Compare commits
13 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
45458761f3
|
|||
|
90a5834f5f
|
|||
|
1823d0b9ca
|
|||
|
649cbba954
|
|||
|
eb9ccce3be
|
|||
|
316f64cf9d
|
|||
|
24a49779f9
|
|||
|
423b749db9
|
|||
|
9ce3e7fa0a
|
|||
|
1e6ece37a5
|
|||
|
fc9900d821
|
|||
|
1a78c8092b
|
|||
|
3d1847c408
|
15
build.gradle
15
build.gradle
@@ -46,6 +46,12 @@ allprojects { subproject ->
|
||||
}
|
||||
}
|
||||
|
||||
dependencies {
|
||||
testImplementation catalog.junit.jupiter.api
|
||||
testImplementation catalog.junit.jupiter.params
|
||||
testRuntimeOnly catalog.junit.jupiter.engine
|
||||
}
|
||||
|
||||
test {
|
||||
useJUnitPlatform()
|
||||
}
|
||||
@@ -66,6 +72,15 @@ allprojects { subproject ->
|
||||
}
|
||||
}
|
||||
|
||||
pluginManager.withPlugin('jacoco') {
|
||||
test {
|
||||
finalizedBy jacocoTestReport
|
||||
}
|
||||
jacocoTestReport {
|
||||
dependsOn test
|
||||
}
|
||||
}
|
||||
|
||||
pluginManager.withPlugin(catalog.plugins.kotlin.jvm.get().pluginId) {
|
||||
tasks.withType(KotlinCompile.class) {
|
||||
compilerOptions.jvmTarget = JvmTarget.JVM_21
|
||||
|
||||
@@ -14,6 +14,3 @@ WORKDIR /home/luser/plugins
|
||||
RUN --mount=type=bind,source=.,target=/build/distributions tar -xf /build/distributions/gbcs-server-memcached*.tar
|
||||
WORKDIR /home/luser
|
||||
ENTRYPOINT ["java", "-jar", "/home/luser/gbcs.jar", "server"]
|
||||
|
||||
FROM release-memcached as compose
|
||||
COPY --chown=luser:luser conf/gbcs-memcached.xml /home/luser/.config/gbcs/gbcs.xml
|
||||
@@ -4,6 +4,7 @@ import net.woggioni.gbcs.api.exception.ContentTooLargeException;
|
||||
|
||||
import java.nio.channels.ReadableByteChannel;
|
||||
|
||||
|
||||
public interface Cache extends AutoCloseable {
|
||||
ReadableByteChannel get(String key);
|
||||
|
||||
|
||||
@@ -2,10 +2,12 @@ package net.woggioni.gbcs.api;
|
||||
|
||||
|
||||
import lombok.EqualsAndHashCode;
|
||||
import lombok.NonNull;
|
||||
import lombok.Value;
|
||||
|
||||
import java.nio.file.Path;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.time.Duration;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
@@ -14,21 +16,47 @@ import java.util.stream.Collectors;
|
||||
public class Configuration {
|
||||
String host;
|
||||
int port;
|
||||
int incomingConnectionsBacklogSize;
|
||||
String serverPath;
|
||||
@NonNull
|
||||
EventExecutor eventExecutor;
|
||||
@NonNull
|
||||
Connection connection;
|
||||
Map<String, User> users;
|
||||
Map<String, Group> groups;
|
||||
Cache cache;
|
||||
Authentication authentication;
|
||||
Tls tls;
|
||||
boolean useVirtualThread;
|
||||
int maxRequestSize;
|
||||
int incomingConnectionsBacklogSize;
|
||||
|
||||
@Value
|
||||
public static class EventExecutor {
|
||||
boolean useVirtualThreads;
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class Connection {
|
||||
Duration readTimeout;
|
||||
Duration writeTimeout;
|
||||
Duration idleTimeout;
|
||||
Duration readIdleTimeout;
|
||||
Duration writeIdleTimeout;
|
||||
int maxRequestSize;
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class Quota {
|
||||
long calls;
|
||||
Duration period;
|
||||
long initialAvailableCalls;
|
||||
long maxAvailableCalls;
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class Group {
|
||||
@EqualsAndHashCode.Include
|
||||
String name;
|
||||
Set<Role> roles;
|
||||
Quota quota;
|
||||
}
|
||||
|
||||
@Value
|
||||
@@ -37,7 +65,7 @@ public class Configuration {
|
||||
String name;
|
||||
String password;
|
||||
Set<Group> groups;
|
||||
|
||||
Quota quota;
|
||||
|
||||
public Set<Role> getRoles() {
|
||||
return groups.stream()
|
||||
@@ -57,12 +85,22 @@ public class Configuration {
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class Tls {
|
||||
public static class Throttling {
|
||||
KeyStore keyStore;
|
||||
TrustStore trustStore;
|
||||
boolean verifyClients;
|
||||
}
|
||||
|
||||
public enum ClientCertificate {
|
||||
REQUIRED, OPTIONAL
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class Tls {
|
||||
KeyStore keyStore;
|
||||
TrustStore trustStore;
|
||||
}
|
||||
|
||||
@Value
|
||||
public static class KeyStore {
|
||||
Path file;
|
||||
@@ -76,6 +114,7 @@ public class Configuration {
|
||||
Path file;
|
||||
String password;
|
||||
boolean checkCertificateStatus;
|
||||
boolean requireClientCertificate;
|
||||
}
|
||||
|
||||
@Value
|
||||
@@ -103,28 +142,28 @@ public class Configuration {
|
||||
public static Configuration of(
|
||||
String host,
|
||||
int port,
|
||||
int incomingConnectionsBacklogSize,
|
||||
String serverPath,
|
||||
EventExecutor eventExecutor,
|
||||
Connection connection,
|
||||
Map<String, User> users,
|
||||
Map<String, Group> groups,
|
||||
Cache cache,
|
||||
Authentication authentication,
|
||||
Tls tls,
|
||||
boolean useVirtualThread,
|
||||
int maxRequestSize,
|
||||
int incomingConnectionsBacklogSize
|
||||
Tls tls
|
||||
) {
|
||||
return new Configuration(
|
||||
host,
|
||||
port,
|
||||
incomingConnectionsBacklogSize,
|
||||
serverPath != null && !serverPath.isEmpty() && !serverPath.equals("/") ? serverPath : null,
|
||||
eventExecutor,
|
||||
connection,
|
||||
users,
|
||||
groups,
|
||||
cache,
|
||||
authentication,
|
||||
tls,
|
||||
useVirtualThread,
|
||||
maxRequestSize,
|
||||
incomingConnectionsBacklogSize
|
||||
tls
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
package net.woggioni.gbcs.api.exception;
|
||||
|
||||
public class CacheException extends GbcsException {
|
||||
public CacheException(String message, Throwable cause) {
|
||||
super(message, cause);
|
||||
}
|
||||
|
||||
public CacheException(String message) {
|
||||
this(message, null);
|
||||
}
|
||||
}
|
||||
@@ -16,6 +16,8 @@ import net.woggioni.gradle.graalvm.NativeImageTask
|
||||
import net.woggioni.gradle.graalvm.JlinkPlugin
|
||||
import net.woggioni.gradle.graalvm.JlinkTask
|
||||
|
||||
Property<String> mainModuleName = objects.property(String.class)
|
||||
mainModuleName.set('net.woggioni.gbcs.cli')
|
||||
Property<String> mainClassName = objects.property(String.class)
|
||||
mainClassName.set('net.woggioni.gbcs.cli.GradleBuildCacheServerCli')
|
||||
|
||||
@@ -33,7 +35,7 @@ configurations {
|
||||
}
|
||||
|
||||
envelopeJar {
|
||||
mainModule = 'net.woggioni.gbcs.cli'
|
||||
mainModule = mainModuleName
|
||||
mainClass = mainClassName
|
||||
|
||||
extraClasspath = ["plugins"]
|
||||
@@ -50,20 +52,31 @@ dependencies {
|
||||
|
||||
// runtimeOnly catalog.slf4j.jdk14
|
||||
runtimeOnly catalog.logback.classic
|
||||
// runtimeOnly catalog.slf4j.simple
|
||||
}
|
||||
|
||||
Provider<EnvelopeJarTask> envelopeJarTaskProvider = tasks.named('envelopeJar', EnvelopeJarTask.class) {
|
||||
// systemProperties['java.util.logging.config.class'] = 'net.woggioni.gbcs.LoggingConfig'
|
||||
// systemProperties['log.config.source'] = 'logging.properties'
|
||||
// systemProperties['log.config.source'] = 'net/woggioni/gbcs/cli/logging.properties'
|
||||
// systemProperties['java.util.logging.config.file'] = 'classpath:net/woggioni/gbcs/cli/logging.properties'
|
||||
systemProperties['logback.configurationFile'] = 'classpath:net/woggioni/gbcs/cli/logback.xml'
|
||||
systemProperties['io.netty.leakDetectionLevel'] = 'DISABLED'
|
||||
|
||||
// systemProperties['org.slf4j.simpleLogger.showDateTime'] = 'true'
|
||||
// systemProperties['org.slf4j.simpleLogger.defaultLogLevel'] = 'debug'
|
||||
// systemProperties['org.slf4j.simpleLogger.log.com.google.code.yanf4j'] = 'warn'
|
||||
// systemProperties['org.slf4j.simpleLogger.log.net.rubyeye.xmemcached'] = 'warn'
|
||||
// systemProperties['org.slf4j.simpleLogger.dateTimeFormat'] = 'yyyy-MM-dd\'T\'HH:mm:ss.SSSZ'
|
||||
}
|
||||
|
||||
tasks.named(NativeImagePlugin.CONFIGURE_NATIVE_IMAGE_TASK_NAME, NativeImageConfigurationTask) {
|
||||
mainClass = mainClassName
|
||||
mainModule = mainModuleName
|
||||
}
|
||||
|
||||
tasks.named(NativeImagePlugin.NATIVE_IMAGE_TASK_NAME, NativeImageTask) {
|
||||
mainClass = mainClassName
|
||||
mainModule = mainModuleName
|
||||
useMusl = true
|
||||
buildStaticImage = true
|
||||
}
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
Args=-H:Optimize=3 --gc=serial
|
||||
Args=-H:Optimize=3 --gc=serial --initialize-at-run-time=io.netty
|
||||
#-H:TraceClassInitialization=io.netty.handler.ssl.BouncyCastleAlpnSslUtils
|
||||
@@ -13,6 +13,7 @@ import net.woggioni.gbcs.cli.impl.commands.ServerCommand
|
||||
import net.woggioni.jwo.Application
|
||||
import picocli.CommandLine
|
||||
import picocli.CommandLine.Model.CommandSpec
|
||||
import java.net.URI
|
||||
|
||||
|
||||
@CommandLine.Command(
|
||||
|
||||
@@ -4,7 +4,8 @@ import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.common.error
|
||||
import net.woggioni.gbcs.common.info
|
||||
import net.woggioni.gbcs.cli.impl.GbcsCommand
|
||||
import net.woggioni.gbcs.client.GbcsClient
|
||||
import net.woggioni.gbcs.client.GradleBuildCacheClient
|
||||
import net.woggioni.jwo.JWO
|
||||
import picocli.CommandLine
|
||||
import java.security.SecureRandom
|
||||
import java.time.Duration
|
||||
@@ -40,13 +41,14 @@ class BenchmarkCommand : GbcsCommand() {
|
||||
clientCommand.configuration.profiles[profileName]
|
||||
?: throw IllegalArgumentException("Profile $profileName does not exist in configuration")
|
||||
}
|
||||
val client = GbcsClient(profile)
|
||||
val client = GradleBuildCacheClient(profile)
|
||||
|
||||
val entryGenerator = sequence {
|
||||
val random = Random(SecureRandom.getInstance("NativePRNGNonBlocking").nextLong())
|
||||
while (true) {
|
||||
val key = Base64.getUrlEncoder().encode(random.nextBytes(16)).toString(Charsets.UTF_8)
|
||||
val value = random.nextBytes(0x1000)
|
||||
val key = JWO.bytesToHex(random.nextBytes(16))
|
||||
val content = random.nextInt().toByte()
|
||||
val value = ByteArray(0x1000, { _ -> content })
|
||||
yield(key to value)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
package net.woggioni.gbcs.cli.impl.commands
|
||||
|
||||
import net.woggioni.gbcs.cli.impl.GbcsCommand
|
||||
import net.woggioni.gbcs.client.GbcsClient
|
||||
import net.woggioni.gbcs.client.GradleBuildCacheClient
|
||||
import net.woggioni.jwo.Application
|
||||
import picocli.CommandLine
|
||||
import java.nio.file.Path
|
||||
@@ -28,8 +28,8 @@ class ClientCommand(app : Application) : GbcsCommand() {
|
||||
)
|
||||
var profileName : String? = null
|
||||
|
||||
val configuration : GbcsClient.Configuration by lazy {
|
||||
GbcsClient.Configuration.parse(configurationFile)
|
||||
val configuration : GradleBuildCacheClient.Configuration by lazy {
|
||||
GradleBuildCacheClient.Configuration.parse(configurationFile)
|
||||
}
|
||||
|
||||
override fun run() {
|
||||
|
||||
@@ -2,7 +2,7 @@ package net.woggioni.gbcs.cli.impl.commands
|
||||
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.cli.impl.GbcsCommand
|
||||
import net.woggioni.gbcs.client.GbcsClient
|
||||
import net.woggioni.gbcs.client.GradleBuildCacheClient
|
||||
import picocli.CommandLine
|
||||
import java.nio.file.Files
|
||||
import java.nio.file.Path
|
||||
@@ -38,7 +38,7 @@ class GetCommand : GbcsCommand() {
|
||||
clientCommand.configuration.profiles[profileName]
|
||||
?: throw IllegalArgumentException("Profile $profileName does not exist in configuration")
|
||||
}
|
||||
GbcsClient(profile).use { client ->
|
||||
GradleBuildCacheClient(profile).use { client ->
|
||||
client.get(key).thenApply { value ->
|
||||
value?.let {
|
||||
(output?.let(Files::newOutputStream) ?: System.out).use {
|
||||
|
||||
@@ -3,7 +3,7 @@ package net.woggioni.gbcs.cli.impl.commands
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.cli.impl.GbcsCommand
|
||||
import net.woggioni.gbcs.cli.impl.converters.InputStreamConverter
|
||||
import net.woggioni.gbcs.client.GbcsClient
|
||||
import net.woggioni.gbcs.client.GradleBuildCacheClient
|
||||
import picocli.CommandLine
|
||||
import java.io.InputStream
|
||||
|
||||
@@ -39,7 +39,7 @@ class PutCommand : GbcsCommand() {
|
||||
clientCommand.configuration.profiles[profileName]
|
||||
?: throw IllegalArgumentException("Profile $profileName does not exist in configuration")
|
||||
}
|
||||
GbcsClient(profile).use { client ->
|
||||
GradleBuildCacheClient(profile).use { client ->
|
||||
value.use {
|
||||
client.put(key, it.readAllBytes())
|
||||
}.get()
|
||||
|
||||
@@ -10,6 +10,8 @@ dependencies {
|
||||
implementation catalog.slf4j.api
|
||||
implementation catalog.netty.buffer
|
||||
implementation catalog.netty.codec.http
|
||||
|
||||
testRuntimeOnly catalog.logback.classic
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -30,23 +30,25 @@ import io.netty.handler.ssl.SslContextBuilder
|
||||
import io.netty.handler.stream.ChunkedWriteHandler
|
||||
import io.netty.util.concurrent.Future
|
||||
import io.netty.util.concurrent.GenericFutureListener
|
||||
import net.woggioni.gbcs.client.impl.Parser
|
||||
import net.woggioni.gbcs.common.Xml
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.common.debug
|
||||
import net.woggioni.gbcs.client.impl.Parser
|
||||
import net.woggioni.gbcs.common.trace
|
||||
import java.net.InetSocketAddress
|
||||
import java.net.URI
|
||||
import java.nio.file.Files
|
||||
import java.nio.file.Path
|
||||
import java.security.PrivateKey
|
||||
import java.security.cert.X509Certificate
|
||||
import java.time.Duration
|
||||
import java.util.Base64
|
||||
import java.util.concurrent.CompletableFuture
|
||||
import java.util.concurrent.atomic.AtomicInteger
|
||||
import io.netty.util.concurrent.Future as NettyFuture
|
||||
|
||||
|
||||
class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
class GradleBuildCacheClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
private val group: NioEventLoopGroup
|
||||
private var sslContext: SslContext
|
||||
private val log = contextLogger()
|
||||
@@ -64,10 +66,18 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
data class BasicAuthenticationCredentials(val username: String, val password: String) : Authentication()
|
||||
}
|
||||
|
||||
class RetryPolicy(
|
||||
val maxAttempts: Int,
|
||||
val initialDelayMillis: Long,
|
||||
val exp: Double
|
||||
)
|
||||
|
||||
data class Profile(
|
||||
val serverURI: URI,
|
||||
val authentication: Authentication?,
|
||||
val maxConnections : Int
|
||||
val connectionTimeout: Duration?,
|
||||
val maxConnections: Int,
|
||||
val retryPolicy: RetryPolicy?,
|
||||
)
|
||||
|
||||
companion object {
|
||||
@@ -104,6 +114,9 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
option(ChannelOption.TCP_NODELAY, true)
|
||||
option(ChannelOption.SO_KEEPALIVE, true)
|
||||
remoteAddress(InetSocketAddress(host, port))
|
||||
profile.connectionTimeout?.let {
|
||||
option(ChannelOption.CONNECT_TIMEOUT_MILLIS, it.toMillis().toInt())
|
||||
}
|
||||
}
|
||||
val channelPoolHandler = object : AbstractChannelPoolHandler() {
|
||||
|
||||
@@ -114,20 +127,29 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
private var leaseCount = AtomicInteger()
|
||||
|
||||
override fun channelReleased(ch: Channel) {
|
||||
log.debug {
|
||||
"Released lease ${leaseCount.decrementAndGet()}"
|
||||
val activeLeases = leaseCount.decrementAndGet()
|
||||
log.trace {
|
||||
"Released channel ${ch.id().asShortText()}, number of active leases: $activeLeases"
|
||||
}
|
||||
}
|
||||
|
||||
override fun channelAcquired(ch: Channel?) {
|
||||
log.debug {
|
||||
"Acquired lease ${leaseCount.getAndIncrement()}"
|
||||
override fun channelAcquired(ch: Channel) {
|
||||
val activeLeases = leaseCount.getAndIncrement()
|
||||
log.trace {
|
||||
"Acquired channel ${ch.id().asShortText()}, number of active leases: $activeLeases"
|
||||
}
|
||||
}
|
||||
|
||||
override fun channelCreated(ch: Channel) {
|
||||
val connectionId = connectionCount.getAndIncrement()
|
||||
log.debug {
|
||||
"Created connection ${connectionCount.getAndIncrement()}"
|
||||
"Created connection $connectionId, total number of active connections: $connectionId"
|
||||
}
|
||||
ch.closeFuture().addListener {
|
||||
val activeConnections = connectionCount.decrementAndGet()
|
||||
log.debug {
|
||||
"Closed connection $connectionId, total number of active connections: $activeConnections"
|
||||
}
|
||||
}
|
||||
val pipeline: ChannelPipeline = ch.pipeline()
|
||||
|
||||
@@ -139,37 +161,85 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
// HTTP handlers
|
||||
