/debug/pprof endpoints not authorized

Question

/debug/pprof endpoints not authorized

jbowens opened this issue 7 years ago · comments

I'm unable to query the /debug/pprof endpoints using a client-readwrite token. Not sure why because looking at the code, it should work.

jackson@mba ~ $ curl -u benchcore:189e01586a9ba5dcbd77b1d7e8556a02c8b4550279ffe58fe1121b7a1ba7fc91 http://54.87.209.127:1999/debug/pprof/heap
{"code":"CH011","message":"Request is unauthorized","temporary":false}

app=cored buildtag=? processID=chain-ip-172-31-24-33-1510-46c6c02bbfc8a96cc033 reqid=e1ecc22dbf6f6aaec14a at=api.go:279 t=2017-05-18T19:49:00.078775035Z status=403 chaincode=CH011 path=/debug/pprof/trace error="not authorized"
app=cored buildtag=? processID=chain-ip-172-31-24-33-1510-46c6c02bbfc8a96cc033 reqid=bb1770886ae823d54605 at=api.go:279 t=2017-05-18T19:49:04.494465172Z status=403 chaincode=CH011 path=/debug/pprof/heap error="not authorized"
app=cored buildtag=? processID=chain-ip-172-31-24-33-1510-46c6c02bbfc8a96cc033 reqid=d0d4ecc342208a6b2a81 at=api.go:279 t=2017-05-18T19:49:15.440111766Z status=403 chaincode=CH011 path=/debug/pprof/trace error="not authorized"
app=cored buildtag=? processID=chain-ip-172-31-24-33-1510-46c6c02bbfc8a96cc033 reqid=d431305c622c8c3d7892 at=api.go:279 t=2017-05-18T19:49:34.741745953Z status=403 chaincode=CH011 path=/debug/pprof/trace error="not authorized"

kr · Answer 1 · Fri May 19 2017 04:47:29 GMT+0800 (China Standard Time)

Is it possible pprof is not enabled? I think currently we return "unauthorized" for missing urls. Arguably we should be returning 404.

kr · Answer 2 · Fri May 19 2017 04:49:34 GMT+0800 (China Standard Time)

e.g.

:; curl -ki -u x:fb11a1ba50618a067604720873a474524a577703574723a64313475f23f9bb08 \
    https://localhost:1999/not-found
HTTP/1.1 403 Forbidden
Chain-Request-Id: 6a559246c6f154841ec0
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=25920000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1
Date: Thu, 18 May 2017 20:50:41 GMT
Content-Length: 71

{"code":"CH011","message":"Request is unauthorized","temporary":false}

:; curl -ki -u x:fb11a1ba50618a067604720873a474524a577703574723a64313475f23f9bb08 \
    https://localhost:1999/info
HTTP/1.1 200 OK
Chain-Request-Id: 8607627df8384e466ea3
Content-Type: application/json; charset=utf-8
Strict-Transport-Security: max-age=25920000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Xss-Protection: 1
Date: Thu, 18 May 2017 20:51:04 GMT
Content-Length: 181

{"build_commit":"?","build_config":{"is_localhost_auth":false,"is_mockhsm":true,"is_reset":true,"is_http_ok":false},"build_date":"?","is_configured":false,"version":"main/rev3132"}

Jackson Owens · Answer 3 · Fri May 19 2017 04:56:35 GMT+0800 (China Standard Time)

Interesting. I think it's always enabled? https://github.com/chain/chain/blob/96e239e7b4e3aae0c4ff3ba14e06fc1c73c61a7b/core/api.go#L186-L189