discourse/lib/hijack.rb

# frozen_string_literal: true

require "method_profiler"

# This module allows us to hijack a request and send it to the client in the deferred job queue
# For cases where we are making remote calls like onebox or proxying files and so on this helps
# free up a unicorn worker while the remote IO is happening
module Hijack
  def hijack(info: nil, &blk)
    controller_class = self.class

    if hijack = request.env["rack.hijack"]
      request.env["discourse.request_tracker.skip"] = true
      request_tracker = request.env["discourse.request_tracker"]

      # in the past unicorn would recycle env, this is not longer the case
      env = request.env

      # rack may clean up tempfiles unless we trick it and take control
      tempfiles = env[Rack::RACK_TEMPFILES]
      env[Rack::RACK_TEMPFILES] = nil
      request_copy = ActionDispatch::Request.new(env)

      transfer_timings = MethodProfiler.transfer

      io = hijack.call

      # duplicate headers so other middleware does not mess with it
      # on the way down the stack
      original_headers = response.headers.dup

      Scheduler::Defer.later("hijack #{params["controller"]} #{params["action"]} #{info}") do
        MethodProfiler.start(transfer_timings)
        begin
          Thread.current[Logster::Logger::LOGSTER_ENV] = env
          # do this first to confirm we have a working connection
          # before doing any work
          io.write "HTTP/1.1 "

          # this trick avoids double render, also avoids any litter that the controller hooks
          # place on the response
          instance = controller_class.new
          response = ActionDispatch::Response.new
          instance.response = response

          instance.request = request_copy
          original_headers&.each { |k, v| instance.response.headers[k] = v }

          view_start = Process.clock_gettime(Process::CLOCK_MONOTONIC)
          begin
            instance.instance_eval(&blk)
          rescue => e
            # TODO we need to reuse our exception handling in ApplicationController
            Discourse.warn_exception(
              e,
              message: "Failed to process hijacked response correctly",
              env: env,
            )
          end
          view_runtime = Process.clock_gettime(Process::CLOCK_MONOTONIC) - view_start

          instance.status = 500 unless instance.response_body || response.committed?

          response.commit!

          body = response.body

          headers = response.headers
          # add cors if needed
          if cors_origins = env[Discourse::Cors::ORIGINS_ENV]
            Discourse::Cors.apply_headers(cors_origins, env, headers)
          end

          headers["Content-Type"] ||= response.content_type || "text/plain"
          headers["Content-Length"] = body.bytesize
          headers["Connection"] = "close"

          headers["Discourse-Logged-Out"] = "1" if env[Auth::DefaultCurrentUserProvider::BAD_TOKEN]

          status_string = Rack::Utils::HTTP_STATUS_CODES[response.status.to_i] || "Unknown"
          io.write "#{response.status} #{status_string}\r\n"

          timings = MethodProfiler.stop
          if timings && duration = timings[:total_duration]
            headers["X-Runtime"] = "#{"%0.6f" % duration}"
          end

          headers.each { |name, val| io.write "#{name}: #{val}\r\n" }

          io.write "\r\n"
          io.write body
        rescue Errno::EPIPE, IOError
          # happens if client terminated before we responded, ignore
          io = nil
        ensure
          if Rails.configuration.try(:lograge).try(:enabled)
            if timings
              db_runtime = 0
              db_runtime = timings[:sql][:duration] if timings[:sql]

              subscriber = Lograge::LogSubscribers::ActionController.new
              payload =
                ActiveSupport::HashWithIndifferentAccess.new(
                  controller: self.class.name,
                  action: action_name,
                  params: request.filtered_parameters,
                  headers: request.headers,
                  format: request.format.ref,
                  method: request.request_method,
                  path: request.fullpath,
                  view_runtime: view_runtime * 1000.0,
                  db_runtime: db_runtime * 1000.0,
                  timings: timings,
                  status: response.status,
                )

              event =
                ActiveSupport::Notifications::Event.new(
                  "hijack",
                  Time.now,
                  Time.now + timings[:total_duration],
                  "",
                  payload,
                )
              subscriber.process_action(event)
            end
          end

          MethodProfiler.clear
          Thread.current[Logster::Logger::LOGSTER_ENV] = nil

          begin
            io.close if io
          rescue StandardError
            nil
          end

          if request_tracker
            status =
              begin
                response.status
              rescue StandardError
                500
              end
            request_tracker.log_request_info(env, [status, headers || {}, []], timings)
          end

          tempfiles&.each(&:close!)
        end
      end
      # not leaked out, we use 418 ... I am a teapot to denote that we are hijacked
      render plain: "", status: 418
    else
      blk.call
    end
  end
end
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`# frozen_string_literal: true`

