From 2e2898e17ccdd40c3d24931531502d27297468a5 Mon Sep 17 00:00:00 2001
From: jianglai <jianglai@google.com>
Date: Tue, 14 Aug 2018 08:31:50 -0700
Subject: [PATCH] Fix WHOIS issues

[1] Web whois should redirect to www.registry.google. whois.registry.google also points to the proxy IP, so redirecting to whois.registry.google just makes it loop. Also allow HEAD in web whois request in case that is used in monitoring.

[2] Separately, there's a bug introduced in [] where exception handling of inbound messages is moved to HttpsRelayServiceHandler. However the quota handlers are installed behind the HttpServiceServiceHandler in the channel pipeline, therefore the exception thrown in quota handlers never got processed. This results in hung connection when quota exceeded.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=208651011
---
 java/google/registry/proxy/handler/QuotaHandler.java |  5 +----
 java/google/registry/proxy/handler/RelayHandler.java | 12 ++++++++++++
 .../proxy/handler/WebWhoisRedirectHandler.java       |  7 +++++--
 .../proxy/handler/WebWhoisRedirectHandlerTest.java   |  4 ++--
 4 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/java/google/registry/proxy/handler/QuotaHandler.java b/java/google/registry/proxy/handler/QuotaHandler.java
index 7c2c2071d..1381d72c9 100644
--- a/java/google/registry/proxy/handler/QuotaHandler.java
+++ b/java/google/registry/proxy/handler/QuotaHandler.java
@@ -79,10 +79,7 @@ public abstract class QuotaHandler extends ChannelInboundHandlerAdapter {
 
   static class OverQuotaException extends Exception {
     OverQuotaException(String protocol, String userId) {
-      super(
-          String.format(
-              "\nPROTOCOL: %s\nUSER ID: %s\nQuota exceeded, terminating connection.",
-              protocol, userId));
+      super(String.format("Quota exceeded for: PROTOCOL: %s, USER ID: %s", protocol, userId));
     }
   }
 
diff --git a/java/google/registry/proxy/handler/RelayHandler.java b/java/google/registry/proxy/handler/RelayHandler.java
index 5f3afc2af..dc4e7862c 100644
--- a/java/google/registry/proxy/handler/RelayHandler.java
+++ b/java/google/registry/proxy/handler/RelayHandler.java
@@ -17,6 +17,7 @@ package google.registry.proxy.handler;
 import static google.registry.proxy.Protocol.PROTOCOL_KEY;
 
 import com.google.common.flogger.FluentLogger;
+import google.registry.proxy.handler.QuotaHandler.OverQuotaException;
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelHandlerContext;
@@ -70,6 +71,17 @@ public class RelayHandler<I> extends SimpleChannelInboundHandler<I> {
     }
   }
 
+  @Override
+  public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
+    if (cause instanceof OverQuotaException) {
+      logger.atWarning().withCause(cause).log(
+          "Channel %s closed due to quota exceeded", ctx.channel());
+      ChannelFuture unusedFuture = ctx.close();
+    } else {
+      ctx.fireExceptionCaught(cause);
+    }
+  }
+
   public static void writeToRelayChannel(
       Channel channel, Channel relayChannel, Object msg, boolean retry) {
     ChannelFuture unusedFuture =
diff --git a/java/google/registry/proxy/handler/WebWhoisRedirectHandler.java b/java/google/registry/proxy/handler/WebWhoisRedirectHandler.java
index e7bacb3ad..9ab57b86e 100644
--- a/java/google/registry/proxy/handler/WebWhoisRedirectHandler.java
+++ b/java/google/registry/proxy/handler/WebWhoisRedirectHandler.java
@@ -22,6 +22,7 @@ import static io.netty.handler.codec.http.HttpHeaderNames.LOCATION;
 import static io.netty.handler.codec.http.HttpHeaderValues.KEEP_ALIVE;
 import static io.netty.handler.codec.http.HttpHeaderValues.TEXT_PLAIN;
 import static io.netty.handler.codec.http.HttpMethod.GET;
+import static io.netty.handler.codec.http.HttpMethod.HEAD;
 import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST;
 import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN;
 import static io.netty.handler.codec.http.HttpResponseStatus.FOUND;
@@ -32,6 +33,7 @@ import static io.netty.handler.codec.http.HttpVersion.HTTP_1_1;
 
 import com.google.common.base.Splitter;
 import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
 import com.google.common.flogger.FluentLogger;
 import io.netty.channel.ChannelFuture;
 import io.netty.channel.ChannelFutureListener;
@@ -39,6 +41,7 @@ import io.netty.channel.ChannelHandlerContext;
 import io.netty.channel.SimpleChannelInboundHandler;
 import io.netty.handler.codec.http.DefaultFullHttpResponse;
 import io.netty.handler.codec.http.FullHttpResponse;
+import io.netty.handler.codec.http.HttpMethod;
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpUtil;
 import java.time.Duration;
@@ -75,6 +78,7 @@ public class WebWhoisRedirectHandler extends SimpleChannelInboundHandler<HttpReq
 
   private static final String HSTS_HEADER_NAME = "Strict-Transport-Security";
   private static final Duration HSTS_MAX_AGE = Duration.ofDays(365);
+  private static final ImmutableList<HttpMethod> ALLOWED_METHODS = ImmutableList.of(GET, HEAD);
 
   private final boolean isHttps;
   private final String redirectHost;
@@ -87,8 +91,7 @@ public class WebWhoisRedirectHandler extends SimpleChannelInboundHandler<HttpReq
   @Override
   protected void channelRead0(ChannelHandlerContext ctx, HttpRequest msg) {
     FullHttpResponse response;
-    // We only support GET, any other HTTP method should result in 405 error.
-    if (!msg.method().equals(GET)) {
+    if (!ALLOWED_METHODS.contains(msg.method())) {
       response = new DefaultFullHttpResponse(HTTP_1_1, METHOD_NOT_ALLOWED);
     } else if (Strings.isNullOrEmpty(msg.headers().get(HOST))) {
       response = new DefaultFullHttpResponse(HTTP_1_1, BAD_REQUEST);
diff --git a/javatests/google/registry/proxy/handler/WebWhoisRedirectHandlerTest.java b/javatests/google/registry/proxy/handler/WebWhoisRedirectHandlerTest.java
index f4810944a..e61385c92 100644
--- a/javatests/google/registry/proxy/handler/WebWhoisRedirectHandlerTest.java
+++ b/javatests/google/registry/proxy/handler/WebWhoisRedirectHandlerTest.java
@@ -62,7 +62,7 @@ public class WebWhoisRedirectHandlerTest {
   // HTTP redirect tests.
 
   @Test
-  public void testSuccess_http_notGet() {
+  public void testSuccess_http_methodNotAllowed() {
     setupChannel(false);
     request = makeHttpPostRequest("", TARGET_HOST, "/");
     // No inbound message passed to the next handler.
@@ -156,7 +156,7 @@ public class WebWhoisRedirectHandlerTest {
   // HTTPS redirect tests.
 
   @Test
-  public void testSuccess_https_notGet() {
+  public void testSuccess_https_methodNotAllowed() {
     setupChannel(true);
     request = makeHttpPostRequest("", TARGET_HOST, "/");
     // No inbound message passed to the next handler.