Commit 20ee508c authored by Jacob Vosmaer's avatar Jacob Vosmaer

Buffer API failure responses in memory

parent 5aa350e3
package api package api
import ( import (
"bytes"
"encoding/json" "encoding/json"
"fmt" "fmt"
"io" "io"
...@@ -187,8 +188,24 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler ...@@ -187,8 +188,24 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler
helper.Fail500(w, r, err) helper.Fail500(w, r, err)
return return
} }
if httpResponse != nil {
defer func() {
httpResponse.Body.Close()
}()
}
if httpResponse.StatusCode != http.StatusOK { if httpResponse.StatusCode != http.StatusOK {
// NGINX response buffering is disabled on this path (with
// X-Accel-Buffering: no) but we still want to free up the Unicorn worker
// that generated httpResponse as fast as possible. To do this we buffer
// the entire response body in memory before sending it on.
responseBody := &bytes.Buffer{}
_, err := io.Copy(responseBody, httpResponse.Body)
if err != nil {
helper.Fail500(w, r, err)
}
httpResponse.Body.Close() // Free up the Unicorn worker
for k, v := range httpResponse.Header { for k, v := range httpResponse.Header {
// Accomodate broken clients that do case-sensitive header lookup // Accomodate broken clients that do case-sensitive header lookup
if k == "Www-Authenticate" { if k == "Www-Authenticate" {
...@@ -198,14 +215,12 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler ...@@ -198,14 +215,12 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler
} }
} }
w.WriteHeader(httpResponse.StatusCode) w.WriteHeader(httpResponse.StatusCode)
io.Copy(w, httpResponse.Body) io.Copy(w, responseBody)
httpResponse.Body.Close()
return return
} }
// Close the body immediately, rather than waiting for the next handler
// to complete httpResponse.Body.Close() // Free up the Unicorn worker
httpResponse.Body.Close()
// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate // Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
// header to the client even in case of success as per RFC4559. // header to the client even in case of success as per RFC4559.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment