#define TOO_BIG_REQUEST 16384
int web_client_timeout = DEFAULT_DISCONNECT_IDLE_WEB_CLIENTS_AFTER_SECONDS;
-int web_donotrack_comply = 0;
+int respect_web_browser_do_not_track_policy = 0;
+char *web_x_frame_options = NULL;
#ifdef NETDATA_WITH_ZLIB
int web_enable_gzip = 1, web_gzip_level = 3, web_gzip_strategy = Z_DEFAULT_STRATEGY;
struct web_client *web_clients = NULL;
unsigned long long web_clients_count = 0;
-inline int web_client_crock_socket(struct web_client *w) {
+static inline int web_client_crock_socket(struct web_client *w) {
#ifdef TCP_CORK
if(likely(!w->tcp_cork && w->ofd != -1)) {
w->tcp_cork = 1;
return 0;
}
-inline int web_client_uncrock_socket(struct web_client *w) {
+static inline int web_client_uncrock_socket(struct web_client *w) {
#ifdef TCP_CORK
if(likely(w->tcp_cork && w->ofd != -1)) {
w->tcp_cork = 0;
void web_client_reset(struct web_client *w) {
web_client_uncrock_socket(w);
- debug(D_WEB_CLIENT, "%llu: Reseting client.", w->id);
+ debug(D_WEB_CLIENT, "%llu: Resetting client.", w->id);
if(likely(w->last_url[0])) {
struct timeval tv;
- gettimeofday(&tv, NULL);
+ now_realtime_timeval(&tv);
size_t size = (w->mode == WEB_CLIENT_MODE_FILECOPY)?w->response.rlen:w->response.data->len;
size_t sent = size;
// --------------------------------------------------------------------
// global statistics
- finished_web_request_statistics(usec_dt(&tv, &w->tv_in),
+ finished_web_request_statistics(dt_usec(&tv, &w->tv_in),
w->stats_received_bytes,
w->stats_sent_bytes,
size,
log_access("%llu: (sent/all = %zu/%zu bytes %0.0f%%, prep/sent/total = %0.2f/%0.2f/%0.2f ms) %s: %d '%s'",
w->id,
sent, size, -((size > 0) ? ((size - sent) / (double) size * 100.0) : 0.0),
- usec_dt(&w->tv_ready, &w->tv_in) / 1000.0,
- usec_dt(&tv, &w->tv_ready) / 1000.0,
- usec_dt(&tv, &w->tv_in) / 1000.0,
+ dt_usec(&w->tv_ready, &w->tv_in) / 1000.0,
+ dt_usec(&tv, &w->tv_ready) / 1000.0,
+ dt_usec(&tv, &w->tv_in) / 1000.0,
(w->mode == WEB_CLIENT_MODE_FILECOPY) ? "filecopy" : ((w->mode == WEB_CLIENT_MODE_OPTIONS)
? "options" : "data"),
w->response.code,
int mysendfile(struct web_client *w, char *filename)
{
- static char *web_dir = NULL;
-
- // initialize our static data
- if(unlikely(!web_dir)) web_dir = config_get("global", "web files directory", WEB_DIR);
-
- debug(D_WEB_CLIENT, "%llu: Looking for file '%s/%s'", w->id, web_dir, filename);
+ debug(D_WEB_CLIENT, "%llu: Looking for file '%s/%s'", w->id, netdata_configured_web_dir, filename);
// skip leading slashes
while (*filename == '/') filename++;
for(s = filename; *s ;s++) {
if( !isalnum(*s) && *s != '/' && *s != '.' && *s != '-' && *s != '_') {
debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not acceptable.", w->id, filename);
- buffer_sprintf(w->response.data, "File '%s' cannot be served. Filename contains invalid character '%c'", filename, *s);
+ buffer_sprintf(w->response.data, "Filename contains invalid characters: ");
+ buffer_strcat_htmlescape(w->response.data, filename);
return 400;
}
}
// if the filename contains a .. refuse to serve it
if(strstr(filename, "..") != 0) {
debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not acceptable.", w->id, filename);
- buffer_sprintf(w->response.data, "File '%s' cannot be served. Relative filenames with '..' in them are not supported.", filename);
+ buffer_strcat(w->response.data, "Relative filenames are not supported: ");
+ buffer_strcat_htmlescape(w->response.data, filename);
return 400;
}
// access the file
char webfilename[FILENAME_MAX + 1];
- snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename);
+ snprintfz(webfilename, FILENAME_MAX, "%s/%s", netdata_configured_web_dir, filename);
// check if the file exists
struct stat stat;
if(lstat(webfilename, &stat) != 0) {
debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename);
- buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename);
+ buffer_strcat(w->response.data, "File does not exist, or is not accessible: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 404;
}
// check if the file is owned by expected user
if(stat.st_uid != web_files_uid()) {
error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
- buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ buffer_strcat(w->response.data, "Access to file is not permitted: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 403;
}
// check if the file is owned by expected group
if(stat.st_gid != web_files_gid()) {
