Since we’re currently pooling connections in a single client,
100 connections is a too low a limit given the number of connections
we need to handle.

In future, we should probably reduce the reliance on a single client
and only reuse a global client in some cases but not in the others.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

5xx errors tend to be from transient issues, so it may be worthwhile
retrying in such cases.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

The proxy support in websockets (proxied_ws) is closely tied to the
version 8 of websockets, which doesn’t support Python 3.10:

    obs_proxy.client: Caught an exception:
    obs_proxy.client: As of 3.10, the *loop* parameter was removed from Lock()
    since it is no longer necessary

Since we build Docker images based on Debian Bullseye, this doesn’t yet matter
as Python 3.9 is the default in Bullseye.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Python 3.10 removed this parameter.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

This is used by the proxy client to verify the payload has been uploaded
correctly.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Actually make the new blueprint part of the app.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Some scaffolding to integrate the uploader later.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Given the absence of a standard way to do this, use a custom
Patch-Content-Range header to specify which chunk is being uploaded.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

To make it easier to investigate failures, only delete the temporary
file if the upload succeeds. If it fails, dump extra details about the
error.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

If Content-Type or Content-Length headers were supplied with the
original upload, pass them through to the upstream. Otherwise,
set Content-Length to the actual size of the payload; this also
disables chunked encoding of the payload.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Quart doesn’t yet support backpressure to handle situations when an
application cannot handle the incoming data as fast as it’s received.

This happens, for example, when the proxy client run on the same machine
as the worker, and a worker attempts to upload a multi-gigabyte build
artifact. In this case, the artifact is consumed almost immediately,
as the local connection is fast enough to allow this, but the upload to
the upstream proxy doesn’t keep up and the artifact ends up being
buffered in memory. If there’s not enough RAM and swap space, the upload
terminates with an out of memory exception.

To work around this until this missing feature is implemented in Quart,
we buffer incoming uploads at clients in a temporary files, as disk
space is still cheaper than RAM at the time of writing.

Uploads on the server are not buffered on the server, as typically the
upload speed isn’t high enough to cause excessive buffering.

This brings a new dependency on aiofiles which implements async temporary
files, as using a normal tempfile functionality would block on I/O.

While httpx supports passing file-like objects as content directly, the
current implementation doesn’t use them in an optimal way (despite a fix in
https://github.com/encode/httpx/pull/1948

), so instead of that, we read
the temporary file chunk by chunk manually.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Host header can be spoofed, making it possible to bypass authentication.
Since proxy exposes one port per worker for the backend to connect to,
it cannot require authentication on these ports. The port exposed to the
outside though, needs to be authenticated to prevent information leaks,
so the proxy server needs to be able to reliably distinguish clients
connecting to the proxy from the outside and the backend services trying
to talk to (emulated) workers.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Apparently, data= attempts to upload everything in one chunk, so if a
generator produces a multi-gigabyte payload, it will be reassembled in
memory at once instead of being streamed. Also, data= may apply
transformations to the data (e.g. it can be passed a dict to send form
data), and is deprecated for binary data.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

Rewrite the token authenticator to return an internal function instead
of a lambda, making it more obvious what it returns: it should return
the request itself, not the headers dict.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>

httpx 0.20 changes the API to no longer accept timeout in .send().
Update the dependency as well.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>