right_sharding 1.0.3

data/README.md

@@ -0,0 +1,25 @@
+# Right Sharding
+
+Right Sharding is a Rack Middleware that makes requests aware of RightScale shards.
+See: https://wookiee.rightscale.com/display/rightscale/Sharding
+
+It currently supports RightSite and Right API requests.
+
+Maintained by the RightScale Cornsilk team.
+
+## Setup
+
+Right Sharding uses rconf to install bundler.
+
+Install latest rconf:
+$ gem install rconf
+
+Run rconf:
+$ rconf
+
+## Testing
+
+### Unit Testing
+
+Run rspec:
+$ bundle exec spec spec/

data/lib/right_sharding.rb

@@ -0,0 +1,53 @@
+basedir = File.dirname(__FILE__)
+
+#Require the core suite of RightSharding classes and modules
+require File.join(basedir, "right_sharding", "routing")
+require File.join(basedir, "right_sharding", "base_proxy")
+require File.join(basedir, "right_sharding", "current_account")
+require File.join(basedir, "right_sharding", "instance_api_proxy")
+require File.join(basedir, "right_sharding", "shard_handler")
+require File.join(basedir, "right_sharding", "user_api_proxy")
+require File.join(basedir, "right_sharding", 'extensions', 'core')
+
+
+module RightSharding
+  def self.activate(config, options = {})
+    # Ensure that this super-important module attribute is set before any init code attempts to use it!
+    RightSharding::Routing.skip_shard_routing_callback = options.delete(:skip_shard_routing_callback)
+
+    # The library uses only the CurrentAccount middleware.
+    current_account_only = options.delete(:current_account_only)
+
+    # Add middleware to update the global_session account based on received headers/params.
+    # Must come after GlobalSession.
+    config.middleware.insert_after ::Rack::MethodOverride, ::Rack::CurrentAccount, options
+
+    unless current_account_only
+      # Add the middleware to intercept the requests and reroute users to the appropriate shards
+      # It must come after GlobalSession and CurrentAccount; GlobalSession will be used for the
+      # legacy path.
+      config.middleware.insert_after ::Rack::CurrentAccount, ::Rack::ShardRouting, options
+
+      # Add the middleware to proxy the instance facing api to the appropriate shards
+      config.middleware.insert_before ::Rack::ShardRouting, ::Rack::ShardInstanceApiProxy, options
+
+      # This will proxy the specific accounts passed in the options variable.
+      config.middleware.insert_after(::Rack::ShardInstanceApiProxy, ::Rack::ShardUserApiProxy, options)
+    end
+  rescue NoMethodError => e
+    raise NoMethodError, "GlobalSession must be used first."
+  end
+end
+
+
+# HACK: monkey patch to ensure no extra headers get added
+# do not allow Rest-Client default_headers to add 'application/xml'
+# See: https://github.com/rest-client/rest-client/blob/v1.6.1/lib/restclient/request.rb#L279
+require 'rest_client'
+module RestClient
+  class Request
+    def default_headers
+      {}
+    end
+  end
+end