DEV: avoid require_dependency for some libs This avoids require dependency on method_profiler and anon cache. It means that if there is any change to these files the reloader will not pick it up. Previously the reloader was picking up the anon cache twice causing it to double load on boot. This caused warnings. Long term my plan is to give up on require dependency and instead use: https://github.com/Shopify/autoload_reloader 2018-12-30 18:53:30 -05:00			`require "method_profiler"`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`# This module allows us to hijack a request and send it to the client in the deferred job queue`
			`# For cases where we are making remote calls like onebox or proxying files and so on this helps`
			`# free up a unicorn worker while the remote IO is happening`
			`module Hijack`
DEV: Add more debugging context to onebox generation Previously if a onebox timed out we would not present the users in the log with any information regarding the onebox. This makes it very difficult to debug. This adds url/topic/user in the debugging output. 2020-10-22 00:38:18 -04:00			`def hijack(info: nil, &blk)`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`controller_class = self.class`
FIX: displaying wrong avatar and letter avatar correct regression where params and env is reused in production 2017-11-27 17:28:40 -05:00
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`if hijack = request.env["rack.hijack"]`
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`request.env["discourse.request_tracker.skip"] = true`
			`request_tracker = request.env["discourse.request_tracker"]`

PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`# in the past unicorn would recycle env, this is not longer the case`
			`env = request.env`
FIX: uploads not working on themes admin page 2018-01-25 05:12:51 -05:00
			`# rack may clean up tempfiles unless we trick it and take control`
			`tempfiles = env[Rack::RACK_TEMPFILES]`
			`env[Rack::RACK_TEMPFILES] = nil`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`request_copy = ActionDispatch::Request.new(env)`
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`transfer_timings = MethodProfiler.transfer`
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00
improve instrumentation and defer hijacking till last moment 2017-11-28 02:21:45 -05:00			`io = hijack.call`

FIX: uploads not working on themes admin page 2018-01-25 05:12:51 -05:00			`# duplicate headers so other middleware does not mess with it`
			`# on the way down the stack`
			`original_headers = response.headers.dup`
FIX: ensure proper header transfer (except for cache control) allows discourse special headers to be visible on hijacked reqs 2018-01-20 22:26:42 -05:00
DEV: Add more debugging context to onebox generation Previously if a onebox timed out we would not present the users in the log with any information regarding the onebox. This makes it very difficult to debug. This adds url/topic/user in the debugging output. 2020-10-22 00:38:18 -04:00			`Scheduler::Defer.later("hijack #{params["controller"]} #{params["action"]} #{info}") do`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`MethodProfiler.start(transfer_timings)`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`begin`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`Thread.current[Logster::Logger::LOGSTER_ENV] = env`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`# do this first to confirm we have a working connection`
			`# before doing any work`
			`io.write "HTTP/1.1 "`

FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`# this trick avoids double render, also avoids any litter that the controller hooks`
			`# place on the response`
			`instance = controller_class.new`
			`response = ActionDispatch::Response.new`
			`instance.response = response`
FIX: Handle more cases where HTTP status is not correct HTTP status was not correct with send_file which uses streaming 2017-11-27 18:59:53 -05:00
FIX: displaying wrong avatar and letter avatar correct regression where params and env is reused in production 2017-11-27 17:28:40 -05:00			`instance.request = request_copy`
FIX: uploads not working on themes admin page 2018-01-25 05:12:51 -05:00			`original_headers&.each { \|k, v\| instance.response.headers[k] = v }`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00
FEATURE: add instrumentation for all external net calls 2018-02-20 23:19:59 -05:00			`view_start = Process.clock_gettime(Process::CLOCK_MONOTONIC)`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`begin`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`instance.instance_eval(&blk)`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`rescue => e`
Improve error handling in hijacked code 2017-12-01 00:23:21 -05:00			`# TODO we need to reuse our exception handling in ApplicationController`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`Discourse.warn_exception(`
			`e,`
			`message: "Failed to process hijacked response correctly",`
			`env: env,`
			`)`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`end`
FEATURE: add instrumentation for all external net calls 2018-02-20 23:19:59 -05:00			`view_runtime = Process.clock_gettime(Process::CLOCK_MONOTONIC) - view_start`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00
FIX: Handle more cases where HTTP status is not correct HTTP status was not correct with send_file which uses streaming 2017-11-27 18:59:53 -05:00			`instance.status = 500 unless instance.response_body \|\| response.committed?`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00
			`response.commit!`

			`body = response.body`

			`headers = response.headers`
FIX: handle CORS in hijacked requests 2017-12-06 18:30:50 -05:00			`# add cors if needed`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`if cors_origins = env[Discourse::Cors::ORIGINS_ENV]`
			`Discourse::Cors.apply_headers(cors_origins, env, headers)`
FIX: handle CORS in hijacked requests 2017-12-06 18:30:50 -05:00			`end`

ensure we do not override charset for content type 2018-01-25 02:43:32 -05:00			`headers["Content-Type"] \|\|= response.content_type \|\| "text/plain"`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`headers["Content-Length"] = body.bytesize`
favicon proxy now uses hijack 2017-11-26 22:50:57 -05:00			`headers["Connection"] = "close"`

