@ -4,11 +4,10 @@
package taildrop
package taildrop
import (
import (
"crypto/sha256"
"errors"
"io"
"io"
"net/http"
"net/url"
"os"
"os"
"strings"
"sync"
"sync"
"time"
"time"
@ -17,10 +16,14 @@ import (
"tailscale.com/version/distro"
"tailscale.com/version/distro"
)
)
type incomingFileKey struct {
id ClientID
name string // e.g., "foo.jpeg"
}
type incomingFile struct {
type incomingFile struct {
clock tstime . Clock
clock tstime . Clock
name string // "foo.jpg"
started time . Time
started time . Time
size int64 // or -1 if unknown; never 0
size int64 // or -1 if unknown; never 0
w io . Writer // underlying writer
w io . Writer // underlying writer
@ -33,13 +36,6 @@ type incomingFile struct {
lastNotify time . Time
lastNotify time . Time
}
}
func ( f * incomingFile ) markAndNotifyDone ( ) {
f . mu . Lock ( )
f . done = true
f . mu . Unlock ( )
f . sendFileNotify ( )
}
func ( f * incomingFile ) Write ( p [ ] byte ) ( n int , err error ) {
func ( f * incomingFile ) Write ( p [ ] byte ) ( n int , err error ) {
n , err = f . w . Write ( p )
n , err = f . w . Write ( p )
@ -62,123 +58,197 @@ func (f *incomingFile) Write(p []byte) (n int, err error) {
return n , err
return n , err
}
}
// HandlePut receives a file.
// PutFile stores a file into [Manager.Dir] from a given client id.
// It handles an HTTP PUT request to the "/v0/put/{filename}" endpoint,
// The baseName must be a base filename without any slashes.
// where {filename} is a base filename.
// The length is the expected length of content to read from r,
// It returns the number of bytes received and whether it was received successfully.
// it may be negative to indicate that it is unknown.
func ( h * Handler ) HandlePut ( w http . ResponseWriter , r * http . Request ) ( finalSize int64 , success bool ) {
//
if ! envknob . CanTaildrop ( ) {
// If there is a failure reading from r, then the partial file is not deleted
http . Error ( w , "Taildrop disabled on device" , http . StatusForbidden )
// for some period of time. The [Manager.PartialFiles] and [Manager.HashPartialFile]
return finalSize , success
// methods may be used to list all partial files and to compute the hash for a
}
// specific partial file. This allows the client to determine whether to resume
if r . Method != "PUT" {
// a partial file. While resuming, PutFile may be called again with a non-zero
http . Error ( w , "expected method PUT" , http . StatusMethodNotAllowed )
// offset to specify where to resume receiving data at.
return finalSize , success
func ( m * Manager ) PutFile ( id ClientID , baseName string , r io . Reader , offset , length int64 ) ( int64 , error ) {
}
switch {
if h == nil || h . Dir == "" {
case m == nil || m . Dir == "" :
http . Error ( w , errNoTaildrop . Error ( ) , http . StatusInternalServerError )
return 0 , ErrNoTaildrop
return finalSize , success
case ! envknob . CanTaildrop ( ) :
}
return 0 , ErrNoTaildrop
if distro . Get ( ) == distro . Unraid && ! h . DirectFileMode {
case distro . Get ( ) == distro . Unraid && ! m . DirectFileMode :
http . Error ( w , "Taildrop folder not configured or accessible" , http . StatusInternalServerError )
return 0 , ErrNotAccessible
return finalSize , success
}
}
dstPath , ok := m . joinDir ( baseName )
rawPath := r . URL . EscapedPath ( )
suffix , ok := strings . CutPrefix ( rawPath , "/v0/put/" )
if ! ok {
if ! ok {
http . Error ( w , "misconfigured internals" , http . StatusInternalServerError )
return 0 , ErrInvalidFileName
return finalSize , success
}
if suffix == "" {
http . Error ( w , "empty filename" , http . StatusBadRequest )
return finalSize , success
}
if strings . Contains ( suffix , "/" ) {
http . Error ( w , "directories not supported" , http . StatusBadRequest )
return finalSize , success
}
}
baseName , err := url . PathUnescape ( suffix )
if err != nil {
redactAndLogError := func ( action string , err error ) error {
http . Error ( w , "bad path encoding" , http . StatusBadRequest )
err = redactErr ( err )
return finalSize , success
m . Logf ( "put %v error: %v" , action , err )
return err
}
}
dstFile , ok := h . diskPath ( baseName )
if ! ok {
avoidPartialRename := m . DirectFileMode && m . AvoidFinalRename
http . Error ( w , "bad filename" , http . StatusBadRequest )
if avoidPartialRename {
return finalSize , success
// Users using AvoidFinalRename are depending on the exact filename
// of the partial files. So avoid injecting the id into it.
