Instrument proxy header behaviors

olix0r · olix0r · commit def17ee5ca3f · 2016-10-08T23:32:35.000Z
- Rewrite URL paths to as done in http1
- scrub hop-by-hop headers
- insert the `via` header
diff --git a/linkerd/protocol/h2/src/main/scala/io/buoyant/linkerd/protocol/H2Config.scala b/linkerd/protocol/h2/src/main/scala/io/buoyant/linkerd/protocol/H2Config.scala
@@ -71,11 +71,12 @@ class H2Config extends RouterConfig {
   @JsonDeserialize(using = classOf[H2IdentifierConfigDeserializer])
   var identifier: Option[Seq[H2IdentifierConfig]] = None
 
-  private[this] val combinedIdentifier: Option[H2.Identifier] = identifier.map { configs =>
-    H2.Identifier { params =>
-      RoutingFactory.Identifier.compose(configs.map(_.newIdentifier(params)))
+  private[this] def combinedIdentifier: Option[H2.Identifier] =
+    identifier.map { configs =>
+      H2.Identifier { params =>
+        RoutingFactory.Identifier.compose(configs.map(_.newIdentifier(params)))
+      }
     }
-  }
 
   @JsonIgnore
   override def baseResponseClassifier =
@@ -119,10 +120,11 @@ class H2IdentifierConfigDeserializer extends JsonDeserializer[Option[Seq[H2Ident
     _c: DeserializationContext
   ): Option[Seq[H2IdentifierConfig]] = {
     val codec = p.getCodec
+    val klass = classOf[H2IdentifierConfig]
     codec.readTree[TreeNode](p) match {
       case n: JsonNode if n.isArray =>
-        Some(n.asScala.toList.map(codec.treeToValue(_, classOf[H2IdentifierConfig])))
-      case node => Some(Seq(codec.treeToValue(node, classOf[H2IdentifierConfig])))
+        Some(n.asScala.toList.map(codec.treeToValue(_, klass)))
+      case node => Some(Seq(codec.treeToValue(node, klass)))
     }
   }
 
diff --git a/linkerd/protocol/h2/src/main/scala/io/buoyant/linkerd/protocol/h2/HeaderTokenIdentifier.scala b/linkerd/protocol/h2/src/main/scala/io/buoyant/linkerd/protocol/h2/HeaderTokenIdentifier.scala
@@ -35,7 +35,7 @@ class HeaderTokenIdentifier(header: String, pfx: Path, baseDtab: () => Dtab)
 
   override def apply(req: Request): Future[RequestIdentification[Request]] =
     req.headers.get(header).lastOption match {
-      case None => Future.value(unidentified)
+      case None | Some("") => Future.value(unidentified)
       case Some(token) =>
         val path = pfx ++ Path.Utf8(token)
         val dst = Dst.Path(path, baseDtab(), Dtab.local)
diff --git a/linkerd/protocol/h2/src/test/scala/io/buoyant/linkerd/protocol/h2/HeaderTokenIdentifierTest.scala b/linkerd/protocol/h2/src/test/scala/io/buoyant/linkerd/protocol/h2/HeaderTokenIdentifierTest.scala
@@ -1,4 +1,4 @@
-package io.buoyant.router.h2
+package io.buoyant.linkerd.protocol.h2
 
 import com.twitter.finagle.{Dtab, Path}
 import com.twitter.finagle.buoyant.Dst
diff --git a/router/h2/src/main/scala/com/twitter/finagle/buoyant/h2/Message.scala b/router/h2/src/main/scala/com/twitter/finagle/buoyant/h2/Message.scala
@@ -30,7 +30,7 @@ trait Headers {
   def get(k: String): Seq[String]
   def add(k: String, v: String): Unit
   def set(k: String, v: String): Unit
-  def remove(key: String): Boolean
+  def remove(key: String): Seq[String]
   def dup(): Headers
 }
 
