akkoma/lib/pleroma/http/adapter_helper/gun.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.HTTP.AdapterHelper.Gun do
  @behaviour Pleroma.HTTP.AdapterHelper

  alias Pleroma.Gun.ConnectionPool
  alias Pleroma.HTTP.AdapterHelper

  require Logger

  @defaults [
    connect_timeout: 5_000,
    domain_lookup_timeout: 5_000,
    tls_handshake_timeout: 5_000,
    retry: 1,
    retry_timeout: 1000,
    await_up_timeout: 5_000
  ]

  @spec options(keyword(), URI.t()) :: keyword()
  def options(incoming_opts \\ [], %URI{} = uri) do
    proxy =
      Pleroma.Config.get([:http, :proxy_url])
      |> AdapterHelper.format_proxy()

    config_opts = Pleroma.Config.get([:http, :adapter], [])

    @defaults
    |> Keyword.merge(config_opts)
    |> add_scheme_opts(uri)
    |> AdapterHelper.maybe_add_proxy(proxy)
    |> Keyword.merge(incoming_opts)
  end

  defp add_scheme_opts(opts, %{scheme: "http"}), do: opts

  defp add_scheme_opts(opts, %{scheme: "https"}) do
    opts
    |> Keyword.put(:certificates_verification, true)
    |> Keyword.put(:tls_opts,
      log_level: :warning,
      customize_hostname_check: [match_fun: &ssl_match_fun/2]
    )
  end

  # ssl_match_fun is adapted from [Mint](https://github.com/elixir-mint/mint)
  # Copyright 2018 Eric Meadows-Jönsson and Andrea Leopardi

  # Wildcard domain handling for DNS ID entries in the subjectAltName X.509
  # extension. Note that this is a subset of the wildcard patterns implemented
  # by OTP when matching against the subject CN attribute, but this is the only
  # wildcard usage defined by the CA/Browser Forum's Baseline Requirements, and
  # therefore the only pattern used in commercially issued certificates.
  defp ssl_match_fun({:dns_id, reference}, {:dNSName, [?*, ?. | presented]}) do
    case domain_without_host(reference) do
      '' ->
        :default

      domain ->
        :string.casefold(domain) == :string.casefold(presented)
    end
  end

  defp ssl_match_fun(_reference, _presented), do: :default

  defp domain_without_host([]), do: []
  defp domain_without_host([?. | domain]), do: domain
  defp domain_without_host([_ | more]), do: domain_without_host(more)

  @spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} | {:error, atom()}
  def get_conn(uri, opts) do
    case ConnectionPool.get_conn(uri, opts) do
      {:ok, conn_pid} -> {:ok, Keyword.merge(opts, conn: conn_pid, close_conn: false)}
      err -> err
    end
  end

  @prefix Pleroma.Gun.ConnectionPool
  def limiter_setup do
    wait = Pleroma.Config.get([:connections_pool, :connection_acquisition_wait])
    retries = Pleroma.Config.get([:connections_pool, :connection_acquisition_retries])

    :pools
    |> Pleroma.Config.get([])
    |> Enum.each(fn {name, opts} ->
      max_running = Keyword.get(opts, :size, 50)
      max_waiting = Keyword.get(opts, :max_waiting, 10)

      :ok =
        ConcurrentLimiter.new(:"#{@prefix}.#{name}", max_running, max_waiting,
          wait: wait,
          max_retries: retries
        )
    end)

    :ok
  end
end
adding gun adapter 2020-02-11 07:12:57 +00:00			`# Pleroma: A lightweight social networking server`
simplification of formatting host method case for format_proxy method 2020-03-03 12:44:13 +00:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
adding gun adapter 2020-02-11 07:12:57 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

