Startsida Utforska Hjälp
Registrera dig Logga in
oscarleiva
/
energylink
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 69566a23fc
Grenar Taggar
energylink
/
pkg
/
api
/
dataproxy.go

dataproxy.go 4.4 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. package api
    2. 

  2. 

  3. import (
    4. 

  4. 	"bytes"
    5. 

  5. 	"io/ioutil"
    6. 

  6. 	"net/http"
    7. 

  7. 	"net/http/httputil"
    8. 

  8. 	"net/url"
    9. 

  9. 	"strings"
    10. 

  10. 	"time"
    11. 

  11. 

  12. 	"github.com/grafana/grafana/pkg/api/cloudwatch"
    13. 

  13. 	"github.com/grafana/grafana/pkg/bus"
    14. 

  14. 	"github.com/grafana/grafana/pkg/log"
    15. 

  15. 	"github.com/grafana/grafana/pkg/metrics"
    16. 

  16. 	"github.com/grafana/grafana/pkg/middleware"
    17. 

  17. 	m "github.com/grafana/grafana/pkg/models"
    18. 

  18. 	"github.com/grafana/grafana/pkg/setting"
    19. 

  19. 	"github.com/grafana/grafana/pkg/util"
    20. 

  20. )
    21. 

  21. 

  22. var (
    23. 

  23. 	dataproxyLogger log.Logger = log.New("data-proxy-log")
    24. 

  24. )
    25. 

  25. 

  26. func NewReverseProxy(ds *m.DataSource, proxyPath string, targetUrl *url.URL) *httputil.ReverseProxy {
    27. 

  27. 	director := func(req *http.Request) {
    28. 

  28. 		req.URL.Scheme = targetUrl.Scheme
    29. 

  29. 		req.URL.Host = targetUrl.Host
    30. 

  30. 		req.Host = targetUrl.Host
    31. 

  31. 

  32. 		reqQueryVals := req.URL.Query()
    33. 

  33. 

  34. 		if ds.Type == m.DS_INFLUXDB_08 {
    35. 

  35. 			req.URL.Path = util.JoinUrlFragments(targetUrl.Path, "db/"+ds.Database+"/"+proxyPath)
    36. 

  36. 			reqQueryVals.Add("u", ds.User)
    37. 

  37. 			reqQueryVals.Add("p", ds.Password)
    38. 

  38. 			req.URL.RawQuery = reqQueryVals.Encode()
    39. 

  39. 		} else if ds.Type == m.DS_INFLUXDB {
    40. 

  40. 			req.URL.Path = util.JoinUrlFragments(targetUrl.Path, proxyPath)
    41. 

  41. 			req.URL.RawQuery = reqQueryVals.Encode()
    42. 

  42. 			if !ds.BasicAuth {
    43. 

  43. 				req.Header.Del("Authorization")
    44. 

  44. 				req.Header.Add("Authorization", util.GetBasicAuthHeader(ds.User, ds.Password))
    45. 

  45. 			}
    46. 

  46. 		} else {
    47. 

  47. 			req.URL.Path = util.JoinUrlFragments(targetUrl.Path, proxyPath)
    48. 

  48. 		}
    49. 

  49. 

  50. 		if ds.BasicAuth {
    51. 

  51. 			req.Header.Del("Authorization")
    52. 

  52. 			req.Header.Add("Authorization", util.GetBasicAuthHeader(ds.BasicAuthUser, ds.BasicAuthPassword))
    53. 

  53. 		}
    54. 

  54. 

  55. 		dsAuth := req.Header.Get("X-DS-Authorization")
    56. 

  56. 		if len(dsAuth) > 0 {
    57. 

  57. 			req.Header.Del("X-DS-Authorization")
    58. 

  58. 			req.Header.Del("Authorization")
    59. 

  59. 			req.Header.Add("Authorization", dsAuth)
    60. 

  60. 		}
    61. 

  61. 

  62. 		// clear cookie headers
    63. 

  63. 		req.Header.Del("Cookie")
    64. 

  64. 		req.Header.Del("Set-Cookie")
    65. 

  65. 	}
    66. 

  66. 

  67. 	return &httputil.ReverseProxy{Director: director, FlushInterval: time.Millisecond * 200}
    68. 

  68. }
    69. 

  69. 

  70. func getDatasource(id int64, orgId int64) (*m.DataSource, error) {
    71. 

  71. 	query := m.GetDataSourceByIdQuery{Id: id, OrgId: orgId}
    72. 

  72. 	if err := bus.Dispatch(&query); err != nil {
    73. 

  73. 		return nil, err
    74. 

  74. 	}
    75. 

  75. 

  76. 	return query.Result, nil
    77. 

  77. }
    78. 

  78. 

  79. func ProxyDataSourceRequest(c *middleware.Context) {
    80. 