pipeline.addLast("codec", HttpClientCodec())
|
||||
pipeline.addLast("decompressor", HttpContentDecompressor())
|
||||
pipeline.addLast("aggregator", HttpObjectAggregator(1048576))
|
||||
pipeline.addLast("aggregator", HttpObjectAggregator(134217728))
|
||||
pipeline.addLast("chunked", ChunkedWriteHandler())
|
||||
}
|
||||
}
|
||||
pool = FixedChannelPool(bootstrap, channelPoolHandler, profile.maxConnections)
|
||||
}
|
||||
|
||||
fun get(key: String): CompletableFuture<ByteArray?> {
|
||||
return sendRequest(profile.serverURI.resolve(key), HttpMethod.GET, null)
|
||||
.thenApply {
|
||||
val status = it.status()
|
||||
if (it.status() == HttpResponseStatus.NOT_FOUND) {
|
||||
null
|
||||
} else if (it.status() != HttpResponseStatus.OK) {
|
||||
throw HttpException(status)
|
||||
} else {
|
||||
it.content()
|
||||
}
|
||||
}.thenApply { maybeByteBuf ->
|
||||
maybeByteBuf?.let {
|
||||
val result = ByteArray(it.readableBytes())
|
||||
it.getBytes(0, result)
|
||||
result
|
||||
private fun executeWithRetry(operation: () -> CompletableFuture<FullHttpResponse>): CompletableFuture<FullHttpResponse> {
|
||||
val retryPolicy = profile.retryPolicy
|
||||
return if (retryPolicy != null) {
|
||||
val outcomeHandler = OutcomeHandler<FullHttpResponse> { outcome ->
|
||||
when (outcome) {
|
||||
is OperationOutcome.Success -> {
|
||||
val response = outcome.result
|
||||
val status = response.status()
|
||||
when (status) {
|
||||
HttpResponseStatus.TOO_MANY_REQUESTS -> {
|
||||
val retryAfter = response.headers()[HttpHeaderNames.RETRY_AFTER]?.let { headerValue ->
|
||||
try {
|
||||
headerValue.toLong() * 1000
|
||||
} catch (nfe: NumberFormatException) {
|
||||
null
|
||||
}
|
||||
}
|
||||
OutcomeHandlerResult.Retry(retryAfter)
|
||||
}
|
||||
|
||||
HttpResponseStatus.INTERNAL_SERVER_ERROR, HttpResponseStatus.SERVICE_UNAVAILABLE ->
|
||||
OutcomeHandlerResult.Retry()
|
||||
|
||||
else -> OutcomeHandlerResult.DoNotRetry()
|
||||
}
|
||||
}
|
||||
|
||||
is OperationOutcome.Failure -> {
|
||||
OutcomeHandlerResult.Retry()
|
||||
}
|
||||
}
|
||||
}
|
||||
executeWithRetry(
|
||||
group,
|
||||
retryPolicy.maxAttempts,
|
||||
retryPolicy.initialDelayMillis.toDouble(),
|
||||
retryPolicy.exp,
|
||||
outcomeHandler,
|
||||
operation
|
||||
)
|
||||
} else {
|
||||
operation()
|
||||
}
|
||||
}
|
||||
|
||||
fun get(key: String): CompletableFuture<ByteArray?> {
|
||||
return executeWithRetry {
|
||||
sendRequest(profile.serverURI.resolve(key), HttpMethod.GET, null)
|
||||
}.thenApply {
|
||||
val status = it.status()
|
||||
if (it.status() == HttpResponseStatus.NOT_FOUND) {
|
||||
null
|
||||
} else if (it.status() != HttpResponseStatus.OK) {
|
||||
throw HttpException(status)
|
||||
} else {
|
||||
it.content()
|
||||
}
|
||||
}.thenApply { maybeByteBuf ->
|
||||
maybeByteBuf?.let {
|
||||
val result = ByteArray(it.readableBytes())
|
||||
it.getBytes(0, result)
|
||||
result
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fun put(key: String, content: ByteArray): CompletableFuture<Unit> {
|
||||
return sendRequest(profile.serverURI.resolve(key), HttpMethod.PUT, content).thenApply {
|
||||
return executeWithRetry {
|
||||
sendRequest(profile.serverURI.resolve(key), HttpMethod.PUT, content)
|
||||
}.thenApply {
|
||||
val status = it.status()
|
||||
if (it.status() != HttpResponseStatus.CREATED) {
|
||||
if (it.status() != HttpResponseStatus.CREATED && it.status() != HttpResponseStatus.OK) {
|
||||
throw HttpException(status)
|
||||
}
|
||||
}
|
||||
@@ -188,9 +258,9 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
ctx: ChannelHandlerContext,
|
||||
response: FullHttpResponse
|
||||
) {
|
||||
responseFuture.complete(response)
|
||||
pipeline.removeLast()
|
||||
pool.release(channel)
|
||||
responseFuture.complete(response)
|
||||
}
|
||||
|
||||
override fun exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable) {
|
||||
@@ -219,7 +289,7 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
set(HttpHeaderNames.CONTENT_LENGTH, content.readableBytes())
|
||||
}
|
||||
set(HttpHeaderNames.HOST, profile.serverURI.host)
|
||||
set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
|
||||
set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
|
||||
set(
|
||||
HttpHeaderNames.ACCEPT_ENCODING,
|
||||
HttpHeaderValues.GZIP.toString() + "," + HttpHeaderValues.DEFLATE.toString()
|
||||
@@ -237,6 +307,8 @@ class GbcsClient(private val profile: Configuration.Profile) : AutoCloseable {
|
||||
// Set headers
|
||||
// Send the request
|
||||
channel.writeAndFlush(request)
|
||||
} else {
|
||||
responseFuture.completeExceptionally(channelFuture.cause())
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
@@ -3,7 +3,7 @@ package net.woggioni.gbcs.client.impl
|
||||
import net.woggioni.gbcs.api.exception.ConfigurationException
|
||||
import net.woggioni.gbcs.common.Xml.Companion.asIterable
|
||||
import net.woggioni.gbcs.common.Xml.Companion.renderAttribute
|
||||
import net.woggioni.gbcs.client.GbcsClient
|
||||
import net.woggioni.gbcs.client.GradleBuildCacheClient
|
||||
import org.w3c.dom.Document
|
||||
import java.net.URI
|
||||
import java.nio.file.Files
|
||||
@@ -11,21 +11,24 @@ import java.nio.file.Path
|
||||
import java.security.KeyStore
|
||||
import java.security.PrivateKey
|
||||
import java.security.cert.X509Certificate
|
||||
import java.time.Duration
|
||||
|
||||
object Parser {
|
||||
|
||||
fun parse(document: Document): GbcsClient.Configuration {
|
||||
fun parse(document: Document): GradleBuildCacheClient.Configuration {
|
||||
val root = document.documentElement
|
||||
|
||||
val profiles = mutableMapOf<String, GbcsClient.Configuration.Profile>()
|
||||
val profiles = mutableMapOf<String, GradleBuildCacheClient.Configuration.Profile>()
|
||||
|
||||
for (child in root.asIterable()) {
|
||||
val tagName = child.localName
|
||||
when (tagName) {
|
||||
"profile" -> {
|
||||
val name = child.renderAttribute("name") ?: throw ConfigurationException("name attribute is required")
|
||||
val uri = child.renderAttribute("base-url")?.let(::URI) ?: throw ConfigurationException("base-url attribute is required")
|
||||
var authentication: GbcsClient.Configuration.Authentication? = null
|
||||
val name =
|
||||
child.renderAttribute("name") ?: throw ConfigurationException("name attribute is required")
|
||||
val uri = child.renderAttribute("base-url")?.let(::URI)
|
||||
?: throw ConfigurationException("base-url attribute is required")
|
||||
var authentication: GradleBuildCacheClient.Configuration.Authentication? = null
|
||||
var retryPolicy: GradleBuildCacheClient.Configuration.RetryPolicy? = null
|
||||
for (gchild in child.asIterable()) {
|
||||
when (gchild.localName) {
|
||||
"tls-client-auth" -> {
|
||||
@@ -46,24 +49,60 @@ object Parser {
|
||||
.toList()
|
||||
.toTypedArray()
|
||||
authentication =
|
||||
GbcsClient.Configuration.Authentication.TlsClientAuthenticationCredentials(key, certChain)
|
||||
GradleBuildCacheClient.Configuration.Authentication.TlsClientAuthenticationCredentials(
|
||||
key,
|
||||
certChain
|
||||
)
|
||||
}
|
||||
|
||||
"basic-auth" -> {
|
||||
val username = gchild.renderAttribute("user") ?: throw ConfigurationException("username attribute is required")
|
||||
val password = gchild.renderAttribute("password") ?: throw ConfigurationException("password attribute is required")
|
||||
val username = gchild.renderAttribute("user")
|
||||
?: throw ConfigurationException("username attribute is required")
|
||||
val password = gchild.renderAttribute("password")
|
||||
?: throw ConfigurationException("password attribute is required")
|
||||
authentication =
|
||||
GbcsClient.Configuration.Authentication.BasicAuthenticationCredentials(username, password)
|
||||
GradleBuildCacheClient.Configuration.Authentication.BasicAuthenticationCredentials(
|
||||
username,
|
||||
password
|
||||
)
|
||||
}
|
||||
|
||||
"retry-policy" -> {
|
||||
val maxAttempts =
|
||||
gchild.renderAttribute("max-attempts")
|
||||
?.let(String::toInt)
|
||||
?: throw ConfigurationException("max-attempts attribute is required")
|
||||
val initialDelay =
|
||||
gchild.renderAttribute("initial-delay")
|
||||
?.let(Duration::parse)
|
||||
?: Duration.ofSeconds(1)
|
||||
val exp =
|
||||
gchild.renderAttribute("exp")
|
||||
?.let(String::toDouble)
|
||||
?: 2.0f
|
||||
retryPolicy = GradleBuildCacheClient.Configuration.RetryPolicy(
|
||||
maxAttempts,
|
||||
initialDelay.toMillis(),
|
||||
exp.toDouble()
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
val maxConnections = child.renderAttribute("max-connections")
|
||||
?.let(String::toInt)
|
||||
?: 50
|
||||
profiles[name] = GbcsClient.Configuration.Profile(uri, authentication, maxConnections)
|
||||
val connectionTimeout = child.renderAttribute("connection-timeout")
|
||||
?.let(Duration::parse)
|
||||
profiles[name] = GradleBuildCacheClient.Configuration.Profile(
|
||||
uri,
|
||||
authentication,
|
||||
connectionTimeout,
|
||||
maxConnections,
|
||||
retryPolicy
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
return GbcsClient.Configuration(profiles)
|
||||
return GradleBuildCacheClient.Configuration(profiles)
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
package net.woggioni.gbcs.client
|
||||
|
||||
import io.netty.util.concurrent.EventExecutorGroup
|
||||
import java.util.concurrent.CompletableFuture
|
||||
import java.util.concurrent.TimeUnit
|
||||
|
||||
sealed class OperationOutcome<T> {
|
||||
class Success<T>(val result: T) : OperationOutcome<T>()
|
||||
class Failure<T>(val ex: Throwable) : OperationOutcome<T>()
|
||||
}
|
||||
|
||||
sealed class OutcomeHandlerResult {
|
||||
class Retry(val suggestedDelayMillis: Long? = null) : OutcomeHandlerResult()
|
||||
class DoNotRetry : OutcomeHandlerResult()
|
||||
}
|
||||
|
||||
fun interface OutcomeHandler<T> {
|
||||
fun shouldRetry(result: OperationOutcome<T>): OutcomeHandlerResult
|
||||
}
|
||||
|
||||
fun <T> executeWithRetry(
|
||||
eventExecutorGroup: EventExecutorGroup,
|
||||
maxAttempts: Int,
|
||||
initialDelay: Double,
|
||||
exp: Double,
|
||||
outcomeHandler: OutcomeHandler<T>,
|
||||
cb: () -> CompletableFuture<T>
|
||||
): CompletableFuture<T> {
|
||||
val finalResult = cb()
|
||||
var future = finalResult
|
||||
var shortCircuit = false
|
||||
for (i in 1 until maxAttempts) {
|
||||
future = future.handle { result, ex ->
|
||||
val operationOutcome = if (ex == null) {
|
||||
OperationOutcome.Success(result)
|
||||
} else {
|
||||
OperationOutcome.Failure(ex.cause ?: ex)
|
||||
}
|
||||
if (shortCircuit) {
|
||||
when(operationOutcome) {
|
||||
is OperationOutcome.Failure -> throw operationOutcome.ex
|
||||
is OperationOutcome.Success -> CompletableFuture.completedFuture(operationOutcome.result)
|
||||
}
|
||||
} else {
|
||||
when(val outcomeHandlerResult = outcomeHandler.shouldRetry(operationOutcome)) {
|
||||
is OutcomeHandlerResult.Retry -> {
|
||||
val res = CompletableFuture<T>()
|
||||
val delay = run {
|
||||
val scheduledDelay = (initialDelay * Math.pow(exp, i.toDouble())).toLong()
|
||||
outcomeHandlerResult.suggestedDelayMillis?.coerceAtMost(scheduledDelay) ?: scheduledDelay
|
||||
}
|
||||
eventExecutorGroup.schedule({
|
||||
cb().handle { result, ex ->
|
||||
if (ex == null) {
|
||||
res.complete(result)
|
||||
} else {
|
||||
res.completeExceptionally(ex)
|
||||
}
|
||||
}
|
||||
}, delay, TimeUnit.MILLISECONDS)
|
||||
res
|
||||
}
|
||||
is OutcomeHandlerResult.DoNotRetry -> {
|
||||
shortCircuit = true
|
||||
when(operationOutcome) {
|
||||
is OperationOutcome.Failure -> throw operationOutcome.ex
|
||||
is OperationOutcome.Success -> CompletableFuture.completedFuture(operationOutcome.result)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}.thenCompose { it }
|
||||
}
|
||||
return future
|
||||
}
|
||||
@@ -13,15 +13,22 @@
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="profileType">
|
||||
<xs:choice>
|
||||
<xs:element name="basic-auth" type="gbcs-client:basicAuthType"/>
|
||||
<xs:element name="tls-client-auth" type="gbcs-client:tlsClientAuthType"/>
|
||||
</xs:choice>
|
||||
<xs:sequence>
|
||||
<xs:choice>
|
||||
<xs:element name="no-auth" type="gbcs-client:noAuthType"/>
|
||||
<xs:element name="basic-auth" type="gbcs-client:basicAuthType"/>
|
||||
<xs:element name="tls-client-auth" type="gbcs-client:tlsClientAuthType"/>
|
||||
</xs:choice>
|
||||
<xs:element name="retry-policy" type="gbcs-client:retryType" minOccurs="0"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="name" type="xs:token" use="required"/>
|
||||
<xs:attribute name="base-url" type="xs:anyURI" use="required"/>
|
||||
<xs:attribute name="max-connections" type="xs:positiveInteger" default="50"/>
|
||||
<xs:attribute name="connection-timeout" type="xs:duration"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="noAuthType"/>
|
||||
|
||||
<xs:complexType name="basicAuthType">
|
||||
<xs:attribute name="user" type="xs:token" use="required"/>
|
||||
<xs:attribute name="password" type="xs:string" use="required"/>
|
||||
@@ -34,4 +41,10 @@
|
||||
<xs:attribute name="key-password" type="xs:string" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="retryType">
|
||||
<xs:attribute name="max-attempts" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="initial-delay" type="xs:duration" default="PT1S"/>
|
||||
<xs:attribute name="exp" type="xs:double" default="2.0"/>
|
||||
</xs:complexType>
|
||||
|
||||
</xs:schema>
|
||||
|
||||
@@ -0,0 +1,149 @@
|
||||
package net.woggioni.gbcs.client
|
||||
|
||||
import io.netty.util.concurrent.DefaultEventExecutorGroup
|
||||
import io.netty.util.concurrent.EventExecutorGroup
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import org.junit.jupiter.api.Assertions
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.junit.jupiter.api.extension.ExtensionContext
|
||||
import org.junit.jupiter.params.ParameterizedTest
|
||||
import org.junit.jupiter.params.provider.Arguments
|
||||
import org.junit.jupiter.params.provider.ArgumentsProvider
|
||||
import org.junit.jupiter.params.provider.ArgumentsSource
|
||||
import java.util.concurrent.CompletableFuture
|
||||
import java.util.stream.Stream
|
||||
import kotlin.random.Random
|
||||
|
||||
class RetryTest {
|
||||
|
||||
data class TestArgs(
|
||||
val seed: Int,
|
||||
val maxAttempt: Int,
|
||||
val initialDelay: Double,
|
||||
val exp: Double,
|
||||
)
|
||||
|
||||
class TestArguments : ArgumentsProvider {
|
||||
override fun provideArguments(context: ExtensionContext): Stream<out Arguments> {
|
||||
return Stream.of(
|
||||
TestArgs(
|
||||
seed = 101325,
|
||||
maxAttempt = 5,
|
||||
initialDelay = 50.0,
|
||||
exp = 2.0,
|
||||
),
|
||||
TestArgs(
|
||||
seed = 101325,
|
||||
maxAttempt = 20,
|
||||
initialDelay = 100.0,
|
||||
exp = 1.1,
|
||||
),
|
||||
TestArgs(
|
||||
seed = 123487,
|
||||
maxAttempt = 20,
|
||||
initialDelay = 100.0,
|
||||
exp = 2.0,
|
||||
),
|
||||
TestArgs(
|
||||
seed = 20082024,
|
||||
maxAttempt = 10,
|
||||
initialDelay = 100.0,
|
||||
exp = 2.0,
|
||||
)
|
||||
).map {
|
||||
object: Arguments {
|
||||
override fun get() = arrayOf(it)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ArgumentsSource(TestArguments::class)
|
||||
@ParameterizedTest
|
||||
fun test(testArgs: TestArgs) {
|
||||
val log = contextLogger()
|
||||
log.debug("Start")
|
||||
val executor: EventExecutorGroup = DefaultEventExecutorGroup(1)
|
||||
val attempts = mutableListOf<Pair<Long, OperationOutcome<Int>>>()
|
||||
val outcomeHandler = OutcomeHandler<Int> { outcome ->
|
||||
when(outcome) {
|
||||
is OperationOutcome.Success -> {
|
||||
if(outcome.result % 10 == 0) {
|
||||
OutcomeHandlerResult.DoNotRetry()
|
||||
} else {
|
||||
OutcomeHandlerResult.Retry(null)
|
||||
}
|
||||
}
|
||||
is OperationOutcome.Failure -> {
|
||||
when(outcome.ex) {
|
||||
is IllegalStateException -> {
|
||||
log.debug(outcome.ex.message, outcome.ex)
|
||||
OutcomeHandlerResult.Retry(null)
|
||||
}
|
||||
else -> {
|
||||
OutcomeHandlerResult.DoNotRetry()
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
val random = Random(testArgs.seed)
|
||||
|
||||
val future =
|
||||
executeWithRetry(executor, testArgs.maxAttempt, testArgs.initialDelay, testArgs.exp, outcomeHandler) {
|
||||
val now = System.nanoTime()
|
||||
val result = CompletableFuture<Int>()
|
||||
executor.submit {
|
||||
