2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2021-06-16 07:38:19 +01:00
|
|
|
|
|
|
|
package tsweb
|
|
|
|
|
|
|
|
import (
|
|
|
|
"expvar"
|
|
|
|
"fmt"
|
|
|
|
"html"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"net/http/pprof"
|
|
|
|
"net/url"
|
|
|
|
"os"
|
|
|
|
"runtime"
|
|
|
|
|
2023-04-10 11:28:16 +01:00
|
|
|
"tailscale.com/tsweb/promvarz"
|
|
|
|
"tailscale.com/tsweb/varz"
|
2021-06-16 07:38:19 +01:00
|
|
|
"tailscale.com/version"
|
|
|
|
)
|
|
|
|
|
|
|
|
// DebugHandler is an http.Handler that serves a debugging "homepage",
|
|
|
|
// and provides helpers to register more debug endpoints and reports.
|
|
|
|
//
|
|
|
|
// The rendered page consists of three sections: informational
|
|
|
|
// key/value pairs, links to other pages, and additional
|
|
|
|
// program-specific HTML. Callers can add to these sections using the
|
|
|
|
// KV, URL and Section helpers respectively.
|
|
|
|
//
|
|
|
|
// Additionally, the Handle method offers a shorthand for correctly
|
|
|
|
// registering debug handlers and cross-linking them from /debug/.
|
|
|
|
type DebugHandler struct {
|
|
|
|
mux *http.ServeMux // where this handler is registered
|
|
|
|
kvs []func(io.Writer) // output one <li>...</li> each, see KV()
|
|
|
|
urls []string // one <li>...</li> block with link each
|
|
|
|
sections []func(io.Writer, *http.Request) // invoked in registration order prior to outputting </body>
|
|
|
|
}
|
|
|
|
|
|
|
|
// Debugger returns the DebugHandler registered on mux at /debug/,
|
|
|
|
// creating it if necessary.
|
|
|
|
func Debugger(mux *http.ServeMux) *DebugHandler {
|
2024-02-13 18:49:36 +00:00
|
|
|
h, pat := mux.Handler(&http.Request{URL: &url.URL{Path: "/debug/"}})
|
|
|
|
if d, ok := h.(*DebugHandler); ok && pat == "/debug/" {
|
2021-06-16 07:38:19 +01:00
|
|
|
return d
|
|
|
|
}
|
|
|
|
ret := &DebugHandler{
|
|
|
|
mux: mux,
|
|
|
|
}
|
2024-02-13 18:49:36 +00:00
|
|
|
mux.Handle("/debug/", ret)
|
2021-06-16 07:38:19 +01:00
|
|
|
|
2023-04-10 11:28:16 +01:00
|
|
|
ret.KVFunc("Uptime", func() any { return varz.Uptime() })
|
2023-02-11 06:20:36 +00:00
|
|
|
ret.KV("Version", version.Long())
|
2024-02-13 18:49:36 +00:00
|
|
|
ret.Handle("vars", "Metrics (Go)", expvar.Handler())
|
|
|
|
ret.Handle("varz", "Metrics (Prometheus)", http.HandlerFunc(promvarz.Handler))
|
|
|
|
ret.Handle("pprof/", "pprof (index)", http.HandlerFunc(pprof.Index))
|
2023-08-23 02:54:46 +01:00
|
|
|
// the CPU profile handler is special because it responds
|
|
|
|
// streamily, unlike every other pprof handler. This means it's
|
|
|
|
// not made available through pprof.Index the way all the other
|
|
|
|
// pprof types are, you have to register the CPU profile handler
|
|
|
|
// separately. Use HandleSilent for that to not pollute the human
|
|
|
|
// debug list with a link that produces streaming line noise if
|
|
|
|
// you click it.
|
|
|
|
ret.HandleSilent("pprof/profile", http.HandlerFunc(pprof.Profile))
|
2021-06-16 07:38:19 +01:00
|
|
|
ret.URL("/debug/pprof/goroutine?debug=1", "Goroutines (collapsed)")
|
|
|
|
ret.URL("/debug/pprof/goroutine?debug=2", "Goroutines (full)")
|
2024-02-13 18:49:36 +00:00
|
|
|
ret.Handle("gc", "force GC", http.HandlerFunc(gcHandler))
|
2021-06-16 07:38:19 +01:00
|
|
|
hostname, err := os.Hostname()
|
|
|
|
if err == nil {
|
|
|
|
ret.KV("Machine", hostname)
|
|
|
|
}
|
|
|
|
return ret
|
|
|
|
}
|
|
|
|
|
|
|
|
// ServeHTTP implements http.Handler.
|
|
|
|
func (d *DebugHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
|
|
if !AllowDebugAccess(r) {
|
|
|
|
http.Error(w, "debug access denied", http.StatusForbidden)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if r.URL.Path != "/debug/" {
|
|
|
|
// Sub-handlers are handled by the parent mux directly.
