Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Echo response object calls flush on unflushable objects #2592

Closed
3 tasks done
qerdcv opened this issue Feb 12, 2024 · 7 comments
Closed
3 tasks done

Echo response object calls flush on unflushable objects #2592

qerdcv opened this issue Feb 12, 2024 · 7 comments

Comments

@qerdcv
Copy link

qerdcv commented Feb 12, 2024

Issue Description

The Echo Response object causes a panic when calling the Flush method with an unflushable parent writer.

For example, if you are using TimeoutMiddleware, which creates TimeoutHandler (github.com/labstack/echo/v4/middleware/timeout.go:124) and then creates a timeout writer (src/net/http/server.go:3584), and you try to call the Flush method in the echo.Context object, it will result in a panic. This happens because it doesn't check if the Writer implements the Flush method before calling it (github.com/labstack/echo/v4/response.go:87). This issue can be handled similarly to how the standard http library does it (httputil/reverseproxy.go:524).

I've noticed duplicated issues, but in my humble opinion, you should try to unpack writers and search for flushable ones, similar to how it's done in the standard library. What do you think?

Checklist

  • Dependencies installed
  • No typos
  • Searched existing issues and docs

Expected behaviour

Calling Flush method with response writers that doesn't implements Flusher interface should not panicking

Actual behaviour

Calling Flush method with response writers that doesn't implements Flusher interface is panicking

Steps to reproduce

  1. Use timeout middleware
  2. Implement endpoint that call c.(echo.Context).Response().Flush() method
  3. Curl that endpoint

Working code to debug

func main() {
	e := echo.New()
	e.Use(middleware.TimeoutWithConfig(middleware.TimeoutConfig{
		Timeout: 3 * time.Second,
	}))

	e.GET("/ping", func(c echo.Context) error {
		c.Response().Flush()
		return c.String(http.StatusOK, "pong")
	})

	if err := e.Start(":8080"); err != nil {
		log.Fatalln(err.Error())
	}
}

Version/commit

github.com/labstack/echo/v4 v4.11.4
@aldas
Copy link
Contributor

aldas commented Feb 12, 2024
edited
Loading 

	e.GET("/ping", func(c echo.Context) error {
		c.Response().Flush()
		return c.String(http.StatusOK, "pong")
	})

Is not very good example. Or lets rephrase that - this shows that Timeout middleware has problems with handling requests that want to flush the response.

We could change Response.Flush() to support unwrapping but I think we still should panic if unwrapping ends up with http.ErrNotSupported. Hiding the fact that Flush did not do anything hides potential problems. In that example we have explicit call for Flush which means that there is some requirement why we need to flush. No-oping that could be a bug.

echo/response.go

Line 86 in 29aab27

func (r *Response) Flush() {

to

func (r *Response) Flush() {
	err := http.NewResponseController(r.Writer).Flush()
	if err != nil && errors.Is(err, http.ErrNotSupported) {
		panic(fmt.Errorf("response writer flushing is not supported"))
	}
}

and make Timeout middleware support unwrapping (and other custom writers we have created)

@aldas
Copy link
Contributor

aldas commented Feb 12, 2024
edited
Loading

NB: you should avoid using Timeout middleware. In its basic form it just sends the response to the client and potentially does not end your handler goroutine if you have not properly implemented context cancellation checks.

If you want to properly handle timeout you need to implement context checks and this renders Timeout MW useless. As then you check for context.DeadlineExceeded/context.Canceled and know it is reached you will can send the response to client.

@qerdcv
Copy link
Author

qerdcv commented Feb 13, 2024

I agree that it's supposed to cause panic if flushing is not supported, but at least, it should have a chance to unwrap parent writers to check if there is a flusher one.

@qerdcv
Copy link
Author

qerdcv commented Feb 13, 2024

About timeout middleware, I don't fully understand you, It does just what I want it to do - cancel context, if timeout is reached

@aldas
Copy link
Contributor

aldas commented Feb 13, 2024
edited
Loading

I'll create PR for #2592 (comment) changes

@qerdcv in you example you are using middleware.TimeoutWithConfig this uses goroutine to serve your request. Maybe you wanted to use middleware.ContextTimeout() ?

There are recommendations for timeout handling at the start of https://github.com/labstack/echo/blob/ea529bbab6602db8bd9fc0746405a3687ffbd885/middleware/timeout.go

@qerdcv
Copy link
Author

qerdcv commented Feb 13, 2024
edited
Loading

It seems that you are right.
I'll recheck what behaviour exactly I need.
Thanks!

@aldas aldas mentioned this issue Feb 20, 2024
Merged
@aldas
Copy link
Contributor

aldas commented Mar 9, 2024

done in #2595

@aldas aldas closed this as completed Mar 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aldas @qerdcv