error("%llu: File '%s' is owned by group %u (expected group %u). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid());
- buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ buffer_strcat(w->response.data, "Access to file is not permitted: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 403;
}
if((stat.st_mode & S_IFMT) != S_IFREG) {
error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename);
- buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename);
+ buffer_strcat(w->response.data, "Access to file is not permitted: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 403;
}
if(errno == EBUSY || errno == EAGAIN) {
error("%llu: File '%s' is busy, sending 307 Moved Temporarily to force retry.", w->id, webfilename);
buffer_sprintf(w->response.header, "Location: /" WEB_PATH_FILE "/%s\r\n", filename);
- buffer_sprintf(w->response.data, "The file '%s' is currently busy. Please try again later.", webfilename);
+ buffer_strcat(w->response.data, "File is currently busy, please try again later: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 307;
}
else {
error("%llu: Cannot open file '%s'.", w->id, webfilename);
- buffer_sprintf(w->response.data, "Cannot open file '%s'.", webfilename);
+ buffer_strcat(w->response.data, "Cannot open file: ");
+ buffer_strcat_htmlescape(w->response.data, webfilename);
return 404;
}
}
w->wait_send = 0;
buffer_flush(w->response.data);
w->response.rlen = stat.st_size;
+#ifdef __APPLE__
+ w->response.data->date = stat.st_mtimespec.tv_sec;
+#else
w->response.data->date = stat.st_mtim.tv_sec;
+#endif /* __APPLE__ */
+ buffer_cacheable(w->response.data);
return 200;
}
#ifdef NETDATA_WITH_ZLIB
void web_client_enable_deflate(struct web_client *w, int gzip) {
if(unlikely(w->response.zinitialized)) {
- error("%llu: Compression has already be initialized for this client.", w->id);
+ debug(D_DEFLATE, "%llu: Compression has already be initialized for this client.", w->id);
return;
}
if(options & RRDR_OPTION_ABSOLUTE) {
if(count++) buffer_strcat(wb, " ");
- buffer_strcat(wb, "abs");
+ buffer_strcat(wb, "absolute");
}
if(options & RRDR_OPTION_SECONDS) {
int all = 0;
while(url) {
- char *value = mystrsep(&url, "?&[]");
+ char *value = mystrsep(&url, "?&");
if (!value || !*value) continue;
if(!strcmp(value, "all")) all = 1;
uint32_t after = 0;
while(url) {
- char *value = mystrsep(&url, "?&[]");
+ char *value = mystrsep(&url, "?&");
if (!value || !*value) continue;
char *name = mystrsep(&value, "=");
return 200;
}
-int web_client_api_request_v1_charts(struct web_client *w, char *url)
-{
- (void)url;
-
- buffer_flush(w->response.data);
- w->response.data->contenttype = CT_APPLICATION_JSON;
- rrd_stats_api_v1_charts(w->response.data);
- return 200;
-}
-
-int web_client_api_request_v1_chart(struct web_client *w, char *url)
+int web_client_api_request_single_chart(struct web_client *w, char *url, void callback(RRDSET *st, BUFFER *buf))
{
int ret = 400;
char *chart = NULL;
buffer_flush(w->response.data);
while(url) {
- char *value = mystrsep(&url, "?&[]");
+ char *value = mystrsep(&url, "?&");
if(!value || !*value) continue;
char *name = mystrsep(&value, "=");
RRDSET *st = rrdset_find(chart);
if(!st) st = rrdset_find_byname(chart);
if(!st) {
- buffer_sprintf(w->response.data, "Chart '%s' is not found.", chart);
+ buffer_strcat(w->response.data, "Chart is not found: ");
+ buffer_strcat_htmlescape(w->response.data, chart);
ret = 404;
goto cleanup;
}
w->response.data->contenttype = CT_APPLICATION_JSON;
- rrd_stats_api_v1_chart(st, w->response.data);
+ callback(st, w->response.data);
return 200;
-cleanup:
+ cleanup:
return ret;
}
+int web_client_api_request_v1_alarm_variables(struct web_client *w, char *url)
+{
+ return web_client_api_request_single_chart(w, url, health_api_v1_chart_variables2json);
+}
+
+int web_client_api_request_v1_charts(struct web_client *w, char *url)
+{
+ (void)url;
+
+ buffer_flush(w->response.data);
+ w->response.data->contenttype = CT_APPLICATION_JSON;
+ rrd_stats_api_v1_charts(w->response.data);
+ return 200;
+}
+
+int web_client_api_request_v1_allmetrics(struct web_client *w, char *url)
+{
+ int format = ALLMETRICS_SHELL;
+
+ while(url) {
+ char *value = mystrsep(&url, "?&");
+ if (!value || !*value) continue;
+
+ char *name = mystrsep(&value, "=");
+ if(!name || !*name) continue;
+ if(!value || !*value) continue;
+
+ if(!strcmp(name, "format")) {
