Support for POST + other improvements of the server #657
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joka921
changed the title
added 3 commits
June 30, 2022 15:07
1. There is now proper support for GET and POST queries. The POST
queries now also allow both variants specified in the SPARQL 1.1
standard: with a URL-encoded query string ("query=...") and with content
type "application/sparql-query" and just the unencoded SPARQL query in
the body of the POST request.
2. Improved the URL parsing helper functions along the way. Eventually,
this should be done with a propery library, but until we are there,
let's improve what we have.
3. Used the opportunity to add a command-line argument for specifying
the access token to be used for restricted API calls like
clear-cache-complete. This was simple enough and completes work from an
earlier PR.
joka921
reviewed
Jul 1, 2022
src/ServerMain.cpp
Outdated
| @@ -62,6 +63,9 @@ int main(int argc, char** argv) { | |||
| "The basename of the index files (required)."); | |||
| add("port,p", po::value<int>(&port)->required(), | |||
| "The port on which HTTP requests are served (required)."); | |||
| add("access-token,a", | |||
| po::value<std::string>(&accessToken)->default_value("CHANGE_ME"), | |||
| "Access token for restricted API calls."); | |||
There was a problem hiding this comment.
Is it really ok to have the "restricted" API calls via the default "CHANGE_ME" token, when somebody forgets to set the token?
src/engine/Server.cpp
Outdated
| auto filenameAndParams = [&request]() { | ||
| if (request.method() == http::verb::get) { | ||
| // For a GET request, `request.target()` yields the part after the domain, | ||
| // which is a concatenation of the path and the query string (the query |
There was a problem hiding this comment.
For me as a human the usage of the term query (or query string) for
the GET parameters with ? and & connections is a little bit confusing, because we use query typically as a synonym for SPARQL query`
src/engine/Server.cpp
Outdated
Comment on lines
120
to
121
| // auto filenameAndParams = | ||
| // ad_utility::UrlParser::parseTarget(request.target()); |
src/engine/Server.cpp
Outdated
| LOG(DEBUG) << "Request method: \"" << request.method() << "\"" | ||
| << ", target: \"" << request.target() << "\"" | ||
| << ", body: \"" << request.body() << "\"" << std::endl; | ||
| auto filenameAndParams = [&request]() { |
There was a problem hiding this comment.
This lambda (logic + error handling + Comments) has become so long that it can become a separate (static) function of the Server class,
As it also takes only one parameter (the request).
1. If something goes wrong during query processing as far the URL parameters is concerned, the error message in the log and the error message returned to the client are now in sync. 2. Better logging also at other places, in particular, when processing the commands. 3. If the server is started without --access-token, there is now no access to the restricted API calls at all (no matter which value is provided in the URL parameters for access-token). 4. When an access token is provided and it doesn't match or the server was started without --access-toknen, the whole request is now ignored.
joka921
approved these changes
Jul 2, 2022
1. Now avoid co_await in catch block because it's against the C++ standard. 2. Also log the query processing time because it was simple enough and somewhat connected (request logging was improved at various places)
joka921
approved these changes
Jul 2, 2022
src/engine/Server.cpp
Outdated
Comment on lines
64
to
65
| std::optional<std::string> exceptionErrorMsg; | ||
| std::optional<http::response<http::string_body>> badRequestResponse; |
There was a problem hiding this comment.
Is the badRequestResponse variable unused? If so, remove it!
src/engine/Server.cpp
Outdated
| co_return co_await send(std::move(response)); | ||
| }; | ||
| // Process the request using the `process` method and if it throws an | ||
| // exception, log the error message and send a HTTP/1.1 404 Bad Request |
There was a problem hiding this comment.
I think 400 is Bad Request and 404 is not found.
Note: The log was quite inconsistent regarding what it logs and what it sends to the server. Made that more consistent now. Also logging some more relevant information to the INFO log, like the total time for processing a query or the basic parameters of a request (method, content type, accept hearders). I tested it for a number of queries and it worked alright.
joka921
approved these changes
Jul 2, 2022
1. When access to a URL parameter is denied or when there are URL parameters that were not processed, now abort the query processing with a 400 error. In particular, this has the consequence that a file is only served if there are no URL parameters (which makes sense). 2. In processQuery, now do the query planning *after* determining the media type. Before it could happen that the query planning took some time and then the processing aborted because of an invalid media type, which didnt't make sense. Log the time required for the query planning. 3. Support an explicit "ping" action with an optional message. This is useful for the qlever script and beyond. For example, the ping from the qlever script is now logged in a way that we can see that it came from the qlever script. 4. Make sparql-results+json the default media type, as required by the standard. This is possible now because the latest version of the QLever UI explicitly asks for qlever-results+json for every SPARQL query it sends. 5. ALso log the size of the result when it has been computed. This useful information was missing from the INFO log so far. 6. Minor reformatting of a few strangely formatted comments that I encountered on the way.
joka921
approved these changes
Jul 4, 2022
There was a problem hiding this comment.
Please merge it, but don't add additional features.
In the future please split different issues into different PRs, I identify at least:
- Implementation of POST
- Implementation of access tokens
- Improved logging (in various places unrelated to the above)
- more consistent error handling in the Server.
hannahbast
changed the title
hannahbast
changed the title
Thanks, but I am not totally convinced, let's talk about it later. The size of this PR is average for our PRs. I know that it started out as only adding POST. Then it turned out to become a more general improve "process" and "processQuery" because the issues I eventually dealt with (which you mention in your list) are relatively tightly connected. The --access-token was just a small leftover from a previous PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, just a TODO, but this should be feasible with relatively few lines of code.