imgproxy/server.go

package main

import (
	"context"
	"crypto/subtle"
	"fmt"
	golog "log"
	"net/http"
	"time"

	log "github.com/sirupsen/logrus"
	"golang.org/x/net/netutil"

	"github.com/imgproxy/imgproxy/v3/config"
	"github.com/imgproxy/imgproxy/v3/errorreport"
	"github.com/imgproxy/imgproxy/v3/ierrors"
	"github.com/imgproxy/imgproxy/v3/metrics"
	"github.com/imgproxy/imgproxy/v3/reuseport"
	"github.com/imgproxy/imgproxy/v3/router"
	"github.com/imgproxy/imgproxy/v3/vips"
)

var (
	imgproxyIsRunningMsg = []byte("imgproxy is running")

	errInvalidSecret = ierrors.New(403, "Invalid secret", "Forbidden")
)

func buildRouter() *router.Router {
	r := router.New(config.PathPrefix)

	r.GET("/", handleLanding, true)
	r.GET("/", withMetrics(withPanicHandler(withCORS(withSecret(handleProcessing)))), false)
	r.HEAD("/", withCORS(handleHead), false)
	r.OPTIONS("/", withCORS(handleHead), false)

	r.HealthHandler = handleHealth

	return r
}

func startServer(cancel context.CancelFunc) (*http.Server, error) {
	l, err := reuseport.Listen(config.Network, config.Bind)
	if err != nil {
		return nil, fmt.Errorf("Can't start server: %s", err)
	}

	if config.MaxClients > 0 {
		l = netutil.LimitListener(l, config.MaxClients)
	}

	errLogger := golog.New(
		log.WithField("source", "http_server").WriterLevel(log.ErrorLevel),
		"", 0,
	)

	s := &http.Server{
		Handler:        buildRouter(),
		ReadTimeout:    time.Duration(config.ReadTimeout) * time.Second,
		MaxHeaderBytes: 1 << 20,
		ErrorLog:       errLogger,
	}

	if config.KeepAliveTimeout > 0 {
		s.IdleTimeout = time.Duration(config.KeepAliveTimeout) * time.Second
	} else {
		s.SetKeepAlivesEnabled(false)
	}

	go func() {
		log.Infof("Starting server at %s", config.Bind)
		if err := s.Serve(l); err != nil && err != http.ErrServerClosed {
			log.Error(err)
		}
		cancel()
	}()

	return s, nil
}

func shutdownServer(s *http.Server) {
	log.Info("Shutting down the server...")

	ctx, close := context.WithTimeout(context.Background(), 5*time.Second)
	defer close()

	s.Shutdown(ctx)
}

func withMetrics(h router.RouteHandler) router.RouteHandler {
	if !metrics.Enabled() {
		return h
	}

	return func(reqID string, rw http.ResponseWriter, r *http.Request) {
		ctx, metricsCancel, rw := metrics.StartRequest(r.Context(), rw, r)
		defer metricsCancel()

		h(reqID, rw, r.WithContext(ctx))
	}
}

func withCORS(h router.RouteHandler) router.RouteHandler {
	return func(reqID string, rw http.ResponseWriter, r *http.Request) {
		if len(config.AllowOrigin) > 0 {
			rw.Header().Set("Access-Control-Allow-Origin", config.AllowOrigin)
			rw.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")
		}

		h(reqID, rw, r)
	}
}

func withSecret(h router.RouteHandler) router.RouteHandler {
	if len(config.Secret) == 0 {
		return h
	}

	authHeader := []byte(fmt.Sprintf("Bearer %s", config.Secret))

	return func(reqID string, rw http.ResponseWriter, r *http.Request) {
		if subtle.ConstantTimeCompare([]byte(r.Header.Get("Authorization")), authHeader) == 1 {
			h(reqID, rw, r)
		} else {
			panic(errInvalidSecret)
		}
	}
}

func withPanicHandler(h router.RouteHandler) router.RouteHandler {
	return func(reqID string, rw http.ResponseWriter, r *http.Request) {
		defer func() {
			if rerr := recover(); rerr != nil {
				if rerr == http.ErrAbortHandler {
					panic(rerr)
				}

				err, ok := rerr.(error)
				if !ok {
					panic(rerr)
				}

				ierr := ierrors.Wrap(err, 2)

				if ierr.Unexpected {
					errorreport.Report(err, r)
				}

				router.LogResponse(reqID, r, ierr.StatusCode, ierr)

