Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix hard-coded timeout and error panic in API archive download endpoint #20925

Merged
merged 2 commits into from
Aug 29, 2022

Conversation

petergardfjall
Copy link
Contributor

This commit updates the GET /api/v1/repos/{owner}/{repo}/archive/{archive}
endpoint which prior to this PR had a couple of issues.

  1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
    which a 500 (Internal Server Error) was returned to client. For a scripted
    API client there was no clear way of telling that the operation timed out and
    that it should retry.

  2. Whenever the timeout did occur, the code used to panic. This was caused by
    the API endpoint "delegating" to the same call path as the web, which uses a
    slightly different way of reporting errors (HTML rather than JSON for
    example).

    More specifically, api/v1/repo/file.go#GetArchive just called through to
    web/repo/repo.go#Download, which expects the Context to have a Render
    field set, but which is nil for API calls. Hence, a nil pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming Context is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

@petergardfjall petergardfjall force-pushed the fix-archive-download-error branch from f606db1 to e3e563a Compare August 23, 2022 12:06
archiveDownload(ctx)
}

func archiveDownload(ctx *context.APIContext) {
Copy link
Contributor Author

@petergardfjall petergardfjall Aug 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: this is very similar to web/repo/repo.go#Download (only difference is the type of context in the function signature). That is unfortunate but I didn't see any obvious way of using the same code for these since they produce very different error responses (json vs html).

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Aug 23, 2022
@petergardfjall petergardfjall force-pushed the fix-archive-download-error branch 3 times, most recently from 8c93a06 to 0e7dda6 Compare August 23, 2022 14:44
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Aug 26, 2022
@lunny lunny added type/enhancement An improvement of existing functionality backport/v1.17 skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Aug 26, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Aug 26, 2022
@6543
Copy link
Member

6543 commented Aug 26, 2022

@petergardfjall latest ci issue is related ... please ajust to new code

@prologic
Copy link

Does this PR hopefully solve some 5xx errors I'm seeing in my instance, like:

2022/08/25 15:04:16 [63078f70-7] router: completed HEAD /prologic/go-gopher/archive/:go_gopher/i0d1jMZx_shouldntexist.tar.gz for 96.47.72.93:0, 500 Internal Server Error in 8.8ms @ repo/repo.go:386(repo.Download)

@lunny
Copy link
Member

lunny commented Aug 28, 2022

:go_gopher

Maybe not, why there is a :go_gopher in the url.

@delvh
Copy link
Member

delvh commented Aug 28, 2022

Sounds to me like the recent PR we already merged with the archiver using the branch instead of the specified commit?

@petergardfjall
Copy link
Contributor Author

@petergardfjall latest ci issue is related ... please ajust to new code

CI is green now. ✔️

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
@petergardfjall petergardfjall force-pushed the fix-archive-download-error branch from 42129a9 to f129dbb Compare August 29, 2022 08:53
@6543
Copy link
Member

6543 commented Aug 29, 2022

.

@6543 6543 merged commit 4562d40 into go-gitea:main Aug 29, 2022
@petergardfjall petergardfjall deleted the fix-archive-download-error branch August 29, 2022 09:53
zjjhot added a commit to zjjhot/gitea that referenced this pull request Aug 30, 2022
* upstream/main:
  Fix typo (go-gitea#20993)
  fix broken insecureskipverify handling in rediss connection uris (go-gitea#20967)
  Redirect if user does not exist (go-gitea#20981)
  fix hard-coded timeout and error panic in API archive download endpoint (go-gitea#20925)
  Add support for Vagrant packages (go-gitea#20930)
@6543
Copy link
Member

6543 commented Aug 30, 2022

please backport :)

zeripath pushed a commit to zeripath/gitea that referenced this pull request Sep 4, 2022
…nt (go-gitea#20925)

Backport go-gitea#20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
@zeripath zeripath added the backport/done All backports for this PR have been created label Sep 4, 2022
zeripath added a commit that referenced this pull request Sep 6, 2022
…nt (#20925) (#21051)

