[server] Share ClientMetadata and trace clientType

Author: geropl

components/server/ee/src/workspace/gitpod-server-impl.ts

@@ -40,6 +40,7 @@ import { GitLabAppSupport } from "../gitlab/gitlab-app-support";
 import { Config } from "../../../src/config";
 import { SnapshotService, WaitForSnapshotOptions } from "./snapshot-service";
 import { SafePromise } from "@gitpod/gitpod-protocol/lib/util/safe-promise";
+import { ClientMetadata } from "../../../src/websocket/websocket-connection-manager";
 
 @injectable()
 export class GitpodServerEEImpl extends GitpodServerImpl {
@@ -72,8 +73,8 @@ export class GitpodServerEEImpl extends GitpodServerImpl {
 
     @inject(SnapshotService) protected readonly snapshotService: SnapshotService;
 
-    initialize(client: GitpodClient | undefined, user: User | undefined, accessGuard: ResourceAccessGuard, clientHeaderFields: ClientHeaderFields): void {
-        super.initialize(client, user, accessGuard, clientHeaderFields);
+    initialize(client: GitpodClient | undefined, user: User | undefined, accessGuard: ResourceAccessGuard, clientMetadata: ClientMetadata, clientHeaderFields: ClientHeaderFields): void {
+        super.initialize(client, user, accessGuard, clientMetadata, clientHeaderFields);
 
         this.listenToCreditAlerts();
         this.listenForPrebuildUpdates();

components/server/src/server.ts

@@ -29,7 +29,7 @@ import { RabbitMQConsensusLeaderMessenger } from './consensus/rabbitmq-consensus
 import { WorkspaceGarbageCollector } from './workspace/garbage-collector';
 import { WorkspaceDownloadService } from './workspace/workspace-download-service';
 import { MonitoringEndpointsApp } from './monitoring-endpoints';
-import { WebsocketClientType, WebsocketConnectionManager } from './websocket/websocket-connection-manager';
+import { WebsocketConnectionManager } from './websocket/websocket-connection-manager';
 import { DeletedEntryGC, PeriodicDbDeleter, TypeORM } from '@gitpod/gitpod-db/lib';
 import { OneTimeSecretServer } from './one-time-secret-server';
 import { Disposable, DisposableCollection, GitpodClient, GitpodServer } from '@gitpod/gitpod-protocol';
@@ -164,7 +164,7 @@ export class Server<C extends GitpodClient, S extends GitpodServer> {
                 if (info.req.url === '/v1') {
                     try {
                         await this.bearerAuth.auth(info.req as express.Request)
-                    } catch (e) {
+                    } catch (e) {
                         if (isBearerAuthError(e)) {
                             return callback(false, 401, e.message);
                         }
@@ -319,8 +319,8 @@ export class Server<C extends GitpodClient, S extends GitpodServer> {
             help: 'Currently served websocket connections',
             labelNames: ["clientType"],
         });
-        this.websocketConnectionHandler.onConnectionCreated((_, req) => gauge.inc({ clientType: WebsocketClientType.getClientType(req) || "undefined" }));
-        this.websocketConnectionHandler.onConnectionClosed((_, req) => gauge.dec({ clientType: WebsocketClientType.getClientType(req) || "undefined" }));
+        this.websocketConnectionHandler.onConnectionCreated((s, _) => gauge.inc({ clientType: s.clientMetadata.type || "undefined" }));
+        this.websocketConnectionHandler.onConnectionClosed((s, _) => gauge.dec({ clientType: s.clientMetadata.type || "undefined" }));
     }
 
     protected installWebsocketClientContextGauge() {
@@ -329,7 +329,7 @@ export class Server<C extends GitpodClient, S extends GitpodServer> {
             help: 'Currently served client contexts',
             labelNames: ["authLevel"],
         });
-        this.websocketConnectionHandler.onClientContextCreated((ctx) => gauge.inc({ authLevel: ctx.authLevel }));
-        this.websocketConnectionHandler.onClientContextClosed((ctx) => gauge.dec({ authLevel: ctx.authLevel }));
+        this.websocketConnectionHandler.onClientContextCreated((ctx) => gauge.inc({ authLevel: ctx.clientMetadata.authLevel }));
+        this.websocketConnectionHandler.onClientContextClosed((ctx) => gauge.dec({ authLevel: ctx.clientMetadata.authLevel }));
     }
 }