data/lib/right_sharding/base_proxy.rb

@@ -0,0 +1,204 @@
+#--
+# Copyright (c) 2012 RightScale, Inc, All Rights Reserved Worldwide.
+#
+# THIS PROGRAM IS CONFIDENTIAL AND PROPRIETARY TO RIGHTSCALE
+# AND CONSTITUTES A VALUABLE TRADE SECRET.  Any unauthorized use,
+# reproduction, modification, or disclosure of this program is
+# strictly prohibited.  Any use of this program by an authorized
+# licensee is strictly subject to the terms and conditions,
+# including confidentiality obligations, set forth in the applicable
+# License Agreement between RightScale, Inc. and
+# the licensee.
+#++
+
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "right_sharding"))
+
+module RightSharding
+  module Rack
+    module Middleware
+
+      class BaseProxy
+        REST_CLIENT_DEFAULT_TIMEOUT = 1000 # max time to read a response in seconds
+        REST_CLIENT_DEFAULT_OPEN_TIMEOUT = 1000 # max time to open a connection in seconds
+        class BaseProxyYield < StandardError; end
+
+        class BaseProxyException < StandardError
+          attr_reader :code, :headers, :body
+
+          def initialize(code, headers, body)
+            @env     = nil # subclass needs to set this
+            @code    = code
+            @headers = headers
+            @body    = body
+
+            super(body)
+          end
+        end
+
+        #-----------------------------------------------------------------------
+        # Rack Middleware
+        #-----------------------------------------------------------------------
+
+        def initialize(app, params = {})
+          @app = app
+
+          @config_object   = Module.const_get(params[:config_object])
+          @shard_object    = Module.const_get(params[:shard_object])
+          @sharding_object = Module.const_get(params[:sharding_object])
+          @logger          = Module.const_get(params[:logger])
+        end
+
+        # Subclass needs to implement
+        # def call(env)
+
+        #-----------------------------------------------------------------------
+        # Getters
+        #-----------------------------------------------------------------------
+
+        def get_this_shard_id
+          RightSharding::ShardHandler.fetch_this_shard_id(@config_object)
+        end
+
+        def get_shard_from_shard_id(shard_id)
+          RightSharding::ShardHandler.fetch_shard(@shard_object, shard_id)
+        end
+
+        #-----------------------------------------------------------------------
+        # General Helper
+        #-----------------------------------------------------------------------
+
+        def proxy_request_to_the_destinated_shard(hostname, options={})
+          request = get_request
+
+          rest_options           = {}
+          rest_options[:url]     = "#{request.protocol}#{hostname}:#{request.port}#{request.request_uri}"
+          rest_options[:method]  = request.method
+          rest_options[:headers] = request.get_headers_for_proxy
+          rest_options[:payload] = request.get_payload_for_proxy if request.get_payload_for_proxy
+          rest_options[:cookies] = request.get_cookies_for_proxy if request.get_cookies_for_proxy
+          rest_options[:timeout] = REST_CLIENT_DEFAULT_TIMEOUT
+          rest_options[:open_timeout] = REST_CLIENT_DEFAULT_OPEN_TIMEOUT
+
+          shard_proxy_logger(:info, "#{self.class}: Proxying the request to '#{hostname}' with url: #{rest_options[:url]}")
+
+          response = RestClient::Request.execute(rest_options)
+          if options[:proxy_global_session]
+            set_global_session_from_response(response)
+          end
+
+          [response.code, get_rack_format_response_headers(response), response.to_s]
+        rescue URI::InvalidURIError, SocketError, Errno::ECONNREFUSED, GlobalSession::ClientError => e
+          shard_proxy_logger(:error, "#{self.class}: failed: #{e.class} proxy request to url: #{rest_options[:url]}\n" + e.message + "\n  " + e.backtrace.join("\n  "))
+          [503, {}, "Unable to proxy the request to the destination '#{hostname}'. #{e.message}"]
+        rescue RestClient::Exception => e
+          shard_proxy_logger(:error, "#{self.class}: failed: #{e.class} proxy request to url: #{rest_options[:url]}\n" + e.message + "\n  " + e.backtrace.join("\n  "))