val n = random.nextInt(0, Integer.MAX_VALUE)
|
||||
log.debug("Got new number: {}", n)
|
||||
if(n % 3 == 0) {
|
||||
val ex = IllegalStateException("Value $n can be divided by 3")
|
||||
result.completeExceptionally(ex)
|
||||
attempts += now to OperationOutcome.Failure(ex)
|
||||
} else if(n % 7 == 0) {
|
||||
val ex = RuntimeException("Value $n can be divided by 7")
|
||||
result.completeExceptionally(ex)
|
||||
attempts += now to OperationOutcome.Failure(ex)
|
||||
} else {
|
||||
result.complete(n)
|
||||
attempts += now to OperationOutcome.Success(n)
|
||||
}
|
||||
}
|
||||
result
|
||||
}
|
||||
Assertions.assertTrue(attempts.size <= testArgs.maxAttempt)
|
||||
val result = future.handle { res, ex ->
|
||||
if(ex != null) {
|
||||
val err = ex.cause ?: ex
|
||||
log.debug(err.message, err)
|
||||
OperationOutcome.Failure(err)
|
||||
} else {
|
||||
OperationOutcome.Success(res)
|
||||
}
|
||||
}.get()
|
||||
for ((index, attempt) in attempts.withIndex()) {
|
||||
val (timestamp, value) = attempt
|
||||
if (index > 0) {
|
||||
/* Check the delay for subsequent attempts is correct */
|
||||
val previousAttempt = attempts[index - 1]
|
||||
val expectedTimestamp =
|
||||
previousAttempt.first + testArgs.initialDelay * Math.pow(testArgs.exp, index.toDouble()) * 1e6
|
||||
val actualTimestamp = timestamp
|
||||
val err = Math.abs(expectedTimestamp - actualTimestamp) / expectedTimestamp
|
||||
Assertions.assertTrue(err < 1e-3)
|
||||
}
|
||||
if (index == attempts.size - 1 && index < testArgs.maxAttempt - 1) {
|
||||
/*
|
||||
* If the last attempt index is lower than the maximum number of attempts, then
|
||||
* check the outcome handler returns DoNotRetry
|
||||
*/
|
||||
Assertions.assertTrue(outcomeHandler.shouldRetry(value) is OutcomeHandlerResult.DoNotRetry)
|
||||
} else if (index < attempts.size - 1) {
|
||||
/*
|
||||
* If the attempt is not the last attempt check the outcome handler returns Retry
|
||||
*/
|
||||
Assertions.assertTrue(outcomeHandler.shouldRetry(value) is OutcomeHandlerResult.Retry)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
21
gbcs-client/src/test/resources/logback.xml
Normal file
21
gbcs-client/src/test/resources/logback.xml
Normal file
@@ -0,0 +1,21 @@
|
||||
<?xml version="1.0" encoding="UTF-8" ?>
|
||||
<!DOCTYPE configuration>
|
||||
|
||||
<configuration>
|
||||
<import class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"/>
|
||||
<import class="ch.qos.logback.core.ConsoleAppender"/>
|
||||
|
||||
<appender name="console" class="ConsoleAppender">
|
||||
<target>System.err</target>
|
||||
<encoder class="PatternLayoutEncoder">
|
||||
<pattern>%d [%highlight(%-5level)] \(%thread\) %logger{36} -%kvp- %msg %n</pattern>
|
||||
</encoder>
|
||||
</appender>
|
||||
|
||||
<root level="info">
|
||||
<appender-ref ref="console"/>
|
||||
</root>
|
||||
<logger name="io.netty" level="info"/>
|
||||
<logger name="com.google.code.yanf4j" level="warn"/>
|
||||
<logger name="net.rubyeye.xmemcached" level="warn"/>
|
||||
</configuration>
|
||||
@@ -5,5 +5,6 @@ module net.woggioni.gbcs.common {
|
||||
requires kotlin.stdlib;
|
||||
requires net.woggioni.jwo;
|
||||
|
||||
provides java.net.spi.URLStreamHandlerProvider with net.woggioni.gbcs.common.GbcsUrlStreamHandlerFactory;
|
||||
exports net.woggioni.gbcs.common;
|
||||
}
|
||||
@@ -6,12 +6,13 @@ import java.net.URL
|
||||
import java.net.URLConnection
|
||||
import java.net.URLStreamHandler
|
||||
import java.net.URLStreamHandlerFactory
|
||||
import java.net.spi.URLStreamHandlerProvider
|
||||
import java.util.Optional
|
||||
import java.util.concurrent.atomic.AtomicBoolean
|
||||
import java.util.stream.Collectors
|
||||
|
||||
|
||||
class GbcsUrlStreamHandlerFactory : URLStreamHandlerFactory {
|
||||
class GbcsUrlStreamHandlerFactory : URLStreamHandlerProvider() {
|
||||
|
||||
private class ClasspathHandler(private val classLoader: ClassLoader = GbcsUrlStreamHandlerFactory::class.java.classLoader) :
|
||||
URLStreamHandler() {
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
net.woggioni.gbcs.common.GbcsUrlStreamHandlerFactory
|
||||
@@ -1,6 +1,7 @@
|
||||
plugins {
|
||||
id 'java-library'
|
||||
alias catalog.plugins.kotlin.jvm
|
||||
id 'jacoco'
|
||||
id 'maven-publish'
|
||||
}
|
||||
|
||||
@@ -17,13 +18,15 @@ dependencies {
|
||||
|
||||
testImplementation catalog.bcprov.jdk18on
|
||||
testImplementation catalog.bcpkix.jdk18on
|
||||
testImplementation catalog.junit.jupiter.api
|
||||
testImplementation catalog.junit.jupiter.params
|
||||
testRuntimeOnly catalog.junit.jupiter.engine
|
||||
|
||||
testRuntimeOnly project(":gbcs-server-memcached")
|
||||
}
|
||||
|
||||
test {
|
||||
systemProperty("io.netty.leakDetectionLevel", "PARANOID")
|
||||
systemProperty("jdk.httpclient.redirects.retrylimit", "1")
|
||||
}
|
||||
|
||||
publishing {
|
||||
publications {
|
||||
maven(MavenPublication) {
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
import net.woggioni.gbcs.api.CacheProvider;
|
||||
import net.woggioni.gbcs.server.cache.FileSystemCacheProvider;
|
||||
import net.woggioni.gbcs.server.cache.InMemoryCacheProvider;
|
||||
|
||||
module net.woggioni.gbcs.server {
|
||||
requires java.sql;
|
||||
@@ -24,5 +25,5 @@ module net.woggioni.gbcs.server {
|
||||
opens net.woggioni.gbcs.server.schema;
|
||||
|
||||
uses CacheProvider;
|
||||
provides CacheProvider with FileSystemCacheProvider;
|
||||
provides CacheProvider with FileSystemCacheProvider, InMemoryCacheProvider;
|
||||
}
|
||||
@@ -2,57 +2,42 @@ package net.woggioni.gbcs.server
|
||||
|
||||
import io.netty.bootstrap.ServerBootstrap
|
||||
import io.netty.buffer.ByteBuf
|
||||
import io.netty.buffer.Unpooled
|
||||
import io.netty.channel.Channel
|
||||
import io.netty.channel.ChannelDuplexHandler
|
||||
import io.netty.channel.ChannelFuture
|
||||
import io.netty.channel.ChannelFutureListener
|
||||
import io.netty.channel.ChannelHandler.Sharable
|
||||
import io.netty.channel.ChannelHandlerContext
|
||||
import io.netty.channel.ChannelInboundHandlerAdapter
|
||||
import io.netty.channel.ChannelInitializer
|
||||
import io.netty.channel.ChannelOption
|
||||
import io.netty.channel.ChannelPromise
|
||||
import io.netty.channel.DefaultFileRegion
|
||||
import io.netty.channel.SimpleChannelInboundHandler
|
||||
import io.netty.channel.nio.NioEventLoopGroup
|
||||
import io.netty.channel.socket.nio.NioServerSocketChannel
|
||||
import io.netty.handler.codec.DecoderException
|
||||
import io.netty.handler.codec.compression.CompressionOptions
|
||||
import io.netty.handler.codec.http.DefaultFullHttpResponse
|
||||
import io.netty.handler.codec.http.DefaultHttpContent
|
||||
import io.netty.handler.codec.http.DefaultHttpResponse
|
||||
import io.netty.handler.codec.http.FullHttpRequest
|
||||
import io.netty.handler.codec.http.FullHttpResponse
|
||||
import io.netty.handler.codec.http.HttpContentCompressor
|
||||
import io.netty.handler.codec.http.HttpHeaderNames
|
||||
import io.netty.handler.codec.http.HttpHeaderValues
|
||||
import io.netty.handler.codec.http.HttpMethod
|
||||
import io.netty.handler.codec.http.HttpObjectAggregator
|
||||
import io.netty.handler.codec.http.HttpRequest
|
||||
import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import io.netty.handler.codec.http.HttpServerCodec
|
||||
import io.netty.handler.codec.http.HttpUtil
|
||||
import io.netty.handler.codec.http.HttpVersion
|
||||
import io.netty.handler.codec.http.LastHttpContent
|
||||
import io.netty.handler.ssl.ClientAuth
|
||||
import io.netty.handler.ssl.SslContext
|
||||
import io.netty.handler.ssl.SslContextBuilder
|
||||
import io.netty.handler.ssl.SslHandler
|
||||
import io.netty.handler.stream.ChunkedNioFile
|
||||
import io.netty.handler.stream.ChunkedNioStream
|
||||
import io.netty.handler.stream.ChunkedWriteHandler
|
||||
import io.netty.handler.timeout.IdleState
|
||||
import io.netty.handler.timeout.IdleStateEvent
|
||||
import io.netty.handler.timeout.IdleStateHandler
|
||||
import io.netty.util.AttributeKey
|
||||
import io.netty.util.concurrent.DefaultEventExecutorGroup
|
||||
import io.netty.util.concurrent.EventExecutorGroup
|
||||
import net.woggioni.gbcs.api.Cache
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.api.Role
|
||||
import net.woggioni.gbcs.api.exception.ConfigurationException
|
||||
import net.woggioni.gbcs.api.exception.ContentTooLargeException
|
||||
import net.woggioni.gbcs.common.GBCS.toUrl
|
||||
import net.woggioni.gbcs.common.PasswordSecurity.decodePasswordHash
|
||||
import net.woggioni.gbcs.common.PasswordSecurity.hashPassword
|
||||
import net.woggioni.gbcs.common.Xml
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.common.debug
|
||||
import net.woggioni.gbcs.common.info
|
||||
import net.woggioni.gbcs.server.auth.AbstractNettyHttpAuthenticator
|
||||
import net.woggioni.gbcs.server.auth.Authorizer
|
||||
@@ -60,11 +45,13 @@ import net.woggioni.gbcs.server.auth.ClientCertificateValidator
|
||||
import net.woggioni.gbcs.server.auth.RoleAuthorizer
|
||||
import net.woggioni.gbcs.server.configuration.Parser
|
||||
import net.woggioni.gbcs.server.configuration.Serializer
|
||||
import net.woggioni.gbcs.server.exception.ExceptionHandler
|
||||
import net.woggioni.gbcs.server.handler.ServerHandler
|
||||
import net.woggioni.gbcs.server.throttling.ThrottlingHandler
|
||||
import net.woggioni.jwo.JWO
|
||||
import net.woggioni.jwo.Tuple2
|
||||
import java.io.OutputStream
|
||||
import java.net.InetSocketAddress
|
||||
import java.nio.channels.FileChannel
|
||||
import java.nio.file.Files
|
||||
import java.nio.file.Path
|
||||
import java.security.KeyStore
|
||||
@@ -72,17 +59,20 @@ import java.security.PrivateKey
|
||||
import java.security.cert.X509Certificate
|
||||
import java.util.Arrays
|
||||
import java.util.Base64
|
||||
import java.util.concurrent.TimeUnit
|
||||
import java.util.regex.Matcher
|
||||
import java.util.regex.Pattern
|
||||
import javax.naming.ldap.LdapName
|
||||
import javax.net.ssl.SSLPeerUnverifiedException
|
||||
|
||||
|
||||
class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
private val log = contextLogger()
|
||||
|
||||
companion object {
|
||||
|
||||
val userAttribute: AttributeKey<Configuration.User> = AttributeKey.valueOf("user")
|
||||
val groupAttribute: AttributeKey<Set<Configuration.Group>> = AttributeKey.valueOf("group")
|
||||
|
||||
val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
|
||||
private const val SSL_HANDLER_NAME = "sslHandler"
|
||||
|
||||
@@ -122,12 +112,12 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
@Sharable
|
||||
private class ClientCertificateAuthenticator(
|
||||
authorizer: Authorizer,
|
||||
private val anonymousUserRoles: Set<Role>?,
|
||||
private val anonymousUserGroups: Set<Configuration.Group>?,
|
||||
private val userExtractor: Configuration.UserExtractor?,
|
||||
private val groupExtractor: Configuration.GroupExtractor?,
|
||||
) : AbstractNettyHttpAuthenticator(authorizer) {
|
||||
|
||||
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
|
||||
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): AuthenticationResult? {
|
||||
return try {
|
||||
val sslHandler = (ctx.pipeline().get(SSL_HANDLER_NAME) as? SslHandler)
|
||||
?: throw ConfigurationException("Client certificate authentication cannot be used when TLS is disabled")
|
||||
@@ -138,10 +128,11 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
val clientCertificate = peerCertificates.first() as X509Certificate
|
||||
val user = userExtractor?.extract(clientCertificate)
|
||||
val group = groupExtractor?.extract(clientCertificate)
|
||||
(group?.roles ?: emptySet()) + (user?.roles ?: emptySet())
|
||||
} ?: anonymousUserRoles
|
||||
val allGroups = ((user?.groups ?: emptySet()).asSequence() + sequenceOf(group).filterNotNull()).toSet()
|
||||
AuthenticationResult(user, allGroups)
|
||||
} ?: anonymousUserGroups?.let{ AuthenticationResult(null, it) }
|
||||
} catch (es: SSLPeerUnverifiedException) {
|
||||
anonymousUserRoles
|
||||
anonymousUserGroups?.let{ AuthenticationResult(null, it) }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -152,26 +143,26 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
) : AbstractNettyHttpAuthenticator(authorizer) {
|
||||
private val log = contextLogger()
|
||||
|
||||
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
|
||||
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): AuthenticationResult? {
|
||||
val authorizationHeader = req.headers()[HttpHeaderNames.AUTHORIZATION] ?: let {
|
||||
log.debug(ctx) {
|
||||
"Missing Authorization header"
|
||||
}
|
||||
return users[""]?.roles
|
||||
return users[""]?.let { AuthenticationResult(it, it.groups) }
|
||||
}
|
||||
val cursor = authorizationHeader.indexOf(' ')
|
||||
if (cursor < 0) {
|
||||
log.debug(ctx) {
|
||||
"Invalid Authorization header: '$authorizationHeader'"
|
||||
}
|
||||
return users[""]?.roles
|
||||
return users[""]?.let { AuthenticationResult(it, it.groups) }
|
||||
}
|
||||
val authenticationType = authorizationHeader.substring(0, cursor)
|
||||
if ("Basic" != authenticationType) {
|
||||
log.debug(ctx) {
|
||||
"Invalid authentication type header: '$authenticationType'"
|
||||
}
|
||||
return users[""]?.roles
|
||||
return users[""]?.let { AuthenticationResult(it, it.groups) }
|
||||
}
|
||||
val (username, password) = Base64.getDecoder().decode(authorizationHeader.substring(cursor + 1))
|
||||
.let(::String)
|
||||
@@ -191,7 +182,9 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
val (_, salt) = decodePasswordHash(passwordAndSalt)
|
||||
hashPassword(password, Base64.getEncoder().encodeToString(salt)) == passwordAndSalt
|
||||
} ?: false
|
||||
}?.roles
|
||||
}?.let { user ->
|
||||
AuthenticationResult(user, user.groups)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -200,28 +193,6 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
private val eventExecutorGroup: EventExecutorGroup
|
||||
) : ChannelInitializer<Channel>() {
|
||||
|
||||
private val serverHandler = let {
|
||||
val cacheImplementation = cfg.cache.materialize()
|
||||
val prefix = Path.of("/").resolve(Path.of(cfg.serverPath ?: "/"))
|
||||
ServerHandler(cacheImplementation, prefix)
|
||||
}
|
||||
|
||||
private val exceptionHandler = ExceptionHandler()
|
||||
|
||||
private val authenticator = when (val auth = cfg.authentication) {
|
||||
is Configuration.BasicAuthentication -> NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer())
|
||||
is Configuration.ClientCertificateAuthentication -> {
|
||||
ClientCertificateAuthenticator(
|
||||
RoleAuthorizer(),
|
||||
cfg.users[""]?.roles,
|
||||
userExtractor(auth),
|
||||
groupExtractor(auth)
|
||||
)
|
||||
}
|
||||
|
||||
else -> null
|
||||
}
|
||||
|
||||
companion object {
|
||||
private fun createSslCtx(tls: Configuration.Tls): SslContext {
|
||||
val keyStore = tls.keyStore
|
||||
@@ -237,15 +208,15 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
.map { it as X509Certificate }
|
||||
.toArray { size -> Array<X509Certificate?>(size) { null } }
|
||||
SslContextBuilder.forServer(serverKey, *serverCert).apply {
|
||||
if (tls.isVerifyClients) {
|
||||
clientAuth(ClientAuth.OPTIONAL)
|
||||
tls.trustStore?.let { trustStore ->
|
||||
val ts = loadKeystore(trustStore.file, trustStore.password)
|
||||
trustManager(
|
||||
ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
|
||||
)
|
||||
}
|
||||
}
|
||||
val clientAuth = tls.trustStore?.let { trustStore ->
|
||||
val ts = loadKeystore(trustStore.file, trustStore.password)
|
||||
trustManager(
|
||||
ClientCertificateValidator.getTrustManager(ts, trustStore.isCheckCertificateStatus)
|
||||
)
|
||||
if(trustStore.isRequireClientCertificate) ClientAuth.REQUIRE
|
||||
else ClientAuth.OPTIONAL
|
||||
} ?: ClientAuth.NONE
|
||||
clientAuth(clientAuth)
|
||||
}.build()
|
||||
}
|
||||
}
|
||||
@@ -272,6 +243,31 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
}
|
||||
}
|
||||
|
||||
private val log = contextLogger()
|
||||
|
||||
private val serverHandler = let {
|
||||
val cacheImplementation = cfg.cache.materialize()
|
||||
val prefix = Path.of("/").resolve(Path.of(cfg.serverPath ?: "/"))
|
||||
ServerHandler(cacheImplementation, prefix)
|
||||
}
|
||||
|
||||
private val exceptionHandler = ExceptionHandler()
|
||||
private val throttlingHandler = ThrottlingHandler(cfg)
|
||||
