Use Managed Identity & AzureBlobFileSystem when loading html, not proxied unauthenticated http. (#154)

* speculative synchronous authenticated proxy code

* disable public access on new container

* Get rid of async on UrlExists

* Get HTTP headers as Azure properties and inject

* base64 encode the hash, don't just ToString() (which gives Byte[])

Author: directhex

deployment/upload-index-to-container.ps1

@@ -10,7 +10,7 @@ $newContainerName = "index-$((New-Guid).ToString("N"))"
 
 Write-Host "Creating new container '$newContainerName'..."
 {
-  az storage container create --name "$newContainerName" --auth-mode login --public-access container --fail-on-exist --account-name $StorageAccountName
+  az storage container create --name "$newContainerName" --auth-mode login --public-access off --fail-on-exist --account-name $StorageAccountName
 } | Check-Failure
 
 Write-Output "##vso[task.setvariable variable=NEW_CONTAINER_NAME]$newContainerName"

src/SourceBrowser/src/Directory.Packages.props

@@ -64,6 +64,7 @@
 
     <PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Hosting.WindowsServices" Version="8.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.AzureAppServices" Version="8.0.6" />
     <PackageVersion Include="System.Resources.Extensions" Version="8.0.0" />
     <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
     <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />

src/SourceBrowser/src/SourceIndexServer/Helpers.cs

@@ -3,93 +3,31 @@
 using System.Net.Http;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.SourceBrowser.SourceIndexServer.Models;
 
 namespace Microsoft.SourceBrowser.SourceIndexServer
 {
     public static class Helpers
     {
-        public static async Task ProxyRequestAsync(this HttpContext context, HttpClient client, string targetUrl, Action<HttpRequestMessage> configureRequest = null)
+        public static async Task ProxyRequestAsync(this HttpContext context, string targetPath, Action<HttpRequestMessage> configureRequest = null)
         {
-            using (var req = new HttpRequestMessage(HttpMethod.Get, targetUrl))
+            var fs = new AzureBlobFileSystem(IndexProxyUrl);
+            var props = fs.FileProperties(targetPath);
+            context.Response.Headers.Append("Content-Md5", Convert.ToBase64String(props.ContentHash));
+            context.Response.Headers.Append("Content-Type", props.ContentType);
+            context.Response.Headers.Append("Etag", props.ETag.ToString());
+            context.Response.Headers.Append("Last-Modified", props.LastModified.ToString("R"));
+            using (var data = fs.OpenSequentialReadStream(targetPath))
             {
-                foreach (var (key, values) in context.Request.Headers)
-                {
-                    switch (key.ToLower())
-                    {
-                        // We shouldn't copy any of these request headers
-                        case "host":
-                        case "authorization":
-                        case "cookie":
-                        case "content-length":
-                        case "content-type":
-                            continue;
-                        default:
-                            req.Headers.TryAddWithoutValidation(key, values.ToArray());
-                            break;
-                    }
-                }
-
-                configureRequest?.Invoke(req);
-
-                HttpResponseMessage res = await client.SendAsync(req, HttpCompletionOption.ResponseHeadersRead).ConfigureAwait(false);
-                context.Response.RegisterForDispose(res);
-
-                foreach (var (key, values) in res.Headers)
-                {
-                    switch (key.ToLower())
-                    {
-                        // Remove headers that the response doesn't need
-                        case "set-cookie":
-                        case "x-powered-by":
-                        case "x-aspnet-version":
-                        case "server":
-                        case "transfer-encoding":
-                        case "access-control-expose-headers":
-                        case "access-control-allow-origin":
-                            continue;
-                        default:
-                            if (!context.Response.Headers.ContainsKey(key))
-                            {
-                                context.Response.Headers[key] = values.ToArray();
-                            }
-
-                            break;
-                    }
-                }
-
-                context.Response.StatusCode = (int)res.StatusCode;
-                if (res.Content != null)
-                {
-                    foreach (var (key, values) in res.Content.Headers)
-                    {
-                        if (!context.Response.Headers.ContainsKey(key))
-                        {
-                            context.Response.Headers[key] = values.ToArray();
-                        }
-                    }
-
-                    using (var data = await res.Content.ReadAsStreamAsync().ConfigureAwait(false))
-                    {
-                        await data.CopyToAsync(context.Response.Body).ConfigureAwait(false);
-                    }
-                }
+                await data.CopyToAsync(context.Response.Body).ConfigureAwait(false);
             }
         }
 
