Buffer API failure responses in memory

20ee508c · Jacob Vosmaer · 5aa350e3 · 20ee508c
Commit 20ee508c authored Dec 16, 2016 by Jacob Vosmaer
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 5 deletions

internal/api/api.go internal/api/api.go +20 -5

No files found.
--- a/internal/api/api.go
+++ b/internal/api/api.go
 package api
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -187,8 +188,24 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler
 			helper.Fail500(w, r, err)
 			return
 		}
+		if httpResponse != nil {
+			defer func() {
+				httpResponse.Body.Close()
+			}()
+		}
 		if httpResponse.StatusCode != http.StatusOK {
+			// NGINX response buffering is disabled on this path (with
+			// X-Accel-Buffering: no) but we still want to free up the Unicorn worker
+			// that generated httpResponse as fast as possible. To do this we buffer
+			// the entire response body in memory before sending it on.
+			responseBody := &bytes.Buffer{}
+			_, err := io.Copy(responseBody, httpResponse.Body)
+			if err != nil {
+				helper.Fail500(w, r, err)
+			}
+			httpResponse.Body.Close() // Free up the Unicorn worker
 			for k, v := range httpResponse.Header {
 				// Accomodate broken clients that do case-sensitive header lookup
 				if k == "Www-Authenticate" {
@@ -198,14 +215,12 @@ func (api *API) PreAuthorizeHandler(next HandleFunc, suffix string) http.Handler
 				}
 			}
 			w.WriteHeader(httpResponse.StatusCode)
-			io.Copy(w, httpResponse.Body)
+			io.Copy(w, responseBody)
-			httpResponse.Body.Close()
 			return
 		}
-		// Close the body immediately, rather than waiting for the next handler
-		// to complete
+		httpResponse.Body.Close() // Free up the Unicorn worker
-		httpResponse.Body.Close()
 		// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
 		// header to the client even in case of success as per RFC4559.