {
- out := map[string]interface{}{
- "name": f.FileName(),
- "type": f.FileType().String(),
- "size": f.FileSize(),
- "deleted": f.IsDeleted(),
- "invalid": f.IsInvalid(),
- "ignored": f.IsIgnored(),
- "mustRescan": f.MustRescan(),
- "noPermissions": !f.HasPermissionBits(),
- "modified": f.ModTime(),
- "modifiedBy": f.FileModifiedBy().String(),
- "sequence": f.SequenceNo(),
- "version": jsonVersionVector(f.FileVersion()),
- "localFlags": f.FileLocalFlags(),
- "platform": f.PlatformData(),
- "inodeChange": f.InodeChangeTime(),
- "blocksHash": f.FileBlocksHash(),
- }
- if f.HasPermissionBits() {
- out["permissions"] = fmt.Sprintf("%#o", f.FilePermissions())
- }
- return out
- }
- type jsonVersionVector protocol.Vector
- func (v jsonVersionVector) MarshalJSON() ([]byte, error) {
- res := make([]string, len(v.Counters))
- for i, c := range v.Counters {
- res[i] = fmt.Sprintf("%v:%d", c.ID, c.Value)
- }
- return json.Marshal(res)
- }
- func dirNames(dir string) []string {
- fis, err := os.ReadDir(dir)
- if err != nil {
- return nil
- }
- var dirs []string
- for _, fi := range fis {
- if fi.IsDir() {
- dirs = append(dirs, filepath.Base(fi.Name()))
- }
- }
- sort.Strings(dirs)
- return dirs
- }
- func addressIsLocalhost(addr string) bool {
- host, _, err := net.SplitHostPort(addr)
- if err != nil {
- // There was no port, so we assume the address was just a hostname
- host = addr
- }
- host = strings.ToLower(host)
- switch {
- case host == "localhost":
- return true
- case host == "localhost.":
- return true
- case strings.HasSuffix(host, ".localhost"):
- return true
- default:
- ip := net.ParseIP(host)
- if ip == nil {
- // not an IP address
- return false
- }
- return ip.IsLoopback()
- }
- }
- // shouldRegenerateCertificate checks for certificate expiry or other known
- // issues with our API/GUI certificate and returns either nil (leave the
- // certificate alone) or an error describing the reason the certificate
- // should be regenerated.
- func shouldRegenerateCertificate(cert tls.Certificate) error {
- leaf := cert.Leaf
- if leaf == nil {
- // Leaf can be nil or not, depending on how parsed the certificate
- // was when we got it.
- if len(cert.Certificate) < 1 {
- // can't happen
- return errors.New("no certificate in certificate")
- }
- var err error
- leaf, err = x509.ParseCertificate(cert.Certificate[0])
- if err != nil {
- return err
- }
- }
- if leaf.Subject.String() != leaf.Issuer.String() || len(leaf.IPAddresses) != 0 {
- // The certificate is not self signed, or has IP attributes we don't
- // add, so we leave it alone.
- return nil
- }
- if len(leaf.DNSNames) > 1 {
- // The certificate has more DNS SANs attributes than we ever add, so
- // we leave it alone.
- return nil
- }
- if len(leaf.DNSNames) == 1 && leaf.DNSNames[0] != leaf.Issuer.CommonName {
- // The one SAN is different from the issuer, so it's not one of our
- // newer self signed certificates.
- return nil
- }
- if leaf.NotAfter.Before(time.Now()) {
- return errors.New("certificate has expired")
- }
- if leaf.NotAfter.Before(time.Now().Add(30 * 24 * time.Hour)) {
- return errors.New("certificate will soon expire")
- }
- // On macOS, check for certificates issued on or after July 1st, 2019,
- // with a longer validity time than 825 days.
- cutoff := time.Date(2019, 7, 1, 0, 0, 0, 0, time.UTC)
- if build.IsDarwin &&
- leaf.NotBefore.After(cutoff) &&
- leaf.NotAfter.Sub(leaf.NotBefore) > 825*24*time.Hour {
- return errors.New("certificate incompatible with macOS 10.15 (Catalina)")
- }
- return nil
- }
- func errorStringMap(errs map[string]error) map[string]*string {
- out := make(map[string]*string, len(errs))
- for s, e := range errs {
- out[s] = errorString(e)
- }
- return out
- }
- func errorString(err error) *string {
- if err != nil {
- msg := err.Error()
- return &msg
- }
- return nil
- }
- type discoveryStatusEntry struct {
- Error *string `json:"error"`
- }
- func discoveryStatusMap(errs map[string]error) map[string]discoveryStatusEntry {
- out := make(map[string]discoveryStatusEntry, len(errs))
- for s, e := range errs {
- out[s] = discoveryStatusEntry{
- Error: errorString(e),
- }
- }
- return out
- }
- // sanitizedHostname returns the given name in a suitable form for use as
- // the common name in a certificate, or an error.
- func sanitizedHostname(name string) (string, error) {
- // Remove diacritics and non-alphanumerics. This works by first
- // transforming into normalization form D (things with diacriticals are
- // split into the base character and the mark) and then removing
- // undesired characters.
- t := transform.Chain(
- // Split runes with diacritics into base character and mark.
- norm.NFD,
- // Leave only [A-Za-z0-9-.].
- runes.Remove(runes.Predicate(func(r rune) bool {
- return r > unicode.MaxASCII ||
- !unicode.IsLetter(r) && !unicode.IsNumber(r) &&
- r != '.' && r != '-'
- })))
- name, _, err := transform.String(t, name)
- if err != nil {
- return "", err
- }
- // Name should not start or end with a dash or dot.
- name = strings.Trim(name, "-.")
- // Name should not be empty.
- if name == "" {
- return "", errors.New("no suitable name")
- }
- return strings.ToLower(name), nil
- }
- func isFolderNotFound(err error) bool {
- for _, target := range []error{
- model.ErrFolderMissing,
- model.ErrFolderPaused,
- model.ErrFolderNotRunning,
- } {
- if errors.Is(err, target) {
- return true
- }
- }
- return false
- }
- func httpError(w http.ResponseWriter, err error) {
- if errors.Is(err, upgrade.ErrUpgradeUnsupported) {
- http.Error(w, upgrade.ErrUpgradeUnsupported.Error(), http.StatusNotImplemented)
- } else {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- }
- }
- type bufferedResponseWriter struct {
- io.Writer
- }
- func (w bufferedResponseWriter) WriteHeader(int) {}
- func (w bufferedResponseWriter) Header() http.Header {
- return http.Header{}
- }
|