SMusatov
/
netdata
зеркало из https://github.com/netdata/netdata.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442
							// SPDX-License-Identifier: GPL-3.0-or-later

#include "daemon/common.h"
#include "registry_internals.h"

#define REGISTRY_STATUS_OK "ok"
#define REGISTRY_STATUS_REDIRECT "redirect"
#define REGISTRY_STATUS_FAILED "failed"
#define REGISTRY_STATUS_DISABLED "disabled"

// ----------------------------------------------------------------------------
// REGISTRY concurrency locking

static inline void registry_lock(void) {
    netdata_mutex_lock(&registry.lock);
}

static inline void registry_unlock(void) {
    netdata_mutex_unlock(&registry.lock);
}

// ----------------------------------------------------------------------------
// COOKIES

static void registry_set_cookie(struct web_client *w, const char *guid) {
    char edate[100];
    time_t et = now_realtime_sec() + registry.persons_expiration;
    struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
    strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);

    buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s\r\n", guid, edate);
    if(registry.enable_cookies_samesite_secure)
        buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; SameSite=None; Secure\r\n", guid, edate);

    if(registry.registry_domain && *registry.registry_domain) {
        buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; Domain=%s\r\n", guid, edate, registry.registry_domain);
        if(registry.enable_cookies_samesite_secure)
            buffer_sprintf(w->response.header, "Set-Cookie: " NETDATA_REGISTRY_COOKIE_NAME "=%s; Expires=%s; Domain=%s; SameSite=None; Secure\r\n", guid, edate, registry.registry_domain);
    }

    w->response.has_cookies = true;
}

static inline void registry_set_person_cookie(struct web_client *w, REGISTRY_PERSON *p) {
    registry_set_cookie(w, p->guid);
}


// ----------------------------------------------------------------------------
// JSON GENERATION

static inline void registry_json_header(RRDHOST *host, struct web_client *w, const char *action, const char *status) {
    buffer_flush(w->response.data);
    w->response.data->content_type = CT_APPLICATION_JSON;
    buffer_json_initialize(w->response.data, "\"", "\"", 0, true, false);
    buffer_json_member_add_string(w->response.data, "action", action);
    buffer_json_member_add_string(w->response.data, "status", status);
    buffer_json_member_add_string(w->response.data, "hostname", rrdhost_registry_hostname(host));
    buffer_json_member_add_string(w->response.data, "machine_guid", host->machine_guid);
}

static inline void registry_json_footer(struct web_client *w) {
    buffer_json_finalize(w->response.data);
}

static inline int registry_json_disabled(RRDHOST *host, struct web_client *w, const char *action) {
    registry_json_header(host, w, action, REGISTRY_STATUS_DISABLED);

    buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce);

    registry_json_footer(w);
    return HTTP_RESP_OK;
}


// ----------------------------------------------------------------------------
// CALLBACKS FOR WALKING THROUGH REGISTRY OBJECTS

// structure used be the callbacks below
struct registry_json_walk_person_urls_callback {
    REGISTRY_PERSON *p;
    REGISTRY_MACHINE *m;
    struct web_client *w;
    int count;
};

// callback for rendering PERSON_URLs
static int registry_json_person_url_callback(void *entry, void *data) {
    REGISTRY_PERSON_URL *pu = (REGISTRY_PERSON_URL *)entry;
    struct registry_json_walk_person_urls_callback *c = (struct registry_json_walk_person_urls_callback *)data;
    struct web_client *w = c->w;

    if (!strcmp(pu->url->url,"***")) return 0;

    buffer_json_add_array_item_array(w->response.data);
    buffer_json_add_array_item_string(w->response.data, pu->machine->guid);
    buffer_json_add_array_item_string(w->response.data, pu->url->url);
    buffer_json_add_array_item_uint64(w->response.data, pu->last_t * (uint64_t) 1000);
    buffer_json_add_array_item_uint64(w->response.data, pu->usages);
    buffer_json_add_array_item_string(w->response.data, pu->machine_name);
    buffer_json_array_close(w->response.data);

    return 1;
}

// callback for rendering MACHINE_URLs
static int registry_json_machine_url_callback(const DICTIONARY_ITEM *item __maybe_unused, void *entry, void *data) {
    REGISTRY_MACHINE_URL *mu = (REGISTRY_MACHINE_URL *)entry;
    struct registry_json_walk_person_urls_callback *c = (struct registry_json_walk_person_urls_callback *)data;
    struct web_client *w = c->w;
    REGISTRY_MACHINE *m = c->m;

    if (!strcmp(mu->url->url,"***")) return 0;

    buffer_json_add_array_item_array(w->response.data);
    buffer_json_add_array_item_string(w->response.data, m->guid);
    buffer_json_add_array_item_string(w->response.data, mu->url->url);
    buffer_json_add_array_item_uint64(w->response.data, mu->last_t * (uint64_t) 1000);
    buffer_json_add_array_item_uint64(w->response.data, mu->usages);
    buffer_json_array_close(w->response.data);

    return 1;
}

// ----------------------------------------------------------------------------

// structure used be the callbacks below
struct registry_person_url_callback_verify_machine_exists_data {
    REGISTRY_MACHINE *m;
    int count;
};

static inline int registry_person_url_callback_verify_machine_exists(void *entry, void *data) {
    struct registry_person_url_callback_verify_machine_exists_data *d = (struct registry_person_url_callback_verify_machine_exists_data *)data;
    REGISTRY_PERSON_URL *pu = (REGISTRY_PERSON_URL *)entry;
    REGISTRY_MACHINE *m = d->m;

    if(pu->machine == m)
        d->count++;

    return 0;
}

// ----------------------------------------------------------------------------
// dynamic update of the configuration
// The registry does not seem to be designed to support this and I cannot see any concurrency protection
// that could make this safe, so try to be as atomic as possible.