|
||||
private val authenticator = when (val auth = cfg.authentication) {
|
||||
is Configuration.BasicAuthentication -> NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer())
|
||||
is Configuration.ClientCertificateAuthentication -> {
|
||||
ClientCertificateAuthenticator(
|
||||
RoleAuthorizer(),
|
||||
cfg.users[""]?.groups,
|
||||
userExtractor(auth),
|
||||
groupExtractor(auth)
|
||||
)
|
||||
}
|
||||
|
||||
else -> null
|
||||
}
|
||||
|
||||
private val sslContext: SslContext? = cfg.tls?.let(Companion::createSslCtx)
|
||||
|
||||
private fun userExtractor(authentication: Configuration.ClientCertificateAuthentication) =
|
||||
@@ -303,167 +299,79 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
}
|
||||
|
||||
override fun initChannel(ch: Channel) {
|
||||
log.debug {
|
||||
"Created connection ${ch.id().asShortText()} with ${ch.remoteAddress()}"
|
||||
}
|
||||
ch.closeFuture().addListener {
|
||||
log.debug {
|
||||
"Closed connection ${ch.id().asShortText()} with ${ch.remoteAddress()}"
|
||||
}
|
||||
}
|
||||
val pipeline = ch.pipeline()
|
||||
cfg.connection.also { conn ->
|
||||
val readTimeout = conn.readTimeout.toMillis()
|
||||
val writeTimeout = conn.writeTimeout.toMillis()
|
||||
if(readTimeout > 0 || writeTimeout > 0) {
|
||||
pipeline.addLast(
|
||||
IdleStateHandler(
|
||||
false,
|
||||
readTimeout,
|
||||
writeTimeout,
|
||||
0,
|
||||
TimeUnit.MILLISECONDS
|
||||
)
|
||||
)
|
||||
}
|
||||
val readIdleTimeout = conn.readIdleTimeout.toMillis()
|
||||
val writeIdleTimeout = conn.writeIdleTimeout.toMillis()
|
||||
val idleTimeout = conn.idleTimeout.toMillis()
|
||||
if(readIdleTimeout > 0 || writeIdleTimeout > 0 || idleTimeout > 0) {
|
||||
pipeline.addLast(
|
||||
IdleStateHandler(
|
||||
true,
|
||||
readIdleTimeout,
|
||||
writeIdleTimeout,
|
||||
idleTimeout,
|
||||
TimeUnit.MILLISECONDS
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
pipeline.addLast(object : ChannelInboundHandlerAdapter() {
|
||||
override fun userEventTriggered(ctx: ChannelHandlerContext, evt: Any) {
|
||||
if (evt is IdleStateEvent) {
|
||||
when(evt.state()) {
|
||||
IdleState.READER_IDLE -> log.debug {
|
||||
"Read timeout reached on channel ${ch.id().asShortText()}, closing the connection"
|
||||
}
|
||||
IdleState.WRITER_IDLE -> log.debug {
|
||||
"Write timeout reached on channel ${ch.id().asShortText()}, closing the connection"
|
||||
}
|
||||
IdleState.ALL_IDLE -> log.debug {
|
||||
"Idle timeout reached on channel ${ch.id().asShortText()}, closing the connection"
|
||||
}
|
||||
null -> throw IllegalStateException("This should never happen")
|
||||
}
|
||||
ctx.close()
|
||||
}
|
||||
}
|
||||
})
|
||||
sslContext?.newHandler(ch.alloc())?.also {
|
||||
pipeline.addLast(SSL_HANDLER_NAME, it)
|
||||
}
|
||||
pipeline.addLast(HttpServerCodec())
|
||||
pipeline.addLast(HttpChunkContentCompressor(1024))
|
||||
pipeline.addLast(ChunkedWriteHandler())
|
||||
pipeline.addLast(HttpObjectAggregator(cfg.maxRequestSize))
|
||||
pipeline.addLast(HttpObjectAggregator(cfg.connection.maxRequestSize))
|
||||
authenticator?.let {
|
||||
pipeline.addLast(it)
|
||||
}
|
||||
pipeline.addLast(throttlingHandler)
|
||||
pipeline.addLast(eventExecutorGroup, serverHandler)
|
||||
pipeline.addLast(exceptionHandler)
|
||||
}
|
||||
}
|
||||
|
||||
@Sharable
|
||||
private class ExceptionHandler : ChannelDuplexHandler() {
|
||||
private val log = contextLogger()
|
||||
|
||||
private val NOT_AUTHORIZED: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
private val TOO_BIG: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
override fun exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable) {
|
||||
when (cause) {
|
||||
is DecoderException -> {
|
||||
log.error(cause.message, cause)
|
||||
ctx.close()
|
||||
}
|
||||
|
||||
is SSLPeerUnverifiedException -> {
|
||||
ctx.writeAndFlush(NOT_AUTHORIZED.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
|
||||
is ContentTooLargeException -> {
|
||||
ctx.writeAndFlush(TOO_BIG.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
|
||||
else -> {
|
||||
log.error(cause.message, cause)
|
||||
ctx.close()
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Sharable
|
||||
private class ServerHandler(private val cache: Cache, private val serverPrefix: Path) :
|
||||
SimpleChannelInboundHandler<FullHttpRequest>() {
|
||||
|
||||
private val log = contextLogger()
|
||||
|
||||
override fun channelRead0(ctx: ChannelHandlerContext, msg: FullHttpRequest) {
|
||||
val keepAlive: Boolean = HttpUtil.isKeepAlive(msg)
|
||||
val method = msg.method()
|
||||
if (method === HttpMethod.GET) {
|
||||
val path = Path.of(msg.uri())
|
||||
val prefix = path.parent
|
||||
val key = path.fileName.toString()
|
||||
if (serverPrefix == prefix) {
|
||||
cache.get(key)?.let { channel ->
|
||||
log.debug(ctx) {
|
||||
"Cache hit for key '$key'"
|
||||
}
|
||||
val response = DefaultHttpResponse(msg.protocolVersion(), HttpResponseStatus.OK)
|
||||
response.headers()[HttpHeaderNames.CONTENT_TYPE] = HttpHeaderValues.APPLICATION_OCTET_STREAM
|
||||
if (!keepAlive) {
|
||||
response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
|
||||
response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.IDENTITY)
|
||||
} else {
|
||||
response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
|
||||
response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.CHUNKED)
|
||||
}
|
||||
ctx.write(response)
|
||||
when (channel) {
|
||||
is FileChannel -> {
|
||||
if (keepAlive) {
|
||||
ctx.write(ChunkedNioFile(channel))
|
||||
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
|
||||
} else {
|
||||
ctx.writeAndFlush(DefaultFileRegion(channel, 0, channel.size()))
|
||||
.addListener(ChannelFutureListener.CLOSE)
|
||||
}
|
||||
}
|
||||
|
||||
else -> {
|
||||
ctx.write(ChunkedNioStream(channel))
|
||||
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT)
|
||||
}
|
||||
}
|
||||
} ?: let {
|
||||
log.debug(ctx) {
|
||||
"Cache miss for key '$key'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.NOT_FOUND)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request for unhandled path '${msg.uri()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else if (method === HttpMethod.PUT) {
|
||||
val path = Path.of(msg.uri())
|
||||
val prefix = path.parent
|
||||
val key = path.fileName.toString()
|
||||
|
||||
if (serverPrefix == prefix) {
|
||||
log.debug(ctx) {
|
||||
"Added value for key '$key' to build cache"
|
||||
}
|
||||
val bodyBytes = msg.content().run {
|
||||
if (isDirect) {
|
||||
ByteArray(readableBytes()).also {
|
||||
readBytes(it)
|
||||
}
|
||||
} else {
|
||||
array()
|
||||
}
|
||||
}
|
||||
cache.put(key, bodyBytes)
|
||||
val response = DefaultFullHttpResponse(
|
||||
msg.protocolVersion(), HttpResponseStatus.CREATED,
|
||||
Unpooled.copiedBuffer(key.toByteArray())
|
||||
)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = response.content().readableBytes()
|
||||
ctx.writeAndFlush(response)
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request for unhandled path '${msg.uri()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request with unhandled method '${msg.method().name()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
class ServerHandle(
|
||||
httpChannelFuture: ChannelFuture,
|
||||
private val executorGroups: Iterable<EventExecutorGroup>
|
||||
@@ -496,14 +404,13 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
||||
val serverSocketChannel = NioServerSocketChannel::class.java
|
||||
val workerGroup = bossGroup
|
||||
val eventExecutorGroup = run {
|
||||
val threadFactory = if (cfg.isUseVirtualThread) {
|
||||
val threadFactory = if (cfg.eventExecutor.isUseVirtualThreads) {
|
||||
Thread.ofVirtual().factory()
|
||||
} else {
|
||||
null
|
||||
}
|
||||
DefaultEventExecutorGroup(Runtime.getRuntime().availableProcessors(), threadFactory)
|
||||
}
|
||||
// A helper class that simplifies server configuration
|
||||
val bootstrap = ServerBootstrap().apply {
|
||||
// Configure the server
|
||||
group(bossGroup, workerGroup)
|
||||
|
||||
@@ -11,32 +11,48 @@ import io.netty.handler.codec.http.HttpRequest
|
||||
import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import io.netty.handler.codec.http.HttpVersion
|
||||
import io.netty.util.ReferenceCountUtil
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.api.Configuration.Group
|
||||
import net.woggioni.gbcs.api.Role
|
||||
import net.woggioni.gbcs.server.GradleBuildCacheServer
|
||||
|
||||
|
||||
abstract class AbstractNettyHttpAuthenticator(private val authorizer : Authorizer)
|
||||
: ChannelInboundHandlerAdapter() {
|
||||
abstract class AbstractNettyHttpAuthenticator(private val authorizer: Authorizer) : ChannelInboundHandlerAdapter() {
|
||||
|
||||
companion object {
|
||||
private val AUTHENTICATION_FAILED: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED, Unpooled.EMPTY_BUFFER).apply {
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.UNAUTHORIZED, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
private val NOT_AUTHORIZED: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN, Unpooled.EMPTY_BUFFER).apply {
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
}
|
||||
|
||||
class AuthenticationResult(val user: Configuration.User?, val groups: Set<Group>)
|
||||
|
||||
abstract fun authenticate(ctx : ChannelHandlerContext, req : HttpRequest) : Set<Role>?
|
||||
abstract fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): AuthenticationResult?
|
||||
|
||||
override fun channelRead(ctx: ChannelHandlerContext, msg: Any) {
|
||||
if(msg is HttpRequest) {
|
||||
val roles = authenticate(ctx, msg) ?: return authenticationFailure(ctx, msg)
|
||||
if (msg is HttpRequest) {
|
||||
val result = authenticate(ctx, msg) ?: return authenticationFailure(ctx, msg)
|
||||
ctx.channel().attr(GradleBuildCacheServer.userAttribute).set(result.user)
|
||||
ctx.channel().attr(GradleBuildCacheServer.groupAttribute).set(result.groups)
|
||||
|
||||
val roles = (
|
||||
(result.user?.let { user ->
|
||||
user.groups.asSequence().flatMap { group ->
|
||||
group.roles.asSequence()
|
||||
}
|
||||
} ?: emptySequence<Role>()) +
|
||||
result.groups.asSequence().flatMap { it.roles.asSequence() }
|
||||
).toSet()
|
||||
val authorized = authorizer.authorize(roles, msg)
|
||||
if(authorized) {
|
||||
if (authorized) {
|
||||
super.channelRead(ctx, msg)
|
||||
} else {
|
||||
authorizationFailure(ctx, msg)
|
||||
|
||||
@@ -19,8 +19,9 @@ import javax.net.ssl.X509TrustManager
|
||||
|
||||
|
||||
class ClientCertificateValidator private constructor(
|
||||
private val sslHandler : SslHandler,
|
||||
private val x509TrustManager: X509TrustManager) : ChannelInboundHandlerAdapter() {
|
||||
private val sslHandler: SslHandler,
|
||||
private val x509TrustManager: X509TrustManager
|
||||
) : ChannelInboundHandlerAdapter() {
|
||||
override fun userEventTriggered(ctx: ChannelHandlerContext, evt: Any) {
|
||||
if (evt is SslHandshakeCompletionEvent) {
|
||||
if (evt.isSuccess) {
|
||||
@@ -36,13 +37,14 @@ class ClientCertificateValidator private constructor(
|
||||
}
|
||||
|
||||
companion object {
|
||||
fun getTrustManager(trustStore : KeyStore?, certificateRevocationEnabled : Boolean) : X509TrustManager {
|
||||
return if(trustStore != null) {
|
||||
fun getTrustManager(trustStore: KeyStore?, certificateRevocationEnabled: Boolean): X509TrustManager {
|
||||
return if (trustStore != null) {
|
||||
val certificateFactory = CertificateFactory.getInstance("X.509")
|
||||
val validator = CertPathValidator.getInstance("PKIX").apply {
|
||||
val rc = revocationChecker as PKIXRevocationChecker
|
||||
rc.options = EnumSet.of(
|
||||
PKIXRevocationChecker.Option.NO_FALLBACK)
|
||||
PKIXRevocationChecker.Option.NO_FALLBACK
|
||||
)
|
||||
}
|
||||
val params = PKIXParameters(trustStore).apply {
|
||||
isRevocationEnabled = certificateRevocationEnabled
|
||||
@@ -52,7 +54,7 @@ class ClientCertificateValidator private constructor(
|
||||
val clientCertificateChain = certificateFactory.generateCertPath(chain.toList())
|
||||
try {
|
||||
validator.validate(clientCertificateChain, params)
|
||||
} catch (ex : CertPathValidatorException) {
|
||||
} catch (ex: CertPathValidatorException) {
|
||||
throw CertificateException(ex)
|
||||
}
|
||||
}
|
||||
@@ -62,7 +64,7 @@ class ClientCertificateValidator private constructor(
|
||||
}
|
||||
|
||||
private val acceptedIssuers = trustStore.aliases().asSequence()
|
||||
.filter (trustStore::isCertificateEntry)
|
||||
.filter(trustStore::isCertificateEntry)
|
||||
.map(trustStore::getCertificate)
|
||||
.map { it as X509Certificate }
|
||||
.toList()
|
||||
@@ -72,11 +74,16 @@ class ClientCertificateValidator private constructor(
|
||||
}
|
||||
} else {
|
||||
val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
|
||||
trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }.single() as X509TrustManager
|
||||
trustManagerFactory.trustManagers.asSequence().filter { it is X509TrustManager }
|
||||
.single() as X509TrustManager
|
||||
}
|
||||
}
|
||||
|
||||
fun of(sslHandler : SslHandler, trustStore : KeyStore?, certificateRevocationEnabled : Boolean) : ClientCertificateValidator {
|
||||
fun of(
|
||||
sslHandler: SslHandler,
|
||||
trustStore: KeyStore?,
|
||||
certificateRevocationEnabled: Boolean
|
||||
): ClientCertificateValidator {
|
||||
return ClientCertificateValidator(sslHandler, getTrustManager(trustStore, certificateRevocationEnabled))
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@ class RoleAuthorizer : Authorizer {
|
||||
|
||||
companion object {
|
||||
private val METHOD_MAP = mapOf(
|
||||
Role.Reader to setOf(HttpMethod.GET, HttpMethod.HEAD),
|
||||
Role.Reader to setOf(HttpMethod.GET, HttpMethod.HEAD, HttpMethod.TRACE),
|
||||
Role.Writer to setOf(HttpMethod.PUT, HttpMethod.POST)
|
||||
)
|
||||
}
|
||||
|
||||
21
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/CacheUtils.kt
vendored
Normal file
21
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/CacheUtils.kt
vendored
Normal file
@@ -0,0 +1,21 @@
|
||||
package net.woggioni.gbcs.server.cache
|
||||
|
||||
import net.woggioni.jwo.JWO
|
||||
import java.security.MessageDigest
|
||||
|
||||
object CacheUtils {
|
||||
fun digest(
|
||||
data: ByteArray,
|
||||
md: MessageDigest = MessageDigest.getInstance("MD5")
|
||||
): ByteArray {
|
||||
md.update(data)
|
||||
return md.digest()
|
||||
}
|
||||
|
||||
fun digestString(
|
||||
data: ByteArray,
|
||||
md: MessageDigest = MessageDigest.getInstance("MD5")
|
||||
): String {
|
||||
return JWO.bytesToHex(digest(data, md))
|
||||
}
|
||||
}
|
||||
@@ -1,7 +1,8 @@
|
||||
package net.woggioni.gbcs.server.cache
|
||||
|
||||
import net.woggioni.gbcs.api.Cache
|
||||
import net.woggioni.jwo.JWO
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.server.cache.CacheUtils.digestString
|
||||
import net.woggioni.jwo.LockFile
|
||||
import java.nio.channels.Channels
|
||||
import java.nio.channels.FileChannel
|
||||
@@ -19,7 +20,6 @@ import java.util.zip.DeflaterOutputStream
|
||||
import java.util.zip.Inflater
|
||||
import java.util.zip.InflaterInputStream
|
||||
|
||||
|
||||
class FileSystemCache(
|
||||
val root: Path,
|
||||
val maxAge: Duration,
|
||||
@@ -28,7 +28,7 @@ class FileSystemCache(
|
||||
val compressionLevel: Int
|
||||
) : Cache {
|
||||
|
||||
private fun lockFilePath(key: String): Path = root.resolve("$key.lock")
|
||||
private val log = contextLogger()
|
||||
|
||||
init {
|
||||
Files.createDirectories(root)
|
||||
@@ -41,18 +41,28 @@ class FileSystemCache(
|
||||
?.let { md ->
|
||||
digestString(key.toByteArray(), md)
|
||||
} ?: key).let { digest ->
|
||||
LockFile.acquire(lockFilePath(digest), true).use {
|
||||
root.resolve(digest).takeIf(Files::exists)?.let { file ->
|
||||
if (compressionEnabled) {
|
||||
val inflater = Inflater()
|
||||
Channels.newChannel(InflaterInputStream(Files.newInputStream(file), inflater))
|
||||
} else {
|
||||
FileChannel.open(file, StandardOpenOption.READ)
|
||||
root.resolve(digest).takeIf(Files::exists)
|
||||
?.let { file ->
|
||||
file.takeIf(Files::exists)?.let { file ->
|
||||
if (compressionEnabled) {
|
||||
val inflater = Inflater()
|
||||
Channels.newChannel(
|
||||
InflaterInputStream(
|
||||
Channels.newInputStream(
|
||||
FileChannel.open(
|
||||
file,
|
||||
StandardOpenOption.READ