components/server/src/user/enforcement-endpoint.ts

@@ -17,6 +17,7 @@ import { ResponseError } from 'vscode-jsonrpc';
 import { ErrorCodes } from '@gitpod/gitpod-protocol/lib/messaging/error';
 import { GitpodServerImpl } from '../workspace/gitpod-server-impl';
 import { ResourceAccessGuard, OwnerResourceGuard } from '../auth/resource-access';
+import { ClientMetadata } from '../websocket/websocket-connection-manager';
 
 export const EnforcementControllerServerFactory = Symbol('EnforcementControllerServerFactory');
 export type EnforcementControllerServerFactory = () => GitpodServerImpl;
@@ -47,7 +48,7 @@ export class EnforcementController {
             another architecture is not necessary.
         */
         const server = this.serverFactory()
-        server.initialize(undefined, user, resourceAccessGuard, {});
+        server.initialize(undefined, user, resourceAccessGuard, ClientMetadata.from(user.id), {});
         return server;
     }
 

components/server/src/websocket/websocket-connection-manager.ts

@@ -31,7 +31,7 @@ const EVENT_CLIENT_CONTEXT_CLOSED = "EVENT_CLIENT_CONTEXT_CLOSED";
 
 /** TODO(gpl) Refine this list */
 export type WebsocketClientType = "browser" | "go-client" | "vs-code";
-export namespace WebsocketClientType {
+namespace WebsocketClientType {
     export function getClientType(req: express.Request): WebsocketClientType | undefined {
         const userAgent = req.headers["user-agent"];
 
@@ -58,9 +58,10 @@ export interface ClientMetadata {
     authLevel: WebsocketAuthenticationLevel,
     sessionId?: string;
     userId?: string;
+    type?: WebsocketClientType;
 }
 export namespace ClientMetadata {
-    export function from(userId: string | undefined, sessionId?: string): ClientMetadata {
+    export function from(userId: string | undefined, sessionId?: string, type?: WebsocketClientType): ClientMetadata {
         let id = "anonymous";
         let authLevel: WebsocketAuthenticationLevel = "anonymous";
         if (userId) {
@@ -70,25 +71,22 @@ export namespace ClientMetadata {
             id = `session-${sessionId}`;
             authLevel = "session";
         }
-        return { id, authLevel, userId, sessionId };
+        return { id, authLevel, userId, sessionId, type };
     }
 }
 
 export class WebsocketClientContext {
     constructor(
-        /**
-         * We try to be as specific as we can when identifying client connections.
-         * If we now the userId, this will be the userId. If we just have a session, this is the sessionId (prefixed by `session-`).
-         * If it's a
-         */
-        public readonly clientId: string,
-
-        public readonly authLevel: WebsocketAuthenticationLevel
+        public readonly clientMetadata: ClientMetadata,
     ) {}
 
     /** This list of endpoints serving client connections 1-1 */
     protected servers: GitpodServerImpl[] = [];
 
+    get clientId(): string {
+        return this.clientMetadata.id;
+    }
+
     addEndpoint(server: GitpodServerImpl) {
         this.servers.push(server);
     }
@@ -124,7 +122,7 @@ export class WebsocketConnectionManager implements ConnectionHandler {
             this.createProxyTarget.bind(this),
             this.createAccessGuard.bind(this),
             this.createRateLimiter.bind(this),
-            this.getClientId.bind(this),
+            this.getClientMetadata.bind(this),
         );
     }
 
@@ -167,7 +165,7 @@ export class WebsocketConnectionManager implements ConnectionHandler {
             clientRegion: takeFirst(expressReq.headers["x-glb-client-region"]),
         };
 
-        gitpodServer.initialize(client, user, resourceGuard, clientHeaderFields);
+        gitpodServer.initialize(client, user, resourceGuard, clientContext.clientMetadata, clientHeaderFields);
         client.onDidCloseConnection(() => {
             gitpodServer.dispose();
             increaseApiConnectionClosedCounter();
@@ -193,25 +191,26 @@ export class WebsocketConnectionManager implements ConnectionHandler {
     }
 
     protected getOrCreateClientContext(expressReq: express.Request): WebsocketClientContext {
-        const { id: clientId, authLevel } = this.getClientId(expressReq);
-        let ctx = this.contexts.get(clientId);
+        const metadata = this.getClientMetadata(expressReq);
+        let ctx = this.contexts.get(metadata.id);
         if (!ctx) {
-            ctx = new WebsocketClientContext(clientId, authLevel);
-            this.contexts.set(clientId, ctx);
+            ctx = new WebsocketClientContext(metadata);
+            this.contexts.set(metadata.id, ctx);
             this.events.emit(EVENT_CLIENT_CONTEXT_CREATED, ctx);
         }
         return ctx;
     }
 
