auth web: make request/response timeout configurable

author Samir Aguiar <sjorgedeaguiar@netskope.com>

Mon, 20 May 2024 21:08:36 +0000 (21:08 +0000)

committer Samir Aguiar <sjorgedeaguiar@netskope.com>

Mon, 3 Jun 2024 16:16:43 +0000 (16:16 +0000)
author Samir Aguiar <sjorgedeaguiar@netskope.com>
Mon, 20 May 2024 21:08:36 +0000 (21:08 +0000)
committer Samir Aguiar <sjorgedeaguiar@netskope.com>
Mon, 3 Jun 2024 16:16:43 +0000 (16:16 +0000)
diff --git a/docs/http-api/index.rst b/docs/http-api/index.rst

index 256033f9f42cbb5acba4c8c7ecd7d3d43c69b67c..d2e56e7538d9f36e308ffb1709facdea893392d2 100644 (file)
--- a/docs/http-api/index.rst
+++ b/docs/http-api/index.rst
@@ -20,6 +20,7 @@ The following webserver related configuration items are available:
  * :ref:`setting-webserver-port`: Port to bind the webserver to.
  * :ref:`setting-webserver-allow-from`: Netmasks that are allowed to connect to the webserver
  * :ref:`setting-webserver-max-bodysize`: Maximum request/response body size in megabytes
+* :ref:`setting-webserver-connection-timeout`: Request/response timeout in seconds
  
  
  Metrics Endpoint
diff --git a/docs/settings.rst b/docs/settings.rst

index 2684ec40d5dc519bcc9a77a9ee4368dcc43cd169..a8f7c07f704e18feeb34c0b8714488e9dd4bdd59 100644 (file)
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -2038,6 +2038,17 @@ The value between the hooks is a UUID that is generated for each request. This c
  
  Maximum request/response body size in megabytes.
  
+.. _setting-webserver-connection-timeout:
+
+``webserver-connection-timeout``
+--------------------------------
+.. versionadded:: 4.8.5
+
+-  Integer
+-  Default: 5
+
+Request/response timeout in seconds.
+
  .. _setting-webserver-password:
  
  ``webserver-password``
diff --git a/pdns/auth-main.cc b/pdns/auth-main.cc

index fc42d07db8f951fe8f57afe02debadb2b5bcafbd..42b00b77926440d3d7ab7fd250c0d8b3d83fce89 100644 (file)
--- a/pdns/auth-main.cc
+++ b/pdns/auth-main.cc
@@ -244,6 +244,7 @@ static void declareArguments()
    ::arg().set("webserver-allow-from", "Webserver/API access is only allowed from these subnets") = "127.0.0.1,::1";
    ::arg().set("webserver-loglevel", "Amount of logging in the webserver (none, normal, detailed)") = "normal";
    ::arg().set("webserver-max-bodysize", "Webserver/API maximum request/response body size in megabytes") = "2";
+  ::arg().set("webserver-connection-timeout", "Webserver/API request/response timeout in seconds") = "5";
    ::arg().setSwitch("webserver-hash-plaintext-credentials", "Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime") = "no";
  
    ::arg().setSwitch("query-logging", "Hint backends that queries should be logged") = "no";
diff --git a/pdns/webserver.cc b/pdns/webserver.cc

index ec4b09f5f94a37eb8d61c1c159f79cfe05de1aa1..754484558af6b0dbe42ccfca98405419834a8a02 100644 (file)
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -520,7 +520,7 @@ void WebServer::serveConnection(const std::shared_ptr<Socket>& client) const {
      YaHTTP::AsyncRequestLoader yarl;
      yarl.initialize(&req);
      req.max_request_size=d_maxbodysize;
-    int timeout = 5;
+    int timeout = d_connectiontimeout;
      client->setNonBlocking();
  
      try {
@@ -588,7 +588,8 @@ WebServer::WebServer(string listenaddress, int port) :
    d_listenaddress(std::move(listenaddress)),
    d_port(port),
    d_server(nullptr),
-  d_maxbodysize(2*1024*1024)
+  d_maxbodysize(2*1024*1024),
+  d_connectiontimeout(5)
  {
      YaHTTP::Router::Map("OPTIONS", "/<*url>", [](YaHTTP::Request *req, YaHTTP::Response *resp) {
        // look for url in routes
diff --git a/pdns/webserver.hh b/pdns/webserver.hh

index 49f38b9ab319ef605851bf1fc6fdc41d8ca2f921..5b83d70712e9251637dde47258b501da94a4ae39 100644 (file)
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -212,6 +212,10 @@ public:
      d_maxbodysize = s * 1024 * 1024;
    }
  
+  void setConnectionTimeout(int t) { // in seconds
+    d_connectiontimeout = t;
+  }
+
    void setACL(const NetmaskGroup &nmg) {
      d_acl = nmg;
    }
@@ -285,6 +289,7 @@ protected:
    std::unique_ptr<CredentialsHolder> d_webserverPassword{nullptr};
  
    ssize_t d_maxbodysize; // in bytes
+  int d_connectiontimeout; // in seconds
  
    NetmaskGroup d_acl;
  
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc

index 460734c4dc621335a3f85188beff48d082b9c049..5002ffaeb684798993e7acab7df0496866a5dd2c 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -117,6 +117,7 @@ AuthWebServer::AuthWebServer() :
      d_ws->setACL(acl);
  
      d_ws->setMaxBodySize(::arg().asNum("webserver-max-bodysize"));
+    d_ws->setConnectionTimeout(::arg().asNum("webserver-connection-timeout"));
  
      d_ws->bind();
    }
author	Samir Aguiar <sjorgedeaguiar@netskope.com>
	Mon, 20 May 2024 21:08:36 +0000 (21:08 +0000)
committer	Samir Aguiar <sjorgedeaguiar@netskope.com>
	Mon, 3 Jun 2024 16:16:43 +0000 (16:16 +0000)
docs/http-api/index.rst		patch \| blob \| blame \| history
docs/settings.rst		patch \| blob \| blame \| history
pdns/auth-main.cc		patch \| blob \| blame \| history
pdns/webserver.cc		patch \| blob \| blame \| history
pdns/webserver.hh		patch \| blob \| blame \| history
pdns/ws-auth.cc		patch \| blob \| blame \| history