cmd/syncthing, lib/config: Enable HTTP CPU/heap profile collection for users

This adds a config to enable debug functions on the API server, which is by default disabled. When enabled, the /rest/debug things become available and become available without requiring a CSRF token (although authentication is required if configured). We also add a new endpoint /rest/debug/cpuprof?duration=15s (with the duration being configurable, defaulting to 30s). This runs a CPU profile for the duration and returns it as a file. It sets headers so that a browser will save the file with an informative name. The same is done for heap profiles, /rest/debug/heapprof, which does not take any parameters. The purpose of this is that any user can enable debugging under advanced, then point their browser to the endpoint above and get a file that contains a CPU or heap profile we can use, with the filename telling us what version and architecture the profile is from. On the command line, this becomes curl -O -J http://localhost:8082/rest/debug/cpuprof?duration=5s curl: Saved to filename 'syncthing-cpu-darwin-amd64-v0.14.3+4-g935bcc0-110307.pprof' GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3467
2024-11-09 14:50:56 +00:00 · 2016-08-02 11:06:45 +00:00 · 2016-08-02 11:06:45 +00:00 · ffe7a2fcd7
commit ffe7a2fcd7
parent 08b5a7908f
8 changed files with 60 additions and 7 deletions
--- a/cmd/syncthing/gui.go
+++ b/cmd/syncthing/gui.go
@ -17,6 +17,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"runtime"
+	"runtime/pprof"
 	"sort"
 	"strconv"
 	"strings"
@ -268,8 +269,12 @@ func (s *apiService) Serve() {
 	postRestMux.HandleFunc("/rest/system/debug", s.postSystemDebug)            // [enable] [disable]

 	// Debug endpoints, not for general use
-	getRestMux.HandleFunc("/rest/debug/peerCompletion", s.getPeerCompletion)
-	getRestMux.HandleFunc("/rest/debug/httpmetrics", s.getSystemHTTPMetrics)
+	debugMux := http.NewServeMux()
+	debugMux.HandleFunc("/rest/debug/peerCompletion", s.getPeerCompletion)
+	debugMux.HandleFunc("/rest/debug/httpmetrics", s.getSystemHTTPMetrics)
+	debugMux.HandleFunc("/rest/debug/cpuprof", s.getCPUProf) // duration
+	debugMux.HandleFunc("/rest/debug/heapprof", s.getHeapProf)
+	getRestMux.Handle("/rest/debug/", s.whenDebugging(debugMux))

 	// A handler that splits requests between the two above and disables
 	// caching
@ -364,6 +369,9 @@ func (s *apiService) VerifyConfiguration(from, to config.Configuration) error {
 }

 func (s *apiService) CommitConfiguration(from, to config.Configuration) bool {
+	// No action required when this changes, so mask the fact that it changed at all.
+	from.GUI.Debugging = to.GUI.Debugging
+
 	if to.GUI == from.GUI {
 		return true
 	}
@ -487,6 +495,18 @@ func withDetailsMiddleware(id protocol.DeviceID, h http.Handler) http.Handler {
 	})
 }

+func (s *apiService) whenDebugging(h http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if s.cfg.GUI().Debugging {
+			h.ServeHTTP(w, r)
+			return
+		}
+
+		http.Error(w, "Debugging disabled", http.StatusBadRequest)
+		return
+	})
+}
+
 func (s *apiService) restPing(w http.ResponseWriter, r *http.Request) {
 	sendJSON(w, map[string]string{"ping": "pong"})
 }
@ -1166,6 +1186,32 @@ func (s *apiService) getSystemBrowse(w http.ResponseWriter, r *http.Request) {
 	sendJSON(w, ret)
 }

