Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add Drop method to DefaultCtx for silent connection termination #3257

Merged
merged 11 commits into from
Dec 23, 2024

Conversation

ryanbekhen
Copy link
Member

Description

This pull request introduces the Drop method to the DefaultCtx structure. The Drop method allows developers to silently terminate client connections without sending any HTTP headers or response body. This functionality is particularly useful for scenarios such as:

  • Mitigating DDoS attacks.
  • Blocking access to sensitive endpoints.
  • Enhancing resource management by closing unwanted connections.

This addition aligns with Fiber’s goal of providing high-performance web server functionalities with fine-grained control.

Fixes #3252

Changes introduced

  • Benchmarks: Describe any performance benchmarks and improvements related to the changes.
  • Documentation Update: Detail the updates made to the documentation and links to the changed files.
  • Changelog/What's New: Include a summary of the additions for the upcoming release notes.
  • Migration Guide: If necessary, provide a guide or steps for users to migrate their existing code to accommodate these changes.
  • API Alignment with Express: Explain how the changes align with the Express API.
  • API Longevity: Discuss the steps taken to ensure that the new or updated APIs are consistent and not prone to breaking changes.
  • Examples: Provide examples demonstrating the new features or changes in action.

Type of change

  • New feature (non-breaking change which adds functionality)
  • Enhancement (improvement to existing features and functionality)
  • Documentation update (changes to documentation)
  • Performance improvement (non-breaking change which improves efficiency)
  • Code consistency (non-breaking change which improves code reliability and robustness)

Checklist

Before you submit your pull request, please make sure you meet these requirements:

  • Followed the inspiration of the Express.js framework for new functionalities, making them similar in usage.
  • Conducted a self-review of the code and provided comments for complex or critical parts.
  • Updated the documentation in the /docs/ directory for Fiber's documentation.
  • Added or updated unit tests to validate the effectiveness of the changes or new features.
  • Ensured that new and existing unit tests pass locally with the changes.
  • Verified that any new dependencies are essential and have been agreed upon by the maintainers/community.
  • Aimed for optimal performance with minimal allocations in the new code.
  • Provided benchmarks for the new code to analyze and improve upon.

Commit formatting

Please use emojis in commit messages for an easy way to identify the purpose or intention of a commit. Check out the emoji cheatsheet here: CONTRIBUTING.md

Introduced a Drop method in DefaultCtx for closing connections, enabling easier resource management. Removed unnecessary nil-checks for headers in manager_msgp to simplify code logic. Added a unit test to ensure the new Drop method behaves as expected.
The `Drop` method allows silently terminating client connections without sending HTTP headers or a response body. This is useful for scenarios like mitigating DDoS attacks or blocking unauthorized access to sensitive endpoints. Example usage and function signature are included in the updated documentation.
@ryanbekhen ryanbekhen requested a review from a team as a code owner December 20, 2024 03:13
@ryanbekhen ryanbekhen requested review from gaby, sixcolors, ReneWerner87 and efectn and removed request for a team December 20, 2024 03:13
Copy link
Contributor

coderabbitai bot commented Dec 20, 2024

Walkthrough

This pull request introduces a new Drop() method to the Fiber web framework's context (Ctx) interface and implementation. The method allows developers to silently terminate HTTP requests without sending any response headers or body. It provides a mechanism to close the underlying connection, which can be useful for scenarios like DDoS protection or hiding sensitive endpoints by preventing response generation.

