diff options
Diffstat (limited to 'mod/mod-submit.cxx')
-rw-r--r-- | mod/mod-submit.cxx | 329 |
1 files changed, 21 insertions, 308 deletions
diff --git a/mod/mod-submit.cxx b/mod/mod-submit.cxx index 61eeaf6..470bd45 100644 --- a/mod/mod-submit.cxx +++ b/mod/mod-submit.cxx @@ -4,19 +4,9 @@ #include <mod/mod-submit.hxx> -#include <sys/time.h> // timeval -#include <sys/select.h> - -#include <ratio> // ratio_greater_equal -#include <chrono> -#include <cstdlib> // strtoul() -#include <istream> -#include <sstream> -#include <type_traits> // static_assert -#include <system_error> // error_code, generic_category() +#include <ostream> #include <libbutl/sha256.mxx> -#include <libbutl/process.mxx> #include <libbutl/sendmail.mxx> #include <libbutl/fdstream.mxx> #include <libbutl/timestamp.mxx> @@ -30,6 +20,7 @@ #include <mod/page.hxx> #include <mod/options.hxx> +#include <mod/external-handler.hxx> using namespace std; using namespace butl; @@ -113,8 +104,6 @@ handle (request& rq, response& rs) { using namespace xhtml; - using parser = manifest_parser; - using parsing = manifest_parsing; using serializer = manifest_serializer; using serialization = manifest_serialization; @@ -285,8 +274,8 @@ handle (request& rq, response& rs) return respond_manifest (400, "invalid parameter " + nv.name); } - // Note that from now on the result manifest will contain the reference - // value. + // Note that from now on the result manifest we respond with will contain + // the reference value. // ref = string (sha256sum, 0, 12); @@ -299,7 +288,7 @@ handle (request& rq, response& rs) if (dir_exists (dd) || simulate == "duplicate-archive") return respond_manifest (422, "duplicate submission"); - // Create the temporary submission directory. + // Create the temporary submission data directory. // dir_path td; @@ -573,310 +562,34 @@ handle (request& rq, response& rs) // (forwarding to the client, sending via email, etc.). Otherwise, create // implied result manifest. // - status_code sc (200); + status_code sc; vector<manifest_name_value> rvs; if (options_->submit_handler_specified ()) { - // For the sake of the documentation we will call the handler's normal - // exit with 0 code "successful termination". - // - // To make sure the handler process execution doesn't exceed the specified - // timeout we set the non-blocking mode for the process stdout-reading - // stream, try to read from it with the 10 milliseconds timeout and check - // the process execution time between the reads. We then kill the process - // if the execution time is exceeded. - // - using namespace chrono; - - using time_point = system_clock::time_point; - using duration = system_clock::duration; - - // Make sure that the system clock has at least milliseconds resolution. - // - static_assert( - ratio_greater_equal<milliseconds::period, duration::period>::value, - "The system clock resolution is too low"); - - optional<milliseconds> timeout; - - if (options_->submit_handler_timeout_specified ()) - timeout = milliseconds (options_->submit_handler_timeout () * 1000); - - const path& handler (options_->submit_handler ()); - - // Note that due to the non-blocking mode we cannot just pass the stream - // to the manifest parser constructor. So we buffer the data in the string - // stream and then parse that. - // - stringstream ss; - - for (;;) // Breakout loop. - try - { - fdpipe pipe (fdopen_pipe ()); // Can throw io_error. - - // Redirect the diagnostics to the web server error log. - // - process pr ( - process_start_callback (print_args, - 0 /* stdin */, - pipe /* stdout */, - 2 /* stderr */, - handler, - options_->submit_handler_argument (), - dd)); - pipe.out.close (); - - auto kill = [&pr, &warn, &handler, &ref] () - { - // We may still end up well (see below), thus this is a warning. - // - warn << "ref " << ref << ": process " << handler - << " execution timeout expired"; - - pr.kill (); - }; - - try - { - ifdstream is (move (pipe.in), fdstream_mode::non_blocking); - - const size_t nbuf (8192); - char buf[nbuf]; - - while (is.is_open ()) - { - time_point start; - milliseconds wd (10); // Max time to wait for the data portion. - - if (timeout) - { - start = system_clock::now (); - - if (*timeout < wd) - wd = *timeout; - } - - timeval tm {wd.count () / 1000 /* seconds */, - wd.count () % 1000 * 1000 /* microseconds */}; - - fd_set rd; - FD_ZERO (&rd); - FD_SET (is.fd (), &rd); - - int r (select (is.fd () + 1, &rd, nullptr, nullptr, &tm)); - - if (r == -1) - { - // Don't fail if the select() call was interrupted by the signal. - // - if (errno != EINTR) - throw_system_ios_failure (errno, "select failed"); - } - else if (r != 0) // Is data available? - { - assert (FD_ISSET (is.fd (), &rd)); - - // The only leagal way to read from non-blocking ifdstream. - // - streamsize n (is.readsome (buf, nbuf)); - - // Close the stream (and bail out) if the end of the data is - // reached. Otherwise cache the read data. - // - if (is.eof ()) - is.close (); - else - { - // The data must be available. - // - // Note that we could keep reading until the readsome() call - // returns 0. However, this way we could potentially exceed the - // timeout significantly for some broken handler