+ if(!strcmp(value, ALLMETRICS_FORMAT_SHELL))
+ format = ALLMETRICS_SHELL;
+ else if(!strcmp(value, ALLMETRICS_FORMAT_PROMETHEUS))
+ format = ALLMETRICS_PROMETHEUS;
+ else
+ format = 0;
+ }
+ }
+
+ buffer_flush(w->response.data);
+ buffer_no_cacheable(w->response.data);
+
+ switch(format) {
+ case ALLMETRICS_SHELL:
+ w->response.data->contenttype = CT_TEXT_PLAIN;
+ rrd_stats_api_v1_charts_allmetrics_shell(w->response.data);
+ return 200;
+
+ case ALLMETRICS_PROMETHEUS:
+ w->response.data->contenttype = CT_PROMETHEUS;
+ rrd_stats_api_v1_charts_allmetrics_prometheus(w->response.data);
+ return 200;
+
+ default:
+ w->response.data->contenttype = CT_TEXT_PLAIN;
+ buffer_strcat(w->response.data, "Which format? Only '" ALLMETRICS_FORMAT_SHELL "' and '" ALLMETRICS_FORMAT_PROMETHEUS "' is currently supported.");
+ return 400;
+ }
+}
+
+int web_client_api_request_v1_chart(struct web_client *w, char *url)
+{
+ return web_client_api_request_single_chart(w, url, rrd_stats_api_v1_chart);
+}
+
int web_client_api_request_v1_badge(struct web_client *w, char *url) {
int ret = 400;
buffer_flush(w->response.data);
- w->response.data->options |= WB_CONTENT_NO_CACHEABLE;
-
BUFFER *dimensions = NULL;
const char *chart = NULL
uint32_t options = 0x00000000;
while(url) {
- char *value = mystrsep(&url, "/?&[]");
+ char *value = mystrsep(&url, "/?&");
if(!value || !*value) continue;
char *name = mystrsep(&value, "=");
}
if(!chart || !*chart) {
+ buffer_no_cacheable(w->response.data);
buffer_sprintf(w->response.data, "No chart id is given at the request.");
goto cleanup;
}
RRDSET *st = rrdset_find(chart);
if(!st) st = rrdset_find_byname(chart);
if(!st) {
- buffer_svg(w->response.data, "chart not found", 0, "", NULL, NULL, 1, -1);
+ buffer_no_cacheable(w->response.data);
+ buffer_svg(w->response.data, "chart not found", NAN, "", NULL, NULL, -1);
ret = 200;
goto cleanup;
}
if(alarm) {
rc = rrdcalc_find(st, alarm);
if (!rc) {
- buffer_svg(w->response.data, "alarm not found", 0, "", NULL, NULL, 1, -1);
+ buffer_no_cacheable(w->response.data);
+ buffer_svg(w->response.data, "alarm not found", NAN, "", NULL, NULL, -1);
ret = 200;
goto cleanup;
}
}
- long long multiply = (multiply_str && *multiply_str )?atol(multiply_str):1;
- long long divide = (divide_str && *divide_str )?atol(divide_str):1;
- long long before = (before_str && *before_str )?atol(before_str):0;
- long long after = (after_str && *after_str )?atol(after_str):-st->update_every;
- int points = (points_str && *points_str )?atoi(points_str):1;
- int precision = (precision_str && *precision_str)?atoi(precision_str):-1;
+ long long multiply = (multiply_str && *multiply_str )?str2l(multiply_str):1;
+ long long divide = (divide_str && *divide_str )?str2l(divide_str):1;
+ long long before = (before_str && *before_str )?str2l(before_str):0;
+ long long after = (after_str && *after_str )?str2l(after_str):-st->update_every;
+ int points = (points_str && *points_str )?str2i(points_str):1;
+ int precision = (precision_str && *precision_str)?str2i(precision_str):-1;
if(!multiply) multiply = 1;
if(!divide) divide = 1;
else if(options & RRDR_OPTION_NOT_ALIGNED)
refresh = st->update_every;
else {
- refresh = (before - after);
+ refresh = (int)(before - after);
if(refresh < 0) refresh = -refresh;
}
}
else {
- refresh = atoi(refresh_str);
+ refresh = str2i(refresh_str);
if(refresh < 0) refresh = -refresh;
}
}
);
if(rc) {
- calculated_number n = rc->value;
- if(isnan(n) || isinf(n)) n = 0;
-
- if (refresh > 0)
+ if (refresh > 0) {
buffer_sprintf(w->response.header, "Refresh: %d\r\n", refresh);
+ w->response.data->expires = now_realtime_sec() + refresh;
+ }
+ else buffer_no_cacheable(w->response.data);
if(!value_color) {
switch(rc->status) {
}
}
- buffer_svg(w->response.data, label, rc->value * multiply / divide, units, label_color, value_color, 0, precision);
+ buffer_svg(w->response.data,
+ label,
+ (isnan(rc->value)||isinf(rc->value)) ? rc->value : rc->value * multiply / divide,
+ units,
+ label_color,
+ value_color,
+ precision);
ret = 200;
}
else {
time_t latest_timestamp = 0;
int value_is_null = 1;
- calculated_number n = 0;
+ calculated_number n = NAN;
ret = 500;
// if the collected value is too old, don't calculate its value
- if (rrdset_last_entry_t(st) >= (time(NULL) - (st->update_every * st->gap_when_lost_iterations_above)))
- ret = rrd2value(st, w->response.data, &n, (dimensions) ? buffer_tostring(dimensions) : NULL, points, after,