@@ -61,11 +61,11 @@ object Headers {
       current = current :+ (key -> v)
     }
     def remove(key: String) = synchronized {
-      val filtered = current.filterNot { case (k, _) => key == k }
-      val isUnchanged = filtered.length == current.length
-      current = filtered
-      isUnchanged
+      val isMatch: ((String, String)) => Boolean = { case (k, _) => key == k }
+      val (removed, updated) = current.partition(isMatch)
+      removed.map(toVal)
     }
+    private[this] val toVal: ((String, String)) => String = { case (_, v) => v }
     def dup() = new Impl(synchronized(current))
   }
 }
diff --git a/router/h2/src/main/scala/com/twitter/finagle/buoyant/h2/netty4/Netty4Message.scala b/router/h2/src/main/scala/com/twitter/finagle/buoyant/h2/netty4/Netty4Message.scala
@@ -36,8 +36,11 @@ private[h2] object Netty4Message {
       underlying.set(key, value); ()
     }
 
-    override def remove(key: String): Boolean =
+    override def remove(key: String): Seq[String] = {
+      val removed = get(key)
       underlying.remove(key)
+      removed
+    }
 
     override def dup(): Headers = {
       val headers = new DefaultHttp2Headers
diff --git a/router/h2/src/main/scala/io/buoyant/router/H2.scala b/router/h2/src/main/scala/io/buoyant/router/H2.scala
@@ -88,7 +88,9 @@ object H2 extends Client[Request, Response]
 
   object Router {
     val pathStack: Stack[ServiceFactory[Request, Response]] =
-      StackRouter.newPathStack
+      h2.ViaHeaderFilter.module +:
+        h2.ScrubHopByHopHeadersFilter.module +:
+        StackRouter.newPathStack
 
     val boundStack: Stack[ServiceFactory[Request, Response]] =
       StackRouter.newBoundStack
@@ -128,13 +130,14 @@ object H2 extends Client[Request, Response]
 
   object Server {
     val newStack: Stack[ServiceFactory[Request, Response]] = StackServer.newStack
+      .insertAfter(StackServer.Role.protoTracing, h2.ProxyRewriteFilter.module)
 
     val defaultParams = StackServer.defaultParams +
       param.ProtocolLibrary("h2")
   }
 
   case class Server(
-    stack: Stack[ServiceFactory[Request, Response]] = StackServer.newStack,
+    stack: Stack[ServiceFactory[Request, Response]] = Server.newStack,
     params: Stack.Params = Server.defaultParams
   ) extends StdStackServer[Request, Response, Server] {
 