that floods us - // with data. So instead, we will be checking the process - // execution time after every data chunk read. - // - assert (n != 0); - - ss.write (buf, n); - } - } - else // Timeout occured. - { - // Normally, we don't expect timeout to occur on the pipe read - // operation if the process has terminated successfully, as all its - // output must already be buffered (including eof). However, there - // can be some still running handler's child that has inherited - // the parent's stdout. In this case we assume that we have read - // all the handler's output, close the stream, log the warning and - // bail out. - // - if (pr.exit) - { - // We keep reading only upon successful handler termination. - // - assert (*pr.exit); - - is.close (); - - warn << "ref " << ref << ": process " << handler - << " stdout is not closed after termination (possibly " - << "handler's child still running)"; - } - } - - if (timeout) - { - time_point now (system_clock::now ()); - - // Assume we have waited the full amount if the time adjustment is - // detected. - // - duration d (now > start ? now - start : wd); - - // If the timeout is not fully exhausted, then decrement it and - // try to read some more data from the handler' stdout. Otherwise, - // kill the process, if not done yet. - // - // Note that it may happen that we are killing an already - // terminated process, in which case kill() just sets the process - // exit information. On the other hand it's guaranteed that the - // process is terminated after the kill() call, and so the pipe is - // presumably closed on the write end (see above for details). - // Thus, if the process terminated successfully, we will continue - // reading until eof is reached or read timeout occurred. Yes, it - // may happen that we end up with a successful submission even - // with the kill. - // - if (*timeout > d) - *timeout -= duration_cast<milliseconds> (d); - else if (!pr.exit) - { - kill (); - - assert (pr.exit); - - // Close the stream (and bail out) if the process hasn't - // terminate successfully. - // - if (!*pr.exit) - is.close (); - - *timeout = milliseconds::zero (); - } - } - } - - assert (!is.is_open ()); - - if (!timeout) - pr.wait (); - - // If the process is not terminated yet, then wait for its termination - // for the remaining time. Kill it if the timeout has been exceeded - // and the process still hasn't terminate. - // - else if (!pr.exit && !pr.timed_wait (*timeout)) - kill (); - - assert (pr.exit); // The process must finally be terminated. - - if (*pr.exit) - break; // Get out of the breakout loop. - - error << "ref " << ref << ": process " << handler << " " << *pr.exit; - - // Fall through. - } - catch (const io_error& e) - { - if (pr.wait ()) - error << "ref " << ref << ": unable to read handler's output: " << e; + using namespace external_handler; - // Fall through. - } - - stash_submit_dir (); - return respond_error (); - } - // Handle process_error and io_error (both derive from system_error). - // - catch (const system_error& e) + optional<result_manifest> r (run (options_->submit_handler (), + options_->submit_handler_argument (), + dd, + options_->submit_handler_timeout (), + error, + warn, + verb_ ? &trace : nullptr)); + if (!r) { - error << "unable to execute '" << handler << "': " << e; - stash_submit_dir (); - return respond_error (); - } - - try - { - // Parse and verify the manifest. Obtain the HTTP status code (must go - // first) and cache it for the subsequent response to the client. - // - parser p (ss, "handler"); - manifest_name_value nv (p.next ()); - - auto bad_value ([&p, &nv] (const string& d) { - throw parsing (p.name (), nv.value_line, nv.value_column, d);}); - - if (nv.empty ()) - bad_value ("empty manifest"); - - const string& n (nv.name); - const string& v (nv.value); - - // The format version pair is verified by the parser. - // - assert (n.empty () && v == "1"); - - // Cache the format version pair. - // - rvs.push_back (move (nv)); - - // Get and verify the HTTP status. - // - nv = p.next (); - if (n != "status") - bad_value ("no status specified"); - - char* e (nullptr); - unsigned long c (strtoul (v.c_str (), &e, 10)); // Can't throw. - - assert (e != nullptr); - - if (!(*e == '\0' && c >= 100 && c < 600)) - bad_value ("invalid HTTP status '" + v + "'"); - - // Cache the HTTP status. - // - sc = static_cast<status_code> (c); - rvs.push_back (move (nv)); - - // Cache the remaining name/value pairs. - // - for (nv = p.next (); !nv.empty (); nv = p.next ()) - rvs.push_back (move (nv)); - - // Cache end of manifest. - // - rvs.push_back (move (nv)); + return respond_error (); // The diagnostics is already issued. } - catch (const parsing& e) - { - error << "ref " << ref << ": unable to parse handler's output: " << e; - // It appears the handler had misbehaved, so let's stash the submission - // directory for troubleshooting. - // - stash_submit_dir (); - return respond_error (); - } + sc = r->status; + rvs = move (r->values); } - else // Create implied result manifest. + else // Create the implied result manifest. { + sc = 200; + auto add = [&rvs] (string n, string v) { manifest_name_value nv {move (n), move (v), |