+          [e.http_code, get_rack_format_response_headers(e.response), e.response.to_s]
+        end
+
+        #-----------------------------------------------------------------------
+        # Request Helper
+        #-----------------------------------------------------------------------
+
+        def get_request
+          request = ActionController::Request.new(@env)
+
+          override_request_ssl(request)
+
+          define_get_headers_for_proxy(request)
+          define_get_payload_for_proxy(request)
+          define_get_cookies_for_proxy(request)
+
+          request
+        end
+
+        def override_request_ssl(request)
+          if (@http_proto && @http_proto == "http") || (@env['HTTP_X_FORWARDED_PROTO'] && @env['HTTP_X_FORWARDED_PROTO'].split(',')[0] == "http")
+            def request.ssl?; false; end
+          else
+            def request.ssl?; true; end
+          end
+        end
+
+        def define_get_headers_for_proxy(request)
+          def request.get_headers_for_proxy
+            pheaders = {}
+
+            # preserve headers
+            headers.each {|key, value| pheaders[$1] = value if key =~ /^HTTP_(.*)/}
+
+            # Send the 'X_FORWARDED_FOR' that we received on this server so that IP Whitelisting can check against that
+            # Prevent spoofing by calcuating the HMAC using a shared secret (in this case, the library_auth_key because
+            # we didn't want to add a new shared secret for this temporary proxy stuff)
+            forwarded_for_hmac = OpenSSL::HMAC.hexdigest('sha1', ::LIBRARY_AUTH_KEY, pheaders["X_FORWARDED_FOR"] || "")
+            pheaders["X_RS_PROXY_FORWARDED_FOR"] = "#{pheaders["X_FORWARDED_FOR"]};#{forwarded_for_hmac}"
+
+            # chain x_forwarded_for
+            pheaders["X_FORWARDED_FOR"] = [pheaders["X_FORWARDED_FOR"], self.ip].join(",") unless self.ip.blank?
+
+            pheaders
+          end
+        end
+
+        def define_get_payload_for_proxy(request)
+          def request.get_payload_for_proxy
+            raw_post.blank? ? nil : raw_post
+          end
+        end
+
+        def define_get_cookies_for_proxy(request)
+          def request.get_cookies_for_proxy
+            if headers["rack.request.cookie_hash"].blank?
+              nil
+            else
+              headers["rack.request.cookie_hash"].reject {|k, v| k !~ /rs_gbl|session_id/}
+            end
+          end
+        end
+
+        #-----------------------------------------------------------------------
+        # Response Helper
+        #-----------------------------------------------------------------------
+
+        def get_rack_format_response_headers(response)
+          response.raw_headers.inject({}) do |out, (key, value)|
+            out[key] = %w{ set-cookie }.include?(key.downcase) ? value : value.first
+            out
+          end
+        end
+
+        def set_global_session_from_response(response)
+          # Get the response's global session cookie if it exists
+          cookie_name = @env['global_session'].directory.configuration['cookie']['name']
+          cookie      = CGI.unescape(response.cookies[cookie_name]) if response.cookies[cookie_name] # unescape expects a string
+          @env['global_session'] = @env['global_session'].directory.create_session(cookie)
+        end
+
+        #-----------------------------------------------------------------------
+        # URI Parsing Helper
+        #-----------------------------------------------------------------------
+
+        def get_api_version
+          request = ActionController::Request.new(@env)
+
+          if !request.parameters.blank? && !request.parameters[:api_version].blank?
+            api_version = request.parameters[:api_version]
+          elsif !@env["HTTP_X_API_VERSION"].blank?
+            api_version = @env["HTTP_X_API_VERSION"]
+          end
+
+          return (!api_version.blank? ? api_version.to_f : nil)
+        end
+
+        #-----------------------------------------------------------------------
+        # Logging Helper
+        #-----------------------------------------------------------------------
+
+        def shard_proxy_logger(level, message)
+          @logger.send(level, "#{message}")
+        end
+
+      end
+
+    end
+  end
+end