				rw.WriteHeader(ierr.StatusCode)

				if config.DevelopmentErrorsMode {
					rw.Write([]byte(ierr.Message))
				} else {
					rw.Write([]byte(ierr.PublicMessage))
				}
			}
		}()

		h(reqID, rw, r)
	}
}

func handleHealth(reqID string, rw http.ResponseWriter, r *http.Request) {
	var (
		status int
		msg    []byte
		ierr   *ierrors.Error
	)

	if err := vips.Health(); err == nil {
		status = http.StatusOK
		msg = imgproxyIsRunningMsg
	} else {
		status = http.StatusInternalServerError
		msg = []byte("Error")
		ierr = ierrors.Wrap(err, 1)
	}

	// Log response only if something went wrong
	if ierr != nil {
		router.LogResponse(reqID, r, status, ierr)
	}

	rw.Header().Set("Cache-Control", "no-cache")
	rw.WriteHeader(status)
	rw.Write(msg)
}

func handleHead(reqID string, rw http.ResponseWriter, r *http.Request) {
	router.LogResponse(reqID, r, 200, nil)
	rw.WriteHeader(200)
}
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`package main`

			`import (`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`"context"`
Prevent direct requests with X-Imgproxy-Secret header 2017-07-01 23:25:08 +02:00			`"crypto/subtle"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"fmt"`
Ser ErrorLog for server 2022-07-19 14:04:54 +02:00			`golog "log"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`"net/http"`
Log processing time 2017-07-03 06:08:47 +02:00			`"time"`
Add request ID 2018-03-15 18:58:11 +02:00
Global refactoring 2021-04-26 13:52:50 +02:00			`log "github.com/sirupsen/logrus"`
Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`"golang.org/x/net/netutil"`
Global refactoring 2021-04-26 13:52:50 +02:00
Bump version 2021-09-30 16:23:30 +02:00			`"github.com/imgproxy/imgproxy/v3/config"`
			`"github.com/imgproxy/imgproxy/v3/errorreport"`
			`"github.com/imgproxy/imgproxy/v3/ierrors"`
Move metrics.StartRequest to middleware && Fix Datadog 2022-01-13 20:40:14 +02:00			`"github.com/imgproxy/imgproxy/v3/metrics"`
Bump version 2021-09-30 16:23:30 +02:00			`"github.com/imgproxy/imgproxy/v3/reuseport"`
			`"github.com/imgproxy/imgproxy/v3/router"`
Create and destroy a tiny image during health check to check that vips is operational 2023-08-21 19:48:47 +02:00			`"github.com/imgproxy/imgproxy/v3/vips"`
Move server funcs to separate file 2017-06-27 11:00:33 +02:00			`)`

fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`var (`
Back to net/http because of fasthttps incompatibiliti with almost everything 2018-10-25 13:31:31 +02:00			`imgproxyIsRunningMsg = []byte("imgproxy is running")`
Predefine static errors 2018-10-05 22:29:55 +02:00
Global refactoring 2021-04-26 13:52:50 +02:00			`errInvalidSecret = ierrors.New(403, "Invalid secret", "Forbidden")`
Optimized memory usage; Reducing memory fragmentation 2019-01-17 10:51:19 +02:00			`)`
Back to net/http because of fasthttps incompatibiliti with almost everything 2018-10-25 13:31:31 +02:00
Global refactoring 2021-04-26 13:52:50 +02:00			`func buildRouter() *router.Router {`
			`r := router.New(config.PathPrefix)`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00
Favicon dummy handler & hello message at the root 2019-08-20 15:26:17 +02:00			`r.GET("/", handleLanding, true)`
Move metrics.StartRequest to middleware && Fix Datadog 2022-01-13 20:40:14 +02:00			`r.GET("/", withMetrics(withPanicHandler(withCORS(withSecret(handleProcessing)))), false)`
Respond to HEAD 2020-01-30 12:07:43 +02:00			`r.HEAD("/", withCORS(handleHead), false)`
			`r.OPTIONS("/", withCORS(handleHead), false)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00
Don't log healthcheck and favicon requests 2024-01-19 17:41:37 +02:00			`r.HealthHandler = handleHealth`

Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`return r`
Back to net/http because of fasthttps incompatibiliti with almost everything 2018-10-25 13:31:31 +02:00			`}`

