This commit will change the current behavior on disk-related errors:
* HTTP 507 "Insufficient storage" is the status on disk full or
over-quota
* HTTP 500 "Internal server error" on other disk-related errors
previously both were 400 "Bad request"
A upload is now first saved to a temporary file before it gets renamed
to the final filename. This ensures that incomplete uploads don't leave
broken files behind (at least not under their real filename).
In addition, removing failed uploads is no longer prone to a race
condition with a retried upload. That scenario could occur when the
first upload fails partway and the server doesn't notice that
immediately. A later retry by restic will then delete the broken upload
and upload the file again. If the server notices now that the initial
upload has failed, then it will delete the correctly uploaded file.
This has been fixed by only ever deleting the temporary file during
upload.
Restic uses the sha256 hash to calculate filenames based on the file
content. Check on the rest-server side that the uploaded file is intact
and reject it otherwise.
Restore the previous behaviour where the Prometheus /metrics endpoint
required auth if auth was enabled.
A new -prometheus-no-auth flag allows you to override this and disable
auth for that specific endpoint.
- Helper method for internal server errors with consistent logging.
- Add PanicOnError option to panic on internal server errors. This
makes it easier to traces where the condition was hit in testing.
- Do not allow '.' as path component, because it undermines depth
checks, and add tests
- Fix GiB reporting
- Fix metrics label
- Helper function for http errors
This contains all the glue to make Server use the new repo.Handler:
- Remove all old handlers
- Add ServeHTTP to make Server a single http.Handler
- Remove Goji routing and replace by net/http and custom routing logic
Additionally, this implements two-level backup repositories.
Refactor the old HTTP handlers to fit the purpose of the new
http.Handler:
- repo.New function to instantiate a handler for a single repo (can be done
dynamically for every request)
- Single ServeHTTP entrypoint
- Move quota management to two methods that will be implemented later
(stubs for now)
- Move metrics update to an external function (BlobMetricFunc type)
- Use constants and options for file modes
The systemd administrator may wish to use additional resource control
facilities which systemd provides. Document the existence of these, and
provide some example options in commented form.