Backport #20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
tyroneyeh added a commit to tyroneyeh/gitea that referenced this pull request Sep 7, 2022
commit 32eef4a
Author: Lunny Xiao <xiaolunwen@gmail.com>
Date:   Wed Sep 7 05:32:20 2022 +0800

    Add changelog for v1.17.2 (go-gitea#21089)

    Co-authored-by: John Olheiser <john+github@jolheiser.com>
    Co-authored-by: 6543 <6543@obermui.de>
    Co-authored-by: delvh <dev.lh@web.de>
    Co-authored-by: techknowlogick <techknowlogick@gitea.io>

commit 449b39e
Author: Tyrone Yeh <tyrone_yeh@draytek.com>
Date:   Tue Sep 6 16:42:05 2022 +0800

    Fix sub folder in repository missing add file dropdown (go-gitea#21069) (go-gitea#21083)

    Backport go-gitea#21069

    In repository sub folder missing add file dropdown menu, Probably broken since go-gitea#20602

commit 06f968d
Author: zeripath <art27@cantab.net>
Date:   Tue Sep 6 07:54:47 2022 +0100

    Fix hard-coded timeout and error panic in API archive download endpoint (go-gitea#20925) (go-gitea#21051)

    Backport go-gitea#20925

    This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
    endpoint which prior to this PR had a couple of issues.

    1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
       which a 500 (Internal Server Error) was returned to client. For a scripted
       API client there was no clear way of telling that the operation timed out and
       that it should retry.

    2. Whenever the timeout _did occur_, the code used to panic. This was caused by
       the API endpoint "delegating" to the same call path as the web, which uses a
       slightly different way of reporting errors (HTML rather than JSON for
       example).

       More specifically, `api/v1/repo/file.go#GetArchive` just called through to
       `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
       field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

    The code addresses (1) by dropping the hard-coded timeout. Instead, any
    timeout/cancelation on the incoming `Context` is used.

    The code addresses (2) by updating the API endpoint to use a separate call path
    for the API-triggered archive download. This avoids producing HTML-errors on
    errors (it now produces JSON errors).

    Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>

    Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
    Signed-off-by: Andrew Thornton <art27@cantab.net>
    Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
    Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

commit 084797b
Author: Lunny Xiao <xiaolunwen@gmail.com>
Date:   Tue Sep 6 06:48:57 2022 +0800

    Fix delete user missed some comments (go-gitea#21067) (go-gitea#21068)

commit 7888a55
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 17:17:48 2022 +0100

    Delete unreferenced packages when deleting a package version (go-gitea#20977) (go-gitea#21060)

    Backport go-gitea#20977

    Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

    Fix go-gitea#20969

    Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

commit ea416d7
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 17:17:35 2022 +0100

    Redirect if user does not exist on admin pages (go-gitea#20981) (go-gitea#21059)

    Backport go-gitea#20981

    When on /admin/users/ endpoints if the user is no longer in the DB,
    redirect instead of causing a http 500.

    Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

commit 0db6add
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 17:17:27 2022 +0100

    Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (go-gitea#20902) (go-gitea#21058)

    Backport go-gitea#20902

    When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

    Instead we move these options into the .gitconfig instead.

    Fix go-gitea#20400

    Signed-off-by: Andrew Thornton <art27@cantab.net>

    Signed-off-by: Andrew Thornton <art27@cantab.net>

commit 0ecbb71
Author: qwerty287 <80460567+qwerty287@users.noreply.github.com>
Date:   Sun Sep 4 17:12:37 2022 +0200

    Fix 500 on time in timeline API (go-gitea#21052) (go-gitea#21057)

    Backport go-gitea#21052

    Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

    Fix go-gitea#21041

commit ea38455
Author: Jason Song <i@wolfogre.com>
Date:   Sun Sep 4 23:12:01 2022 +0800

    Fill the specified ref in webhook test payload (go-gitea#20961) (go-gitea#21055)

    Backport go-gitea#20961

    The webhook payload should use the right ref when it‘s specified in the testing request.

    The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.

commit 8fc80b3
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 16:11:02 2022 +0100

    Add another index for Action table on postgres (go-gitea#21033) (go-gitea#21054)

    Backport go-gitea#21033

    In go-gitea#21031 we have discovered that on very big tables postgres will use a
    search involving the sort term in preference to the restrictive index.