id = ""
}
}
// TODO(bradfitz): prevent same filename being sent by two peers at once
// prevent same filename being sent twice
// Check whether there is an in-progress transfer for the file.
if _ , err := os . Stat ( dstFile ) ; err == nil {
sendFileNotify := m . SendFileNotify
http . Error ( w , "file exists" , http . StatusConflict )
if sendFileNotify == nil {
return finalSize , success
sendFileNotify = func ( ) { } // avoid nil panics below
}
partialPath := dstPath + id . partialSuffix ( )
inFileKey := incomingFileKey { id , baseName }
inFile , loaded := m . incomingFiles . LoadOrInit ( inFileKey , func ( ) * incomingFile {
inFile := & incomingFile {
clock : m . Clock ,
started : m . Clock . Now ( ) ,
size : length ,
sendFileNotify : sendFileNotify ,
}
if m . DirectFileMode {
inFile . partialPath = partialPath
}
return inFile
} )
if loaded {
return 0 , ErrFileExists
}
}
defer m . incomingFiles . Delete ( inFileKey )
partialFile := dstFile + partialSuffix
// Create (if not already) the partial file with read-write permissions.
f , err := os . Create ( partialFile )
f , err := os . OpenFile( partialPath , os . O_CREATE | os . O_RDWR , 0666 )
if err != nil {
if err != nil {
h . Logf ( "put Create error: %v" , redactErr ( err ) )
return 0 , redactAndLogError ( "Create" , err )
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return finalSize , success
}
}
defer func ( ) {
defer func ( ) {
if ! success {
f . Close ( ) // best-effort to cleanup dangling file handles
os . Remove ( partialFile )
if err != nil {
if avoidPartialRename {
os . Remove ( partialPath ) // best-effort
return
}
// TODO: We need to delete partialPath eventually.
// However, this must be done after some period of time.
}
}
} ( )
} ( )
var inFile * incomingFile
inFile . w = f
sendFileNotify := h . SendFileNotify
if sendFileNotify == nil {
// A positive offset implies that we are resuming an existing file.
sendFileNotify = func ( ) { } // avoid nil panics below
// Seek to the appropriate offset and truncate the file.
}
if offset != 0 {
if r . ContentLength != 0 {
currLength , err := f . Seek ( 0 , io . SeekEnd )
inFile = & incomingFile {
if err != nil {
clock : h . Clock ,
return 0 , redactAndLogError ( "Seek" , err )
name : baseName ,
started : h . Clock . Now ( ) ,
size : r . ContentLength ,
w : f ,
sendFileNotify : sendFileNotify ,
}
}
if h. DirectFileMode {
if offset < 0 || offset > currLength {
inFile . partialPath = partialFile
return 0 , redactAndLogError ( "Seek" , err )
}
}
h . incomingFiles . Store ( inFile , struct { } { } )
if _ , err := f . Seek ( offset , io . SeekStart ) ; err != nil {
defer h . incomingFiles . Delete ( inFile )
return 0 , redactAndLogError ( "Seek" , err )
n , err := io . Copy ( inFile , r . Body )
}
if err != nil {
if err := f . Truncate ( offset ) ; err != nil {
err = redactErr ( err )
return 0 , redactAndLogError ( "Truncate" , err )
f . Close ( )
h . Logf ( "put Copy error: %v" , err )
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return finalSize , success
}
}
finalSize = n
}
}
if err := redactErr ( f . Close ( ) ) ; err != nil {
h . Logf ( "put Close error: %v" , err )
// Copy the contents of the file.