Changes

File Change Summary
ctx.go Added Drop() method to DefaultCtx struct to close connection
ctx_interface_gen.go Added Drop() method to Ctx interface
ctx_test.go Implemented test cases for Drop() method functionality
docs/api/ctx.md Updated documentation with Drop() method description and usage example
middleware/cache/manager_msgp.go Removed conditional check for initializing empty byte slice during decoding

Assessment against linked issues

Objective Addressed Explanation
Silent request termination [#3252]
Method name selection [#3252] Drop() method chosen as proposed
No changes to existing methods [#3252]

Possibly related PRs

Suggested reviewers

  • gaby
  • ReneWerner87
  • sixcolors

Poem

🐰 A rabbit's tale of connection's might,
Where requests drop without a fight,
Silent as a whisker's sway,
No response to lead astray,
Fiber's magic, clean and bright! 🌐

Tip

CodeRabbit's docstrings feature is now available as part of our Early Access Program! Simply use the command @coderabbitai generate docstrings to have CodeRabbit automatically generate docstrings for your pull request. We would love to hear your feedback on Discord.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
ctx_test.go (1)

5850-5863: LGTM! The test case verifies the basic Drop() functionality.

The test properly verifies that Drop() terminates the connection without sending a response. The test is well structured with parallel execution enabled.

Consider adding additional test cases to verify:

  • Calling Drop() after writing some response data
  • Calling Drop() from different middleware positions
  • Verifying Drop() behavior with different HTTP methods
  • Testing Drop() with concurrent requests

Here's a suggested test case structure:

func Test_Ctx_Drop_AfterWrite(t *testing.T) {
    t.Parallel()
    app := New()
    app.Get("/drop-after-write", func(c Ctx) error {
        c.Write([]byte("partial response"))
        return c.Drop()
    })
    // Test and verify behavior
}
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1c9b6ce and 0673cf7.

📒 Files selected for processing (5)
  • ctx.go (1 hunks)
  • ctx_interface_gen.go (1 hunks)
  • ctx_test.go (1 hunks)
  • docs/api/ctx.md (1 hunks)
  • middleware/cache/manager_msgp.go (0 hunks)
💤 Files with no reviewable changes (1)
  • middleware/cache/manager_msgp.go
🧰 Additional context used
🪛 Markdownlint (0.37.0)
docs/api/ctx.md

487-487: Expected: 1; Actual: 2
Multiple consecutive blank lines

(MD012, no-multiple-blanks)

🪛 GitHub Check: markdownlint
docs/api/ctx.md

[failure] 487-487: Multiple consecutive blank lines
docs/api/ctx.md:487 MD012/no-multiple-blanks Multiple consecutive blank lines [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.36.1/doc/md012.md

🔇 Additional comments (4)
ctx_interface_gen.go (1)

353-353: LGTM! Interface addition is clean and well-placed.

The new Drop() method follows the existing interface patterns with appropriate error handling.

docs/api/ctx.md (1)

466-486: Documentation is comprehensive and well-structured.

The documentation clearly explains the purpose, provides a practical example, and follows the established documentation style.

ctx.go (2)

1982-1986: Implementation is efficient and correct.

The method efficiently terminates the connection by directly accessing the underlying connection. The nolint directive is appropriately used as error wrapping would not add value in this case.


1982-1986: Consider logging dropped connections in production.

While the implementation is correct, it's recommended to add logging when connections are dropped to help monitor potential abuse or issues in production.

Consider implementing rate limiting or connection tracking to prevent abuse of this feature.

Copy link

codecov bot commented Dec 20, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 82.77%. Comparing base (1c9b6ce) to head (099cbad).
Report is 1 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #3257      +/-   ##
==========================================
+ Coverage   82.72%   82.77%   +0.04%     
==========================================
  Files         115      115              
  Lines       11365    11362       -3     
==========================================
+ Hits         9402     9405       +3     
+ Misses       1557     1551       -6     
  Partials      406      406              
Flag Coverage Δ
unittests 82.77% <100.00%> (+0.04%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Eliminated an unnecessary blank line in the API context documentation for improved readability and formatting consistency. No functional changes were made to the content.
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
docs/api/ctx.md (1)

466-472: Enhance the method description with more details.

The description could be more explicit about the connection closure mechanism and its implications.

Consider adding:

  • Mention that it closes the underlying TCP connection
  • Note about potential client behavior (connection reset)
  • Warning about proper error handling in client code
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0673cf7 and 54bcca0.