data/lib/right_sharding/current_account.rb

@@ -0,0 +1,68 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "right_sharding"))
+
+module RightSharding
+  module Rack
+    module Middleware
+
+      class CurrentAccount
+        attr_reader :app
+        attr_reader :config_object, :logger
+        #-----------------------------------------------------------------------
+        # Rack Middleware
+        #-----------------------------------------------------------------------
+
+        def initialize(app, params = {})
+          @app = app
+
+          @config_object    = Module.const_get(params[:config_object])
+          @logger           = Module.const_get(params[:logger])
+        end
+
+        # TODO Current this replaces the account id set in env["global_session"]["account"]
+        # ultimately, we want this middleware to simply determine the correct account and set it
+        # in an env variable such as request.env['rightscale.current_account'].  Once we refactor all
+        # the apps to use that instead, we can remove the use of global_session['account']
+        def call(env)
+          reset_global_session_account(env)
+          return @app.call(env)
+        end
+
+        # Passing a X_ACCOUNT header or account query parameter can override
+        # the account provided in the global_session cookie. The X_ACCOUNT header
+        # or account query parameter must be the id of the account, and not the href.
+        #
+        # Order of precedence:
+        # "X_ACCOUNT" header > "account" query parameter > global_session
+        #
+        def reset_global_session_account(env)
+          if env['HTTP_X_ACCOUNT']
+            account_id = env['HTTP_X_ACCOUNT']
+            from = 'header'
+          elsif env['QUERY_STRING']
+            query_params = ::Rack::Utils.parse_query(env['QUERY_STRING'])
+            if query_params['account']
+              account_id = query_params['account']
+              from = 'query string'
+            end
+          end
+
+          # Only reset the account_id if it exists, is numeric, and is different from what's
+          # currently in the global session
+          if account_id && account_id =~ /\A\d+\Z/ && account_id.to_i != env["global_session"]["account"]
+            logger.info("RightSharding::CurrentAccount: Resetting global_session account: " +
+                        "#{env["global_session"]["account"]} ->  #{account_id} (#{from})")
+            env["global_session"]["account"] = account_id.to_i
+          end
+          true
+        end
+
+      end
+    end
+  end
+end
+
+module Rack
+  unless defined?(::Rack::CurrentAccount)
+    CurrentAccount = ::RightSharding::Rack::Middleware::CurrentAccount
+  end
+end