    Therefore we add another index for postgres and update the original migration.

    Fix go-gitea#21031

    Signed-off-by: Andrew Thornton <art27@cantab.net>

commit 71aa64a
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 14:59:20 2022 +0100

    fix broken insecureskipverify handling in rediss connection uris (go-gitea#20967) (go-gitea#21053)

    Backport go-gitea#20967

    Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

    Fixes go-gitea#19213

    Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>

commit 3aba72c
Author: zeripath <art27@cantab.net>
Date:   Sun Sep 4 14:41:21 2022 +0100

    Add more checks in migration code (go-gitea#21011) (go-gitea#21050)

    Backport go-gitea#21011

    When migrating add several more important sanity checks:

    * SHAs must be SHAs
    * Refs must be valid Refs
    * URLs must be reasonable

    Signed-off-by: Andrew Thornton <art27@cantab.net>

commit bd1412c
Author: José Carlos <joecarlhr@gmail.com>
Date:   Sat Sep 3 21:11:03 2022 +0200

    Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (go-gitea#21017) (go-gitea#21044)

    Backport go-gitea#21017

    Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

    Fix go-gitea#21013

commit 3973ce3
Author: silverwind <me@silverwind.io>
Date:   Sat Sep 3 19:51:09 2022 +0200

    Improve arc-green code theme (go-gitea#21039) (go-gitea#21042)

    Backport go-gitea#21039

    - Increase contrasts overall
    - Add various missing theme classes
    - Ensure strings and constants are colored the same across languages

commit fbde31f
Author: Tyrone Yeh <tyrone_yeh@draytek.com>
Date:   Sat Sep 3 21:36:27 2022 +0800

    Add down key check has tribute container (go-gitea#21016) (go-gitea#21038)

    Backport go-gitea#21016

    Fixes an issue where users would not be able to select by pressing the down arrow when using @tag above a message

    Bug videos:

    https://user-images.githubusercontent.com/1255041/188095999-c4ccde18-e53b-4251-8a14-d90c4042d768.mp4
@wxiaoguang wxiaoguang added this to the 1.18.0 milestone Oct 7, 2022
vanhoang1107 added a commit to vanhoang1107/gitea that referenced this pull request Oct 31, 2022
* src/release/v1.17: (26 commits)
  Fix reaction of issues (go-gitea#21185) (go-gitea#21196)
  Fix CSV diff for added/deleted files (go-gitea#21189) (go-gitea#21193)
  Fix pagination limit parameter problem (go-gitea#21111)
  Add MD5 back to template helper functions to avoid breaking (go-gitea#21102)
  Add changelog for v1.17.2 (go-gitea#21089)
  Fix sub folder in repository missing add file dropdown (go-gitea#21069) (go-gitea#21083)
  Fix hard-coded timeout and error panic in API archive download endpoint (go-gitea#20925) (go-gitea#21051)
  Fix delete user missed some comments (go-gitea#21067) (go-gitea#21068)
  Delete unreferenced packages when deleting a package version (go-gitea#20977) (go-gitea#21060)
  Redirect if user does not exist on admin pages (go-gitea#20981) (go-gitea#21059)
  Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (go-gitea#20902) (go-gitea#21058)
  Fix 500 on time in timeline API (go-gitea#21052) (go-gitea#21057)
  Fill the specified ref in webhook test payload (go-gitea#20961) (go-gitea#21055)
  Add another index for Action table on postgres (go-gitea#21033) (go-gitea#21054)
  fix broken insecureskipverify handling in rediss connection uris (go-gitea#20967) (go-gitea#21053)
  Add more checks in migration code (go-gitea#21011) (go-gitea#21050)
  Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (go-gitea#21017) (go-gitea#21044)
  Improve arc-green code theme (go-gitea#21039) (go-gitea#21042)
  Add down key check has tribute container (go-gitea#21016) (go-gitea#21038)
  Do not add links to Posters or Assignees with ID < 0 (go-gitea#20577) (go-gitea#21037)
  ...
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. type/enhancement An improvement of existing functionality
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants