2023-12-26 12:41:15 +00:00
|
|
|
// Package pprof contains a pprof exporter.
|
|
|
|
package pprof
|
2020-08-30 12:10:05 +00:00
|
|
|
|
|
|
|
import (
|
2024-03-04 13:20:34 +00:00
|
|
|
"net"
|
2020-08-30 12:10:05 +00:00
|
|
|
"net/http"
|
2023-08-07 15:16:33 +00:00
|
|
|
"time"
|
2020-11-05 11:30:25 +00:00
|
|
|
|
|
|
|
// start pprof
|
2020-08-30 12:10:05 +00:00
|
|
|
_ "net/http/pprof"
|
2020-12-08 11:21:06 +00:00
|
|
|
|
2024-03-04 13:20:34 +00:00
|
|
|
"github.com/bluenviron/mediamtx/internal/auth"
|
2023-05-16 14:14:20 +00:00
|
|
|
"github.com/bluenviron/mediamtx/internal/conf"
|
|
|
|
"github.com/bluenviron/mediamtx/internal/logger"
|
2024-02-13 12:04:56 +00:00
|
|
|
"github.com/bluenviron/mediamtx/internal/protocols/httpp"
|
2023-10-31 13:19:04 +00:00
|
|
|
"github.com/bluenviron/mediamtx/internal/restrictnetwork"
|
2024-04-21 15:10:35 +00:00
|
|
|
"github.com/gin-gonic/gin"
|
2020-08-30 12:10:05 +00:00
|
|
|
)
|
|
|
|
|
2024-04-18 21:55:48 +00:00
|
|
|
type pprofAuthManager interface {
|
|
|
|
Authenticate(req *auth.Request) error
|
|
|
|
}
|
|
|
|
|
2021-07-24 13:55:42 +00:00
|
|
|
type pprofParent interface {
|
2023-05-04 18:16:41 +00:00
|
|
|
logger.Writer
|
2020-10-19 20:17:48 +00:00
|
|
|
}
|
|
|
|
|
2023-12-26 12:41:15 +00:00
|
|
|
// PPROF is a pprof exporter.
|
|
|
|
type PPROF struct {
|
2024-04-21 15:10:35 +00:00
|
|
|
Address string
|
|
|
|
Encryption bool
|
|
|
|
ServerKey string
|
|
|
|
ServerCert string
|
|
|
|
AllowOrigin string
|
|
|
|
TrustedProxies conf.IPNetworks
|
|
|
|
ReadTimeout conf.StringDuration
|
|
|
|
AuthManager pprofAuthManager
|
|
|
|
Parent pprofParent
|
2021-11-15 19:13:54 +00:00
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
httpServer *httpp.Server
|
2020-08-30 12:10:05 +00:00
|
|
|
}
|
|
|
|
|
2023-12-26 12:41:15 +00:00
|
|
|
// Initialize initializes PPROF.
|
|
|
|
func (pp *PPROF) Initialize() error {
|
2024-04-21 15:10:35 +00:00
|
|
|
router := gin.New()
|
|
|
|
router.SetTrustedProxies(pp.TrustedProxies.ToTrustedProxies()) //nolint:errcheck
|
2024-10-08 15:02:16 +00:00
|
|
|
|
|
|
|
router.Use(pp.middlewareOrigin)
|
|
|
|
router.Use(pp.middlewareAuth)
|
|
|
|
|
|
|
|
router.Use(pp.onRequest)
|
2024-04-21 15:10:35 +00:00
|
|
|
|
2023-12-26 12:41:15 +00:00
|
|
|
network, address := restrictnetwork.Restrict("tcp", pp.Address)
|
2023-07-30 21:03:00 +00:00
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
pp.httpServer = &httpp.Server{
|
2024-04-21 15:10:35 +00:00
|
|
|
Network: network,
|
|
|
|
Address: address,
|
|
|
|
ReadTimeout: time.Duration(pp.ReadTimeout),
|
|
|
|
Encryption: pp.Encryption,
|
|
|
|
ServerCert: pp.ServerCert,
|
|
|
|
ServerKey: pp.ServerKey,
|
|
|
|
Handler: router,
|
|
|
|
Parent: pp,
|
|
|
|
}
|
|
|
|
err := pp.httpServer.Initialize()
|
2023-05-16 18:12:45 +00:00
|
|
|
if err != nil {
|
2023-12-26 12:41:15 +00:00
|
|
|
return err
|
2020-08-30 12:10:05 +00:00
|
|
|
}
|
|
|
|
|
2023-05-04 18:16:41 +00:00
|
|
|
pp.Log(logger.Info, "listener opened on "+address)
|
2020-10-19 20:17:48 +00:00
|
|
|
|
2023-12-26 12:41:15 +00:00
|
|
|
return nil
|
2020-08-30 12:10:05 +00:00
|
|
|
}
|
|
|
|
|
2023-12-26 12:41:15 +00:00
|
|
|
// Close closes PPROF.