data/lib/right_sharding/extensions/core.rb

@@ -0,0 +1,10 @@
+
+# Custom core patches for Ruby 1.8.x
+if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new("1.9")
+
+# Ruby 1.8.x doesn't provide an Array#sample method, so alias it to Array#choice
+class Array
+  alias_method :sample, :choice
+end
+
+end

data/lib/right_sharding/instance_api_proxy.rb

@@ -0,0 +1,121 @@
+#--
+# Copyright (c) 2012 RightScale, Inc, All Rights Reserved Worldwide.
+#
+# THIS PROGRAM IS CONFIDENTIAL AND PROPRIETARY TO RIGHTSCALE
+# AND CONSTITUTES A VALUABLE TRADE SECRET.  Any unauthorized use,
+# reproduction, modification, or disclosure of this program is
+# strictly prohibited.  Any use of this program by an authorized
+# licensee is strictly subject to the terms and conditions,
+# including confidentiality obligations, set forth in the applicable
+# License Agreement between RightScale, Inc. and
+# the licensee.
+#++
+
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "right_sharding"))
+
+module RightSharding
+  module Rack
+    module Middleware
+
+      class InstanceApiProxy < BaseProxy
+
+        class InstanceApiProxyYield < BaseProxyYield; end
+
+        class InstanceApiProxyException < BaseProxyException; end
+
+        #-----------------------------------------------------------------------
+        # Rack Middleware
+        #-----------------------------------------------------------------------
+
+        def initialize(app, params = {})
+          super
+          @http_proto = params[:http_proto]
+        end
+
+        def call(env)
+          @env = env
+
+          if is_instance_api?(1.0)
+            unless token = get_instance_api_token_from_uri
+              raise InstanceApiProxyYield, "Unable to extract the token out: '#{@env["PATH_INFO"]}'"
+            end
+
+            unless shard_info = get_shard_info_from_database(token)
+              shard_info = get_shard_info_from_right_net(token)
+            end
+
+            unless shard_info.blank?
+              if shard_info[:shard_id] != get_this_shard_id
+                # the account is migrated
+                return proxy_request_to_the_destinated_shard(shard_info[:shard_hostname])
+              end
+            else
+              # we are here when the account/shard cannot be found or the account is disabled in every shard, we'll pass on and let the app to deal with it
+              raise InstanceApiProxyYield, "Unable to find the account/shard or the account is disabled: '#{@env["PATH_INFO"]}'"
+            end
+          end
+
+          # everything is good
+          return @app.call(env)
+        rescue InstanceApiProxyYield => e
+          shard_proxy_logger(:error, e.message)
+          return @app.call(env)
+        rescue InstanceApiProxyException => e
+          shard_proxy_logger(:error, "failed: #{e.class} " + e.message + "\n  " + e.backtrace.join("\n  "))
+          return [e.code, e.headers, e.body]
+        end
+
+        #-----------------------------------------------------------------------
+        # Getters
+        #-----------------------------------------------------------------------
+
+        def get_shard_info_from_database(token)
+          RightSharding::ShardHandler.fetch_instance_api_token_shard_id_and_hostname(token)
+        end
+
+        def get_shard_id_from_right_net(token)
+          RightNetData.get_instance(:auth_token => token)
+        rescue RightSupport::Net::NoResult => e
+          raise InstanceApiProxyException.new(503, {}, "Unable to retrieve the instance from the given token")
+        rescue RestClient::Exception => e
+          raise InstanceApiProxyException.new(e.response.code, get_rack_format_response_headers(e.response), e.response.to_s)
+        end
+
+        def get_shard_info_from_right_net(token)
+          if instance_attributes = get_shard_id_from_right_net(token)
+            if !instance_attributes[:shard_id].blank? && instance_attributes[:shard_id].to_i != 0
+              if shard = get_shard_from_shard_id(instance_attributes[:shard_id])
+                {:shard_id => shard.id, :shard_hostname => shard.hostname}
+              end
+            end
+          end
+        end
+
+        #-----------------------------------------------------------------------
+        # URI Parsing Helper
+        #-----------------------------------------------------------------------
+
+        def is_instance_api?(version)
+          @env["PATH_INFO"] =~ /(?:^|\/)api\/inst\/ec2_instances\// && get_api_version == version
+        end
+
+        def get_instance_api_token_from_uri
+          @env["PATH_INFO"][/(?:^|\/)api\/inst\/ec2_instances\/([^\/]+)(?:\/|$)/, 1]
+        end
+
+        # Overrides BaseProxy, default is to return 1.0 as the version if an API
+        # version is not detected. (required for v3 instance api requests)
+        def get_api_version
+          super || 1.0
+        end
+
+      end
+
+    end
+  end
+end
+
+module Rack
+  ShardInstanceApiProxy = ::RightSharding::Rack::Middleware::InstanceApiProxy unless defined?(::Rack::ShardInstanceApiProxy)
+end
+