+func (s *apiService) getCPUProf(w http.ResponseWriter, r *http.Request) {
+	duration, err := time.ParseDuration(r.FormValue("duration"))
+	if err != nil {
+		duration = 30 * time.Second
+	}
+
+	filename := fmt.Sprintf("syncthing-cpu-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, Version, time.Now().Format("150405")) // hhmmss
+
+	w.Header().Set("Content-Type", "application/octet-stream")
+	w.Header().Set("Content-Disposition", "attachment; filename="+filename)
+
+	pprof.StartCPUProfile(w)
+	time.Sleep(duration)
+	pprof.StopCPUProfile()
+}
+
+func (s *apiService) getHeapProf(w http.ResponseWriter, r *http.Request) {
+	filename := fmt.Sprintf("syncthing-heap-%s-%s-%s-%s.pprof", runtime.GOOS, runtime.GOARCH, Version, time.Now().Format("150405")) // hhmmss
+
+	w.Header().Set("Content-Type", "application/octet-stream")
+	w.Header().Set("Content-Disposition", "attachment; filename="+filename)
+
+	runtime.GC()
+	pprof.WriteHeapProfile(w)
+}
+
 func (s *apiService) toNeedSlice(fs []db.FileInfoTruncated) []jsonDBFileInfo {
 	res := make([]jsonDBFileInfo, len(fs))
 	for i, f := range fs {
--- a/cmd/syncthing/gui_csrf.go
+++ b/cmd/syncthing/gui_csrf.go
@ -41,6 +41,13 @@ func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, n
 			return
 		}

+		if strings.HasPrefix(r.URL.Path, "/rest/debug") {
+			// Debugging functions are only available when explicitly
+			// enabled, and can be accessed without a CSRF token
+			next.ServeHTTP(w, r)
+			return
+		}
+
 		// Allow requests for anything not under the protected path prefix,
 		// and set a CSRF cookie if there isn't already a valid one.
 		if !strings.HasPrefix(r.URL.Path, prefix) {
--- a/cmd/syncthing/main.go
+++ b/cmd/syncthing/main.go
@ -16,7 +16,6 @@ import (
 	"log"
 	"net"
 	"net/http"
-	_ "net/http/pprof"
 	"net/url"
 	"os"
 	"os/signal"
--- a/lib/config/guiconfiguration.go
+++ b/lib/config/guiconfiguration.go
@ -21,6 +21,7 @@ type GUIConfiguration struct {
 	APIKey              string `xml:"apikey,omitempty" json:"apiKey"`
 	InsecureAdminAccess bool   `xml:"insecureAdminAccess,omitempty" json:"insecureAdminAccess"`
 	Theme               string `xml:"theme" json:"theme" default:"default"`
+	Debugging           bool   `xml:"debugging,attr" json:"debugging"`
 }

 func (c GUIConfiguration) Address() string {
--- a/test/h1/config.xml
+++ b/test/h1/config.xml
@ -50,7 +50,7 @@
    <device id="7PBCTLL-JJRYBSA-MOWZRKL-MSDMN4N-4US4OMX-SYEXUS4-HSBGNRY-CZXRXAT" name="s4" compression="metadata" introducer="false">
        <address>tcp://127.0.0.1:22004</address>
    </device>
-    <gui enabled="true" tls="false">
+    <gui enabled="true" tls="false" debugging="true">
        <address>127.0.0.1:8081</address>
        <user>testuser</user>
        <password>$2a$10$7tKL5uvLDGn5s2VLPM2yWOK/II45az0mTel8hxAUJDRQN1Tk2QYwu</password>
--- a/test/h2/config.xml
+++ b/test/h2/config.xml
@ -62,7 +62,7 @@
    <device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" name="s3" compression="metadata" introducer="false">
        <address>tcp://127.0.0.1:22003</address>
    </device>
-    <gui enabled="true" tls="false">
+    <gui enabled="true" tls="false" debugging="true">
        <address>127.0.0.1:8082</address>
        <apikey>abc123</apikey>
        <theme>default</theme>
--- a/test/h3/config.xml
+++ b/test/h3/config.xml
@ -45,7 +45,7 @@
    <device id="373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" name="s3" compression="metadata" introducer="false">
        <address>tcp://127.0.0.1:22003</address>
    </device>
-    <gui enabled="true" tls="false">
+    <gui enabled="true" tls="false" debugging="true">
        <address>127.0.0.1:8083</address>
        <apikey>abc123</apikey>
        <theme>default</theme>
--- a/test/h4/config.xml
+++ b/test/h4/config.xml
@ -18,7 +18,7 @@
    <device id="7PBCTLL-JJRYBSA-MOWZRKL-MSDMN4N-4US4OMX-SYEXUS4-HSBGNRY-CZXRXAT" name="s4" compression="metadata" introducer="false">
        <address>dynamic</address>
    </device>
-    <gui enabled="true" tls="false">
+    <gui enabled="true" tls="false" debugging="true">
        <address>127.0.0.1:8084</address>
        <apikey>PMA5yUTG-Mw98nJ0YEtWTCHlM5O4aNi0</apikey>
        <theme>default</theme>