📒 Files selected for processing (1)
  • docs/api/ctx.md (1 hunks)

docs/api/ctx.md Outdated Show resolved Hide resolved
Revised the example code in the API documentation to return a generic "Hello World!" string instead of a dynamic response. This improves consistency and simplifies the example for easier understanding.
ctx_test.go Show resolved Hide resolved
ctx.go Outdated Show resolved Hide resolved
Copy link
Member

@gaby gaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comments

@gaby gaby added the v3 label Dec 20, 2024
Simplified the Drop method by inlining the connection close call. Added new test cases to ensure proper handling of no-response scenarios and improved overall test coverage.
@ryanbekhen
Copy link
Member Author

@gaby I have pushed the changes. please check.

@gaby
Copy link
Member

gaby commented Dec 20, 2024

@gaby I have pushed the changes. please check.

Fix the golangci-lint issue, and it should be good.

@gaby gaby requested a review from grivera64 December 20, 2024 03:38
@gaby
Copy link
Member

gaby commented Dec 20, 2024

@grivera64 Added you to reviewers since you did the initial research on this.

@ryanbekhen
Copy link
Member Author

@gaby done

Copy link
Member

@gaby gaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 LGTM

Copy link
Member

@grivera64 grivera64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for helping with this issue!

I just have a few minor comments, please take a look.

ctx.go Show resolved Hide resolved
ctx_test.go Outdated Show resolved Hide resolved
@ReneWerner87
Copy link
Member

@coderabbitai what is the name of the method in expressjs which is the same as this feature

Copy link
Contributor

coderabbitai bot commented Dec 20, 2024

Tip

For best results, initiate chat on the files or code changes.

@ReneWerner87 In Express.js, there isn’t a direct equivalent named method for silently dropping a connection like Fiber’s “Drop()”. The closest approach is to forcibly close the underlying socket by calling something like “req.socket.destroy()” (or “res.destroy()” in newer Node versions). This abruptly ends the connection without sending a response body or headers.

@ReneWerner87
Copy link
Member

@coderabbitai suggest good method names for this feature

Copy link
Contributor

coderabbitai bot commented Dec 20, 2024

Tip

For best results, initiate chat on the files or code changes.

@ReneWerner87 Here are a few method name suggestions that clearly convey the intent of silently terminating the connection:

  1. DropConnection
  2. TerminateSilently
  3. TerminateConnection
  4. AbortConnection
  5. CloseSilently

@ReneWerner87
Copy link
Member

should we use a different name? what do you say @gofiber/maintainers ?

Copy link
Member

@sixcolors sixcolors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution! The Drop method is a valuable addition to the Ctx interface, and the accompanying documentation and tests are solid. I have a couple of minor suggestions for further improvements:

  1. Error Handling:

    • The Drop method includes a nolint:wrapcheck directive. Adding a comment to explain why error wrapping is intentionally avoided could be helpful for maintainers and future contributors.
  2. Test Coverage:

    • While the test for Drop is thorough, edge cases like attempting to Drop an already-closed connection could be tested to ensure robust behavior. Also, While I verified that middleware works as expected with Drop, it might be beneficial to include explicit test cases verifying middleware behavior when Drop is called. This ensures future changes do not inadvertently break compatibility.

    For example:

    // Middleware that sets a header after the handler is called
    app.Use(func(c Ctx) error {
        err := c.Next()
        c.Response().Header.Set("X-Test", "test")
        return err
    })

@sixcolors
Copy link
Member

sixcolors commented Dec 20, 2024

should we use a different name? what do you say @gofiber/maintainers ?

The name Drop feels idiomatic for Go, given its brevity and alignment with networking terminology ("drop the connection").

If we want alternatives for clarity or consistency with other frameworks, we could consider:

  • Abort
  • Close
  • CloseSilently
  • Terminate
  • TerminateSilently

Appending "Connection" isn't necessary since this method is part of the connection context.

That said, Drop LGTM—it succinctly conveys the intent and adheres to Go's minimalist naming conventions.