data/lib/right_sharding/routing.rb

@@ -0,0 +1,298 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "right_sharding"))
+
+module RightSharding
+  # Rails routing functionality embedded into RightSharding. The module contains public utility
+  # methods; most of the actual routing and redirection logic is tucked away inside the routing
+  # middleware that lives under this namespace.
+  #
+  # @see RightSharding::Rack::Middleware::Routing
+  module Routing
+
+    # mattr_accessor is Rails feature so it is not gonna work when we run "rake spec".
+    # # mattr_accessor :skip_shard_routing_callback
+    #
+    def self.skip_shard_routing_callback
+      @@skip_shard_routing_callback ||= nil
+    end
+    def self.skip_shard_routing_callback=(skip_shard_routing_callback)
+      @@skip_shard_routing_callback = skip_shard_routing_callback
+    end
+
+    module_function
+
+    # Determine whether shard routing and account-prefixing should be skipped for a given path and request method.
+    # This delegates to a callback that should be provided by whoever initializes the Routing middleware.
+    #
+    # @see RightSharding::Rack::Middleware::Routing#initialize
+    #
+    # @return [Boolean] true if shard routing and account-prefixing should be skipped; false otherwise
+    def skip_shard_routing?(path, request_method)
+      skip_shard_routing_callback.present? && skip_shard_routing_callback.call(path, request_method)
+    end
+
+    # Extract the current-account ID from a dashboard (right_site or embedded library) path.
+    #
+    # @return [String] a numeric string, or nil if the path does not include account info
+    def fetch_current_account_id_from_path(path)
+      path[/(?:^|\/)acct\/(\d+)(?:\/|$)/, 1]
+    end
+
+    # Prepend "/acct/X" to a URL path. Does not check if the path already contains this prefix;
+    # be careful!
+    #
+    # @param [String] original_path the path-info of the original URI, e.g. "/dashboard;index"
+    # @param [Integer] account_id the account ID to prepend to the path
+    # @return [String] the original_path with an account-id prefix
+    def add_account_to_path(original_path, account_id)
+      case original_path
+      when /(?:^|\/)api(?:\/|$)/
+        original_path.sub(/(^|\/)api(\/|$)/, '\1' + "api/acct/#{account_id}" + '\2')
+      else
+        "/acct/#{account_id}" + (original_path =~ /^\// ? "" : "/") + original_path
+      end
+    end
+  end
+
+  module Rack
+    module Middleware
+
+      class Routing
+
+        attr_reader :app
+        attr_reader :config_object, :sharding_object, :logger
+
+        #-----------------------------------------------------------------------
+        # Rack Middleware
+        #-----------------------------------------------------------------------
+
+        def initialize(app, params = {})
+          @app = app
+
+          @config_object   = Module.const_get(params[:config_object])
+          @sharding_object = Module.const_get(params[:sharding_object])
+          @logger          = Module.const_get(params[:logger])
+
+          @http_proto = params[:http_proto]
+          @skip_shard_routing_callback = params[:skip_shard_routing_callback]
+        end
+
+        def call(env)
+          # On every request, we want to initialize/clear the local cache to keep track the Account and Shard map,
+          # so it can reduce the hit to any cache system. The cache exists throughout the request and only that request.
+          ShardHandler::CurrentRequestCache.init
+
+          return app.call(env) if skip_shard_routing?(env["PATH_INFO"], env["REQUEST_METHOD"])
+
+          shard_id = RightSharding::ShardHandler.fetch_this_shard_id(config_object)
+
+          # HTTP_X_FORWARDED_HOST header may contain multiple values, pick the first one
+          forward_host = (env["HTTP_X_FORWARDED_HOST"] || env["HTTP_HOST"]).split(',')[0]
+
+          # NOTE: we use HTTP_HOST instead of SERVER_NAME because:
+          #   * for the configuration like WEBrick server, it returns both hostname and port. (development env)
+          #   * for others, it only returns the hostname
+          uri_handler = new_uri_handler(get_http_proto(env),
+                                        forward_host,
+                                        env['PATH_INFO'],
+                                        env['QUERY_STRING'])
+
+          if (account_id = fetch_current_account_id_from_path(env["PATH_INFO"]))
+            requested_shard = ShardHandler.fetch_shard_id_and_hostname(sharding_object, account_id.to_i)
+
+            if requested_shard.blank? || requested_shard[:shard_id].blank?
+              # no shard info, pass the request through
+              shard_routing_logger(:error, "Could not locate shard info", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+              return app.call(env)
+            elsif requested_shard[:shard_id] != shard_id
+              # the requested account is in a different shard => redirect
+
+              # reset the hostname to a new hostname and everything else remains the same
+              reset_request_uri(uri_handler, requested_shard[:shard_hostname], env["REQUEST_METHOD"], env['PATH_INFO'], env['QUERY_STRING'])
+
+              return reroute_to_shard(uri_handler)
+            else
+              # everything good => continue to the next in the chain
+              return app.call(env)
+            end
+          else
+            ## legacy or api route
+            # always default to the account_id from global_session if none given in the url
+            if (account_id = env["global_session"]["account"])
+              requested_shard = ShardHandler.fetch_shard_id_and_hostname(sharding_object, account_id.to_i)
+
+              path_info = env['PATH_INFO']
+              # add account to the legacy route
+              if path_info && !path_info.empty?
+                # we don't rewrite the route if it is api-1.5 request
+                if path_info !~ /(?:^|\/)api\//
+                  shard_routing_logger(:info, "Missing account_id in URL", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+                  path_info = add_account_to_path(path_info, account_id)
+                else
+                  api_version = get_api_version(env, uri_handler)
+
+                  if api_version
+                    # we don't rewrite the route if it is api-1.0 instance facing request
+                    if api_version < 1.5 && path_info !~ /(?:^|\/)api\/inst\//