- before, group, options, NULL, &latest_timestamp, &value_is_null);
+ if (rrdset_last_entry_t(st) >= (now_realtime_sec() - (st->update_every * st->gap_when_lost_iterations_above)))
+ ret = rrd2value(st,
+ w->response.data,
+ &n,
+ (dimensions) ? buffer_tostring(dimensions) : NULL,
+ points,
+ after,
+ before,
+ group,
+ options,
+ NULL,
+ &latest_timestamp,
+ &value_is_null);
// if the value cannot be calculated, show empty badge
if (ret != 200) {
+ buffer_no_cacheable(w->response.data);
value_is_null = 1;
n = 0;
ret = 200;
}
- else if (refresh > 0)
+ else if (refresh > 0) {
buffer_sprintf(w->response.header, "Refresh: %d\r\n", refresh);
+ w->response.data->expires = now_realtime_sec() + refresh;
+ }
+ else buffer_no_cacheable(w->response.data);
// render the badge
- buffer_svg(w->response.data, label, n * multiply / divide, units, label_color, value_color, value_is_null,
- precision);
+ buffer_svg(w->response.data,
+ label,
+ (value_is_null)?NAN:(n * multiply / divide),
+ units,
+ label_color,
+ value_color,
+ precision);
}
cleanup:
uint32_t options = 0x00000000;
while(url) {
- char *value = mystrsep(&url, "?&[]");
+ char *value = mystrsep(&url, "?&");
if(!value || !*value) continue;
char *name = mystrsep(&value, "=");
RRDSET *st = rrdset_find(chart);
if(!st) st = rrdset_find_byname(chart);
if(!st) {
- buffer_sprintf(w->response.data, "Chart '%s' is not found.", chart);
+ buffer_strcat(w->response.data, "Chart is not found: ");
+ buffer_strcat_htmlescape(w->response.data, chart);
ret = 404;
goto cleanup;
}
- long long before = (before_str && *before_str)?atol(before_str):0;
- long long after = (after_str && *after_str) ?atol(after_str):0;
- int points = (points_str && *points_str)?atoi(points_str):0;
+ long long before = (before_str && *before_str)?str2l(before_str):0;
+ long long after = (after_str && *after_str) ?str2l(after_str):0;
+ int points = (points_str && *points_str)?str2i(points_str):0;
debug(D_WEB_CLIENT, "%llu: API command 'data' for chart '%s', dimensions '%s', after '%lld', before '%lld', points '%d', group '%d', format '%u', options '0x%08x'"
, w->id
}
-#define REGISTRY_VERIFY_COOKIES_GUID "give-me-back-this-cookie-now--please"
-
int web_client_api_request_v1_registry(struct web_client *w, char *url)
{
static uint32_t hash_action = 0, hash_access = 0, hash_hello = 0, hash_delete = 0, hash_search = 0,
*/
}
- char person_guid[36 + 1] = "";
+ char person_guid[GUID_LEN + 1] = "";
debug(D_WEB_CLIENT, "%llu: API v1 registry with URL '%s'", w->id, url);
*/
while(url) {
- char *value = mystrsep(&url, "?&[]");
+ char *value = mystrsep(&url, "?&");
if (!value || !*value) continue;
char *name = mystrsep(&value, "=");
#endif /* NETDATA_INTERNAL_CHECKS */
}
- if(web_donotrack_comply && w->donottrack) {
+ if(respect_web_browser_do_not_track_policy && w->donottrack) {
buffer_flush(w->response.data);
buffer_sprintf(w->response.data, "Your web browser is sending 'DNT: 1' (Do Not Track). The registry requires persistent cookies on your browser to work.");
return 400;
}
if(action == 'A' && (!machine_guid || !machine_url || !url_name)) {
+ error("Invalid registry request - access requires these parameters: machine ('%s'), url ('%s'), name ('%s')",
+ machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", url_name?url_name:"UNSET");
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Invalid registry request - access requires these parameters: machine ('%s'), url ('%s'), name ('%s')",
- machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", url_name?url_name:"UNSET");
+ buffer_strcat(w->response.data, "Invalid registry Access request.");
return 400;
}
else if(action == 'D' && (!machine_guid || !machine_url || !delete_url)) {
+ error("Invalid registry request - delete requires these parameters: machine ('%s'), url ('%s'), delete_url ('%s')",
+ machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", delete_url?delete_url:"UNSET");
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Invalid registry request - delete requires these parameters: machine ('%s'), url ('%s'), delete_url ('%s')",
- machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", delete_url?delete_url:"UNSET");
+ buffer_strcat(w->response.data, "Invalid registry Delete request.");
return 400;
}
else if(action == 'S' && (!machine_guid || !machine_url || !search_machine_guid)) {