|
|
|
|
func (pp *PPROF) Close() {
|
2023-05-04 18:16:41 +00:00
|
|
|
pp.Log(logger.Info, "listener is closing")
|
2023-07-30 21:03:00 +00:00
|
|
|
pp.httpServer.Close()
|
2021-11-15 19:13:54 +00:00
|
|
|
}
|
|
|
|
|
2023-12-08 18:17:17 +00:00
|
|
|
// Log implements logger.Writer.
|
2023-12-26 12:41:15 +00:00
|
|
|
func (pp *PPROF) Log(level logger.Level, format string, args ...interface{}) {
|
|
|
|
pp.Parent.Log(level, "[pprof] "+format, args...)
|
2020-10-19 20:17:48 +00:00
|
|
|
}
|
2024-03-04 13:20:34 +00:00
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
func (pp *PPROF) middlewareOrigin(ctx *gin.Context) {
|
|
|
|
ctx.Header("Access-Control-Allow-Origin", pp.AllowOrigin)
|
|
|
|
ctx.Header("Access-Control-Allow-Credentials", "true")
|
2024-03-04 13:20:34 +00:00
|
|
|
|
2024-07-06 19:45:15 +00:00
|
|
|
// preflight requests
|
|
|
|
if ctx.Request.Method == http.MethodOptions &&
|
|
|
|
ctx.Request.Header.Get("Access-Control-Request-Method") != "" {
|
2024-10-08 15:02:16 +00:00
|
|
|
ctx.Header("Access-Control-Allow-Methods", "OPTIONS, GET")
|
|
|
|
ctx.Header("Access-Control-Allow-Headers", "Authorization")
|
|
|
|
ctx.AbortWithStatus(http.StatusNoContent)
|
2024-07-06 19:45:15 +00:00
|
|
|
return
|
|
|
|
}
|
2024-10-08 15:02:16 +00:00
|
|
|
}
|
2024-07-06 19:45:15 +00:00
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
func (pp *PPROF) middlewareAuth(ctx *gin.Context) {
|
2024-03-04 13:20:34 +00:00
|
|
|
err := pp.AuthManager.Authenticate(&auth.Request{
|
2024-10-05 19:15:21 +00:00
|
|
|
IP: net.ParseIP(ctx.ClientIP()),
|
|
|
|
Action: conf.AuthActionMetrics,
|
|
|
|
HTTPRequest: ctx.Request,
|
2024-03-04 13:20:34 +00:00
|
|
|
})
|
|
|
|
if err != nil {
|
2024-10-05 19:15:21 +00:00
|
|
|
if err.(*auth.Error).AskCredentials { //nolint:errorlint
|
2024-10-08 15:02:16 +00:00
|
|
|
ctx.Header("WWW-Authenticate", `Basic realm="mediamtx"`)
|
|
|
|
ctx.AbortWithStatus(http.StatusUnauthorized)
|
2024-03-04 13:20:34 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// wait some seconds to mitigate brute force attacks
|
|
|
|
<-time.After(auth.PauseAfterError)
|
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
ctx.AbortWithStatus(http.StatusUnauthorized)
|
2024-03-04 13:20:34 +00:00
|
|
|
return
|
|
|
|
}
|
2024-10-08 15:02:16 +00:00
|
|
|
}
|
2024-03-04 13:20:34 +00:00
|
|
|
|
2024-10-08 15:02:16 +00:00
|
|
|
func (pp *PPROF) onRequest(ctx *gin.Context) {
|
2024-04-21 15:10:35 +00:00
|
|
|
http.DefaultServeMux.ServeHTTP(ctx.Writer, ctx.Request)
|
2024-03-04 13:20:34 +00:00
|
|
|
}
|