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
copyLength , err := io . Copy ( inFile , r )
return finalSize , success
if err != nil {
return 0 , redactAndLogError ( "Copy" , err )
}
}
if h . DirectFileMode && h . AvoidFinalRename {
if length >= 0 && copyLength != length {
if inFile != nil { // non-zero length; TODO: notify even for zero length
return 0 , redactAndLogError ( "Copy" , errors . New ( "copied an unexpected number of bytes" ) )
inFile . markAndNotifyDone ( )
}
if err := f . Close ( ) ; err != nil {
return 0 , redactAndLogError ( "Close" , err )
}
fileLength := offset + copyLength
// Return early for avoidPartialRename since users of AvoidFinalRename
// are depending on the exact naming of partial files.
if avoidPartialRename {
inFile . mu . Lock ( )
inFile . done = true
inFile . mu . Unlock ( )
m . knownEmpty . Store ( false )
sendFileNotify ( )
return fileLength , nil
}
// File has been successfully received, rename the partial file
// to the final destination filename. If a file of that name already exists,
// then try multiple times with variations of the filename.
computePartialSum := sync . OnceValues ( func ( ) ( [ sha256 . Size ] byte , error ) {
return sha256File ( partialPath )
} )
maxRetries := 10
for ; maxRetries > 0 ; maxRetries -- {
// Atomically rename the partial file as the destination file if it doesn't exist.
// Otherwise, it returns the length of the current destination file.
// The operation is atomic.
dstLength , err := func ( ) ( int64 , error ) {
m . renameMu . Lock ( )
defer m . renameMu . Unlock ( )
switch fi , err := os . Stat ( dstPath ) ; {
case os . IsNotExist ( err ) :
return - 1 , os . Rename ( partialPath , dstPath )
case err != nil :
return - 1 , err
default :
return fi . Size ( ) , nil
}
} ( )
if err != nil {
return 0 , redactAndLogError ( "Rename" , err )
}
}
} else {
if dstLength < 0 {
if err := os . Rename ( partialFile , dstFile ) ; err != nil {
break // we successfully renamed; so stop
err = redactErr ( err )
}
h . Logf ( "put final rename: %v" , err )
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
// Avoid the final rename if a destination file has the same contents.
return finalSize , success
if dstLength == fileLength {
partialSum , err := computePartialSum ( )
if err != nil {
return 0 , redactAndLogError ( "Rename" , err )
}
dstSum , err := sha256File ( dstPath )
if err != nil {
return 0 , redactAndLogError ( "Rename" , err )
}
if dstSum == partialSum {
if err := os . Remove ( partialPath ) ; err != nil {
return 0 , redactAndLogError ( "Remove" , err )
}
break // we successfully found a content match; so stop
}
}
}
}
// TODO: set modtime
// Choose a new destination filename and try again.
// TODO: some real response
dstPath = NextFilename ( dstPath )
success = true
}
io . WriteString ( w , "{}\n" )
if maxRetries <= 0 {
h . knownEmpty . Store ( false )
return 0 , errors . New ( "too many retries trying to rename partial file" )
}
m . knownEmpty . Store ( false )
sendFileNotify ( )
sendFileNotify ( )
return finalSize , success
return fileLength , nil
}
func sha256File ( file string ) ( out [ sha256 . Size ] byte , err error ) {
h := sha256 . New ( )
f , err := os . Open ( file )
if err != nil {
return out , err
}
defer f . Close ( )
if _ , err := io . Copy ( h , f ) ; err != nil {
return out , err
}
return [ sha256 . Size ] byte ( h . Sum ( nil ) ) , nil
}
}