+ error("Invalid registry request - search requires these parameters: machine ('%s'), url ('%s'), for ('%s')",
+ machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", search_machine_guid?search_machine_guid:"UNSET");
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Invalid registry request - search requires these parameters: machine ('%s'), url ('%s'), for ('%s')",
- machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", search_machine_guid?search_machine_guid:"UNSET");
+ buffer_strcat(w->response.data, "Invalid registry Search request.");
return 400;
}
else if(action == 'W' && (!machine_guid || !machine_url || !to_person_guid)) {
+ error("Invalid registry request - switching identity requires these parameters: machine ('%s'), url ('%s'), to ('%s')",
+ machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", to_person_guid?to_person_guid:"UNSET");
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Invalid registry request - switching identity requires these parameters: machine ('%s'), url ('%s'), to ('%s')",
- machine_guid?machine_guid:"UNSET", machine_url?machine_url:"UNSET", to_person_guid?to_person_guid:"UNSET");
+ buffer_strcat(w->response.data, "Invalid registry Switch request.");
return 400;
}
switch(action) {
case 'A':
w->tracking_required = 1;
- if(registry_verify_cookies_redirects() > 0 && (!cookie || !person_guid[0])) {
- buffer_flush(w->response.data);
- registry_set_cookie(w, REGISTRY_VERIFY_COOKIES_GUID);
- w->response.data->contenttype = CT_APPLICATION_JSON;
- buffer_sprintf(w->response.data, "{ \"status\": \"redirect\", \"registry\": \"%s\" }", registry_to_announce());
- return 200;
-
-/*
- * it seems that web browsers are ignoring 307 (Moved Temporarily)
- * under certain conditions, when using CORS
- * so this is commented and we use application level redirects instead
- *
- redirects++;
-
- if(redirects > registry_verify_cookies_redirects()) {
- buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Your browser does not support cookies");
- return 400;
- }
-
- char *encoded_url = url_encode(machine_url);
- if(!encoded_url) {
- error("%llu: Cannot URL encode string '%s'", w->id, machine_url);
- return 500;
- }
-
- char *encoded_name = url_encode(url_name);
- if(!encoded_name) {
- free(encoded_url);
- error("%llu: Cannot URL encode string '%s'", w->id, url_name);
- return 500;
- }
-
- char *encoded_guid = url_encode(machine_guid);
- if(!encoded_guid) {
- free(encoded_url);
- free(encoded_name);
- error("%llu: Cannot URL encode string '%s'", w->id, machine_guid);
- return 500;
- }
-
- buffer_sprintf(w->response.header, "Location: %s/api/v1/registry?action=access&machine=%s&name=%s&url=%s&redirects=%d\r\n",
- registry_to_announce(), encoded_guid, encoded_name, encoded_url, redirects);
-
- free(encoded_guid);
- free(encoded_name);
- free(encoded_url);
- return 307
-*/
- }
-
- if(unlikely(cookie && person_guid[0] && !strcmp(person_guid, REGISTRY_VERIFY_COOKIES_GUID)))
- person_guid[0] = '\0';
-
- return registry_request_access_json(w, person_guid, machine_guid, machine_url, url_name, time(NULL));
+ return registry_request_access_json(w, person_guid, machine_guid, machine_url, url_name, now_realtime_sec());
case 'D':
w->tracking_required = 1;
- return registry_request_delete_json(w, person_guid, machine_guid, machine_url, delete_url, time(NULL));
+ return registry_request_delete_json(w, person_guid, machine_guid, machine_url, delete_url, now_realtime_sec());
case 'S':
w->tracking_required = 1;
- return registry_request_search_json(w, person_guid, machine_guid, machine_url, search_machine_guid, time(NULL));
+ return registry_request_search_json(w, person_guid, machine_guid, machine_url, search_machine_guid, now_realtime_sec());
case 'W':
w->tracking_required = 1;
- return registry_request_switch_json(w, person_guid, machine_guid, machine_url, to_person_guid, time(NULL));
+ return registry_request_switch_json(w, person_guid, machine_guid, machine_url, to_person_guid, now_realtime_sec());
case 'H':
return registry_request_hello_json(w);
}
int web_client_api_request_v1(struct web_client *w, char *url) {
- static uint32_t hash_data = 0, hash_chart = 0, hash_charts = 0, hash_registry = 0, hash_badge = 0, hash_alarms = 0, hash_alarm_log = 0;
+ static uint32_t hash_data = 0, hash_chart = 0, hash_charts = 0, hash_registry = 0, hash_badge = 0, hash_alarms = 0, hash_alarm_log = 0, hash_alarm_variables = 0, hash_raw = 0;