diff --git a/router/h2/src/main/scala/io/buoyant/router/h2/ProxyRewriteFilter.scala b/router/h2/src/main/scala/io/buoyant/router/h2/ProxyRewriteFilter.scala
@@ -0,0 +1,71 @@
+package io.buoyant.router.h2
+
+import com.twitter.finagle.{Filter, Service, ServiceFactory, SimpleFilter, Stack, Stackable}
+import com.twitter.finagle.buoyant.h2.{Request, Response, Message}
+import java.net.URI
+
+/**
+ * Coerces HTTP proxy requests to normal requests.
+ */
+object ProxyRewriteFilter {
+
+  private[this] val log = com.twitter.logging.Logger.get(getClass.getSimpleName)
+
+  /**
+   * If the original URI is absolute
+   * (e.g. scheme://host/path?query#fragment), drop the scheme, use
+   * the authority to set the request's Host header, and rewrite the
+   * URI to the remaining path, query, and fragment.
+   */
+  private def rewriteIfProxy(req: Request): Unit =
+    guessAbsolute(req.path) match {
+      case null => // not absolute, nothing to do
+        log.warning(s"proxy rewrite: not absolute ${req.path}")
+      case uri if uri.isAbsolute =>
+        log.warning(s"proxy rewrite: absolute ${req.path}")
+        req.headers.set(":authority", uri.getAuthority)
+        req.headers.set(":path", unproxifyUri(uri))
+      case _ => // wasn't actually absolute after all
+        log.warning(s"proxy rewrite: not absolute? ${req.path}")
+    }
+
+  /**
+   * If the uri _looks_ absolute, build a URI. This doesn't have to be
+   * perfect, as we can know authoritatively after we've parsed the
+   * URI. This lets us forego parsing if the URI doesn't have a scheme.
+   *
+   * We're using nulls here so we can forego a Some allocation when
+   * the URI is absolute.
+   */
+  private[this] def guessAbsolute(uri: String): URI =
+    if (uri.contains("://")) new URI(uri)
+    else null
+
+  /**
+   * Return only the path, query, and fragment segments of a URI.
+   */
+  private def unproxifyUri(uri: URI): String =
+    new URI(null, null, uri.getPath, uri.getQuery, uri.getFragment).toString
+
+  val filter: Filter[Request, Response, Request, Response] =
+    new SimpleFilter[Request, Response] {
+      def apply(req: Request, service: Service[Request, Response]) = {
+        log.warning(s"proxy rewrite: $req")
+        rewriteIfProxy(req)
+        service(req)
+      }
+    }
+
+  val module: Stackable[ServiceFactory[Request, Response]] =
+    new Stack.Module0[ServiceFactory[Request, Response]] {
+      val role = Stack.Role("ProxyRewriteFilter")
+
+      val description = "Rewrites proxied requests as direct requests, " +
+        "overriding the Host header and removing canonical proxy headers"
+
+      def make(next: ServiceFactory[Request, Response]) = {
+        log.warning("installing proxy rewrite filter")
+        filter.andThen(next)
+      }
+    }
+}
diff --git a/router/h2/src/main/scala/io/buoyant/router/h2/ScrubHopByHopHeaderFilter.scala b/router/h2/src/main/scala/io/buoyant/router/h2/ScrubHopByHopHeaderFilter.scala
@@ -0,0 +1,63 @@
+package io.buoyant.router.h2
+
+import com.twitter.finagle.{Service, ServiceFactory, SimpleFilter, Stack}
+import com.twitter.finagle.buoyant.h2.{Message, Request, Response}
+
+object ScrubHopByHopHeadersFilter {
+
+  object HopByHopHeaders {
+    val Connection = "connection"
+    val ProxyAuthenticate = "proxy-authenticate"
+    val ProxyAuthorization = "proxy-authorization"
+    val ProxyConnection = "proxy-connection"
+    val Te = "te"
+    val Trailer = "trailer"
+    val TransferEncoding = "transfer-encoding"
+    val Upgrade = "upgrade"
+
+    def scrub(msg: Message): Unit = {
+      msg.headers.remove(ProxyAuthenticate)
+      msg.headers.remove(ProxyAuthorization)
+      msg.headers.remove(Te)
+      msg.headers.remove(Trailer)
+      msg.headers.remove(TransferEncoding)
+      msg.headers.remove(Upgrade)
+      for {
+        conn <- msg.headers.remove(Connection) ++ msg.headers.remove(ProxyConnection)
+        header <- conn.split(", ")
+      } {
+        val h = header.trim
+        if (h.nonEmpty) {
+          msg.headers.remove(h); ()
+        }
+      }
+    }
+  }
+
+  /**
+   * Removes all Hop-by-Hop headers and any header listed in `Connection` header from requests.
+   */
+  object filter extends SimpleFilter[Request, Response] {
+
+    def apply(req: Request, svc: Service[Request, Response]) = {
+      HopByHopHeaders.scrub(req)
+      svc(req).map(scrubResponse)
+    }
+
+    private[this] val scrubResponse: Response => Response = { rsp =>
+      HopByHopHeaders.scrub(rsp)
+      rsp
+    }
+  }
+
+  object module extends Stack.Module0[ServiceFactory[Request, Response]] {
+    val role = Stack.Role("ScrubHopByHopHeadersFilter")
+    val description =
+      "Removes all Hop-by-Hop headers and any header listed in `Connection` header from requests"
+
+    def make(next: ServiceFactory[Request, Response]) =
+      filter.andThen(next)
+  }
+
+}
+
diff --git a/router/h2/src/main/scala/io/buoyant/router/h2/ViaHeaderFilter.scala b/router/h2/src/main/scala/io/buoyant/router/h2/ViaHeaderFilter.scala
@@ -0,0 +1,44 @@
+package io.buoyant.router.h2
+
+import com.twitter.finagle.{Service, ServiceFactory, SimpleFilter, Stack, Stackable}
+import com.twitter.finagle.buoyant.h2.{Message, Request, Response}
+
+/**
+ * Appends the `via` header to all requests and responses.
+ * See https://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-14#section-9.9
+ */
+object ViaHeaderFilter {
+  val Key = "via"
+
+  case class Param(via: String)
+  implicit object Param extends Stack.Param[Param] {
+    val default = Param("h2 linkerd")
+  }
+
+  /**
+   * Appends the 'via' header.
+   */
+  class Filter(via: String) extends SimpleFilter[Request, Response] {
+    def apply(req: Request, svc: Service[Request, Response]) =
+      svc(setRequest(req)).map(setResponse)
+
+    private[this] def setMessage[T <: Message]: T => T = { msg =>
+      val updated = msg.headers.get(Key) match {
+        case Nil => via
+        case vals => vals.mkString("", ", ", s", $via")
+      }
+      msg.headers.set(Key, updated); ()
+      msg
+    }
+    private[this] val setRequest = setMessage[Request]
+    private[this] val setResponse = setMessage[Response]
+  }
+
+  val module: Stackable[ServiceFactory[Request, Response]] =
+    new Stack.Module1[Param, ServiceFactory[Request, Response]] {
+      val role = Stack.Role("ViaHeaderFilter")
+      val description = "Appends the Via header to the request and response."
+      def make(param: Param, next: ServiceFactory[Request, Response]) =
+        new Filter(param.via).andThen(next)
+    }
+}
diff --git a/router/h2/src/test/scala/com/twitter/finagle/buoyant/h2/ServerDispatcherTest.scala b/router/h2/src/test/scala/com/twitter/finagle/buoyant/h2/ServerDispatcherTest.scala
@@ -85,7 +85,7 @@ class ServerDispatcherTest extends FunSuite with Eventually {
           def contains(k: String) = false
           def add(k: String, v: String) = {}
           def set(k: String, v: String) = {}
-          def remove(k: String) = false
+          def remove(k: String) = Nil
           def dup() = this
         }
         override val data: Stream = new Stream.Reader {
@@ -121,7 +121,7 @@ class ServerDispatcherTest extends FunSuite with Eventually {
           override def contains(k: String) = false
           override def add(k: String, v: String) = {}
           override def set(k: String, v: String) = {}
-          override def remove(k: String) = false
+          override def remove(k: String) = Nil
           override def dup() = this
         }
         override val data: Stream = new Stream.Reader {