-    protected getClientId(req?: object): ClientMetadata {
+    protected getClientMetadata(req?: object): ClientMetadata {
         const expressReq = req as express.Request;
         const user = expressReq.user;
         const sessionId = expressReq.session?.id;
-        return ClientMetadata.from(user?.id, sessionId);
+        const type = WebsocketClientType.getClientType(expressReq);
+        return ClientMetadata.from(user?.id, sessionId, type);
     }
 
     protected createRateLimiter(req?: object): RateLimiter {
-        const { id: clientId } = this.getClientId(req);
+        const { id: clientId } = this.getClientMetadata(req);
         return {
             user: clientId,
             consume: (method) => UserRateLimiter.instance(this.rateLimiterConfig).consume(clientId, method),
@@ -294,12 +293,7 @@ class GitpodJsonRpcProxyFactory<T extends object> extends JsonRpcProxyFactory<T>
         const userId = this.clientMetadata.userId;
         try {
             // generic tracing data
-            TraceContext.addNestedTags(ctx, {
-                client: {
-                    id: this.clientMetadata.id,
-                    authLevel: this.clientMetadata.authLevel,
-                },
-            });
+            traceClientMetadata(ctx, this.clientMetadata);
             TraceContext.setOWI(ctx, {
                 userId,
                 sessionId: this.clientMetadata.sessionId,
@@ -353,4 +347,14 @@ class GitpodJsonRpcProxyFactory<T extends object> extends JsonRpcProxyFactory<T>
         throw new ResponseError(RPCErrorCodes.InvalidRequest, "notifications are not supported");
     }
 
+}
+
+function traceClientMetadata(ctx: TraceContext, clientMetadata: ClientMetadata) {
+    TraceContext.addNestedTags(ctx, {
+        client: {
+            id: clientMetadata.id,
+            authLevel: clientMetadata.authLevel,
+            type: clientMetadata.type,
+        },
+    });
 }

components/server/src/workspace/gitpod-server-impl.ts

@@ -54,6 +54,7 @@ import { CachingBlobServiceClientProvider } from '@gitpod/content-service/lib/su
 import { IDEOptions } from '@gitpod/gitpod-protocol/lib/ide-protocol';
 import { IDEConfigService } from '../ide-config';
 import { PartialProject } from '@gitpod/gitpod-protocol/src/teams-projects-protocol';
+import { ClientMetadata } from '../websocket/websocket-connection-manager';
 
 // shortcut
 export const traceWI = (ctx: TraceContext, wi: Omit<LogContext, "userId">) => TraceContext.setOWI(ctx, wi);    // userId is already taken care of in WebsocketConnectionManager
@@ -111,6 +112,7 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
     /** Id the uniquely identifies this server instance */
     public readonly uuid: string = uuidv4();
+    public readonly clientMetadata: ClientMetadata;
     protected clientHeaderFields: ClientHeaderFields;
     protected resourceAccessGuard: ResourceAccessGuard;
     protected client: GitpodApiClient | undefined;
@@ -123,14 +125,15 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
         this.disposables.dispose();
     }
 
-    initialize(client: GitpodApiClient | undefined, user: User | undefined, accessGuard: ResourceAccessGuard, clientHeaderFields: ClientHeaderFields): void {
+    initialize(client: GitpodApiClient | undefined, user: User | undefined, accessGuard: ResourceAccessGuard, clientMetadata: ClientMetadata, clientHeaderFields: ClientHeaderFields): void {
         if (client) {
             this.disposables.push(Disposable.create(() => this.client = undefined));
         }
         this.client = client;
         this.user = user;
         this.resourceAccessGuard = accessGuard;
         this.clientHeaderFields = clientHeaderFields;
+        (this.clientMetadata as any) = clientMetadata;
 
         log.debug({ userId: this.user?.id }, `clientRegion: ${clientHeaderFields.clientRegion}`);
         log.debug({ userId: this.user?.id }, 'initializeClient');