2019-06-10 23:19:11 -07:00
|
|
|
// Copyright (C) 2019 The Syncthing Authors.
|
|
|
|
//
|
|
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
|
|
|
// Command stcrashreceiver is a trivial HTTP server that allows two things:
|
|
|
|
//
|
|
|
|
// - uploading files (crash reports) named like a SHA256 hash using a PUT request
|
|
|
|
// - checking whether such file exists using a HEAD request
|
|
|
|
//
|
|
|
|
// Typically this should be deployed behind something that manages HTTPS.
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2019-07-28 02:13:04 -07:00
|
|
|
"bytes"
|
|
|
|
"compress/gzip"
|
2019-06-10 23:19:11 -07:00
|
|
|
"flag"
|
2020-04-07 04:19:49 -07:00
|
|
|
"fmt"
|
2019-06-10 23:19:11 -07:00
|
|
|
"io"
|
|
|
|
"io/ioutil"
|
|
|
|
"log"
|
2020-04-07 04:19:49 -07:00
|
|
|
"net"
|
2019-06-10 23:19:11 -07:00
|
|
|
"net/http"
|
|
|
|
"os"
|
|
|
|
"path"
|
|
|
|
"path/filepath"
|
|
|
|
"strings"
|
2020-04-07 04:19:49 -07:00
|
|
|
"time"
|
|
|
|
|
|
|
|
"github.com/syncthing/syncthing/lib/sha256"
|
2019-06-10 23:19:11 -07:00
|
|
|
)
|
|
|
|
|
|
|
|
const maxRequestSize = 1 << 20 // 1 MiB
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
dir := flag.String("dir", ".", "Directory to store reports in")
|
|
|
|
dsn := flag.String("dsn", "", "Sentry DSN")
|
|
|
|
listen := flag.String("listen", ":22039", "HTTP listen address")
|
|
|
|
flag.Parse()
|
|
|
|
|
|
|
|
cr := &crashReceiver{
|
|
|
|
dir: *dir,
|
|
|
|
dsn: *dsn,
|
|
|
|
}
|
|
|
|
|
|
|
|
log.SetOutput(os.Stdout)
|
|
|
|
if err := http.ListenAndServe(*listen, cr); err != nil {
|
|
|
|
log.Fatalln("HTTP serve:", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type crashReceiver struct {
|
|
|
|
dir string
|
|
|
|
dsn string
|
|
|
|
}
|
|
|
|
|
|
|
|
func (r *crashReceiver) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|
|
|
// The final path component should be a SHA256 hash in hex, so 64 hex
|
|
|
|
// characters. We don't care about case on the request but use lower
|
|
|
|
// case internally.
|
2019-07-28 02:13:04 -07:00
|
|
|
reportID := strings.ToLower(path.Base(req.URL.Path))
|
|
|
|
if len(reportID) != 64 {
|
2019-06-10 23:19:11 -07:00
|
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
2019-07-28 02:13:04 -07:00
|
|
|
for _, c := range reportID {
|
2019-06-10 23:19:11 -07:00
|
|
|
if c >= 'a' && c <= 'f' {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
if c >= '0' && c <= '9' {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
http.Error(w, "Bad request", http.StatusBadRequest)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-07-28 02:13:04 -07:00
|
|
|
// The location of the report on disk, compressed
|
|
|
|
fullPath := filepath.Join(r.dir, r.dirFor(reportID), reportID) + ".gz"
|
|
|
|
|
2019-06-10 23:19:11 -07:00
|
|
|
switch req.Method {
|
2019-07-28 02:13:04 -07:00
|
|
|
case http.MethodGet:
|
|
|
|
r.serveGet(fullPath, w, req)
|
2019-06-10 23:19:11 -07:00
|
|
|
case http.MethodHead:
|
2019-07-28 02:13:04 -07:00
|
|
|
r.serveHead(fullPath, w, req)
|
2019-06-10 23:19:11 -07:00
|
|
|
case http.MethodPut:
|
2019-07-28 02:13:04 -07:00
|
|
|
r.servePut(reportID, fullPath, w, req)
|
2019-06-10 23:19:11 -07:00
|
|
|
default:
|
|
|
|
http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-28 02:13:04 -07:00
|
|
|
// serveGet responds to GET requests by serving the uncompressed report.