if(unlikely(hash_data == 0)) {
hash_data = simple_hash("data");
hash_badge = simple_hash("badge.svg");
hash_alarms = simple_hash("alarms");
hash_alarm_log = simple_hash("alarm_log");
+ hash_alarm_variables = simple_hash("alarm_variables");
+ hash_raw = simple_hash("allmetrics");
}
// get the command
else if(hash == hash_alarm_log && !strcmp(tok, "alarm_log"))
return web_client_api_request_v1_alarm_log(w, url);
+ else if(hash == hash_alarm_variables && !strcmp(tok, "alarm_variables"))
+ return web_client_api_request_v1_alarm_variables(w, url);
+
+ else if(hash == hash_raw && !strcmp(tok, "allmetrics"))
+ return web_client_api_request_v1_allmetrics(w, url);
+
else {
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Unsupported v1 API command: %s", tok);
+ buffer_strcat(w->response.data, "Unsupported v1 API command: ");
+ buffer_strcat_htmlescape(w->response.data, tok);
return 404;
}
}
else {
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "API v1 command?");
+ buffer_sprintf(w->response.data, "Which API v1 command?");
return 400;
}
}
return web_client_api_request_v1(w, url);
else {
buffer_flush(w->response.data);
- buffer_sprintf(w->response.data, "Unsupported API version: %s", tok);
+ buffer_strcat(w->response.data, "Unsupported API version: ");
+ buffer_strcat_htmlescape(w->response.data, tok);
return 404;
}
}
int web_client_api_old_data_request(struct web_client *w, char *url, int datasource_type)
{
+ if(!url || !*url) {
+ buffer_flush(w->response.data);
+ buffer_sprintf(w->response.data, "Incomplete request.");
+ return 400;
+ }
+
RRDSET *st = NULL;
char *args = strchr(url, '?');
if(url) {
// parse the lines required
tok = mystrsep(&url, "/");
- if(tok) lines = atoi(tok);
+ if(tok) lines = str2i(tok);
if(lines < 1) lines = 1;
}
if(url) {
// parse the group count required
tok = mystrsep(&url, "/");
- if(tok && *tok) group_count = atoi(tok);
+ if(tok && *tok) group_count = str2i(tok);
if(group_count < 1) group_count = 1;
//if(group_count > save_history / 20) group_count = save_history / 20;
}
if(url) {
// parse after time
tok = mystrsep(&url, "/");
- if(tok && *tok) after = strtoul(tok, NULL, 10);
+ if(tok && *tok) after = str2ul(tok);
if(after < 0) after = 0;
}
if(url) {
// parse before time
tok = mystrsep(&url, "/");
- if(tok && *tok) before = strtoul(tok, NULL, 10);
+ if(tok && *tok) before = str2ul(tok);
if(before < 0) before = 0;
}
if(url) {
case CT_IMAGE_ICNS:
return "image/icns";
+ case CT_PROMETHEUS:
+ return "text/plain; version=0.0.4";
+
default:
case CT_TEXT_PLAIN:
return "text/plain; charset=utf-8";
if(strcasestr(v, "keep-alive"))
w->keepalive = 1;
}
- else if(web_donotrack_comply && hash == hash_donottrack && !strcasecmp(s, "DNT")) {
+ else if(respect_web_browser_do_not_track_policy && hash == hash_donottrack && !strcasecmp(s, "DNT")) {
if(*v == '0') w->donottrack = 0;
else if(*v == '1') w->donottrack = 1;
}
return -3;
}
+static inline void web_client_send_http_header(struct web_client *w) {
+ if(unlikely(w->response.code != 200))
+ buffer_no_cacheable(w->response.data);
+
+ // set a proper expiration date, if not already set
+ if(unlikely(!w->response.data->expires)) {
+ if(w->response.data->options & WB_CONTENT_NO_CACHEABLE)
+ w->response.data->expires = w->tv_ready.tv_sec + rrd_update_every;
+ else
+ w->response.data->expires = w->tv_ready.tv_sec + 86400;
+ }
+
+ // prepare the HTTP response header
+ debug(D_WEB_CLIENT, "%llu: Generating HTTP header with response %d.", w->id, w->response.code);
+
+ const char *content_type_string = web_content_type_to_string(w->response.data->contenttype);
+ const char *code_msg = web_response_code_to_string(w->response.code);
+
+ // prepare the last modified and expiration dates
+ char date[32], edate[32];
+ {
+ struct tm tmbuf, *tm;
+
+ tm = gmtime_r(&w->response.data->date, &tmbuf);
+ strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %Z", tm);
+
+ tm = gmtime_r(&w->response.data->expires, &tmbuf);
+ strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", tm);
+ }
+
+ buffer_sprintf(w->response.header_output,
+ "HTTP/1.1 %d %s\r\n"
+ "Connection: %s\r\n"
+ "Server: NetData Embedded HTTP Server\r\n"
+ "Access-Control-Allow-Origin: %s\r\n"
+ "Access-Control-Allow-Credentials: true\r\n"
+ "Content-Type: %s\r\n"
+ "Date: %s\r\n"
+ , w->response.code, code_msg
+ , w->keepalive?"keep-alive":"close"
+ , w->origin
+ , content_type_string
+ , date
+ );
+
+ if(unlikely(web_x_frame_options))