adapter renaming to adapter_helper 2020-03-03 15:53:44 +00:00			`defmodule Pleroma.HTTP.AdapterHelper.Gun do`
			`@behaviour Pleroma.HTTP.AdapterHelper`
adding gun adapter 2020-02-11 07:12:57 +00:00
Refactor gun pooling and simplify adapter option insertion This patch refactors gun pooling to use Elixir process registry and simplifies adapter option insertion. Having the pool use process registry instead of a GenServer has a number of advantages: - Simpler code: the initial implementation adds about half the lines of code it deletes - Concurrency: unlike a GenServer, ETS-based registry can handle multiple checkout/checkin requests at the same time - Precise and easy idle connection clousure: current proposal for closing idle connections in the GenServer-based pool needs to filter through all connections once a minute and compare their last active time with closing time. With Elixir process registry this can be done by just using `Process.send_after`/`Process.cancel_timer` in the worker process. - Lower memory footprint: In my tests `gun-memory-leak` branch uses about 290mb on peak load (250 connections) and 235mb on idle (5-10 connections). Registry-based pool uses 210mb on idle and 240mb on peak load 2020-05-05 22:51:10 +00:00			`alias Pleroma.Gun.ConnectionPool`
little refactor 2020-03-06 18:04:18 +00:00			`alias Pleroma.HTTP.AdapterHelper`
adding gun adapter 2020-02-11 07:12:57 +00:00
little polishing 2020-03-06 18:24:19 +00:00			`require Logger`

adding gun adapter 2020-02-11 07:12:57 +00:00			`@defaults [`
open conn in separate task 2020-02-24 16:56:27 +00:00			`connect_timeout: 5_000,`
adding gun adapter 2020-02-11 07:12:57 +00:00			`domain_lookup_timeout: 5_000,`
			`tls_handshake_timeout: 5_000,`
retry and retry_timeout settings default change 2020-03-03 15:01:35 +00:00			`retry: 1,`
			`retry_timeout: 1000,`
adding gun adapter 2020-02-11 07:12:57 +00:00			`await_up_timeout: 5_000`
			`]`

			`@spec options(keyword(), URI.t()) :: keyword()`
clean up 2020-03-12 15:28:54 +00:00			`def options(incoming_opts \\ [], %URI{} = uri) do`
			`proxy =`
more clean up 2020-03-13 06:37:57 +00:00			`Pleroma.Config.get([:http, :proxy_url])`
little refactor 2020-03-06 18:04:18 +00:00			`\|> AdapterHelper.format_proxy()`

			`config_opts = Pleroma.Config.get([:http, :adapter], [])`
adding gun adapter 2020-02-11 07:12:57 +00:00
			`@defaults`
little refactor 2020-03-06 18:04:18 +00:00			`\|> Keyword.merge(config_opts)`
adding gun adapter 2020-02-11 07:12:57 +00:00			`\|> add_scheme_opts(uri)`
clean up 2020-03-12 15:28:54 +00:00			`\|> AdapterHelper.maybe_add_proxy(proxy)`
Refactor gun pooling and simplify adapter option insertion This patch refactors gun pooling to use Elixir process registry and simplifies adapter option insertion. Having the pool use process registry instead of a GenServer has a number of advantages: - Simpler code: the initial implementation adds about half the lines of code it deletes - Concurrency: unlike a GenServer, ETS-based registry can handle multiple checkout/checkin requests at the same time - Precise and easy idle connection clousure: current proposal for closing idle connections in the GenServer-based pool needs to filter through all connections once a minute and compare their last active time with closing time. With Elixir process registry this can be done by just using `Process.send_after`/`Process.cancel_timer` in the worker process. - Lower memory footprint: In my tests `gun-memory-leak` branch uses about 290mb on peak load (250 connections) and 235mb on idle (5-10 connections). Registry-based pool uses 210mb on idle and 240mb on peak load 2020-05-05 22:51:10 +00:00			`\|> Keyword.merge(incoming_opts)`
adding gun adapter 2020-02-11 07:12:57 +00:00			`end`

clean up 2020-03-12 15:28:54 +00:00			`defp add_scheme_opts(opts, %{scheme: "http"}), do: opts`
adding gun adapter 2020-02-11 07:12:57 +00:00
clean up 2020-03-12 15:28:54 +00:00			`defp add_scheme_opts(opts, %{scheme: "https"}) do`
add verify tls_opts only when we open connection for other requests tesla will add tls_opts 2020-03-10 12:54:11 +00:00			`opts`
			`\|> Keyword.put(:certificates_verification, true)`
Gun adapter helper: fix wildcard cert issues on OTP 23 See https://bugs.erlang.org/browse/ERL-1260 for more info. The ssl match function is basically copied from mint, except that `:string.lowercase/1` was replaced by `:string.casefold`. It was a TODO in mint's code, so might as well do it since we don't need to support OTP <20. Closes #1834 2020-06-23 17:36:21 +00:00			`\|> Keyword.put(:tls_opts,`
			`log_level: :warning,`
			`customize_hostname_check: [match_fun: &ssl_match_fun/2]`
			`)`
adding gun adapter 2020-02-11 07:12:57 +00:00			`end`

