@ -41,6 +41,7 @@ import (
"tailscale.com/taildrop"
"tailscale.com/taildrop"
"tailscale.com/types/views"
"tailscale.com/types/views"
"tailscale.com/util/clientmetric"
"tailscale.com/util/clientmetric"
"tailscale.com/util/httphdr"
"tailscale.com/wgengine/filter"
"tailscale.com/wgengine/filter"
)
)
@ -304,6 +305,10 @@ func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w . Header ( ) . Set ( "X-Frame-Options" , "DENY" )
w . Header ( ) . Set ( "X-Frame-Options" , "DENY" )
w . Header ( ) . Set ( "X-Content-Type-Options" , "nosniff" )
w . Header ( ) . Set ( "X-Content-Type-Options" , "nosniff" )
}
}
if strings . HasPrefix ( r . URL . Path , "/v0/partial-files/" ) {
h . handlePartialFileGet ( w , r )
return
}
if strings . HasPrefix ( r . URL . Path , "/v0/put/" ) {
if strings . HasPrefix ( r . URL . Path , "/v0/put/" ) {
metricPutCalls . Add ( 1 )
metricPutCalls . Add ( 1 )
h . handlePeerPut ( w , r )
h . handlePeerPut ( w , r )
@ -626,9 +631,71 @@ func (h *peerAPIHandler) peerHasCap(wantCap tailcfg.PeerCapability) bool {
return h . ps . b . PeerCaps ( h . remoteAddr . Addr ( ) ) . HasCapability ( wantCap )
return h . ps . b . PeerCaps ( h . remoteAddr . Addr ( ) ) . HasCapability ( wantCap )
}
}
var errMisconfiguredInternals = errors . New ( "misconfigured internals" )
func ( h * peerAPIHandler ) extractBaseName ( rawPath , prefix string ) ( ret string , err error ) {
prefix , ok := strings . CutPrefix ( rawPath , prefix )
if ! ok {
return "" , errMisconfiguredInternals
}
if prefix == "" {
return "" , taildrop . ErrInvalidFileName
}
if strings . Contains ( prefix , "/" ) {
return "" , taildrop . ErrInvalidFileName
}
baseName , err := url . PathUnescape ( prefix )
if err == errMisconfiguredInternals {
return "" , errMisconfiguredInternals
} else if err != nil {
return "" , taildrop . ErrInvalidFileName
}
return baseName , nil
}
func ( h * peerAPIHandler ) handlePartialFileGet ( w http . ResponseWriter , r * http . Request ) {
if ! h . ps . b . hasCapFileSharing ( ) {
http . Error ( w , taildrop . ErrNoTaildrop . Error ( ) , http . StatusForbidden )
return
}
if r . Method != "GET" {
http . Error ( w , "expected method GET" , http . StatusMethodNotAllowed )
return
}
var resp any
var err error
id := taildrop . ClientID ( h . peerNode . StableID ( ) )
if r . URL . Path == "/v0/partial-files/" {
resp , err = h . ps . taildrop . PartialFiles ( id )
} else {
baseName , _ := h . extractBaseName ( r . URL . EscapedPath ( ) , "/v0/partial-files/" )
ranges , ok := httphdr . ParseRange ( r . Header . Get ( "Range" ) )
if ! ok || len ( ranges ) != 1 || ranges [ 0 ] . Length < 0 {
http . Error ( w , "invalid Range header" , http . StatusBadRequest )
return
}
offset := ranges [ 0 ] . Start
length := ranges [ 0 ] . Length
if length == 0 {
length = - 1 // httphdr.Range.Length == 0 implies reading the rest of file
}
resp , err = h . ps . taildrop . HashPartialFile ( id , baseName , offset , length )
}
if err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
if err := json . NewEncoder ( w ) . Encode ( resp ) ; err != nil {
http . Error ( w , err . Error ( ) , http . StatusInternalServerError )
return
}
}
func ( h * peerAPIHandler ) handlePeerPut ( w http . ResponseWriter , r * http . Request ) {
func ( h * peerAPIHandler ) handlePeerPut ( w http . ResponseWriter , r * http . Request ) {
if ! h . canPutFile ( ) {
if ! h . canPutFile ( ) {
http . Error ( w , "Taildrop access denied" , http . StatusForbidden )
http . Error ( w , taildrop . ErrNoTaildrop . Error ( ) , http . StatusForbidden )
return
return
}
}
if ! h . ps . b . hasCapFileSharing ( ) {
if ! h . ps . b . hasCapFileSharing ( ) {
@ -639,28 +706,24 @@ func (h *peerAPIHandler) handlePeerPut(w http.ResponseWriter, r *http.Request) {
http . Error ( w , "expected method PUT" , http . StatusMethodNotAllowed )
http . Error ( w , "expected method PUT" , http . StatusMethodNotAllowed )
return
return
}
}
rawPath := r . URL . EscapedPath ( )
baseName , err := h . extractBaseName ( r . URL . EscapedPath ( ) , "/v0/put/" )
suffix , ok := strings . CutPrefix ( rawPath , "/v0/put/" )
if err != nil {
if ! ok {
http . Error ( w , err . Error ( ) , http . StatusBadRequest )
http . Error ( w , "misconfigured internals" , http . StatusInternalServerError )
return
}
if suffix == "" {
http . Error ( w , "empty filename" , http . StatusBadRequest )
return
return
}
}
if strings . Contains ( suffix , "/" ) {
t0 := h . ps . b . clock . Now ( )
http . Error ( w , "directories not supported" , http . StatusBadRequest )
id := taildrop . ClientID ( h . peerNode . StableID ( ) )
var offset int64
if rangeHdr := r . Header . Get ( "Range" ) ; rangeHdr != "" {
ranges , ok := httphdr . ParseRange ( rangeHdr )
if ! ok || len ( ranges ) != 1 || ranges [ 0 ] . Length != 0 {
http . Error ( w , "invalid Range header" , http . StatusBadRequest )
return
return
}
}
baseName , err := url . PathUnescape ( suffix )
offset = ranges [ 0 ] . Start
if err != nil {
http . Error ( w , "bad path encoding" , http . StatusBadRequest )
return
}
}
t0 := h . ps . b . clock . Now ( )
n , err := h . ps . taildrop . PutFile ( taildrop . ClientID ( fmt . Sprint ( id ) ) , baseName , r . Body , offset , r . ContentLength )
// TODO(rhea,joetsai): Set the client ID and starting offset.
n , err := h . ps . taildrop . PutFile ( "" , baseName , r . Body , 0 , r . ContentLength )
switch err {
switch err {
case nil :
case nil :
d := h . ps . b . clock . Since ( t0 ) . Round ( time . Second / 10 )
d := h . ps . b . clock . Since ( t0 ) . Round ( time . Second / 10 )