FEATURE: detect when client thinks user is logged on but is not This cleans up an error condition where UI thinks a user is logged on but the user is not. If this happens user will be prompted to refresh. 2018-03-06 00:49:31 -05:00			`headers["Discourse-Logged-Out"] = "1" if env[Auth::DefaultCurrentUserProvider::BAD_TOKEN]`

PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`status_string = Rack::Utils::HTTP_STATUS_CODES[response.status.to_i] \|\| "Unknown"`
			`io.write "#{response.status} #{status_string}\r\n"`
favicon proxy now uses hijack 2017-11-26 22:50:57 -05:00
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`timings = MethodProfiler.stop`
			`if timings && duration = timings[:total_duration]`
FIX: ensure proper header transfer (except for cache control) allows discourse special headers to be visible on hijacked reqs 2018-01-20 22:26:42 -05:00			`headers["X-Runtime"] = "#{"%0.6f" % duration}"`
			`end`

			`headers.each { \|name, val\| io.write "#{name}: #{val}\r\n" }`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`io.write "\r\n"`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`io.write body`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`rescue Errno::EPIPE, IOError`
			`# happens if client terminated before we responded, ignore`
Simplify hijack code 2017-11-28 19:54:20 -05:00			`io = nil`
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`ensure`
allow for no lograge (fixes tests) 2018-02-20 23:40:37 -05:00			`if Rails.configuration.try(:lograge).try(:enabled)`
FEATURE: add instrumentation for all external net calls 2018-02-20 23:19:59 -05:00			`if timings`
			`db_runtime = 0`
			`db_runtime = timings[:sql][:duration] if timings[:sql]`

Take 2 of 0f5161af195a06692af25355e985ee9f6c90e173. 2019-04-29 04:41:35 -04:00			`subscriber = Lograge::LogSubscribers::ActionController.new`
FEATURE: add instrumentation for all external net calls 2018-02-20 23:19:59 -05:00			`payload =`
			`ActiveSupport::HashWithIndifferentAccess.new(`
			`controller: self.class.name,`
			`action: action_name,`
			`params: request.filtered_parameters,`
			`headers: request.headers,`
			`format: request.format.ref,`
			`method: request.request_method,`
			`path: request.fullpath,`
			`view_runtime: view_runtime * 1000.0,`
			`db_runtime: db_runtime * 1000.0,`
			`timings: timings,`
			`status: response.status,`
			`)`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00
FEATURE: add instrumentation for all external net calls 2018-02-20 23:19:59 -05:00			`event =`
			`ActiveSupport::Notifications::Event.new(`
			`"hijack",`
			`Time.now,`
			`Time.now + timings[:total_duration],`
			`"",`
			`payload,`
			`)`
			`subscriber.process_action(event)`
			`end`
			`end`

PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`MethodProfiler.clear`
Improve error handling in hijacked code 2017-12-01 00:23:21 -05:00			`Thread.current[Logster::Logger::LOGSTER_ENV] = nil`

DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`begin`
Simplify hijack code 2017-11-28 19:54:20 -05:00			`io.close if io`
			`rescue StandardError`
			`nil`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`end`
Simplify hijack code 2017-11-28 19:54:20 -05:00
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`if request_tracker`
FIX: correctly log topic timings as background 2018-01-18 18:37:27 -05:00			`status =`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`begin`
FIX: correctly log topic timings as background 2018-01-18 18:37:27 -05:00			`response.status`
			`rescue StandardError`
			`500`
DEV: Apply syntax_tree formatting to `lib/*` 2023-01-09 07:10:19 -05:00			`end`
PERF: run post timings in background This means that if a very large amount of registered users hit a single topic we will handle it gracefully, even if db gets slow. 2018-01-18 16:26:18 -05:00			`request_tracker.log_request_info(env, [status, headers \|\| {}, []], timings)`
Correctly track hijacked requests 2017-11-28 00:47:20 -05:00			`end`
FIX: uploads not working on themes admin page 2018-01-25 05:12:51 -05:00
			`tempfiles&.each(&:close!)`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`end`
			`end`
			`# not leaked out, we use 418 ... I am a teapot to denote that we are hijacked`
			`render plain: "", status: 418`
			`else`
FEATURE: avatar proxy happens in background This ensures that even if it is slow to download avatars site will continue to work Also simplifies hijack pattern 2017-11-27 01:43:24 -05:00			`blk.call`
PERF: hijack onebox requests so they do not use up a unicorn worker 2017-11-23 23:31:23 -05:00			`end`
			`end`
			`end`