+                      shard_routing_logger(:error, "Invalid API (<1.5) Request", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+                      path_info = add_account_to_path(path_info, account_id)
+                    end
+                  else
+                    shard_routing_logger(:error, "Missing API version", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+                  end
+                end
+              end
+
+              # requested the account is in a different shard => redirect
+              if requested_shard.blank? || requested_shard[:shard_id].blank?
+                # no shard info, pass the request through
+                shard_routing_logger(:error, "Could not locate shard info", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+                return app.call(env)
+              elsif requested_shard[:shard_id] != shard_id
+                # reset the hostname and the path (added /acct/:id) and everything else remains the same
+                reset_request_uri(uri_handler, requested_shard[:shard_hostname], env["REQUEST_METHOD"], path_info, env['QUERY_STRING'])
+
+                return reroute_to_shard(uri_handler)
+              else
+                if uri_handler.path != path_info
+                  # rewrite request uri by adding account into the route
+                  reset_request_uri(uri_handler,
+                                    env["HTTP_X_FORWARDED_HOST"] || env["HTTP_HOST"],
+                                    env["REQUEST_METHOD"], path_info,
+                                    env['QUERY_STRING'])
+
+                  return reroute_to_shard(uri_handler)
+                else
+                  return app.call(env)
+                end
+              end
+            else
+              # Invalid
+              shard_routing_logger(:error, "Invalid Request", uri_handler, env["QUERY_STRING"], env["REQUEST_METHOD"])
+              return app.call(env)
+            end
+          end
+        ensure
+          ShardHandler::CurrentRequestCache.destroy
+        end
+
+      private ######################################################################
+        def get_http_proto(env)
+          if @http_proto
+            @http_proto
+          elsif env['HTTPS'] == 'on'
+            'https'
+          elsif env['HTTP_X_FORWARDED_SSL'] == 'on'
+            'https'
+          elsif env['HTTP_X_FORWARDED_PROTO']
+            env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+          else
+            'https'
+          end
+        end
+
+
+        #-----------------------------------------------------------------------
+        # URL Parser
+        #-----------------------------------------------------------------------
+
+        # Call through to the equivalent module method in RightSharding::Routing.
+        def fetch_current_account_id_from_path(path)
+          RightSharding::Routing.fetch_current_account_id_from_path(path)
+        end
+
+        # Call through to the equivalent module method in RightSharding::Routing.
+        def skip_shard_routing?(path, request_method)
+          RightSharding::Routing.skip_shard_routing?(path, request_method)
+        end
+
+        def get_api_version(env, uri_handler)
+          api_version = nil
+
+          if env["HTTP_X_API_VERSION"]
+            api_version = env["HTTP_X_API_VERSION"]
+          elsif uri_handler.query
+            query_hash = CGI.parse(uri_handler.query)
+
+            api_version_key = query_hash.keys.find {|query_key| query_key =~ /api_version/i}
+            api_version     = api_version_key ? query_hash[api_version_key][0] : nil
+          end
+
+          return (!api_version.blank? ? api_version.to_f : nil)
+        end
+
+        #-----------------------------------------------------------------------
+        # URI Constructor
+        #-----------------------------------------------------------------------
+
+        def new_uri_handler(schema, hostname_with_port, path_info, query_string)
+          hostname, port = hostname_with_port.split(":")
+
+          # Ensure port is a float for URI::HTTP.build to not fail
+          port = port.to_i unless port.nil?
+
+          uri_handler = if schema == "http"
+            URI::HTTP.build(:host => hostname, :port => port)
+          else
+            URI::HTTPS.build(:host => hostname, :port => port)
+          end
+
+          uri_handler.path  = path_info || ""
+          # set the query string to nil if it is blank (otherwise it will leave a '?' in the url)
+          uri_handler.query = (query_string && !query_string.empty?) ? query_string : nil
+          uri_handler
+        end
+
+        def reset_request_uri(uri_handler, hostname_with_optional_port, request_method, path_info, query_string)
+          hostname, port = hostname_with_optional_port.split(":")
+
+          uri_handler.host = hostname
+          uri_handler.port = port unless port.nil?
+
+          if request_method.downcase == "get"
+            uri_handler.path  = path_info || ""
+            # set the query string to nil if it is blank (otherwise it will leave a '?' in the url)
+            uri_handler.query = (query_string && !query_string.empty?) ? query_string : nil
+          else
+            uri_handler.path  = ""
+            uri_handler.query = nil
+          end
+
+          uri_handler
+        end
+
+        # Call through to the equivalent module method in RightSharding::Routing.
+        def add_account_to_path(original_path, account_id)
+          RightSharding::Routing.add_account_to_path(original_path, account_id)
+        end
+
+        #-----------------------------------------------------------------------
+        # Redirect Helpers
+        #-----------------------------------------------------------------------
+
+        def reroute_to_shard(uri_handler)
+          location = uri_handler.to_s
+
+          [ 301, { "Location" => location }, [ redirect_message(location) ] ]
+        end
+
+        def redirect_message(location)
+          %Q(Redirecting to <a href="#{location}">#{location}</a>)
+        end
+
+        #-----------------------------------------------------------------------
+        # Logging Helpers
+        #-----------------------------------------------------------------------
+
+        def shard_routing_logger(type, header, uri, query_string, request_method)
+          logger.send(type, "RightSharding::Routing: #{header} - #{uri} - '#{query_string}' - '#{request_method}' request")
+        end
+
+      end
+
+    end
+  end
+end
+
+module Rack
+  ShardRouting = ::RightSharding::Rack::Middleware::Routing unless defined?(::Rack::ShardRouting)
+end