void registry_update_cloud_base_url() {
    registry.cloud_base_url = appconfig_get(&cloud_config, CONFIG_SECTION_GLOBAL, "cloud base url", DEFAULT_CLOUD_BASE_URL);
    setenv("NETDATA_REGISTRY_CLOUD_BASE_URL", registry.cloud_base_url, 1);
}

// ----------------------------------------------------------------------------
// public HELLO request

int registry_request_hello_json(RRDHOST *host, struct web_client *w) {
    registry_json_header(host, w, "hello", REGISTRY_STATUS_OK);

    buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce);
    buffer_json_member_add_string(w->response.data, "cloud_base_url", registry.cloud_base_url);
    buffer_json_member_add_boolean(w->response.data, "anonymous_statistics", netdata_anonymous_statistics_enabled);

    registry_json_footer(w);
    return HTTP_RESP_OK;
}

// ----------------------------------------------------------------------------
//public ACCESS request

#define REGISTRY_VERIFY_COOKIES_GUID "give-me-back-this-cookie-now--please"

// the main method for registering an access
int registry_request_access_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *name, time_t when) {
    if(unlikely(!registry.enabled))
        return registry_json_disabled(host, w, "access");

    // ------------------------------------------------------------------------
    // verify the browser supports cookies

    if(registry.verify_cookies_redirects > 0 && !person_guid[0]) {
        buffer_flush(w->response.data);
        registry_set_cookie(w, REGISTRY_VERIFY_COOKIES_GUID);
        w->response.data->content_type = CT_APPLICATION_JSON;
        registry_json_header(host, w, "access", REGISTRY_STATUS_REDIRECT);
        buffer_json_member_add_string(w->response.data, "registry", registry.registry_to_announce);
        registry_json_footer(w);
        return HTTP_RESP_OK;
    }

    if(unlikely(person_guid[0] && !strcmp(person_guid, REGISTRY_VERIFY_COOKIES_GUID)))
        person_guid[0] = '\0';

    // ------------------------------------------------------------------------

    registry_lock();

    REGISTRY_PERSON *p = registry_request_access(person_guid, machine_guid, url, name, when);
    if(!p) {
        registry_json_header(host, w, "access", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return HTTP_RESP_PRECOND_FAIL;
    }

    // set the cookie
    registry_set_person_cookie(w, p);

    // generate the response
    registry_json_header(host, w, "access", REGISTRY_STATUS_OK);
    buffer_json_member_add_string(w->response.data, "person_guid", p->guid);
    buffer_json_member_add_array(w->response.data, "urls");

    struct registry_json_walk_person_urls_callback c = { p, NULL, w, 0 };
    avl_traverse(&p->person_urls, registry_json_person_url_callback, &c);
    buffer_json_array_close(w->response.data); // urls

    registry_json_footer(w);
    registry_unlock();
    return HTTP_RESP_OK;
}

// ----------------------------------------------------------------------------
// public DELETE request

// the main method for deleting a URL from a person
int registry_request_delete_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *delete_url, time_t when) {
    if(!registry.enabled)
        return registry_json_disabled(host, w, "delete");

    registry_lock();

    REGISTRY_PERSON *p = registry_request_delete(person_guid, machine_guid, url, delete_url, when);
    if(!p) {
        registry_json_header(host, w, "delete", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return HTTP_RESP_PRECOND_FAIL;
    }

    // generate the response
    registry_json_header(host, w, "delete", REGISTRY_STATUS_OK);
    registry_json_footer(w);
    registry_unlock();
    return HTTP_RESP_OK;
}

// ----------------------------------------------------------------------------
// public SEARCH request

// the main method for searching the URLs of a netdata
int registry_request_search_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *request_machine, time_t when) {
    if(!registry.enabled)
        return registry_json_disabled(host, w, "search");

    registry_lock();

    REGISTRY_MACHINE *m = registry_request_machine(person_guid, machine_guid, url, request_machine, when);
    if(!m) {
        registry_json_header(host, w, "search", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return HTTP_RESP_NOT_FOUND;
    }

    registry_json_header(host, w, "search", REGISTRY_STATUS_OK);

    buffer_json_member_add_array(w->response.data, "urls");
    struct registry_json_walk_person_urls_callback c = { NULL, m, w, 0 };
    dictionary_walkthrough_read(m->machine_urls, registry_json_machine_url_callback, &c);
    buffer_json_array_close(w->response.data);

    registry_json_footer(w);
    registry_unlock();
    return HTTP_RESP_OK;
}

// ----------------------------------------------------------------------------
// SWITCH REQUEST

// the main method for switching user identity
int registry_request_switch_json(RRDHOST *host, struct web_client *w, char *person_guid, char *machine_guid, char *url, char *new_person_guid, time_t when) {
    if(!registry.enabled)
        return registry_json_disabled(host, w, "switch");