Gun adapter helper: fix wildcard cert issues on OTP 23 See https://bugs.erlang.org/browse/ERL-1260 for more info. The ssl match function is basically copied from mint, except that `:string.lowercase/1` was replaced by `:string.casefold`. It was a TODO in mint's code, so might as well do it since we don't need to support OTP <20. Closes #1834 2020-06-23 17:36:21 +00:00			`# ssl_match_fun is adapted from [Mint](https://github.com/elixir-mint/mint)`
			`# Copyright 2018 Eric Meadows-Jönsson and Andrea Leopardi`

			`# Wildcard domain handling for DNS ID entries in the subjectAltName X.509`
			`# extension. Note that this is a subset of the wildcard patterns implemented`
			`# by OTP when matching against the subject CN attribute, but this is the only`
			`# wildcard usage defined by the CA/Browser Forum's Baseline Requirements, and`
			`# therefore the only pattern used in commercially issued certificates.`
			`defp ssl_match_fun({:dns_id, reference}, {:dNSName, [?*, ?. \| presented]}) do`
			`case domain_without_host(reference) do`
			`'' ->`
			`:default`

			`domain ->`
			`:string.casefold(domain) == :string.casefold(presented)`
			`end`
			`end`

			`defp ssl_match_fun(_reference, _presented), do: :default`

			`defp domain_without_host([]), do: []`
			`defp domain_without_host([?. \| domain]), do: domain`
			`defp domain_without_host([_ \| more]), do: domain_without_host(more)`

Refactor gun pooling and simplify adapter option insertion This patch refactors gun pooling to use Elixir process registry and simplifies adapter option insertion. Having the pool use process registry instead of a GenServer has a number of advantages: - Simpler code: the initial implementation adds about half the lines of code it deletes - Concurrency: unlike a GenServer, ETS-based registry can handle multiple checkout/checkin requests at the same time - Precise and easy idle connection clousure: current proposal for closing idle connections in the GenServer-based pool needs to filter through all connections once a minute and compare their last active time with closing time. With Elixir process registry this can be done by just using `Process.send_after`/`Process.cancel_timer` in the worker process. - Lower memory footprint: In my tests `gun-memory-leak` branch uses about 290mb on peak load (250 connections) and 235mb on idle (5-10 connections). Registry-based pool uses 210mb on idle and 240mb on peak load 2020-05-05 22:51:10 +00:00			`@spec get_conn(URI.t(), keyword()) :: {:ok, keyword()} \| {:error, atom()}`
			`def get_conn(uri, opts) do`
			`case ConnectionPool.get_conn(uri, opts) do`
			`{:ok, conn_pid} -> {:ok, Keyword.merge(opts, conn: conn_pid, close_conn: false)}`
			`err -> err`
adding gun adapter 2020-02-11 07:12:57 +00:00			`end`
			`end`
HTTP: Implement max request limits 2020-05-17 19:16:02 +00:00
			`@prefix Pleroma.Gun.ConnectionPool`
			`def limiter_setup do`
			`wait = Pleroma.Config.get([:connections_pool, :connection_acquisition_wait])`
			`retries = Pleroma.Config.get([:connections_pool, :connection_acquisition_retries])`

			`:pools`
			`\|> Pleroma.Config.get([])`
			`\|> Enum.each(fn {name, opts} ->`
			`max_running = Keyword.get(opts, :size, 50)`
			`max_waiting = Keyword.get(opts, :max_waiting, 10)`

			`:ok =`
			`ConcurrentLimiter.new(:"#{@prefix}.#{name}", max_running, max_waiting,`
			`wait: wait,`
			`max_retries: retries`
			`)`
			`end)`

			`:ok`
			`end`
adding gun adapter 2020-02-11 07:12:57 +00:00			`end`