  80. 	c.TimeRequest(metrics.M_DataSource_ProxyReq_Timer)
    81. 

  81. 

  82. 	ds, err := getDatasource(c.ParamsInt64(":id"), c.OrgId)
    83. 

  83. 

  84. 	if err != nil {
    85. 

  85. 		c.JsonApiErr(500, "Unable to load datasource meta data", err)
    86. 

  86. 		return
    87. 

  87. 	}
    88. 

  88. 

  89. 	if ds.Type == m.DS_CLOUDWATCH {
    90. 

  90. 		cloudwatch.HandleRequest(c, ds)
    91. 

  91. 		return
    92. 

  92. 	}
    93. 

  93. 

  94. 	if ds.Type == m.DS_INFLUXDB {
    95. 

  95. 		if c.Query("db") != ds.Database {
    96. 

  96. 			c.JsonApiErr(403, "Datasource is not configured to allow this database", nil)
    97. 

  97. 			return
    98. 

  98. 		}
    99. 

  99. 	}
    100. 

  100. 

  101. 	targetUrl, _ := url.Parse(ds.Url)
    102. 

  102. 	if len(setting.DataProxyWhiteList) > 0 {
    103. 

  103. 		if _, exists := setting.DataProxyWhiteList[targetUrl.Host]; !exists {
    104. 

  104. 			c.JsonApiErr(403, "Data proxy hostname and ip are not included in whitelist", nil)
    105. 

  105. 			return
    106. 

  106. 		}
    107. 

  107. 	}
    108. 

  108. 

  109. 	proxyPath := c.Params("*")
    110. 

  110. 

  111. 	if ds.Type == m.DS_PROMETHEUS {
    112. 

  112. 		if !(c.Req.Request.Method == "GET" && strings.Index(proxyPath, "api/") == 0) {
    113. 

  113. 			c.JsonApiErr(403, "GET is only allowed on proxied Prometheus datasource", nil)
    114. 

  114. 			return
    115. 

  115. 		}
    116. 

  116. 	}
    117. 

  117. 

  118. 	if ds.Type == m.DS_ES {
    119. 

  119. 		if c.Req.Request.Method == "DELETE" {
    120. 

  120. 			c.JsonApiErr(403, "Deletes not allowed on proxied Elasticsearch datasource", nil)
    121. 

  121. 			return
    122. 

  122. 		}
    123. 

  123. 		if c.Req.Request.Method == "PUT" {
    124. 

  124. 			c.JsonApiErr(403, "Puts not allowed on proxied Elasticsearch datasource", nil)
    125. 

  125. 			return
    126. 

  126. 		}
    127. 

  127. 		if c.Req.Request.Method == "POST" && proxyPath != "_msearch" {
    128. 

  128. 			c.JsonApiErr(403, "Posts not allowed on proxied Elasticsearch datasource except on /_msearch", nil)
    129. 

  129. 			return
    130. 

  130. 		}
    131. 

  131. 	}
    132. 

  132. 

  133. 	proxy := NewReverseProxy(ds, proxyPath, targetUrl)
    134. 

  134. 	proxy.Transport, err = ds.GetHttpTransport()
    135. 

  135. 	if err != nil {
    136. 

  136. 		c.JsonApiErr(400, "Unable to load TLS certificate", err)
    137. 

  137. 		return
    138. 

  138. 	}
    139. 

  139. 

  140. 	logProxyRequest(ds.Type, c)
    141. 

  141. 	proxy.ServeHTTP(c.Resp, c.Req.Request)
    142. 

  142. 	c.Resp.Header().Del("Set-Cookie")
    143. 

  143. }
    144. 

  144. 

  145. func logProxyRequest(dataSourceType string, c *middleware.Context) {
    146. 

  146. 	if !setting.DataProxyLogging {
    147. 

  147. 		return
    148. 

  148. 	}
    149. 

  149. 

  150. 	var body string
    151. 

  151. 	if c.Req.Request.Body != nil {
    152. 

  152. 		buffer, err := ioutil.ReadAll(c.Req.Request.Body)
    153. 

  153. 		if err == nil {
    154. 

  154. 			c.Req.Request.Body = ioutil.NopCloser(bytes.NewBuffer(buffer))
    155. 

  155. 			body = string(buffer)
    156. 

  156. 		}
    157. 

  157. 	}
    158. 

  158. 

  159. 	dataproxyLogger.Info("Proxying incoming request",
    160. 

  160. 		"userid", c.UserId,
    161. 

  161. 		"orgid", c.OrgId,
    162. 

  162. 		"username", c.Login,
    163. 

  163. 		"datasource", dataSourceType,
    164. 

  164. 		"uri", c.Req.RequestURI,
    165. 

  165. 		"method", c.Req.Request.Method,
    166. 

  166. 		"body", body)
    167. 

  167. }
    168.