+ buffer_sprintf(w->response.header_output, "X-Frame-Options: %s\r\n", web_x_frame_options);
+
+ if(w->cookie1[0] || w->cookie2[0]) {
+ if(w->cookie1[0]) {
+ buffer_sprintf(w->response.header_output,
+ "Set-Cookie: %s\r\n",
+ w->cookie1);
+ }
+
+ if(w->cookie2[0]) {
+ buffer_sprintf(w->response.header_output,
+ "Set-Cookie: %s\r\n",
+ w->cookie2);
+ }
+
+ if(respect_web_browser_do_not_track_policy)
+ buffer_sprintf(w->response.header_output,
+ "Tk: T;cookies\r\n");
+ }
+ else {
+ if(respect_web_browser_do_not_track_policy) {
+ if(w->tracking_required)
+ buffer_sprintf(w->response.header_output,
+ "Tk: T;cookies\r\n");
+ else
+ buffer_sprintf(w->response.header_output,
+ "Tk: N\r\n");
+ }
+ }
+
+ if(w->mode == WEB_CLIENT_MODE_OPTIONS) {
+ buffer_strcat(w->response.header_output,
+ "Access-Control-Allow-Methods: GET, OPTIONS\r\n"
+ "Access-Control-Allow-Headers: accept, x-requested-with, origin, content-type, cookie, pragma, cache-control\r\n"
+ "Access-Control-Max-Age: 1209600\r\n" // 86400 * 14
+ );
+ }
+ else {
+ buffer_sprintf(w->response.header_output,
+ "Cache-Control: %s\r\n"
+ "Expires: %s\r\n",
+ (w->response.data->options & WB_CONTENT_NO_CACHEABLE)?"no-cache":"public",
+ edate);
+ }
+
+ // copy a possibly available custom header
+ if(unlikely(buffer_strlen(w->response.header)))
+ buffer_strcat(w->response.header_output, buffer_tostring(w->response.header));
+
+ // headers related to the transfer method
+ if(likely(w->response.zoutput)) {
+ buffer_strcat(w->response.header_output,
+ "Content-Encoding: gzip\r\n"
+ "Transfer-Encoding: chunked\r\n"
+ );
+ }
+ else {
+ if(likely((w->response.data->len || w->response.rlen))) {
+ // we know the content length, put it
+ buffer_sprintf(w->response.header_output, "Content-Length: %zu\r\n", w->response.data->len? w->response.data->len: w->response.rlen);
+ }
+ else {
+ // we don't know the content length, disable keep-alive
+ w->keepalive = 0;
+ }
+ }
+
+ // end of HTTP header
+ buffer_strcat(w->response.header_output, "\r\n");
+
+ // sent the HTTP header
+ debug(D_WEB_DATA, "%llu: Sending response HTTP header of size %zu: '%s'"
+ , w->id
+ , buffer_strlen(w->response.header_output)
+ , buffer_tostring(w->response.header_output)
+ );
+
+ web_client_crock_socket(w);
+
+ ssize_t bytes = send(w->ofd, buffer_tostring(w->response.header_output), buffer_strlen(w->response.header_output), 0);
+ if(bytes != (ssize_t) buffer_strlen(w->response.header_output)) {
+ if(bytes > 0)
+ w->stats_sent_bytes += bytes;
+
+ debug(D_WEB_CLIENT, "%llu: HTTP Header failed to be sent (I sent %zu bytes but the system sent %zd bytes). Closing web client."
+ , w->id
+ , buffer_strlen(w->response.header_output)
+ , bytes);
+
+ WEB_CLIENT_IS_DEAD(w);
+ return;
+ }
+ else
+ w->stats_sent_bytes += bytes;
+}
+
void web_client_process(struct web_client *w) {
- static uint32_t hash_api = 0, hash_netdata_conf = 0, hash_data = 0, hash_datasource = 0, hash_graph = 0,
- hash_list = 0, hash_all_json = 0, hash_exit = 0, hash_debug = 0, hash_mirror = 0;
+ static uint32_t
+ hash_api = 0,
+ hash_netdata_conf = 0,
+ hash_data = 0,
+ hash_datasource = 0,
+ hash_graph = 0,
+ hash_list = 0,
+ hash_all_json = 0;
+
+#ifdef NETDATA_INTERNAL_CHECKS
+ static uint32_t hash_exit = 0, hash_debug = 0, hash_mirror = 0;
+#endif
// start timing us
- gettimeofday(&w->tv_in, NULL);
+ now_realtime_timeval(&w->tv_in);
if(unlikely(!hash_api)) {
hash_api = simple_hash("api");
hash_graph = simple_hash(WEB_PATH_GRAPH);
hash_list = simple_hash("list");
hash_all_json = simple_hash("all.json");
+#ifdef NETDATA_INTERNAL_CHECKS
hash_exit = simple_hash("exit");
hash_debug = simple_hash("debug");
hash_mirror = simple_hash("mirror");
+#endif
}
int code = 500;
- ssize_t bytes;
int what_to_do = http_request_validate(w);
error("web request to exit received.");
netdata_cleanup_and_exit(0);
- netdata_exit = 1;
}
else if(hash == hash_debug && strcmp(tok, "debug") == 0) {
buffer_flush(w->response.data);
if(!st) st = rrdset_find(tok);
if(!st) {
code = 404;
- buffer_sprintf(w->response.data, "Chart %s is not found.\r\n", tok);
+ buffer_strcat(w->response.data, "Chart is not found: ");
+ buffer_strcat_htmlescape(w->response.data, tok);
debug(D_WEB_CLIENT_ACCESS, "%llu: %s is not found.", w->id, tok);
}
else {
code = 200;
debug_flags |= D_RRD_STATS;
st->debug = !st->debug;
- buffer_sprintf(w->response.data, "Chart %s has now debug %s.\r\n", tok, st->debug?"enabled":"disabled");