    (void)url;
    (void)when;

    registry_lock();

    REGISTRY_PERSON *op = registry_person_find(person_guid);
    if(!op) {
        registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return 430;
    }

    REGISTRY_PERSON *np = registry_person_find(new_person_guid);
    if(!np) {
        registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return 431;
    }

    REGISTRY_MACHINE *m = registry_machine_find(machine_guid);
    if(!m) {
        registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return 432;
    }

    struct registry_person_url_callback_verify_machine_exists_data data = { m, 0 };

    // verify the old person has access to this machine
    avl_traverse(&op->person_urls, registry_person_url_callback_verify_machine_exists, &data);
    if(!data.count) {
        registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return 433;
    }

    // verify the new person has access to this machine
    data.count = 0;
    avl_traverse(&np->person_urls, registry_person_url_callback_verify_machine_exists, &data);
    if(!data.count) {
        registry_json_header(host, w, "switch", REGISTRY_STATUS_FAILED);
        registry_json_footer(w);
        registry_unlock();
        return 434;
    }

    // set the cookie of the new person
    // the user just switched identity
    registry_set_person_cookie(w, np);

    // generate the response
    registry_json_header(host, w, "switch", REGISTRY_STATUS_OK);
    buffer_json_member_add_string(w->response.data, "person_guid", np->guid);
    registry_json_footer(w);

    registry_unlock();
    return HTTP_RESP_OK;
}

// ----------------------------------------------------------------------------
// STATISTICS

void registry_statistics(void) {
    if(!registry.enabled) return;

    static RRDSET *sts = NULL, *stc = NULL, *stm = NULL;

    if(unlikely(!sts)) {
        sts = rrdset_create_localhost(
                "netdata"
                , "registry_sessions"
                , NULL
                , "registry"
                , NULL
                , "Netdata Registry Sessions"
                , "sessions"
                , "registry"
                , "stats"
                , 131000
                , localhost->rrd_update_every
                , RRDSET_TYPE_LINE
        );

        rrddim_add(sts, "sessions",  NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
    }

    rrddim_set(sts, "sessions", (collected_number)registry.usages_count);
    rrdset_done(sts);

    // ------------------------------------------------------------------------

    if(unlikely(!stc)) {
        stc = rrdset_create_localhost(
                "netdata"
                , "registry_entries"
                , NULL
                , "registry"
                , NULL
                , "Netdata Registry Entries"
                , "entries"
                , "registry"
                , "stats"
                , 131100
                , localhost->rrd_update_every
                , RRDSET_TYPE_LINE
        );

        rrddim_add(stc, "persons",        NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stc, "machines",       NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stc, "urls",           NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stc, "persons_urls",   NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stc, "machines_urls",  NULL,  1, 1, RRD_ALGORITHM_ABSOLUTE);
    }

    rrddim_set(stc, "persons",       (collected_number)registry.persons_count);
    rrddim_set(stc, "machines",      (collected_number)registry.machines_count);
    rrddim_set(stc, "urls",          (collected_number)registry.urls_count);
    rrddim_set(stc, "persons_urls",  (collected_number)registry.persons_urls_count);
    rrddim_set(stc, "machines_urls", (collected_number)registry.machines_urls_count);
    rrdset_done(stc);

    // ------------------------------------------------------------------------

    if(unlikely(!stm)) {
        stm = rrdset_create_localhost(
                "netdata"
                , "registry_mem"
                , NULL
                , "registry"
                , NULL
                , "Netdata Registry Memory"
                , "KiB"
                , "registry"
                , "stats"
                , 131300
                , localhost->rrd_update_every
                , RRDSET_TYPE_STACKED
        );

        rrddim_add(stm, "persons",        NULL,  1, 1024, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stm, "machines",       NULL,  1, 1024, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stm, "urls",           NULL,  1, 1024, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stm, "persons_urls",   NULL,  1, 1024, RRD_ALGORITHM_ABSOLUTE);
        rrddim_add(stm, "machines_urls",  NULL,  1, 1024, RRD_ALGORITHM_ABSOLUTE);
    }

    rrddim_set(stm, "persons",       (collected_number)registry.persons_memory + dictionary_stats_for_registry(registry.persons));
    rrddim_set(stm, "machines",      (collected_number)registry.machines_memory + dictionary_stats_for_registry(registry.machines));
    rrddim_set(stm, "urls",          (collected_number)registry.urls_memory);
    rrddim_set(stm, "persons_urls",  (collected_number)registry.persons_urls_memory);
    rrddim_set(stm, "machines_urls", (collected_number)registry.machines_urls_memory);
    rrdset_done(stm);
}