Backend (the "logs arrive every ~5s / pipe clogged" bug): - dockerLocalProxy.ServeHTTP streamed the docker socket response via io.Copy, which buffers ~2KB into the ResponseWriter and only flushes when full or on handler return. Low-throughput streaming endpoints (container logs follow=1, events, stats, attach) therefore arrived in multi-second batches. Stream manually and Flush() after each chunk so they are delivered live. Behaviour is otherwise identical to io.Copy (full-write contract, EOF handling, Debug error logging); hijacked attach/exec go through a separate websocket handler, unaffected. - NewSingleHostReverseProxyWithHostHeader: set FlushInterval = -1 so the remote-endpoint path streams live too. Frontend (maintainer UI asks): - Remove the line-selection mechanic entirely (Copy-selected-lines and Unselect buttons, selectLine/copySelection/clearSelection, selectedLines state, line_selected highlight): selecting/copying is mouse-native. Copy (all visible) and Download stay. - Rename the unclear "Fetch" since-selector label to "Since". - Move the settings controls into the widget header (rd-widget-header default transclude slot) so they share one row with the "Log viewer settings" title, reclaiming vertical space for the log pane. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
92 lines
3.2 KiB
Go
92 lines
3.2 KiB
Go
package factory
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httputil"
|
|
"net/url"
|
|
"strings"
|
|
|
|
httperror "github.com/portainer/portainer/pkg/libhttp/error"
|
|
)
|
|
|
|
// Note that we discard any non-canonical headers by design
|
|
var allowedHeaders = map[string]struct{}{
|
|
"Accept": {},
|
|
"Accept-Encoding": {},
|
|
"Accept-Language": {},
|
|
"Cache-Control": {},
|
|
"Connection": {},
|
|
"Content-Length": {},
|
|
"Content-Type": {},
|
|
"Private-Token": {},
|
|
"Upgrade": {},
|
|
"User-Agent": {},
|
|
"X-Portaineragent-Target": {},
|
|
"X-Portainer-Volumename": {},
|
|
"X-Registry-Auth": {},
|
|
"X-Stream-Protocol-Version": {},
|
|
// WebSocket headers those are required for kubectl exec/attach/port-forward operations
|
|
"Sec-Websocket-Key": {},
|
|
"Sec-Websocket-Version": {},
|
|
"Sec-Websocket-Protocol": {},
|
|
"Sec-Websocket-Extensions": {},
|
|
}
|
|
|
|
// newSingleHostReverseProxyWithHostHeader is based on NewSingleHostReverseProxy
|
|
// from golang.org/src/net/http/httputil/reverseproxy.go and merely sets the Host
|
|
// HTTP header, which NewSingleHostReverseProxy deliberately preserves.
|
|
func NewSingleHostReverseProxyWithHostHeader(target *url.URL) *httputil.ReverseProxy {
|
|
proxy := &httputil.ReverseProxy{Rewrite: createRewriteFn(target)}
|
|
|
|
// FlushInterval = -1 flushes each write immediately so streaming docker responses (logs follow, events, stats, attach) are delivered live; harmless for normal JSON responses (single write).
|
|
proxy.FlushInterval = -1
|
|
|
|
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
|
|
httperror.WriteError(w, http.StatusBadGateway, "Proxy failure", err)
|
|
}
|
|
|
|
return proxy
|
|
}
|
|
|
|
func createRewriteFn(target *url.URL) func(*httputil.ProxyRequest) {
|
|
targetQuery := target.RawQuery
|
|
return func(proxyReq *httputil.ProxyRequest) {
|
|
proxyReq.Out.URL.Scheme = target.Scheme
|
|
proxyReq.Out.URL.Host = target.Host
|
|
proxyReq.Out.URL.Path = singleJoiningSlash(target.Path, proxyReq.In.URL.Path)
|
|
proxyReq.Out.URL.RawPath = ""
|
|
proxyReq.Out.Host = proxyReq.Out.URL.Host
|
|
if targetQuery == "" || proxyReq.Out.URL.RawQuery == "" {
|
|
proxyReq.Out.URL.RawQuery = targetQuery + proxyReq.Out.URL.RawQuery
|
|
} else {
|
|
proxyReq.Out.URL.RawQuery = targetQuery + "&" + proxyReq.Out.URL.RawQuery
|
|
}
|
|
if _, ok := proxyReq.Out.Header["User-Agent"]; !ok {
|
|
// explicitly disable User-Agent so it's not set to default value
|
|
proxyReq.Out.Header.Set("User-Agent", "")
|
|
}
|
|
|
|
for k := range proxyReq.Out.Header {
|
|
if _, ok := allowedHeaders[k]; !ok {
|
|
// We use delete here instead of req.Header.Del because we want to delete non canonical headers.
|
|
delete(proxyReq.Out.Header, k)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// singleJoiningSlash from golang.org/src/net/http/httputil/reverseproxy.go
|
|
// included here for use in NewSingleHostReverseProxyWithHostHeader
|
|
// because its used in NewSingleHostReverseProxy from golang.org/src/net/http/httputil/reverseproxy.go
|
|
func singleJoiningSlash(a, b string) string {
|
|
aslash := strings.HasSuffix(a, "/")
|
|
bslash := strings.HasPrefix(b, "/")
|
|
switch {
|
|
case aslash && bslash:
|
|
return a + b[1:]
|
|
case !aslash && !bslash:
|
|
return a + "/" + b
|
|
}
|
|
return a + b
|
|
}
|