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-package io.buoyant.router.h2`
	`1`	`+package io.buoyant.linkerd.protocol.h2`
`2`	`2`
`3`	`3`	`import com.twitter.finagle.{Dtab, Path}`
`4`	`4`	`import com.twitter.finagle.buoyant.Dst`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ trait Headers {`
`30`	`30`	`def get(k: String): Seq[String]`
`31`	`31`	`def add(k: String, v: String): Unit`
`32`	`32`	`def set(k: String, v: String): Unit`
`33`		`- def remove(key: String): Boolean`
	`33`	`+ def remove(key: String): Seq[String]`
`34`	`34`	`def dup(): Headers`
`35`	`35`	`}`
`36`	`36`
`@@ -61,11 +61,11 @@ object Headers {`
`61`	`61`	`current = current :+ (key -> v)`
`62`	`62`	`}`
`63`	`63`	`def remove(key: String) = synchronized {`
`64`		`- val filtered = current.filterNot { case (k, _) => key == k }`
`65`		`- val isUnchanged = filtered.length == current.length`
`66`		`- current = filtered`
`67`		`- isUnchanged`
	`64`	`+ val isMatch: ((String, String)) => Boolean = { case (k, _) => key == k }`
	`65`	`+ val (removed, updated) = current.partition(isMatch)`
	`66`	`+ removed.map(toVal)`
`68`	`67`	`}`
	`68`	`+ private[this] val toVal: ((String, String)) => String = { case (_, v) => v }`
`69`	`69`	`def dup() = new Impl(synchronized(current))`
`70`	`70`	`}`
`71`	`71`	`}`