|
||||
)
|
||||
), inflater
|
||||
)
|
||||
)
|
||||
} else {
|
||||
FileChannel.open(file, StandardOpenOption.READ)
|
||||
}
|
||||
}
|
||||
}.also {
|
||||
gc()
|
||||
}
|
||||
}.also {
|
||||
gc()
|
||||
}
|
||||
}
|
||||
|
||||
override fun put(key: String, content: ByteArray) {
|
||||
@@ -61,25 +71,23 @@ class FileSystemCache(
|
||||
?.let { md ->
|
||||
digestString(key.toByteArray(), md)
|
||||
} ?: key).let { digest ->
|
||||
LockFile.acquire(lockFilePath(digest), false).use {
|
||||
val file = root.resolve(digest)
|
||||
val tmpFile = Files.createTempFile(root, null, ".tmp")
|
||||
try {
|
||||
Files.newOutputStream(tmpFile).let {
|
||||
if (compressionEnabled) {
|
||||
val deflater = Deflater(compressionLevel)
|
||||
DeflaterOutputStream(it, deflater)
|
||||
} else {
|
||||
it
|
||||
}
|
||||
}.use {
|
||||
it.write(content)
|
||||
val file = root.resolve(digest)
|
||||
val tmpFile = Files.createTempFile(root, null, ".tmp")
|
||||
try {
|
||||
Files.newOutputStream(tmpFile).let {
|
||||
if (compressionEnabled) {
|
||||
val deflater = Deflater(compressionLevel)
|
||||
DeflaterOutputStream(it, deflater)
|
||||
} else {
|
||||
it
|
||||
}
|
||||
Files.move(tmpFile, file, StandardCopyOption.ATOMIC_MOVE)
|
||||
} catch (t: Throwable) {
|
||||
Files.delete(tmpFile)
|
||||
throw t
|
||||
}.use {
|
||||
it.write(content)
|
||||
}
|
||||
Files.move(tmpFile, file, StandardCopyOption.ATOMIC_MOVE)
|
||||
} catch (t: Throwable) {
|
||||
Files.delete(tmpFile)
|
||||
throw t
|
||||
}
|
||||
}.also {
|
||||
gc()
|
||||
@@ -97,37 +105,16 @@ class FileSystemCache(
|
||||
@Synchronized
|
||||
private fun actualGc(now: Instant) {
|
||||
Files.list(root).filter {
|
||||
!it.fileName.toString().endsWith(".lock")
|
||||
}.filter {
|
||||
val creationTimeStamp = Files.readAttributes(it, BasicFileAttributes::class.java)
|
||||
.creationTime()
|
||||
.toInstant()
|
||||
now > creationTimeStamp.plus(maxAge)
|
||||
}.forEach { file ->
|
||||
val lockFile = lockFilePath(file.fileName.toString())
|
||||
LockFile.acquire(lockFile, false).use {
|
||||
LockFile.acquire(file, false).use {
|
||||
Files.delete(file)
|
||||
}
|
||||
Files.delete(lockFile)
|
||||
}
|
||||
}
|
||||
|
||||
override fun close() {}
|
||||
|
||||
companion object {
|
||||
fun digest(
|
||||
data: ByteArray,
|
||||
md: MessageDigest = MessageDigest.getInstance("MD5")
|
||||
): ByteArray {
|
||||
md.update(data)
|
||||
return md.digest()
|
||||
}
|
||||
|
||||
fun digestString(
|
||||
data: ByteArray,
|
||||
md: MessageDigest = MessageDigest.getInstance("MD5")
|
||||
): String {
|
||||
return JWO.bytesToHex(digest(data, md))
|
||||
}
|
||||
}
|
||||
}
|
||||
106
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCache.kt
vendored
Normal file
106
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCache.kt
vendored
Normal file
@@ -0,0 +1,106 @@
|
||||
package net.woggioni.gbcs.server.cache
|
||||
|
||||
import net.woggioni.gbcs.api.Cache
|
||||
import net.woggioni.gbcs.server.cache.CacheUtils.digestString
|
||||
import java.io.ByteArrayInputStream
|
||||
import java.io.ByteArrayOutputStream
|
||||
import java.nio.ByteBuffer
|
||||
import java.nio.channels.Channels
|
||||
import java.security.MessageDigest
|
||||
import java.time.Duration
|
||||
import java.time.Instant
|
||||
import java.util.concurrent.ConcurrentHashMap
|
||||
import java.util.concurrent.PriorityBlockingQueue
|
||||
import java.util.concurrent.atomic.AtomicInteger
|
||||
import java.util.concurrent.atomic.AtomicReference
|
||||
import java.util.zip.Deflater
|
||||
import java.util.zip.DeflaterOutputStream
|
||||
import java.util.zip.Inflater
|
||||
import java.util.zip.InflaterInputStream
|
||||
|
||||
class InMemoryCache(
|
||||
val maxAge: Duration,
|
||||
val digestAlgorithm: String?,
|
||||
val compressionEnabled: Boolean,
|
||||
val compressionLevel: Int
|
||||
) : Cache {
|
||||
|
||||
private val map = ConcurrentHashMap<String, MapValue>()
|
||||
|
||||
private class MapValue(val rc: AtomicInteger, val payload : AtomicReference<ByteArray>)
|
||||
|
||||
private class RemovalQueueElement(val key: String, val expiry : Instant) : Comparable<RemovalQueueElement> {
|
||||
override fun compareTo(other: RemovalQueueElement)= expiry.compareTo(other.expiry)
|
||||
}
|
||||
|
||||
private val removalQueue = PriorityBlockingQueue<RemovalQueueElement>()
|
||||
|
||||
private var running = true
|
||||
private val garbageCollector = Thread({
|
||||
while(true) {
|
||||
val el = removalQueue.take()
|
||||
val now = Instant.now()
|
||||
if(now > el.expiry) {
|
||||
val value = map[el.key] ?: continue
|
||||
val rc = value.rc.decrementAndGet()
|
||||
if(rc == 0) {
|
||||
map.remove(el.key)
|
||||
}
|
||||
} else {
|
||||
removalQueue.put(el)
|
||||
Thread.sleep(minOf(Duration.between(now, el.expiry), Duration.ofSeconds(1)))
|
||||
}
|
||||
}
|
||||
}).apply {
|
||||
start()
|
||||
}
|
||||
|
||||
override fun close() {
|
||||
running = false
|
||||
garbageCollector.join()
|
||||
}
|
||||
|
||||
override fun get(key: String) =
|
||||
(digestAlgorithm
|
||||
?.let(MessageDigest::getInstance)
|
||||
?.let { md ->
|
||||
digestString(key.toByteArray(), md)
|
||||
} ?: key
|
||||
).let { digest ->
|
||||
map[digest]
|
||||
?.let(MapValue::payload)
|
||||
?.let(AtomicReference<ByteArray>::get)
|
||||
?.let { value ->
|
||||
if (compressionEnabled) {
|
||||
val inflater = Inflater()
|
||||
Channels.newChannel(InflaterInputStream(ByteArrayInputStream(value), inflater))
|
||||
} else {
|
||||
Channels.newChannel(ByteArrayInputStream(value))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
override fun put(key: String, content: ByteArray) {
|
||||
(digestAlgorithm
|
||||
?.let(MessageDigest::getInstance)
|
||||
?.let { md ->
|
||||
digestString(key.toByteArray(), md)
|
||||
} ?: key).let { digest ->
|
||||
val value = if (compressionEnabled) {
|
||||
val deflater = Deflater(compressionLevel)
|
||||
val baos = ByteArrayOutputStream()
|
||||
DeflaterOutputStream(baos, deflater).use { stream ->
|
||||
stream.write(content)
|
||||
}
|
||||
baos.toByteArray()
|
||||
} else {
|
||||
content
|
||||
}
|
||||
val mapValue = map.computeIfAbsent(digest) {
|
||||
MapValue(AtomicInteger(0), AtomicReference())
|
||||
}
|
||||
mapValue.payload.set(value)
|
||||
removalQueue.put(RemovalQueueElement(digest, Instant.now().plus(maxAge)))
|
||||
}
|
||||
}
|
||||
}
|
||||
23
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCacheConfiguration.kt
vendored
Normal file
23
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCacheConfiguration.kt
vendored
Normal file
@@ -0,0 +1,23 @@
|
||||
package net.woggioni.gbcs.server.cache
|
||||
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.common.GBCS
|
||||
import java.time.Duration
|
||||
|
||||
data class InMemoryCacheConfiguration(
|
||||
val maxAge: Duration,
|
||||
val digestAlgorithm : String?,
|
||||
val compressionEnabled: Boolean,
|
||||
val compressionLevel: Int,
|
||||
) : Configuration.Cache {
|
||||
override fun materialize() = InMemoryCache(
|
||||
maxAge,
|
||||
digestAlgorithm,
|
||||
compressionEnabled,
|
||||
compressionLevel
|
||||
)
|
||||
|
||||
override fun getNamespaceURI() = GBCS.GBCS_NAMESPACE_URI
|
||||
|
||||
override fun getTypeName() = "inMemoryCacheType"
|
||||
}
|
||||
59
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCacheProvider.kt
vendored
Normal file
59
gbcs-server/src/main/kotlin/net/woggioni/gbcs/server/cache/InMemoryCacheProvider.kt
vendored
Normal file
@@ -0,0 +1,59 @@
|
||||
package net.woggioni.gbcs.server.cache
|
||||
|
||||
import net.woggioni.gbcs.api.CacheProvider
|
||||
import net.woggioni.gbcs.common.GBCS
|
||||
import net.woggioni.gbcs.common.Xml
|
||||
import net.woggioni.gbcs.common.Xml.Companion.renderAttribute
|
||||
import org.w3c.dom.Document
|
||||
import org.w3c.dom.Element
|
||||
import java.nio.file.Path
|
||||
import java.time.Duration
|
||||
import java.util.zip.Deflater
|
||||
|
||||
class InMemoryCacheProvider : CacheProvider<InMemoryCacheConfiguration> {
|
||||
|
||||
override fun getXmlSchemaLocation() = "classpath:net/woggioni/gbcs/server/schema/gbcs.xsd"
|
||||
|
||||
override fun getXmlType() = "inMemoryCacheType"
|
||||
|
||||
override fun getXmlNamespace() = "urn:net.woggioni.gbcs.server"
|
||||
|
||||
override fun deserialize(el: Element): InMemoryCacheConfiguration {
|
||||
val maxAge = el.renderAttribute("max-age")
|
||||
?.let(Duration::parse)
|
||||
?: Duration.ofDays(1)
|
||||
val enableCompression = el.renderAttribute("enable-compression")
|
||||
?.let(String::toBoolean)
|
||||
?: true
|
||||
val compressionLevel = el.renderAttribute("compression-level")
|
||||
?.let(String::toInt)
|
||||
?: Deflater.DEFAULT_COMPRESSION
|
||||
val digestAlgorithm = el.renderAttribute("digest") ?: "MD5"
|
||||
|
||||
return InMemoryCacheConfiguration(
|
||||
maxAge,
|
||||
digestAlgorithm,
|
||||
enableCompression,
|
||||
compressionLevel
|
||||
)
|
||||
}
|
||||
|
||||
override fun serialize(doc: Document, cache : InMemoryCacheConfiguration) = cache.run {
|
||||
val result = doc.createElement("cache")
|
||||
Xml.of(doc, result) {
|
||||
val prefix = doc.lookupPrefix(GBCS.GBCS_NAMESPACE_URI)
|
||||
attr("xs:type", "${prefix}:inMemoryCacheType", GBCS.XML_SCHEMA_NAMESPACE_URI)
|
||||
attr("max-age", maxAge.toString())
|
||||
digestAlgorithm?.let { digestAlgorithm ->
|
||||
attr("digest", digestAlgorithm)
|
||||
}
|
||||
attr("enable-compression", compressionEnabled.toString())
|
||||
compressionLevel.takeIf {
|
||||
it != Deflater.DEFAULT_COMPRESSION
|
||||
}?.let {
|
||||
attr("compression-level", it.toString())
|
||||
}
|
||||
}
|
||||
result
|
||||
}
|
||||
}
|
||||
@@ -19,58 +19,34 @@ import org.w3c.dom.Document
|
||||
import org.w3c.dom.Element
|
||||
import org.w3c.dom.TypeInfo
|
||||
import java.nio.file.Paths
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
|
||||
object Parser {
|
||||
fun parse(document: Document): Configuration {
|
||||
val root = document.documentElement
|
||||
val anonymousUser = User("", null, emptySet())
|
||||
val anonymousUser = User("", null, emptySet(), null)
|
||||
var connection: Configuration.Connection = Configuration.Connection(
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(60, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
67108864
|
||||
)
|
||||
var eventExecutor: Configuration.EventExecutor = Configuration.EventExecutor(true)
|
||||
var cache: Cache? = null
|
||||
var host = "127.0.0.1"
|
||||
var port = 11080
|
||||
var users : Map<String, User> = mapOf(anonymousUser.name to anonymousUser)
|
||||
var users: Map<String, User> = mapOf(anonymousUser.name to anonymousUser)
|
||||
var groups = emptyMap<String, Group>()
|
||||
var tls: Tls? = null
|
||||
val serverPath = root.renderAttribute("path")
|
||||
val useVirtualThread = root.renderAttribute("use-virtual-threads")
|
||||
?.let(String::toBoolean) ?: true
|
||||
val maxRequestSize = root.renderAttribute("max-request-size")
|
||||
?.let(String::toInt) ?: 67108864
|
||||
val incomingConnectionsBacklogSize = root.renderAttribute("incoming-connections-backlog-size")
|
||||
?.let(String::toInt) ?: 1024
|
||||
var incomingConnectionsBacklogSize = 1024
|
||||
var authentication: Authentication? = null
|
||||
for (child in root.asIterable()) {
|
||||
val tagName = child.localName
|
||||
when (tagName) {
|
||||
"authorization" -> {
|
||||
var knownUsers = sequenceOf(anonymousUser)
|
||||
for (gchild in child.asIterable()) {
|
||||
when (gchild.localName) {
|
||||
"users" -> {
|
||||
knownUsers += parseUsers(gchild)
|
||||
}
|
||||
"groups" -> {
|
||||
val pair = parseGroups(gchild, knownUsers)
|
||||
users = pair.first
|
||||
groups = pair.second
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
"bind" -> {
|
||||
host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
|
||||
port = Integer.parseInt(child.renderAttribute("port"))
|
||||
}
|
||||
|
||||
"cache" -> {
|
||||
cache = (child as TypeInfo).let { tf ->
|
||||
val typeNamespace = tf.typeNamespace
|
||||
val typeName = tf.typeName
|
||||
CacheSerializers.index[typeNamespace to typeName]
|
||||
?: throw IllegalArgumentException("Cache provider for namespace '$typeNamespace' not found")
|
||||
}.deserialize(child)
|
||||
}
|
||||
|
||||
"authentication" -> {
|
||||
for (gchild in child.asIterable()) {
|
||||
when (gchild.localName) {
|
||||
@@ -102,11 +78,73 @@ object Parser {
|
||||
}
|
||||
}
|
||||
|
||||
"authorization" -> {
|
||||
var knownUsers = sequenceOf(anonymousUser)
|
||||
for (gchild in child.asIterable()) {
|
||||
when (gchild.localName) {
|
||||
"users" -> {
|
||||
knownUsers += parseUsers(gchild)
|
||||
}
|
||||
|
||||
"groups" -> {
|
||||
val pair = parseGroups(gchild, knownUsers)
|
||||
users = pair.first
|
||||
groups = pair.second
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
"bind" -> {
|
||||
host = child.renderAttribute("host") ?: throw ConfigurationException("host attribute is required")
|
||||
port = Integer.parseInt(child.renderAttribute("port"))
|
||||
incomingConnectionsBacklogSize = child.renderAttribute("incoming-connections-backlog-size")
|
||||
?.let(Integer::parseInt)
|
||||
?: 1024
|
||||
}
|
||||
|
||||
"cache" -> {
|
||||
cache = (child as TypeInfo).let { tf ->
|
||||
val typeNamespace = tf.typeNamespace
|
||||
val typeName = tf.typeName
|
||||
CacheSerializers.index[typeNamespace to typeName]
|
||||
?: throw IllegalArgumentException("Cache provider for namespace '$typeNamespace' with name '$typeName' not found")
|
||||
}.deserialize(child)
|
||||
}
|
||||
|
||||
"connection" -> {
|
||||
val writeTimeout = child.renderAttribute("write-timeout")
|
||||
?.let(Duration::parse) ?: Duration.of(0, ChronoUnit.SECONDS)
|
||||
val readTimeout = child.renderAttribute("read-timeout")
|
||||
?.let(Duration::parse) ?: Duration.of(0, ChronoUnit.SECONDS)
|
||||
val idleTimeout = child.renderAttribute("idle-timeout")
|
||||
?.let(Duration::parse) ?: Duration.of(30, ChronoUnit.SECONDS)
|
||||
val readIdleTimeout = child.renderAttribute("read-idle-timeout")
|
||||
?.let(Duration::parse) ?: Duration.of(60, ChronoUnit.SECONDS)
|
||||
val writeIdleTimeout = child.renderAttribute("write-idle-timeout")
|
||||
?.let(Duration::parse) ?: Duration.of(60, ChronoUnit.SECONDS)
|
||||
val maxRequestSize = child.renderAttribute("max-request-size")
|
||||
?.let(String::toInt) ?: 67108864
|
||||
connection = Configuration.Connection(
|
||||
readTimeout,
|
||||
writeTimeout,
|
||||
idleTimeout,
|
||||
readIdleTimeout,
|
||||
writeIdleTimeout,
|
||||
maxRequestSize
|
||||
)
|
||||
}
|
||||
|
||||
"event-executor" -> {
|
||||
val useVirtualThread = root.renderAttribute("use-virtual-threads")
|
||||
?.let(String::toBoolean) ?: true
|
||||
eventExecutor = Configuration.EventExecutor(useVirtualThread)
|
||||
}
|
||||
|
||||
"tls" -> {
|
||||
val verifyClients = child.renderAttribute("verify-clients")
|
||||
?.let(String::toBoolean) ?: false
|
||||
var keyStore: KeyStore? = null
|
||||
var trustStore: TrustStore? = null
|
||||
|
||||
for (granChild in child.asIterable()) {
|
||||
when (granChild.localName) {
|
||||
"keystore" -> {
|
||||
@@ -128,30 +166,34 @@ object Parser {
|
||||
val checkCertificateStatus = granChild.renderAttribute("check-certificate-status")
|
||||
?.let(String::toBoolean)
|
||||
?: false
|
||||
val requireClientCertificate = child.renderAttribute("require-client-certificate")
|
||||
?.let(String::toBoolean) ?: false
|
||||
|
||||
trustStore = TrustStore(
|
||||
trustStoreFile,
|
||||
trustStorePassword,
|
||||
checkCertificateStatus
|
||||
checkCertificateStatus,
|
||||
requireClientCertificate
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
tls = Tls(keyStore, trustStore, verifyClients)
|
||||
tls = Tls(keyStore, trustStore)
|
||||
}
|
||||
}
|
||||
}
|
||||
return Configuration(
|
||||
return Configuration.of(
|
||||
host,
|
||||
port,
|
||||
incomingConnectionsBacklogSize,
|
||||
serverPath,
|
||||
eventExecutor,
|
||||
connection,
|
||||
users,
|
||||
groups,
|
||||
cache!!,
|
||||
authentication,
|
||||
tls,
|
||||
useVirtualThread,
|
||||
maxRequestSize,
|
||||
incomingConnectionsBacklogSize
|
||||
)
|
||||
}
|
||||
|
||||
@@ -164,16 +206,54 @@ object Parser {
|
||||
}.toSet()
|
||||
|
||||
private fun parseUserRefs(root: Element) = root.asIterable().asSequence().map {
|
||||
it.renderAttribute("ref")
|
||||
}.toSet()
|
||||