-        private static readonly HttpClient s_client = new HttpClient(new HttpClientHandler() { CheckCertificateRevocationList = true });
-
-        private static async Task<bool> UrlExistsAsync(string proxyRequestUrl)
+        private static bool UrlExists(string proxyRequestPath)
         {
-            using (var res = new HttpRequestMessage(HttpMethod.Head, proxyRequestUrl))
-            using (var req = await s_client.SendAsync(res).ConfigureAwait(false))
-            {
-                if (req.IsSuccessStatusCode)
-                {
-                    return true;
-                }
-            }
-
-            return false;
+            var fs = new AzureBlobFileSystem(IndexProxyUrl);
+            return fs.FileExists(proxyRequestPath);
         }
 
         public static async Task ServeProxiedIndex(HttpContext context, Func<Task> next)
@@ -109,15 +47,15 @@ public static async Task ServeProxiedIndex(HttpContext context, Func<Task> next)
                 return;
             }
 
-            var proxyRequestUrl = proxyUri + (path.StartsWith("/", StringComparison.Ordinal) ? path : "/" + path).ToLowerInvariant();
+            var proxyRequestPathSuffix = (path.StartsWith("/", StringComparison.Ordinal) ? path : "/" + path).ToLowerInvariant();
 
-            if (!await UrlExistsAsync(proxyRequestUrl).ConfigureAwait(false))
+            if (!UrlExists(proxyRequestPathSuffix))
             {
                 await next().ConfigureAwait(false);
                 return;
             }
 
-            await context.ProxyRequestAsync(s_client, proxyRequestUrl).ConfigureAwait(false);
+            await context.ProxyRequestAsync(proxyRequestPathSuffix).ConfigureAwait(false);
         }
 
         public static string IndexProxyUrl => Environment.GetEnvironmentVariable("SOURCE_BROWSER_INDEX_PROXY_URL");

src/SourceBrowser/src/SourceIndexServer/Models/AzureBlobFileSystem.cs

@@ -1,5 +1,6 @@
 using Azure.Identity;
 using Azure.Storage.Blobs;
+using Azure.Storage.Blobs.Models;
 using System;
 using System.Collections.Generic;
 using System.IO;
@@ -55,17 +56,27 @@ public bool FileExists(string name)
             return blob.Exists();
         }
 
+        public BlobProperties FileProperties(string name)
+        {
+            name = name.ToLowerInvariant();
+            BlobClient blob = container.GetBlobClient(name);
+
+            return blob.GetProperties();
+        }
+
         public Stream OpenSequentialReadStream(string name)
         {
             name = name.ToLowerInvariant();
             BlobClient blob = container.GetBlobClient(name);
+
             return blob.OpenRead();
         }
 
         public IEnumerable<string> ReadLines(string name)
         {
             name = name.ToLowerInvariant();
             BlobClient blob = container.GetBlobClient(name);
+
             using Stream stream = blob.OpenRead();
             using StreamReader reader = new (stream);
 

src/SourceBrowser/src/SourceIndexServer/Program.cs

@@ -1,5 +1,6 @@
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
 
 namespace Microsoft.SourceBrowser.SourceIndexServer
 {
@@ -10,11 +11,19 @@ public static void Main(string[] args)
             BuildWebHost(args).Run();
         }
 
+        public static ILogger Logger { get; set; }
+
         public static IHost BuildWebHost(string[] args) =>
             Host.CreateDefaultBuilder(args)
                 .ConfigureWebHostDefaults(
                     builder => { builder
                         .UseStartup<Startup>(); })
+                .ConfigureLogging(logging =>
+                        {
+                            logging.ClearProviders();
+                            logging.AddConsole();
+                            logging.AddAzureWebAppDiagnostics();
+                        })
                 .UseWindowsService()
                 .Build();
     }

src/SourceBrowser/src/SourceIndexServer/SourceIndexServer.csproj

@@ -10,14 +10,12 @@
   <ItemGroup>
     <PackageReference Include="Azure.Identity" />
     <PackageReference Include="Azure.Storage.Blobs" />
+    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" />
+    <PackageReference Include="Microsoft.Extensions.Logging.AzureAppServices" />
   </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\Common\Common.csproj" />
   </ItemGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Hosting.WindowsServices" />
-  </ItemGroup>
-
 </Project>

src/SourceBrowser/src/SourceIndexServer/Startup.cs

@@ -5,6 +5,7 @@
 using Microsoft.Extensions.FileProviders;
 using Microsoft.Extensions.FileProviders.Physical;
 using Microsoft.Extensions.Hosting;
+using Microsoft.Extensions.Logging;
 using Microsoft.SourceBrowser.SourceIndexServer.Models;
 
 namespace Microsoft.SourceBrowser.SourceIndexServer
@@ -64,12 +65,14 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseStaticFiles();
             app.UseRouting();
 
-
             app.UseEndpoints(endPoints =>
             {
                 endPoints.MapRazorPages();
                 endPoints.MapControllers();
             });
+
+            // Retrieve and store the logger
+            Program.Logger = app.ApplicationServices.GetService<ILogger<Program>>();
         }
     }
 }