+ buffer_sprintf(w->response.data, "Chart has now debug %s: ", st->debug?"enabled":"disabled");
+ buffer_strcat_htmlescape(w->response.data, tok);
debug(D_WEB_CLIENT_ACCESS, "%llu: debug for %s is %s.", w->id, tok, st->debug?"enabled":"disabled");
}
}
}
}
- gettimeofday(&w->tv_ready, NULL);
- w->response.data->date = time(NULL);
+ now_realtime_timeval(&w->tv_ready);
w->response.sent = 0;
w->response.code = code;
- // prepare the HTTP response header
- debug(D_WEB_CLIENT, "%llu: Generating HTTP header with response %d.", w->id, code);
-
- const char *content_type_string = web_content_type_to_string(w->response.data->contenttype);
- const char *code_msg = web_response_code_to_string(code);
-
- char date[32];
- struct tm tmbuf, *tm = gmtime_r(&w->response.data->date, &tmbuf);
- strftime(date, sizeof(date), "%a, %d %b %Y %H:%M:%S %Z", tm);
+ // set a proper last modified date
+ if(unlikely(!w->response.data->date))
+ w->response.data->date = w->tv_ready.tv_sec;
- buffer_sprintf(w->response.header_output,
- "HTTP/1.1 %d %s\r\n"
- "Connection: %s\r\n"
- "Server: NetData Embedded HTTP Server\r\n"
- "Access-Control-Allow-Origin: %s\r\n"
- "Access-Control-Allow-Credentials: true\r\n"
- "Content-Type: %s\r\n"
- "Date: %s\r\n"
- , code, code_msg
- , w->keepalive?"keep-alive":"close"
- , w->origin
- , content_type_string
- , date
- );
-
- if(w->cookie1[0] || w->cookie2[0]) {
- if(w->cookie1[0]) {
- buffer_sprintf(w->response.header_output,
- "Set-Cookie: %s\r\n",
- w->cookie1);
- }
-
- if(w->cookie2[0]) {
- buffer_sprintf(w->response.header_output,
- "Set-Cookie: %s\r\n",
- w->cookie2);
- }
-
- if(web_donotrack_comply)
- buffer_sprintf(w->response.header_output,
- "Tk: T;cookies\r\n");
- }
- else {
- if(web_donotrack_comply) {
- if(w->tracking_required)
- buffer_sprintf(w->response.header_output,
- "Tk: T;cookies\r\n");
- else
- buffer_sprintf(w->response.header_output,
- "Tk: N\r\n");
- }
- }
-
- if(w->mode == WEB_CLIENT_MODE_OPTIONS) {
- buffer_strcat(w->response.header_output,
- "Access-Control-Allow-Methods: GET, OPTIONS\r\n"
- "Access-Control-Allow-Headers: accept, x-requested-with, origin, content-type, cookie\r\n"
- "Access-Control-Max-Age: 1209600\r\n" // 86400 * 14
- );
- }
-
- if(buffer_strlen(w->response.header))
- buffer_strcat(w->response.header_output, buffer_tostring(w->response.header));
-
- if(w->mode == WEB_CLIENT_MODE_NORMAL && (w->response.data->options & WB_CONTENT_NO_CACHEABLE)) {
- buffer_sprintf(w->response.header_output,
- "Expires: %s\r\n"
- "Cache-Control: no-cache\r\n"
- , date);
- }
- else if(w->mode != WEB_CLIENT_MODE_OPTIONS) {
- char edate[32];
- time_t et = w->response.data->date + (86400 * 14);
- struct tm etmbuf, *etm = gmtime_r(&et, &etmbuf);
- strftime(edate, sizeof(edate), "%a, %d %b %Y %H:%M:%S %Z", etm);
-
- buffer_sprintf(w->response.header_output,
- "Expires: %s\r\n"
- "Cache-Control: public\r\n"
- , edate);
- }
-
- // if we know the content length, put it
- if(!w->response.zoutput && (w->response.data->len || w->response.rlen))
- buffer_sprintf(w->response.header_output,
- "Content-Length: %zu\r\n"
- , w->response.data->len? w->response.data->len: w->response.rlen
- );
- else if(!w->response.zoutput)
- w->keepalive = 0; // content-length is required for keep-alive
-
- if(w->response.zoutput) {
- buffer_strcat(w->response.header_output,
- "Content-Encoding: gzip\r\n"
- "Transfer-Encoding: chunked\r\n"
- );
- }
-
- buffer_strcat(w->response.header_output, "\r\n");
-
- // sent the HTTP header
- debug(D_WEB_DATA, "%llu: Sending response HTTP header of size %zu: '%s'"
- , w->id
- , buffer_strlen(w->response.header_output)
- , buffer_tostring(w->response.header_output)
- );
-
- web_client_crock_socket(w);
-
- bytes = send(w->ofd, buffer_tostring(w->response.header_output), buffer_strlen(w->response.header_output), 0);
- if(bytes != (ssize_t) buffer_strlen(w->response.header_output)) {
- if(bytes > 0)
- w->stats_sent_bytes += bytes;
-
- debug(D_WEB_CLIENT, "%llu: HTTP Header failed to be sent (I sent %zu bytes but the system sent %zd bytes). Closing web client."
- , w->id
- , buffer_strlen(w->response.header_output)
- , bytes);
-
- WEB_CLIENT_IS_DEAD(w);
- return;
- }
- else
- w->stats_sent_bytes += bytes;
+ web_client_send_http_header(w);
// enable sending immediately if we have data
if(w->response.data->len) w->wait_send = 1;
projects / netdata.git / blobdiff