when (it.localName) {
|
||||
"user" -> it.renderAttribute("ref")
|
||||
"anonymous" -> ""
|
||||
else -> ConfigurationException("Unrecognized tag '${it.localName}'")
|
||||
}
|
||||
}
|
||||
|
||||
private fun parseQuota(el: Element): Configuration.Quota {
|
||||
val calls = el.renderAttribute("calls")
|
||||
?.let(String::toLong)
|
||||
?: throw ConfigurationException("Missing attribute 'calls'")
|
||||
val maxAvailableCalls = el.renderAttribute("max-available-calls")
|
||||
?.let(String::toLong)
|
||||
?: calls
|
||||
val initialAvailableCalls = el.renderAttribute("initial-available-calls")
|
||||
?.let(String::toLong)
|
||||
?: maxAvailableCalls
|
||||
val period = el.renderAttribute("period")
|
||||
?.let(Duration::parse)
|
||||
?: throw ConfigurationException("Missing attribute 'period'")
|
||||
return Configuration.Quota(calls, period, initialAvailableCalls, maxAvailableCalls)
|
||||
}
|
||||
|
||||
private fun parseUsers(root: Element): Sequence<User> {
|
||||
return root.asIterable().asSequence().filter {
|
||||
it.localName == "user"
|
||||
}.map { el ->
|
||||
val username = el.renderAttribute("name")
|
||||
val password = el.renderAttribute("password")
|
||||
User(username, password, emptySet())
|
||||
return root.asIterable().asSequence().mapNotNull { child ->
|
||||
when (child.localName) {
|
||||
"user" -> {
|
||||
val username = child.renderAttribute("name")
|
||||
val password = child.renderAttribute("password")
|
||||
var quota: Configuration.Quota? = null
|
||||
for (gchild in child.asIterable()) {
|
||||
if (gchild.localName == "quota") {
|
||||
quota = parseQuota(gchild)
|
||||
}
|
||||
}
|
||||
User(username, password, emptySet(), quota)
|
||||
}
|
||||
"anonymous" -> {
|
||||
var quota: Configuration.Quota? = null
|
||||
for (gchild in child.asIterable()) {
|
||||
if (gchild.localName == "quota") {
|
||||
quota= parseQuota(gchild)
|
||||
}
|
||||
}
|
||||
User("", null, emptySet(), quota)
|
||||
}
|
||||
else -> null
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -185,6 +265,7 @@ object Parser {
|
||||
}.map { el ->
|
||||
val groupName = el.renderAttribute("name") ?: throw ConfigurationException("Group name is required")
|
||||
var roles = emptySet<Role>()
|
||||
var quota: Configuration.Quota? = null
|
||||
for (child in el.asIterable()) {
|
||||
when (child.localName) {
|
||||
"users" -> {
|
||||
@@ -198,12 +279,15 @@ object Parser {
|
||||
"roles" -> {
|
||||
roles = parseRoles(child)
|
||||
}
|
||||
"quota" -> {
|
||||
quota = parseQuota(child)
|
||||
}
|
||||
}
|
||||
}
|
||||
groupName to Group(groupName, roles)
|
||||
groupName to Group(groupName, roles, quota)
|
||||
}.toMap()
|
||||
val users = knownUsersMap.map { (name, user) ->
|
||||
name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet())
|
||||
name to User(name, user.password, userGroups[name]?.mapNotNull { groups[it] }?.toSet() ?: emptySet(), user.quota)
|
||||
}.toMap()
|
||||
return users to groups
|
||||
}
|
||||
|
||||
@@ -14,10 +14,6 @@ object Serializer {
|
||||
it.xmlNamespace to it.xmlSchemaLocation
|
||||
}.toMap()
|
||||
return Xml.of(GBCS.GBCS_NAMESPACE_URI, GBCS.GBCS_PREFIX + ":server") {
|
||||
attr("use-virtual-threads", conf.isUseVirtualThread.toString())
|
||||
attr("max-request-size", conf.maxRequestSize.toString())
|
||||
attr("incoming-connections-backlog-size", conf.incomingConnectionsBacklogSize.toString())
|
||||
|
||||
// attr("xmlns:xs", GradleBuildCacheServer.XML_SCHEMA_NAMESPACE_URI)
|
||||
val value = schemaLocations.asSequence().map { (k, v) -> "$k $v" }.joinToString(" ")
|
||||
attr("xs:schemaLocation", value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
|
||||
@@ -30,6 +26,20 @@ object Serializer {
|
||||
node("bind") {
|
||||
attr("host", conf.host)
|
||||
attr("port", conf.port.toString())
|
||||
attr("incoming-connections-backlog-size", conf.incomingConnectionsBacklogSize.toString())
|
||||
}
|
||||
node("connection") {
|
||||
conf.connection.let { connection ->
|
||||
attr("read-timeout", connection.readTimeout.toString())
|
||||
attr("write-timeout", connection.writeTimeout.toString())
|
||||
attr("idle-timeout", connection.idleTimeout.toString())
|
||||
attr("read-idle-timeout", connection.readIdleTimeout.toString())
|
||||
attr("write-idle-timeout", connection.writeIdleTimeout.toString())
|
||||
attr("max-request-size", connection.maxRequestSize.toString())
|
||||
}
|
||||
}
|
||||
node("event-executor") {
|
||||
attr("use-virtual-threads", conf.eventExecutor.isUseVirtualThreads.toString())
|
||||
}
|
||||
val cache = conf.cache
|
||||
val serializer : CacheProvider<Configuration.Cache> =
|
||||
@@ -44,9 +54,30 @@ object Serializer {
|
||||
user.password?.let { password ->
|
||||
attr("password", password)
|
||||
}
|
||||
user.quota?.let { quota ->
|
||||
node("quota") {
|
||||
attr("calls", quota.calls.toString())
|
||||
attr("period", quota.period.toString())
|
||||
attr("max-available-calls", quota.maxAvailableCalls.toString())
|
||||
attr("initial-available-calls", quota.initialAvailableCalls.toString())
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
conf.users[""]
|
||||
?.let { anonymousUser ->
|
||||
anonymousUser.quota?.let { quota ->
|
||||
node("anonymous") {
|
||||
node("quota") {
|
||||
attr("calls", quota.calls.toString())
|
||||
attr("period", quota.period.toString())
|
||||
attr("max-available-calls", quota.maxAvailableCalls.toString())
|
||||
attr("initial-available-calls", quota.initialAvailableCalls.toString())
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
node("groups") {
|
||||
val groups = conf.users.values.asSequence()
|
||||
@@ -82,6 +113,14 @@ object Serializer {
|
||||
}
|
||||
}
|
||||
}
|
||||
group.quota?.let { quota ->
|
||||
node("quota") {
|
||||
attr("calls", quota.calls.toString())
|
||||
attr("period", quota.period.toString())
|
||||
attr("max-available-calls", quota.maxAvailableCalls.toString())
|
||||
attr("initial-available-calls", quota.initialAvailableCalls.toString())
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -135,6 +174,7 @@ object Serializer {
|
||||
attr("password", password)
|
||||
}
|
||||
attr("check-certificate-status", trustStore.isCheckCertificateStatus.toString())
|
||||
attr("require-client-certificate", trustStore.isRequireClientCertificate.toString())
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,92 @@
|
||||
package net.woggioni.gbcs.server.exception
|
||||
|
||||
import io.netty.buffer.Unpooled
|
||||
import io.netty.channel.ChannelDuplexHandler
|
||||
import io.netty.channel.ChannelFutureListener
|
||||
import io.netty.channel.ChannelHandler
|
||||
import io.netty.channel.ChannelHandlerContext
|
||||
import io.netty.handler.codec.DecoderException
|
||||
import io.netty.handler.codec.http.DefaultFullHttpResponse
|
||||
import io.netty.handler.codec.http.FullHttpResponse
|
||||
import io.netty.handler.codec.http.HttpHeaderNames
|
||||
import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import io.netty.handler.codec.http.HttpVersion
|
||||
import io.netty.handler.timeout.ReadTimeoutException
|
||||
import io.netty.handler.timeout.WriteTimeoutException
|
||||
import net.woggioni.gbcs.api.exception.CacheException
|
||||
import net.woggioni.gbcs.api.exception.ContentTooLargeException
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.common.debug
|
||||
import javax.net.ssl.SSLPeerUnverifiedException
|
||||
|
||||
@ChannelHandler.Sharable
|
||||
class ExceptionHandler : ChannelDuplexHandler() {
|
||||
private val log = contextLogger()
|
||||
|
||||
private val NOT_AUTHORIZED: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.FORBIDDEN, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
private val TOO_BIG: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.REQUEST_ENTITY_TOO_LARGE, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
private val NOT_AVAILABLE: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.SERVICE_UNAVAILABLE, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
private val SERVER_ERROR: FullHttpResponse = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1, HttpResponseStatus.INTERNAL_SERVER_ERROR, Unpooled.EMPTY_BUFFER
|
||||
).apply {
|
||||
headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
}
|
||||
|
||||
override fun exceptionCaught(ctx: ChannelHandlerContext, cause: Throwable) {
|
||||
when (cause) {
|
||||
is DecoderException -> {
|
||||
log.error(cause.message, cause)
|
||||
ctx.close()
|
||||
}
|
||||
|
||||
is SSLPeerUnverifiedException -> {
|
||||
ctx.writeAndFlush(NOT_AUTHORIZED.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
|
||||
is ContentTooLargeException -> {
|
||||
ctx.writeAndFlush(TOO_BIG.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
is ReadTimeoutException -> {
|
||||
log.debug {
|
||||
val channelId = ctx.channel().id().asShortText()
|
||||
"Read timeout on channel $channelId, closing the connection"
|
||||
}
|
||||
ctx.close()
|
||||
}
|
||||
is WriteTimeoutException -> {
|
||||
log.debug {
|
||||
val channelId = ctx.channel().id().asShortText()
|
||||
"Write timeout on channel $channelId, closing the connection"
|
||||
}
|
||||
ctx.close()
|
||||
}
|
||||
is CacheException -> {
|
||||
log.error(cause.message, cause)
|
||||
ctx.writeAndFlush(NOT_AVAILABLE.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
else -> {
|
||||
log.error(cause.message, cause)
|
||||
ctx.writeAndFlush(SERVER_ERROR.retainedDuplicate())
|
||||
.addListener(ChannelFutureListener.CLOSE_ON_FAILURE)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,167 @@
|
||||
package net.woggioni.gbcs.server.handler
|
||||
|
||||
import io.netty.buffer.Unpooled
|
||||
import io.netty.channel.ChannelFutureListener
|
||||
import io.netty.channel.ChannelHandler
|
||||
import io.netty.channel.ChannelHandlerContext
|
||||
import io.netty.channel.DefaultFileRegion
|
||||
import io.netty.channel.SimpleChannelInboundHandler
|
||||
import io.netty.handler.codec.http.DefaultFullHttpResponse
|
||||
import io.netty.handler.codec.http.DefaultHttpResponse
|
||||
import io.netty.handler.codec.http.FullHttpRequest
|
||||
import io.netty.handler.codec.http.HttpHeaderNames
|
||||
import io.netty.handler.codec.http.HttpHeaderValues
|
||||
import io.netty.handler.codec.http.HttpMethod
|
||||
import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import io.netty.handler.codec.http.HttpUtil
|
||||
import io.netty.handler.codec.http.LastHttpContent
|
||||
import io.netty.handler.stream.ChunkedNioStream
|
||||
import net.woggioni.gbcs.api.Cache
|
||||
import net.woggioni.gbcs.api.exception.CacheException
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.server.debug
|
||||
import net.woggioni.gbcs.server.warn
|
||||
import java.nio.channels.FileChannel
|
||||
import java.nio.file.Path
|
||||
|
||||
@ChannelHandler.Sharable
|
||||
class ServerHandler(private val cache: Cache, private val serverPrefix: Path) :
|
||||
SimpleChannelInboundHandler<FullHttpRequest>() {
|
||||
|
||||
private val log = contextLogger()
|
||||
|
||||
override fun channelRead0(ctx: ChannelHandlerContext, msg: FullHttpRequest) {
|
||||
val keepAlive: Boolean = HttpUtil.isKeepAlive(msg)
|
||||
val method = msg.method()
|
||||
if (method === HttpMethod.GET) {
|
||||
val path = Path.of(msg.uri())
|
||||
val prefix = path.parent
|
||||
val key = path.fileName?.toString() ?: let {
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.NOT_FOUND)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
ctx.writeAndFlush(response)
|
||||
return
|
||||
}
|
||||
if (serverPrefix == prefix) {
|
||||
try {
|
||||
cache.get(key)
|
||||
} catch(ex : Throwable) {
|
||||
throw CacheException("Error accessing the cache backend", ex)
|
||||
}?.let { channel ->
|
||||
log.debug(ctx) {
|
||||
"Cache hit for key '$key'"
|
||||
}
|
||||
val response = DefaultHttpResponse(msg.protocolVersion(), HttpResponseStatus.OK)
|
||||
response.headers()[HttpHeaderNames.CONTENT_TYPE] = HttpHeaderValues.APPLICATION_OCTET_STREAM
|
||||
if (!keepAlive) {
|
||||
response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.CLOSE)
|
||||
response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.IDENTITY)
|
||||
} else {
|
||||
response.headers().set(HttpHeaderNames.CONNECTION, HttpHeaderValues.KEEP_ALIVE)
|
||||
response.headers().set(HttpHeaderNames.TRANSFER_ENCODING, HttpHeaderValues.CHUNKED)
|
||||
}
|
||||
ctx.write(response)
|
||||
when (channel) {
|
||||
is FileChannel -> {
|
||||
if (keepAlive) {
|
||||
ctx.write(DefaultFileRegion(channel, 0, channel.size()))
|
||||
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT.retainedDuplicate())
|
||||
} else {
|
||||
ctx.writeAndFlush(DefaultFileRegion(channel, 0, channel.size()))
|
||||
.addListener(ChannelFutureListener.CLOSE)
|
||||
}
|
||||
}
|
||||
else -> {
|
||||
ctx.write(ChunkedNioStream(channel)).addListener { evt ->
|
||||
channel.close()
|
||||
}
|
||||
ctx.writeAndFlush(LastHttpContent.EMPTY_LAST_CONTENT.retainedDuplicate())
|
||||
}
|
||||
}
|
||||
} ?: let {
|
||||
log.debug(ctx) {
|
||||
"Cache miss for key '$key'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.NOT_FOUND)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request for unhandled path '${msg.uri()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else if (method === HttpMethod.PUT) {
|
||||
val path = Path.of(msg.uri())
|
||||
val prefix = path.parent
|
||||
val key = path.fileName.toString()
|
||||
|
||||
if (serverPrefix == prefix) {
|
||||
log.debug(ctx) {
|
||||
"Added value for key '$key' to build cache"
|
||||
}
|
||||
val bodyBytes = msg.content().run {
|
||||
if (isDirect) {
|
||||
ByteArray(readableBytes()).also {
|
||||
readBytes(it)
|
||||
}
|
||||
} else {
|
||||
array()
|
||||
}
|
||||
}
|
||||
try {
|
||||
cache.put(key, bodyBytes)
|
||||
} catch(ex : Throwable) {
|
||||
throw CacheException("Error accessing the cache backend", ex)
|
||||
}
|
||||
val response = DefaultFullHttpResponse(
|
||||
msg.protocolVersion(), HttpResponseStatus.CREATED,
|
||||
Unpooled.copiedBuffer(key.toByteArray())
|
||||
)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = response.content().readableBytes()
|
||||
ctx.writeAndFlush(response)
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request for unhandled path '${msg.uri()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.BAD_REQUEST)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
} else if(method == HttpMethod.TRACE) {
|
||||
val replayedRequestHead = ctx.alloc().buffer()
|
||||
replayedRequestHead.writeCharSequence("TRACE ${Path.of(msg.uri())} ${msg.protocolVersion().text()}\r\n", Charsets.US_ASCII)
|
||||
msg.headers().forEach { (key, value) ->
|
||||
replayedRequestHead.apply {
|
||||
writeCharSequence(key, Charsets.US_ASCII)
|
||||
writeCharSequence(": ", Charsets.US_ASCII)
|
||||
writeCharSequence(value, Charsets.UTF_8)
|
||||
writeCharSequence("\r\n", Charsets.US_ASCII)
|
||||
}
|
||||
}
|
||||
replayedRequestHead.writeCharSequence("\r\n", Charsets.US_ASCII)
|
||||
val requestBody = msg.content()
|
||||
requestBody.retain()
|
||||
val responseBody = ctx.alloc().compositeBuffer(2).apply {
|
||||
addComponents(true, replayedRequestHead)
|
||||
addComponents(true, requestBody)
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.OK, responseBody)
|
||||
response.headers().apply {
|
||||
set(HttpHeaderNames.CONTENT_TYPE, "message/http")
|
||||
set(HttpHeaderNames.CONTENT_LENGTH, responseBody.readableBytes())
|
||||
}
|
||||
ctx.writeAndFlush(response)
|
||||
} else {
|
||||
log.warn(ctx) {
|
||||
"Got request with unhandled method '${msg.method().name()}'"
|
||||
}
|
||||
val response = DefaultFullHttpResponse(msg.protocolVersion(), HttpResponseStatus.METHOD_NOT_ALLOWED)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = "0"
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,86 @@
|
||||
package net.woggioni.gbcs.server.throttling
|
||||
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.jwo.Bucket
|
||||
import java.net.InetSocketAddress
|
||||
import java.util.Arrays
|
||||
import java.util.concurrent.ConcurrentHashMap
|
||||
import java.util.function.Function
|
||||
|
||||
class BucketManager private constructor(
|
||||
private val bucketsByUser: Map<Configuration.User, Bucket> = HashMap(),
|
||||
private val bucketsByGroup: Map<Configuration.Group, Bucket> = HashMap(),
|
||||
loader: Function<InetSocketAddress, Bucket>?