Get rid of os.Exit 2020-02-27 17:44:59 +02:00			`func startServer(cancel context.CancelFunc) (*http.Server, error) {`
Global refactoring 2021-04-26 13:52:50 +02:00			`l, err := reuseport.Listen(config.Network, config.Bind)`
Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`if err != nil {`
Get rid of os.Exit 2020-02-27 17:44:59 +02:00			`return nil, fmt.Errorf("Can't start server: %s", err)`
Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`}`
Set default IMGPROXY_MAX_CLIENTS value to 2048; Allow unlimited connections 2022-07-19 14:04:22 +02:00
			`if config.MaxClients > 0 {`
			`l = netutil.LimitListener(l, config.MaxClients)`
			`}`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00
Ser ErrorLog for server 2022-07-19 14:04:54 +02:00			`errLogger := golog.New(`
			`log.WithField("source", "http_server").WriterLevel(log.ErrorLevel),`
			`"", 0,`
			`)`

Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`s := &http.Server{`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`Handler: buildRouter(),`
Global refactoring 2021-04-26 13:52:50 +02:00			`ReadTimeout: time.Duration(config.ReadTimeout) * time.Second,`
Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`MaxHeaderBytes: 1 << 20,`
Ser ErrorLog for server 2022-07-19 14:04:54 +02:00			`ErrorLog: errLogger,`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`if config.KeepAliveTimeout > 0 {`
			`s.IdleTimeout = time.Duration(config.KeepAliveTimeout) * time.Second`
Add IMGPROXY_KEEP_ALIVE_TIMEOUT config 2019-06-21 12:32:37 +02:00			`} else {`
			`s.SetKeepAlivesEnabled(false)`
			`}`

Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`go func() {`
Global refactoring 2021-04-26 13:52:50 +02:00			`log.Infof("Starting server at %s", config.Bind)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`if err := s.Serve(l); err != nil && err != http.ErrServerClosed {`
Global refactoring 2021-04-26 13:52:50 +02:00			`log.Error(err)`
fasthttp; Optimized memory allocation 2018-10-05 17:17:36 +02:00			`}`
Get rid of os.Exit 2020-02-27 17:44:59 +02:00			`cancel()`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}()`

Get rid of os.Exit 2020-02-27 17:44:59 +02:00			`return s, nil`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}`

Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00			`func shutdownServer(s *http.Server) {`
Global refactoring 2021-04-26 13:52:50 +02:00			`log.Info("Shutting down the server...")`
Back to net/http Month of testing and profiling show that fasthttp doesn't gives us significatnt profit in memory and performance while being incompatible with many third-side packages and http/2 2019-05-08 13:42:48 +02:00
			`ctx, close := context.WithTimeout(context.Background(), 5*time.Second)`
			`defer close()`

			`s.Shutdown(ctx)`
Drop Go <1.8 support 2018-09-10 08:17:00 +02:00			`}`

Move metrics.StartRequest to middleware && Fix Datadog 2022-01-13 20:40:14 +02:00			`func withMetrics(h router.RouteHandler) router.RouteHandler {`
			`if !metrics.Enabled() {`
			`return h`
			`}`

			`return func(reqID string, rw http.ResponseWriter, r *http.Request) {`
			`ctx, metricsCancel, rw := metrics.StartRequest(r.Context(), rw, r)`
			`defer metricsCancel()`

			`h(reqID, rw, r.WithContext(ctx))`
			`}`
			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`func withCORS(h router.RouteHandler) router.RouteHandler {`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`return func(reqID string, rw http.ResponseWriter, r *http.Request) {`
Global refactoring 2021-04-26 13:52:50 +02:00			`if len(config.AllowOrigin) > 0 {`
			`rw.Header().Set("Access-Control-Allow-Origin", config.AllowOrigin)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`rw.Header().Set("Access-Control-Allow-Methods", "GET, OPTIONS")`
			`}`
Allow query params for health endpoint; Log health response 2019-06-03 13:06:13 +02:00
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`h(reqID, rw, r)`
			`}`
Better expected errors handling 2018-11-20 14:53:44 +02:00			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`func withSecret(h router.RouteHandler) router.RouteHandler {`
			`if len(config.Secret) == 0 {`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`return h`
Send and receive X-Reqiest-ID header 2019-05-06 10:42:30 +02:00			`}`