|
|
|
|
func (r *crashReceiver) serveGet(fullPath string, w http.ResponseWriter, _ *http.Request) {
|
|
|
|
fd, err := os.Open(fullPath)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "Not found", http.StatusNotFound)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
defer fd.Close()
|
|
|
|
gr, err := gzip.NewReader(fd)
|
|
|
|
if err != nil {
|
|
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
_, _ = io.Copy(w, gr) // best effort
|
|
|
|
}
|
|
|
|
|
2019-06-10 23:19:11 -07:00
|
|
|
// serveHead responds to HEAD requests by checking if the named report
|
|
|
|
// already exists in the system.
|
2019-07-28 02:13:04 -07:00
|
|
|
func (r *crashReceiver) serveHead(fullPath string, w http.ResponseWriter, _ *http.Request) {
|
|
|
|
if _, err := os.Lstat(fullPath); err != nil {
|
2019-06-10 23:19:11 -07:00
|
|
|
http.Error(w, "Not found", http.StatusNotFound)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// servePut accepts and stores the given report.
|
2019-07-28 02:13:04 -07:00
|
|
|
func (r *crashReceiver) servePut(reportID, fullPath string, w http.ResponseWriter, req *http.Request) {
|
2019-06-10 23:19:11 -07:00
|
|
|
// Ensure the destination directory exists
|
|
|
|
if err := os.MkdirAll(filepath.Dir(fullPath), 0755); err != nil {
|
2019-07-28 02:13:04 -07:00
|
|
|
log.Println("Creating directory:", err)
|
2019-06-10 23:19:11 -07:00
|
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Read at most maxRequestSize of report data.
|
2019-07-28 02:13:04 -07:00
|
|
|
log.Println("Receiving report", reportID)
|
2019-06-10 23:19:11 -07:00
|
|
|
lr := io.LimitReader(req.Body, maxRequestSize)
|
|
|
|
bs, err := ioutil.ReadAll(lr)
|
|
|
|
if err != nil {
|
|
|
|
log.Println("Reading report:", err)
|
|
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2019-07-28 02:13:04 -07:00
|
|
|
// Compress the report for storage
|
|
|
|
buf := new(bytes.Buffer)
|
|
|
|
gw := gzip.NewWriter(buf)
|
|
|
|
_, _ = gw.Write(bs) // can't fail
|
|
|
|
gw.Close()
|
|
|
|
|
|
|
|
// Create an output file with the compressed report
|
|
|
|
err = ioutil.WriteFile(fullPath, buf.Bytes(), 0644)
|
2019-06-10 23:19:11 -07:00
|
|
|
if err != nil {
|
2019-07-28 02:13:04 -07:00
|
|
|
log.Println("Saving report:", err)
|
2019-06-10 23:19:11 -07:00
|
|
|
http.Error(w, "Internal server error", http.StatusInternalServerError)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// Send the report to Sentry
|
|
|
|
if r.dsn != "" {
|
2020-04-07 04:19:49 -07:00
|
|
|
// Remote ID
|
|
|
|
user := userIDFor(req)
|
|
|
|
|
2019-06-10 23:19:11 -07:00
|
|
|
go func() {
|
|
|
|
// There's no need for the client to have to wait for this part.
|
2020-04-07 04:19:49 -07:00
|
|
|
if err := sendReport(r.dsn, reportID, bs, user); err != nil {
|
2019-06-10 23:19:11 -07:00
|
|
|
log.Println("Failed to send report:", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// 01234567890abcdef... => 01/23
|
|
|
|
func (r *crashReceiver) dirFor(base string) string {
|
|
|
|
return filepath.Join(base[0:2], base[2:4])
|
|
|
|
}
|
2020-04-07 04:19:49 -07:00
|
|
|
|
|
|
|
// userIDFor returns a string we can use as the user ID for the purpose of
|
|
|
|
// counting affected users. It's the truncated hash of a salt, the user
|
|
|
|
// remote IP, and the current month.
|
|
|
|
func userIDFor(req *http.Request) string {
|
|
|
|
addr := req.RemoteAddr
|
|
|
|
if fwd := req.Header.Get("x-forwarded-for"); fwd != "" {
|
|
|
|
addr = fwd
|
|
|
|
}
|
|
|
|
if host, _, err := net.SplitHostPort(addr); err == nil {
|
|
|
|
addr = host
|
|
|
|
}
|
|
|
|
now := time.Now().Format("200601")
|
|
|
|
salt := "stcrashreporter"
|
|
|
|
hash := sha256.Sum256([]byte(salt + addr + now))
|
|
|
|
return fmt.Sprintf("%x", hash[:8])
|
|
|
|
}
|