@ReneWerner87
Copy link
Member

Ok then let's stick to drop

@ryanbekhen
Copy link
Member Author

@sixcolors ok, I'll make the changes later

This test ensures the correct behavior of the Ctx.Drop method when used with middleware, including response handling and error scenarios. It verifies that the middleware and handler properly handle the Drop call and its resulting effects.
The Drop method allows closing connections without sending a response, improving control over connection handling. Also updated a test assertion to use StatusOK for improved readability and consistency.
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
ctx.go (1)

1982-1986: Add documentation comment for Drop method.

The implementation looks good, but please add a documentation comment explaining the method's purpose and behavior.

+// Drop closes the underlying connection without sending any response headers or body.
+// This can be useful for silently terminating client connections, such as in DDoS mitigation
+// or when blocking access to sensitive endpoints.
 func (c *DefaultCtx) Drop() error {
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e4bede2 and 4137cb3.

📒 Files selected for processing (2)
  • ctx.go (1 hunks)
  • ctx_test.go (1 hunks)
🔇 Additional comments (1)
ctx_test.go (1)

5850-5905: LGTM! Comprehensive test coverage.

The test cases thoroughly verify the Drop method's functionality, including:

  • Basic Drop behavior
  • Middleware interaction
  • Error handling
  • Response validation

Explain the rationale for not wrapping errors in the Drop method. Emphasize that the returned error is solely for logging and not for further propagation or processing.
Clarified the `Drop` method's behavior, specifying that it closes the connection without sending headers or a body. Added examples of use cases, such as DDoS mitigation and blocking sensitive endpoints.
@ryanbekhen
Copy link
Member Author

should we use a different name? what do you say @gofiber/maintainers ?

The name Drop feels idiomatic for Go, given its brevity and alignment with networking terminology ("drop the connection").

If we want alternatives for clarity or consistency with other frameworks, we could consider:

  • Abort
  • Close
  • CloseSilently
  • Terminate
  • TerminateSilently

Appending "Connection" isn't necessary since this method is part of the connection context.

That said, Drop LGTM—it succinctly conveys the intent and adheres to Go's minimalist naming conventions.

done, please check again.

ctx_test.go Outdated Show resolved Hide resolved
ctx_test.go Outdated Show resolved Hide resolved
Replaced the direct header setting with the `Set` method for consistency and improved clarity. Removed a test case checking for a panic on closed response body as it is no longer applicable.
@ryanbekhen
Copy link
Member Author

done @grivera64

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
ctx_test.go (1)

5850-5877: LGTM! Good test coverage.

The test effectively verifies the Drop functionality by checking both error return and nil response. It also includes a good comparison with normal handler behavior.

Consider adding a test case to verify that no response headers are sent when Drop is called, as this is a key feature of silent termination.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4137cb3 and 099cbad.

📒 Files selected for processing (2)
  • ctx.go (1 hunks)
  • ctx_test.go (1 hunks)
🔇 Additional comments (2)
ctx.go (1)

1981-1988: LGTM! Clean and efficient implementation.

The Drop method provides a simple and effective way to silently terminate client connections. The error handling is appropriately lightweight, and the code is well-documented.

ctx_test.go (1)

5879-5901: LGTM! Good middleware interaction test.

The test effectively verifies that Drop behavior is maintained even when used with middleware, ensuring that middleware operations don't interfere with the connection termination.

Copy link
Member

@gaby gaby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Copy link
Member

@grivera64 grivera64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as well! 🚀

@ReneWerner87 ReneWerner87 merged commit 58677d5 into gofiber:main Dec 23, 2024
14 checks passed
@ReneWerner87 ReneWerner87 added this to the v3 milestone Dec 23, 2024
@ryanbekhen ryanbekhen deleted the feat/ctx-drop-connection branch December 23, 2024 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: No status
Development

Successfully merging this pull request may close these issues.

📝 [Proposal]: Add silent request termination
6 participants