Global refactoring 2021-04-26 13:52:50 +02:00			`authHeader := []byte(fmt.Sprintf("Bearer %s", config.Secret))`
Send and receive X-Reqiest-ID header 2019-05-06 10:42:30 +02:00
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`return func(reqID string, rw http.ResponseWriter, r *http.Request) {`
			`if subtle.ConstantTimeCompare([]byte(r.Header.Get("Authorization")), authHeader) == 1 {`
			`h(reqID, rw, r)`
			`} else {`
Extract processing handler and imageType functions from server.go 2019-06-03 19:02:46 +02:00			`panic(errInvalidSecret)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`}`
Use Authorization header for secret 2017-07-03 11:36:37 +02:00			`}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

Move panic handling out of router 2022-01-13 18:36:06 +02:00			`func withPanicHandler(h router.RouteHandler) router.RouteHandler {`
			`return func(reqID string, rw http.ResponseWriter, r *http.Request) {`
			`defer func() {`
			`if rerr := recover(); rerr != nil {`
`raw` processing option 2022-09-07 12:50:21 +02:00			`if rerr == http.ErrAbortHandler {`
			`panic(rerr)`
			`}`

Move panic handling out of router 2022-01-13 18:36:06 +02:00			`err, ok := rerr.(error)`
			`if !ok {`
			`panic(rerr)`
			`}`
Extract processing handler and imageType functions from server.go 2019-06-03 19:02:46 +02:00
Grab more stacktrace lines in panic handler 2022-04-11 11:42:11 +02:00			`ierr := ierrors.Wrap(err, 2)`
Report only unexpected errors 2019-08-15 15:15:37 +02:00
Move panic handling out of router 2022-01-13 18:36:06 +02:00			`if ierr.Unexpected {`
			`errorreport.Report(err, r)`
			`}`
Extract processing handler and imageType functions from server.go 2019-06-03 19:02:46 +02:00
Move panic handling out of router 2022-01-13 18:36:06 +02:00			`router.LogResponse(reqID, r, ierr.StatusCode, ierr)`
Extract processing handler and imageType functions from server.go 2019-06-03 19:02:46 +02:00
Move panic handling out of router 2022-01-13 18:36:06 +02:00			`rw.WriteHeader(ierr.StatusCode)`

			`if config.DevelopmentErrorsMode {`
			`rw.Write([]byte(ierr.Message))`
			`} else {`
			`rw.Write([]byte(ierr.PublicMessage))`
			`}`
			`}`
			`}()`

			`h(reqID, rw, r)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`}`
Add concurrency 2017-07-04 16:05:53 +02:00			`}`

Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`func handleHealth(reqID string, rw http.ResponseWriter, r *http.Request) {`
Create and destroy a tiny image during health check to check that vips is operational 2023-08-21 19:48:47 +02:00			`var (`
			`status int`
			`msg []byte`
			`ierr *ierrors.Error`
			`)`

			`if err := vips.Health(); err == nil {`
			`status = http.StatusOK`
			`msg = imgproxyIsRunningMsg`
			`} else {`
			`status = http.StatusInternalServerError`
			`msg = []byte("Error")`
			`ierr = ierrors.Wrap(err, 1)`
			`}`

Don't log healthcheck and favicon requests 2024-01-19 17:41:37 +02:00			`// Log response only if something went wrong`
			`if ierr != nil {`
			`router.LogResponse(reqID, r, status, ierr)`
			`}`
Create and destroy a tiny image during health check to check that vips is operational 2023-08-21 19:48:47 +02:00
Set cache-control: no-cache to heath response 2022-12-11 15:03:04 +02:00			`rw.Header().Set("Cache-Control", "no-cache")`
Create and destroy a tiny image during health check to check that vips is operational 2023-08-21 19:48:47 +02:00			`rw.WriteHeader(status)`
			`rw.Write(msg)`
Back to net/http because of fasthttps incompatibiliti with almost everything 2018-10-25 13:31:31 +02:00			`}`

Respond to HEAD 2020-01-30 12:07:43 +02:00			`func handleHead(reqID string, rw http.ResponseWriter, r *http.Request) {`
Global refactoring 2021-04-26 13:52:50 +02:00			`router.LogResponse(reqID, r, 200, nil)`
Simple http router for better looking server code 2019-06-03 17:16:49 +02:00			`rw.WriteHeader(200)`
Back to net/http because of fasthttps incompatibiliti with almost everything 2018-10-25 13:31:31 +02:00			`}`