|
|
|
|
http.NotFound(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-07-11 19:53:46 +01:00
|
|
|
AddBrowserHeaders(w)
|
2022-03-16 23:27:57 +00:00
|
|
|
f := func(format string, args ...any) { fmt.Fprintf(w, format, args...) }
|
2021-06-16 07:38:19 +01:00
|
|
|
f("<html><body><h1>%s debug</h1><ul>", version.CmdName())
|
|
|
|
for _, kv := range d.kvs {
|
|
|
|
kv(w)
|
|
|
|
}
|
|
|
|
for _, url := range d.urls {
|
|
|
|
io.WriteString(w, url)
|
|
|
|
}
|
|
|
|
for _, section := range d.sections {
|
|
|
|
section(w, r)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-08-23 02:54:46 +01:00
|
|
|
func (d *DebugHandler) handle(slug string, handler http.Handler) string {
|
2024-02-13 18:49:36 +00:00
|
|
|
href := "/debug/" + slug
|
2023-08-23 02:54:46 +01:00
|
|
|
d.mux.Handle(href, Protected(debugBrowserHeaderHandler(handler)))
|
|
|
|
return href
|
|
|
|
}
|
|
|
|
|
2021-06-16 07:38:19 +01:00
|
|
|
// Handle registers handler at /debug/<slug> and creates a descriptive
|
|
|
|
// entry in /debug/ for it.
|
|
|
|
func (d *DebugHandler) Handle(slug, desc string, handler http.Handler) {
|
2023-08-23 02:54:46 +01:00
|
|
|
href := d.handle(slug, handler)
|
2021-06-16 07:38:19 +01:00
|
|
|
d.URL(href, desc)
|
|
|
|
}
|
|
|
|
|
2023-08-23 02:54:46 +01:00
|
|
|
// HandleSilent registers handler at /debug/<slug>. It does not create
|
|
|
|
// a descriptive entry in /debug/ for it. This should be used
|
|
|
|
// sparingly, for things that need to be registered but would pollute
|
|
|
|
// the list of debug links.
|
|
|
|
func (d *DebugHandler) HandleSilent(slug string, handler http.Handler) {
|
|
|
|
d.handle(slug, handler)
|
|
|
|
}
|
|
|
|
|
2021-06-16 07:38:19 +01:00
|
|
|
// KV adds a key/value list item to /debug/.
|
2022-03-16 23:27:57 +00:00
|
|
|
func (d *DebugHandler) KV(k string, v any) {
|
2021-06-16 07:38:19 +01:00
|
|
|
val := html.EscapeString(fmt.Sprintf("%v", v))
|
|
|
|
d.kvs = append(d.kvs, func(w io.Writer) {
|
|
|
|
fmt.Fprintf(w, "<li><b>%s:</b> %s</li>", k, val)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// KVFunc adds a key/value list item to /debug/. v is called on every
|
|
|
|
// render of /debug/.
|
2022-03-16 23:27:57 +00:00
|
|
|
func (d *DebugHandler) KVFunc(k string, v func() any) {
|
2021-06-16 07:38:19 +01:00
|
|
|
d.kvs = append(d.kvs, func(w io.Writer) {
|
|
|
|
val := html.EscapeString(fmt.Sprintf("%v", v()))
|
|
|
|
fmt.Fprintf(w, "<li><b>%s:</b> %s</li>", k, val)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// URL adds a URL and description list item to /debug/.
|
|
|
|
func (d *DebugHandler) URL(url, desc string) {
|
|
|
|
if desc != "" {
|
|
|
|
desc = " (" + desc + ")"
|
|
|
|
}
|
|
|
|
d.urls = append(d.urls, fmt.Sprintf(`<li><a href="%s">%s</a>%s</li>`, url, url, html.EscapeString(desc)))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Section invokes f on every render of /debug/ to add supplemental
|
|
|
|
// HTML to the page body.
|
|
|
|
func (d *DebugHandler) Section(f func(w io.Writer, r *http.Request)) {
|
|
|
|
d.sections = append(d.sections, f)
|
|
|
|
}
|
|
|
|
|
|
|
|
func gcHandler(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Write([]byte("running GC...\n"))
|
|
|
|
if f, ok := w.(http.Flusher); ok {
|
|
|
|
f.Flush()
|
|
|
|
}
|
|
|
|
runtime.GC()
|
|
|
|
w.Write([]byte("Done.\n"))
|
|
|
|
}
|
2023-07-19 19:58:29 +01:00
|
|
|
|
|
|
|
// debugBrowserHeaderHandler is a wrapper around BrowserHeaderHandler with a
|
|
|
|
// more relaxed Content-Security-Policy that's acceptable for internal debug
|
|
|
|
// pages. It should not be used on any public-facing handlers!
|
|
|
|
func debugBrowserHeaderHandler(h http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
AddBrowserHeaders(w)
|
|
|
|
// The only difference from AddBrowserHeaders is that this policy
|
|
|
|
// allows inline CSS styles. They make debug pages much easier to
|
|
|
|
// prototype, while the risk of user-injected CSS is relatively low.
|
2024-01-03 17:00:57 +00:00
|
|
|
w.Header().Set("Content-Security-Policy", "default-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; block-all-mixed-content; object-src 'none'; style-src 'self' 'unsafe-inline'")
|
2023-07-19 19:58:29 +01:00
|
|
|
h.ServeHTTP(w, r)
|
|
|
|
})
|
|
|
|
}
|