|
||||
) {
|
||||
|
||||
private class BucketsByAddress(
|
||||
private val map: MutableMap<ByteArrayKey, Bucket>,
|
||||
private val loader: Function<InetSocketAddress, Bucket>
|
||||
) {
|
||||
fun getBucket(socketAddress : InetSocketAddress) = map.computeIfAbsent(ByteArrayKey(socketAddress.address.address)) {
|
||||
loader.apply(socketAddress)
|
||||
}
|
||||
}
|
||||
|
||||
private val bucketsByAddress: BucketsByAddress? = loader?.let {
|
||||
BucketsByAddress(ConcurrentHashMap(), it)
|
||||
}
|
||||
|
||||
private class ByteArrayKey(val array: ByteArray) {
|
||||
override fun equals(other: Any?) = (other as? ByteArrayKey)?.let { bak ->
|
||||
array contentEquals bak.array
|
||||
} ?: false
|
||||
|
||||
override fun hashCode() = Arrays.hashCode(array)
|
||||
}
|
||||
|
||||
fun getBucketByAddress(address : InetSocketAddress) : Bucket? {
|
||||
return bucketsByAddress?.getBucket(address)
|
||||
}
|
||||
|
||||
fun getBucketByUser(user : Configuration.User) = bucketsByUser[user]
|
||||
fun getBucketByGroup(group : Configuration.Group) = bucketsByGroup[group]
|
||||
|
||||
companion object {
|
||||
fun from(cfg : Configuration) : BucketManager {
|
||||
val bucketsByUser = cfg.users.values.asSequence().filter {
|
||||
it.quota != null
|
||||
}.map { user ->
|
||||
val quota = user.quota
|
||||
val bucket = Bucket.local(
|
||||
quota.maxAvailableCalls,
|
||||
quota.calls,
|
||||
quota.period,
|
||||
quota.initialAvailableCalls
|
||||
)
|
||||
user to bucket
|
||||
}.toMap()
|
||||
val bucketsByGroup = cfg.groups.values.asSequence().filter {
|
||||
it.quota != null
|
||||
}.map { group ->
|
||||
val quota = group.quota
|
||||
val bucket = Bucket.local(
|
||||
quota.maxAvailableCalls,
|
||||
quota.calls,
|
||||
quota.period,
|
||||
quota.initialAvailableCalls
|
||||
)
|
||||
group to bucket
|
||||
}.toMap()
|
||||
return BucketManager(
|
||||
bucketsByUser,
|
||||
bucketsByGroup,
|
||||
cfg.users[""]?.quota?.let { anonymousUserQuota ->
|
||||
Function {
|
||||
Bucket.local(
|
||||
anonymousUserQuota.maxAvailableCalls,
|
||||
anonymousUserQuota.calls,
|
||||
anonymousUserQuota.period,
|
||||
anonymousUserQuota.initialAvailableCalls
|
||||
)
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,99 @@
|
||||
package net.woggioni.gbcs.server.throttling
|
||||
|
||||
import io.netty.channel.ChannelHandler.Sharable
|
||||
import io.netty.channel.ChannelHandlerContext
|
||||
import io.netty.channel.ChannelInboundHandlerAdapter
|
||||
import io.netty.handler.codec.http.DefaultFullHttpResponse
|
||||
import io.netty.handler.codec.http.HttpHeaderNames
|
||||
import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import io.netty.handler.codec.http.HttpVersion
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.common.contextLogger
|
||||
import net.woggioni.gbcs.server.GradleBuildCacheServer
|
||||
import net.woggioni.jwo.Bucket
|
||||
import net.woggioni.jwo.LongMath
|
||||
import java.net.InetSocketAddress
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
import java.util.concurrent.TimeUnit
|
||||
|
||||
|
||||
@Sharable
|
||||
class ThrottlingHandler(cfg: Configuration) :
|
||||
ChannelInboundHandlerAdapter() {
|
||||
|
||||
private val log = contextLogger()
|
||||
private val bucketManager = BucketManager.from(cfg)
|
||||
|
||||
private val connectionConfiguration = cfg.connection
|
||||
|
||||
/**
|
||||
* If the suggested waiting time from the bucket is lower than this
|
||||
* amount, then the server will simply wait by itself before sending a response
|
||||
* instead of replying with 429
|
||||
*/
|
||||
private val waitThreshold = minOf(
|
||||
connectionConfiguration.idleTimeout,
|
||||
connectionConfiguration.readIdleTimeout,
|
||||
connectionConfiguration.writeIdleTimeout
|
||||
).dividedBy(2)
|
||||
|
||||
override fun channelRead(ctx: ChannelHandlerContext, msg: Any) {
|
||||
val buckets = mutableListOf<Bucket>()
|
||||
val user = ctx.channel().attr(GradleBuildCacheServer.userAttribute).get()
|
||||
if (user != null) {
|
||||
bucketManager.getBucketByUser(user)?.let(buckets::add)
|
||||
}
|
||||
val groups = ctx.channel().attr(GradleBuildCacheServer.groupAttribute).get() ?: emptySet()
|
||||
if (groups.isNotEmpty()) {
|
||||
groups.forEach { group ->
|
||||
bucketManager.getBucketByGroup(group)?.let(buckets::add)
|
||||
}
|
||||
}
|
||||
if (user == null && groups.isEmpty()) {
|
||||
bucketManager.getBucketByAddress(ctx.channel().remoteAddress() as InetSocketAddress)?.let(buckets::add)
|
||||
}
|
||||
if (buckets.isEmpty()) {
|
||||
return super.channelRead(ctx, msg)
|
||||
} else {
|
||||
handleBuckets(buckets, ctx, msg, true)
|
||||
}
|
||||
}
|
||||
|
||||
private fun handleBuckets(buckets : List<Bucket>, ctx : ChannelHandlerContext, msg : Any, delayResponse : Boolean) {
|
||||
var nextAttempt = -1L
|
||||
for (bucket in buckets) {
|
||||
val bucketNextAttempt = bucket.removeTokensWithEstimate(1)
|
||||
if (bucketNextAttempt > nextAttempt) {
|
||||
nextAttempt = bucketNextAttempt
|
||||
}
|
||||
}
|
||||
if(nextAttempt < 0) {
|
||||
super.channelRead(ctx, msg)
|
||||
return
|
||||
}
|
||||
val waitDuration = Duration.of(LongMath.ceilDiv(nextAttempt, 100_000_000L) * 100L, ChronoUnit.MILLIS)
|
||||
if (delayResponse && waitDuration < waitThreshold) {
|
||||
ctx.executor().schedule({
|
||||
handleBuckets(buckets, ctx, msg, false)
|
||||
}, waitDuration.toMillis(), TimeUnit.MILLISECONDS)
|
||||
} else {
|
||||
sendThrottledResponse(ctx, waitDuration)
|
||||
}
|
||||
}
|
||||
|
||||
private fun sendThrottledResponse(ctx: ChannelHandlerContext, retryAfter: Duration) {
|
||||
val response = DefaultFullHttpResponse(
|
||||
HttpVersion.HTTP_1_1,
|
||||
HttpResponseStatus.TOO_MANY_REQUESTS
|
||||
)
|
||||
response.headers()[HttpHeaderNames.CONTENT_LENGTH] = 0
|
||||
retryAfter.seconds.takeIf {
|
||||
it > 0
|
||||
}?.let {
|
||||
response.headers()[HttpHeaderNames.RETRY_AFTER] = retryAfter.seconds
|
||||
}
|
||||
|
||||
ctx.writeAndFlush(response)
|
||||
}
|
||||
}
|
||||
@@ -1 +1,2 @@
|
||||
net.woggioni.gbcs.server.cache.FileSystemCacheProvider
|
||||
net.woggioni.gbcs.server.cache.FileSystemCacheProvider
|
||||
net.woggioni.gbcs.server.cache.InMemoryCacheProvider
|
||||
@@ -1,11 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server use-virtual-threads="false"
|
||||
max-request-size="67108864"
|
||||
incoming-connections-backlog-size="1024"
|
||||
<gbcs:server
|
||||
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="8080"/>
|
||||
<bind host="127.0.0.1" port="8080" incoming-connections-backlog-size="1024"/>
|
||||
<connection
|
||||
max-request-size="67108864"
|
||||
idle-timeout="PT30S"
|
||||
read-timeout="PT10S"
|
||||
write-timeout="PT10S"
|
||||
read-idle-timeout="PT60S"
|
||||
write-idle-timeout="PT60S"/>
|
||||
<event-executor use-virtual-threads="true"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authentication>
|
||||
<none/>
|
||||
|
||||
@@ -8,6 +8,8 @@
|
||||
<xs:complexType name="serverType">
|
||||
<xs:sequence minOccurs="0">
|
||||
<xs:element name="bind" type="gbcs:bindType" maxOccurs="1"/>
|
||||
<xs:element name="connection" type="gbcs:connectionType" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="event-executor" type="gbcs:eventExecutorType" minOccurs="0" maxOccurs="1"/>
|
||||
<xs:element name="cache" type="gbcs:cacheType" maxOccurs="1"/>
|
||||
<xs:element name="authorization" type="gbcs:authorizationType" minOccurs="0">
|
||||
<xs:key name="userId">
|
||||
@@ -23,18 +25,40 @@
|
||||
<xs:element name="tls" type="gbcs:tlsType" minOccurs="0" maxOccurs="1"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="path" type="xs:string" use="optional"/>
|
||||
<xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
|
||||
<xs:attribute name="max-request-size" type="xs:unsignedInt" use="optional" default="67108864"/>
|
||||
<xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="bindType">
|
||||
<xs:attribute name="host" type="xs:token" use="required"/>
|
||||
<xs:attribute name="port" type="xs:unsignedShort" use="required"/>
|
||||
<xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="connectionType">
|
||||
<xs:attribute name="read-timeout" type="xs:duration" use="optional" default="PT0S"/>
|
||||
<xs:attribute name="write-timeout" type="xs:duration" use="optional" default="PT0S"/>
|
||||
<xs:attribute name="idle-timeout" type="xs:duration" use="optional" default="PT30S"/>
|
||||
<xs:attribute name="read-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
|
||||
<xs:attribute name="write-idle-timeout" type="xs:duration" use="optional" default="PT60S"/>
|
||||
<xs:attribute name="max-request-size" type="xs:unsignedInt" use="optional" default="67108864"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="eventExecutorType">
|
||||
<xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="cacheType" abstract="true"/>
|
||||
|
||||
<xs:complexType name="inMemoryCacheType">
|
||||
<xs:complexContent>
|
||||
<xs:extension base="gbcs:cacheType">
|
||||
<xs:attribute name="max-age" type="xs:duration" default="P1D"/>
|
||||
<xs:attribute name="digest" type="xs:token" default="MD5"/>
|
||||
<xs:attribute name="enable-compression" type="xs:boolean" default="true"/>
|
||||
<xs:attribute name="compression-level" type="xs:byte" default="-1"/>
|
||||
</xs:extension>
|
||||
</xs:complexContent>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="fileSystemCacheType">
|
||||
<xs:complexContent>
|
||||
<xs:extension base="gbcs:cacheType">
|
||||
@@ -79,17 +103,34 @@
|
||||
</xs:choice>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="usersType">
|
||||
<xs:complexType name="quotaType">
|
||||
<xs:attribute name="calls" type="xs:positiveInteger" use="required"/>
|
||||
<xs:attribute name="period" type="xs:duration" use="required"/>
|
||||
<xs:attribute name="max-available-calls" type="xs:positiveInteger" use="optional"/>
|
||||
<xs:attribute name="initial-available-calls" type="xs:unsignedInt" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="anonymousUserType">
|
||||
<xs:sequence>
|
||||
<xs:element name="user" type="gbcs:userType" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<xs:element name="quota" type="gbcs:quotaType" minOccurs="0" maxOccurs="1"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="userType">
|
||||
<xs:sequence>
|
||||
<xs:element name="quota" type="gbcs:quotaType" minOccurs="0" maxOccurs="1"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="name" type="xs:token" use="required"/>
|
||||
<xs:attribute name="password" type="xs:string" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="usersType">
|
||||
<xs:sequence>
|
||||
<xs:element name="user" type="gbcs:userType" minOccurs="0" maxOccurs="unbounded"/>
|
||||
<xs:element name="anonymous" type="gbcs:anonymousUserType" minOccurs="0" maxOccurs="1"/>
|
||||
</xs:sequence>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="groupsType">
|
||||
<xs:sequence>
|
||||
<xs:element name="group" type="gbcs:groupType" maxOccurs="unbounded" minOccurs="0"/>
|
||||
@@ -105,6 +146,7 @@
|
||||
</xs:unique>
|
||||
</xs:element>
|
||||
<xs:element name="roles" type="gbcs:rolesType" maxOccurs="1" minOccurs="0"/>
|
||||
<xs:element name="quota" type="gbcs:quotaType" minOccurs="0" maxOccurs="1"/>
|
||||
</xs:sequence>
|
||||
<xs:attribute name="name" type="xs:token"/>
|
||||
</xs:complexType>
|
||||
@@ -141,7 +183,6 @@
|
||||
<xs:element name="keystore" type="gbcs:keyStoreType" />
|
||||
<xs:element name="truststore" type="gbcs:trustStoreType" minOccurs="0"/>
|
||||
</xs:all>
|
||||
<xs:attribute name="verify-clients" type="xs:boolean" use="optional"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="keyStoreType">
|
||||
@@ -155,6 +196,7 @@
|
||||
<xs:attribute name="file" type="xs:string" use="required"/>
|
||||
<xs:attribute name="password" type="xs:string"/>
|
||||
<xs:attribute name="check-certificate-status" type="xs:boolean"/>
|
||||
<xs:attribute name="require-client-certificate" type="xs:boolean" use="optional" default="false"/>
|
||||
</xs:complexType>
|
||||
|
||||
<xs:complexType name="propertiesType">
|
||||
|
||||
@@ -11,6 +11,7 @@ import java.net.http.HttpRequest
|
||||
import java.nio.charset.StandardCharsets
|
||||
import java.nio.file.Path
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
import java.util.Base64
|
||||
import java.util.zip.Deflater
|
||||
import kotlin.random.Random
|
||||
@@ -23,17 +24,27 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
|
||||
protected val random = Random(101325)
|
||||
protected val keyValuePair = newEntry(random)
|
||||
protected val serverPath = "gbcs"
|
||||
protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
|
||||
protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
|
||||
protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader), null)
|
||||
protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer), null)
|
||||
|
||||
abstract protected val users : List<Configuration.User>
|
||||
|
||||
override fun setUp() {
|
||||
this.cacheDir = testDir.resolve("cache")
|
||||
cfg = Configuration(
|
||||
cfg = Configuration.of(
|
||||
"127.0.0.1",
|
||||
NetworkUtils.getFreePort(),
|
||||
50,
|
||||
serverPath,
|
||||
Configuration.EventExecutor(false),
|
||||
Configuration.Connection(
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(60, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
0x1000
|
||||
),
|
||||
users.asSequence().map { it.name to it}.toMap(),
|
||||
sequenceOf(writersGroup, readersGroup).map { it.name to it}.toMap(),
|
||||
FileSystemCacheConfiguration(this.cacheDir,
|
||||
@@ -44,9 +55,6 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
|
||||
),
|
||||
Configuration.BasicAuthentication(),
|
||||
null,
|
||||
true,
|
||||
0x10000,
|
||||
100
|
||||
)
|
||||
Xml.write(Serializer.serialize(cfg), System.out)
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.api.Role
|
||||
import net.woggioni.gbcs.common.Xml
|
||||
import net.woggioni.gbcs.server.cache.FileSystemCacheConfiguration
|
||||
import net.woggioni.gbcs.server.cache.InMemoryCacheConfiguration
|
||||
import net.woggioni.gbcs.server.configuration.Serializer
|
||||
import net.woggioni.gbcs.server.test.utils.CertificateUtils
|
||||
import net.woggioni.gbcs.server.test.utils.CertificateUtils.X509Credentials
|
||||
@@ -18,6 +19,7 @@ import java.nio.file.Path
|
||||
import java.security.KeyStore
|
||||
import java.security.KeyStore.PasswordProtection
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
import java.util.Base64
|
||||
import java.util.zip.Deflater
|
||||
import javax.net.ssl.KeyManagerFactory
|
||||
@@ -44,8 +46,8 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
|
||||
private lateinit var trustStore: KeyStore
|
||||
protected lateinit var ca: X509Credentials
|
||||
|
||||
protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader))
|
||||
protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer))
|
||||
protected val readersGroup = Configuration.Group("readers", setOf(Role.Reader), null)
|
||||
protected val writersGroup = Configuration.Group("writers", setOf(Role.Writer), null)
|
||||
protected val random = Random(101325)
|
||||
protected val keyValuePair = newEntry(random)
|
||||
private val serverPath : String? = null
|
||||
@@ -138,7 +140,17 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
|
||||
cfg = Configuration(
|
||||
"127.0.0.1",
|
||||
NetworkUtils.getFreePort(),
|
||||
100,
|
||||
serverPath,
|
||||
Configuration.EventExecutor(false),
|
||||
Configuration.Connection(
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(60, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
0x1000
|
||||
),
|
||||
users.asSequence().map { it.name to it }.toMap(),
|
||||
sequenceOf(writersGroup, readersGroup).map { it.name to it }.toMap(),
|
||||
FileSystemCacheConfiguration(this.cacheDir,
|
||||
@@ -147,18 +159,20 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
|
||||
compressionLevel = Deflater.DEFAULT_COMPRESSION,
|
||||
digestAlgorithm = "MD5"
|
||||
),
|
||||
// InMemoryCacheConfiguration(
|
||||
// maxAge = Duration.ofSeconds(3600 * 24),
|
||||
// compressionEnabled = true,
|
||||
// compressionLevel = Deflater.DEFAULT_COMPRESSION,
|
||||
// digestAlgorithm = "MD5"
|
||||
// ),
|
||||
Configuration.ClientCertificateAuthentication(
|
||||
Configuration.TlsCertificateExtractor("CN", "(.*)"),
|
||||
null
|
||||
),
|
||||
Configuration.Tls(
|
||||
Configuration.KeyStore(this.serverKeyStoreFile, null, SERVER_CERTIFICATE_ENTRY, PASSWORD),
|
||||
Configuration.TrustStore(this.trustStoreFile, null, false),
|
||||
true
|
||||
),
|
||||
false,
|
||||
0x10000,
|
||||
100
|
||||
Configuration.TrustStore(this.trustStoreFile, null, false, false),
|
||||
)
|
||||
)
|
||||
Xml.write(Serializer.serialize(cfg), System.out)
|
||||
}
|
||||
|
||||
@@ -10,6 +10,8 @@ import org.junit.jupiter.api.Test
|
||||
import java.net.http.HttpClient
|
||||
import java.net.http.HttpRequest
|
||||
import java.net.http.HttpResponse
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
|
||||
|
||||
class BasicAuthServerTest : AbstractBasicAuthServerTest() {
|
||||
@@ -19,10 +21,16 @@ class BasicAuthServerTest : AbstractBasicAuthServerTest() {
|
||||
}
|
||||
|
||||
override val users = listOf(
|
||||
Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup)),
|
||||
Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup)),
|
||||
Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup)),
|
||||
Configuration.User("", null, setOf(readersGroup))
|
||||
Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup), null),
|
||||
Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup), null),
|
||||
Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup), null),
|
||||
Configuration.User("", null, setOf(readersGroup), null),
|
||||
Configuration.User("user4", hashPassword(PASSWORD), setOf(readersGroup),
|
||||
Configuration.Quota(1, Duration.of(1, ChronoUnit.DAYS), 0, 1)
|
||||
),
|
||||
Configuration.User("user5", hashPassword(PASSWORD), setOf(readersGroup),
|
||||
Configuration.Quota(1, Duration.of(5, ChronoUnit.SECONDS), 0, 1)
|
||||
)
|
||||
)
|
||||
|
||||
@Test
|
||||
@@ -144,4 +152,41 @@ class BasicAuthServerTest : AbstractBasicAuthServerTest() {
|
||||
val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
|
||||
}
|
||||
|
||||
@Test
|
||||
@Order(6)
|
||||
fun getAsAThrottledUser() {
|
||||
val client: HttpClient = HttpClient.newHttpClient()
|
||||
|
||||
val (key, value) = keyValuePair
|
||||
val user = cfg.users.values.find {
|
||||
it.name == "user4"
|
||||
} ?: throw RuntimeException("user4 not found")
|
||||
|
||||
val requestBuilder = newRequestBuilder(key)
|
||||
.header("Authorization", buildAuthorizationHeader(user, PASSWORD))
|
||||
.GET()
|
||||
|
||||
val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.TOO_MANY_REQUESTS.code(), response.statusCode())
|
||||
}
|
||||
|
||||
@Test
|
||||
@Order(7)
|
||||
fun getAsAThrottledUser2() {
|
||||
val client: HttpClient = HttpClient.newHttpClient()
|
||||
|
||||
val (key, value) = keyValuePair
|
||||
val user = cfg.users.values.find {
|
||||
it.name == "user5"
|
||||
} ?: throw RuntimeException("user5 not found")
|
||||
|
||||
val requestBuilder = newRequestBuilder(key)
|
||||
.header("Authorization", buildAuthorizationHeader(user, PASSWORD))
|
||||
.GET()
|
||||
|
||||
val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
|
||||
Assertions.assertArrayEquals(value, response.body())
|
||||
}
|
||||
}
|
||||
@@ -9,6 +9,7 @@ import org.junit.jupiter.api.Assertions
|
||||
import org.junit.jupiter.api.io.TempDir
|
||||
import org.junit.jupiter.params.ParameterizedTest
|
||||
import org.junit.jupiter.params.provider.ValueSource
|
||||
import org.xml.sax.SAXParseException
|
||||
import java.nio.file.Files
|
||||
import java.nio.file.Path
|
||||
|
||||
@@ -16,9 +17,10 @@ class ConfigurationTest {
|
||||
|
||||
@ValueSource(
|
||||
strings = [
|
||||
"classpath:net/woggioni/gbcs/server/test/gbcs-default.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/gbcs-memcached.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/gbcs-tls.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/valid/gbcs-default.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/valid/gbcs-memcached.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/valid/gbcs-tls.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/valid/gbcs-memcached-tls.xml",
|
||||
]
|
||||
)
|
||||
@ParameterizedTest
|
||||
@@ -35,4 +37,20 @@ class ConfigurationTest {
|
||||
val parsed = Parser.parse(Xml.parseXml(configFile.toUri().toURL()))
|
||||
Assertions.assertEquals(cfg, parsed)
|
||||
}
|
||||
|
||||
@ValueSource(
|
||||
strings = [
|
||||
"classpath:net/woggioni/gbcs/server/test/invalid/invalid-user-ref.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/invalid/duplicate-anonymous-user.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/invalid/duplicate-anonymous-user2.xml",
|
||||
"classpath:net/woggioni/gbcs/server/test/invalid/multiple-user-quota.xml",
|
||||
]
|
||||
)
|
||||
@ParameterizedTest
|
||||
fun invalidConfigurationTest(configurationUrl: String) {
|
||||
GbcsUrlStreamHandlerFactory.install()
|
||||
Assertions.assertThrows(SAXParseException::class.java) {
|
||||
Xml.parseXml(configurationUrl.toUrl())
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -18,9 +18,9 @@ class NoAnonymousUserBasicAuthServerTest : AbstractBasicAuthServerTest() {
|
||||
}
|
||||
|
||||
override val users = listOf(
|
||||
Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup)),
|
||||
Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup)),
|
||||
Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup)),
|
||||
Configuration.User("user1", hashPassword(PASSWORD), setOf(readersGroup), null),
|
||||
Configuration.User("user2", hashPassword(PASSWORD), setOf(writersGroup), null),
|
||||
Configuration.User("user3", hashPassword(PASSWORD), setOf(readersGroup, writersGroup), null),
|
||||
)
|
||||
|
||||
@Test
|
||||
|
||||
@@ -12,9 +12,9 @@ import java.net.http.HttpResponse
|
||||
class NoAnonymousUserTlsServerTest : AbstractTlsServerTest() {
|
||||
|
||||
override val users = listOf(
|
||||
Configuration.User("user1", null, setOf(readersGroup)),
|
||||
Configuration.User("user2", null, setOf(writersGroup)),
|
||||
Configuration.User("user3", null, setOf(readersGroup, writersGroup)),
|
||||
Configuration.User("user1", null, setOf(readersGroup), null),
|
||||
Configuration.User("user2", null, setOf(writersGroup), null),
|
||||
Configuration.User("user3", null, setOf(readersGroup, writersGroup), null),
|
||||
)
|
||||
|
||||
@Test
|
||||
|
||||
@@ -4,6 +4,7 @@ import io.netty.handler.codec.http.HttpResponseStatus
|
||||
import net.woggioni.gbcs.api.Configuration
|
||||
import net.woggioni.gbcs.common.Xml
|
||||
import net.woggioni.gbcs.server.cache.FileSystemCacheConfiguration
|
||||
import net.woggioni.gbcs.server.cache.InMemoryCacheConfiguration
|
||||
import net.woggioni.gbcs.server.configuration.Serializer
|
||||
import net.woggioni.gbcs.server.test.utils.NetworkUtils
|
||||
import org.junit.jupiter.api.Assertions
|
||||
@@ -15,6 +16,7 @@ import java.net.http.HttpRequest
|
||||
import java.net.http.HttpResponse
|
||||
import java.nio.file.Path
|
||||
import java.time.Duration
|
||||
import java.time.temporal.ChronoUnit
|
||||
import java.util.Base64
|
||||
import java.util.zip.Deflater
|
||||
import kotlin.random.Random
|
||||
@@ -22,7 +24,7 @@ import kotlin.random.Random
|
||||
|
||||
class NoAuthServerTest : AbstractServerTest() {
|
||||
|
||||
private lateinit var cacheDir : Path
|
||||
private lateinit var cacheDir: Path
|
||||
|
||||
private val random = Random(101325)
|
||||
private val keyValuePair = newEntry(random)
|
||||
@@ -33,11 +35,20 @@ class NoAuthServerTest : AbstractServerTest() {
|
||||
cfg = Configuration(
|
||||
"127.0.0.1",
|
||||
NetworkUtils.getFreePort(),
|
||||
100,
|
||||
serverPath,
|
||||
Configuration.EventExecutor(false),
|
||||
Configuration.Connection(
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(10, ChronoUnit.SECONDS),
|
||||
Duration.of(60, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
Duration.of(30, ChronoUnit.SECONDS),
|
||||
0x1000
|
||||
),
|
||||
emptyMap(),
|
||||
emptyMap(),
|
||||
FileSystemCacheConfiguration(
|
||||
this.cacheDir,
|
||||
InMemoryCacheConfiguration(
|
||||
maxAge = Duration.ofSeconds(3600 * 24),
|
||||
compressionEnabled = true,
|
||||
digestAlgorithm = "MD5",
|
||||
@@ -45,9 +56,6 @@ class NoAuthServerTest : AbstractServerTest() {
|
||||
),
|
||||
null,
|
||||
null,
|
||||
true,
|
||||
0x10000,
|
||||
100
|
||||
)
|
||||
Xml.write(Serializer.serialize(cfg), System.out)
|
||||
}
|
||||
@@ -55,10 +63,10 @@ class NoAuthServerTest : AbstractServerTest() {
|
||||
override fun tearDown() {
|
||||
}
|
||||
|
||||
fun newRequestBuilder(key : String) = HttpRequest.newBuilder()
|
||||
fun newRequestBuilder(key: String) = HttpRequest.newBuilder()
|
||||
.uri(URI.create("http://${cfg.host}:${cfg.port}/$serverPath/$key"))
|
||||
|
||||
fun newEntry(random : Random) : Pair<String, ByteArray> {
|
||||
fun newEntry(random: Random): Pair<String, ByteArray> {
|
||||
val key = ByteArray(0x10).let {
|
||||
random.nextBytes(it)
|
||||
Base64.getUrlEncoder().encodeToString(it)
|
||||
@@ -87,10 +95,11 @@ class NoAuthServerTest : AbstractServerTest() {
|
||||
@Order(2)
|
||||
fun getWithNoAuthorizationHeader() {
|
||||
val client: HttpClient = HttpClient.newHttpClient()
|
||||
val (key, value ) = keyValuePair
|
||||
val (key, value) = keyValuePair
|
||||
val requestBuilder = newRequestBuilder(key)
|
||||
.GET()
|
||||
val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
val response: HttpResponse<ByteArray> =
|
||||
client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
|
||||
Assertions.assertArrayEquals(value, response.body())
|
||||
}
|
||||
@@ -103,31 +112,23 @@ class NoAuthServerTest : AbstractServerTest() {
|
||||
val (key, _) = newEntry(random)
|
||||
val requestBuilder = newRequestBuilder(key).GET()
|
||||
|
||||
val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
val response: HttpResponse<ByteArray> =
|
||||
client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
|
||||
}
|
||||
|
||||
// @Test
|
||||
// @Order(4)
|
||||
// fun manyRequestsTest() {
|
||||
// val client: HttpClient = HttpClient.newHttpClient()
|
||||
//
|
||||
// for(i in 0 until 100000) {
|
||||
//
|
||||
// val newEntry = random.nextBoolean()
|
||||
// val (key, _) = if(newEntry) {
|
||||
// newEntry(random)
|
||||
// } else {
|
||||
// keyValuePair
|
||||
// }
|
||||
// val requestBuilder = newRequestBuilder(key).GET()
|
||||
//
|
||||
// val response: HttpResponse<ByteArray> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
// if(newEntry) {
|
||||
// Assertions.assertEquals(HttpResponseStatus.NOT_FOUND.code(), response.statusCode())
|
||||
// } else {
|
||||
// Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
@Test
|
||||
@Order(4)
|
||||
fun traceTest() {
|
||||
val client: HttpClient = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).build()
|
||||
val requestBuilder = newRequestBuilder("").method(
|
||||
"TRACE",
|
||||
HttpRequest.BodyPublishers.ofByteArray("sfgsdgfaiousfiuhsd".toByteArray())
|
||||
)
|
||||
|
||||
val response: HttpResponse<ByteArray> =
|
||||
client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
|
||||
println(String(response.body()))
|
||||
}
|
||||
}
|
||||
@@ -7,6 +7,7 @@ import org.bouncycastle.asn1.x500.X500Name
|
||||
import org.junit.jupiter.api.Assertions
|
||||
import org.junit.jupiter.api.Order
|
||||
import org.junit.jupiter.api.Test
|
||||
import org.junit.jupiter.params.provider.ArgumentsSource
|
||||
import java.net.http.HttpClient
|
||||
import java.net.http.HttpRequest
|
||||
import java.net.http.HttpResponse
|
||||
@@ -15,10 +16,10 @@ import java.net.http.HttpResponse
|
||||
class TlsServerTest : AbstractTlsServerTest() {
|
||||
|
||||
override val users = listOf(
|
||||
Configuration.User("user1", null, setOf(readersGroup)),
|
||||
Configuration.User("user2", null, setOf(writersGroup)),
|
||||
Configuration.User("user3", null, setOf(readersGroup, writersGroup)),
|
||||
Configuration.User("", null, setOf(readersGroup))
|
||||
Configuration.User("user1", null, setOf(readersGroup), null),
|
||||
Configuration.User("user2", null, setOf(writersGroup), null),
|
||||
Configuration.User("user3", null, setOf(readersGroup, writersGroup), null),
|
||||
Configuration.User("", null, setOf(readersGroup), null)
|
||||
)
|
||||
|
||||
@Test
|
||||
@@ -133,4 +134,19 @@ class TlsServerTest : AbstractTlsServerTest() {
|
||||
val response: HttpResponse<String> = client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofString())
|
||||
Assertions.assertEquals(HttpResponseStatus.FORBIDDEN.code(), response.statusCode())
|
||||
}
|
||||
|
||||
@Test
|
||||
@Order(8)
|
||||
fun traceAsAnonymousUser() {
|
||||
val client: HttpClient = getHttpClient(null)
|
||||
val requestBuilder = newRequestBuilder("").method(
|
||||
"TRACE",
|
||||
HttpRequest.BodyPublishers.ofByteArray("sfgsdgfaiousfiuhsd".toByteArray())
|
||||
)
|
||||
|
||||
val response: HttpResponse<ByteArray> =
|
||||
client.send(requestBuilder.build(), HttpResponse.BodyHandlers.ofByteArray())
|
||||
Assertions.assertEquals(HttpResponseStatus.OK.code(), response.statusCode())
|
||||
println(String(response.body()))
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,19 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="user1" password="password1"/>
|
||||
<user name="user2" password="password2"/>
|
||||
<anonymous>
|
||||
<quota calls="10" period="P3D"/>
|
||||
</anonymous>
|
||||
<anonymous>
|
||||
<quota calls="15" period="P3D"/>
|
||||
</anonymous>
|
||||
</users>
|
||||
</authorization>
|
||||
</gbcs:server>
|
||||
@@ -0,0 +1,25 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="user1" password="password1"/>
|
||||
<user name="user2" password="password2"/>
|
||||
</users>
|
||||
<groups>
|
||||
<group name="group1">
|
||||
<users>
|
||||
<anonymous/>
|
||||
<user ref="user1"/>
|
||||
<anonymous/>
|
||||
</users>
|
||||
<roles>
|
||||
<reader/>
|
||||
</roles>
|
||||
</group>
|
||||
</groups>
|
||||
</authorization>
|
||||
</gbcs:server>
|
||||
@@ -0,0 +1,24 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="user1" password="password1"/>
|
||||
<user name="user2" password="password2"/>
|
||||
</users>
|
||||
<groups>
|
||||
<group name="readers">
|
||||
<users>
|
||||
<user ref="user1"/>
|
||||
<user ref="user5"/>
|
||||
</users>
|
||||
<roles>
|
||||
<reader/>
|
||||
</roles>
|
||||
</group>
|
||||
</groups>
|
||||
</authorization>
|
||||
</gbcs:server>
|
||||
@@ -1,10 +1,15 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server use-virtual-threads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authentication>
|
||||
<none/>
|
||||
</authentication>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="user1" password="password1">
|
||||
<quota calls="10" period="PT20S"/>
|
||||
<quota calls="20" period="PT20S"/>
|
||||
</user>
|
||||
</users>
|
||||
</authorization>
|
||||
</gbcs:server>
|
||||
@@ -0,0 +1,18 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="22"/>
|
||||
<connection
|
||||
write-timeout="PT25M"
|
||||
read-timeout="PT20M"
|
||||
read-idle-timeout="PT10M"
|
||||
write-idle-timeout="PT11M"
|
||||
idle-timeout="PT30M"
|
||||
max-request-size="101325"/>
|
||||
<event-executor use-virtual-threads="false"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<authentication>
|
||||
<none/>
|
||||
</authentication>
|
||||
</gbcs:server>
|
||||
@@ -0,0 +1,53 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xmlns:gbcs-memcached="urn:net.woggioni.gbcs.server.memcached"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server.memcached jpms://net.woggioni.gbcs.server.memcached/net/woggioni/gbcs/server/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd"
|
||||
>
|
||||
<bind host="0.0.0.0" port="8443" incoming-connections-backlog-size="4096"/>
|
||||
<connection
|
||||
max-request-size="67108864"
|
||||
idle-timeout="PT30S"
|
||||
read-idle-timeout="PT60S"
|
||||
write-idle-timeout="PT60S"
|
||||
read-timeout="PT5M"
|
||||
write-timeout="PT5M"/>
|
||||
<event-executor use-virtual-threads="true"/>
|
||||
<cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="16777216" compression-mode="zip">
|
||||
<server host="memcached" port="11211"/>
|
||||
</cache>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="woggioni">
|
||||
<quota calls="1000" period="PT1S"/>
|
||||
</user>
|
||||
<user name="gitea">
|
||||
<quota calls="10" period="PT1S" initial-available-calls="100" max-available-calls="100"/>
|
||||
</user>
|
||||
<anonymous>
|
||||
<quota calls="2" period="PT5S"/>
|
||||
</anonymous>
|
||||
</users>
|
||||
<groups>
|
||||
<group name="writers">
|
||||
<users>
|
||||
<user ref="woggioni"/>
|
||||
<user ref="gitea"/>
|
||||
</users>
|
||||
<roles>
|
||||
<reader/>
|
||||
<writer/>
|
||||
</roles>
|
||||
</group>
|
||||
</groups>
|
||||
</authorization>
|
||||
<authentication>
|
||||
<client-certificate>
|
||||
<user-extractor attribute-name="CN" pattern="(.*)"/>
|
||||
</client-certificate>
|
||||
</authentication>
|
||||
<tls>
|
||||
<keystore file="/home/luser/ssl/gbcs.woggioni.net.pfx" key-alias="gbcs.woggioni.net" password="KEYSTORE_PASSWOR" key-password="KEY_PASSWORD"/>
|
||||
<truststore file="/home/luser/ssl/woggioni.net.pfx" check-certificate-status="false" password="TRUSTSTORE_PASSWORD"/>
|
||||
</tls>
|
||||
</gbcs:server>
|
||||
@@ -1,9 +1,17 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server use-virtual-threads="false" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xmlns:gbcs-memcached="urn:net.woggioni.gbcs.server.memcached"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server.memcached jpms://net.woggioni.gbcs.server.memcached/net/woggioni/gbcs/server/memcached/schema/gbcs-memcached.xsd urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443" />
|
||||
<bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="50"/>
|
||||
<connection
|
||||
write-timeout="PT25M"
|
||||
read-timeout="PT20M"
|
||||
read-idle-timeout="PT10M"
|
||||
write-idle-timeout="PT11M"
|
||||
idle-timeout="PT30M"
|
||||
max-request-size="101325"/>
|
||||
<event-executor use-virtual-threads="false"/>
|
||||
<cache xs:type="gbcs-memcached:memcachedCacheType" max-age="P7D" max-size="101325" digest="SHA-256">
|
||||
<server host="127.0.0.1" port="11211"/>
|
||||
</cache>
|
||||
@@ -1,25 +1,38 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<gbcs:server use-virtual-threads="false" max-request-size="4096" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
<gbcs:server xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||
<bind host="127.0.0.1" port="11443"/>
|
||||
<cache xs:type="gbcs:fileSystemCacheType" path="/tmp/gbcs" max-age="P7D"/>
|
||||
<bind host="127.0.0.1" port="11443" incoming-connections-backlog-size="180"/>
|
||||
<connection
|
||||
write-timeout="PT25M"
|
||||
read-timeout="PT20M"
|
||||
read-idle-timeout="PT10M"
|
||||
write-idle-timeout="PT11M"
|
||||
idle-timeout="PT30M"
|
||||
max-request-size="4096"/>
|
||||
<event-executor use-virtual-threads="false"/>
|
||||
<cache xs:type="gbcs:inMemoryCacheType" max-age="P7D"/>
|
||||
<authorization>
|
||||
<users>
|
||||
<user name="user1" password="password1"/>
|
||||
<user name="user1" password="password1">
|
||||
<quota calls="3600" period="PT1H"/>
|
||||
</user>
|
||||
<user name="user2" password="password2"/>
|
||||
<user name="user3" password="password3"/>
|
||||
<anonymous>
|
||||
<quota calls="10" period="PT1M"/>
|
||||
</anonymous>
|
||||
</users>
|
||||
<groups>
|
||||
<group name="readers">
|
||||
<users>
|
||||
<user ref="user1"/>
|
||||
<!-- <user ref="user5"/>-->
|
||||
<anonymous/>
|
||||
</users>
|
||||
<roles>
|
||||
<reader/>
|
||||
</roles>
|
||||
<quota calls="10" period="PT1S"/>
|
||||
</group>
|
||||
<group name="writers">
|
||||
<users>
|
||||
@@ -37,6 +50,7 @@
|
||||
<reader/>
|
||||
<writer/>
|
||||
</roles>
|
||||
<quota calls="1000" period="P1D"/>
|
||||
</group>
|
||||
</groups>
|
||||
</authorization>
|
||||
@@ -48,6 +62,6 @@
|
||||
</authentication>
|
||||
<tls>
|
||||
<keystore file="keystore.pfx" key-alias="key1" password="password" key-password="key-password"/>
|
||||
<truststore file="truststore.pfx" password="password" check-certificate-status="true" />
|
||||
<truststore file="truststore.pfx" password="password" check-certificate-status="true" require-client-certificate="true"/>
|
||||
</tls>
|
||||
</gbcs:server>
|
||||
@@ -2,9 +2,9 @@ org.gradle.configuration-cache=false
|
||||
org.gradle.parallel=true
|
||||
org.gradle.caching=true
|
||||
|
||||
gbcs.version = 0.0.8
|
||||
gbcs.version = 0.0.11
|
||||
|
||||
lys.version = 2025.01.17
|
||||
lys.version = 2025.01.25
|
||||
|
||||
gitea.maven.url = https://gitea.woggioni.net/api/packages/woggioni/maven
|
||||
docker.registry.url=gitea.woggioni.net
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
pluginManagement {
|
||||
repositories {
|
||||
mavenLocal()
|
||||
maven {
|
||||
url = getProperty('gitea.maven.url')
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user