data/lib/right_sharding/shard_handler.rb

@@ -0,0 +1,137 @@
+#--
+# Copyright (c) 2012 RightScale, Inc, All Rights Reserved Worldwide.
+#
+# THIS PROGRAM IS CONFIDENTIAL AND PROPRIETARY TO RIGHTSCALE
+# AND CONSTITUTES A VALUABLE TRADE SECRET.  Any unauthorized use,
+# reproduction, modification, or disclosure of this program is
+# strictly prohibited.  Any use of this program by an authorized
+# licensee is strictly subject to the terms and conditions,
+# including confidentiality obligations, set forth in the applicable
+# License Agreement between RightScale, Inc. and
+# the licensee.
+#++
+
+module RightSharding
+  module ShardHandler
+
+    SHARDING_CACHE_EXPIRATION_RANGE = (30..60).to_a
+
+    #---------------------------------------------------------------------------
+    #  THIS_SHARD_ID
+    #---------------------------------------------------------------------------
+
+    def self.fetch_this_shard_id(config_object)
+      # defer the call to the object after we are sure that it is not in cache
+      this_shard_id_proc = Proc.new { config_object.find_this_shard_id }
+
+      if CurrentRequestCache.is_activated?
+        CurrentRequestCache.find_or_save_this_shard_id(this_shard_id_proc)
+      else
+        # In this case, we are in script/console, migration, or daemon etc, we don't want to cache it in Thread.current
+        this_shard_id_proc.call
+      end
+    end
+
+    #---------------------------------------------------------------------------
+    #  THIS_SHARD
+    #---------------------------------------------------------------------------
+
+    def self.shard_object_cache_key(shard_id)
+      "shard/#{shard_id}"
+    end
+
+    def self.fetch_shard(shard_object, shard_id)
+      # defer the call to the object after we are sure that it is not in cache
+      this_shard_proc = Proc.new {
+        shard_object.get_shard_object(shard_id, shard_object_cache_key(shard_id), SHARDING_CACHE_EXPIRATION_RANGE.rand.minutes)
+      }
+
+      if CurrentRequestCache.is_activated?
+        CurrentRequestCache.find_or_save_this_shard(this_shard_proc)
+      else
+        # In this case, we are in script/console, migration, or daemon etc, we don't want to cache it in Thread.current
+        this_shard_proc.call
+      end
+    end
+
+    def self.fetch_this_shard(config_object, shard_object)
+      fetch_shard(shard_object, fetch_this_shard_id(config_object))
+    end
+
+    #---------------------------------------------------------------------------
+    #  SHARD information for each Account
+    #---------------------------------------------------------------------------
+
+    def self.shard_cache_key(account_id)
+      "account/#{account_id}/shard_id_and_hostname"
+    end
+
+    def self.fetch_shard_id_and_hostname(sharding_object, account_id)
+      # defer the call to the object after we are sure that it is not in cache
+      get_shard_id_and_hostname_proc = Proc.new {
+        sharding_object.get_shard_id_and_hostname(account_id, shard_cache_key(account_id), SHARDING_CACHE_EXPIRATION_RANGE.rand.minutes)
+      }
+
+      if CurrentRequestCache.is_activated?
+        CurrentRequestCache.find_or_save_shard_map(account_id, get_shard_id_and_hostname_proc)
+      else
+        # In this case, we are in script/console, migration, or daemon etc, we don't want to cache it in Thread.current
+        get_shard_id_and_hostname_proc.call
+      end
+    end
+
+    def self.fetch_shard_hostname(sharding_object, account_id)
+      requested_shard = fetch_shard_id_and_hostname(sharding_object, account_id)
+      requested_shard[:shard_hostname]
+    end
+
+    #---------------------------------------------------------------------------
+    #  SHARD information for each InstanceApiToken
+    #---------------------------------------------------------------------------
+
+    def self.instance_api_token_shard_cache_key(token)
+      "instance_api_token/#{token}/shard_id_and_hostname"
+    end
+
+    def self.fetch_instance_api_token_shard_id_and_hostname(token)
+      # FIXME: cyclical dependency - InstanceApiToken is defined in right_site
+      InstanceApiToken.get_shard_id_and_hostname(token, instance_api_token_shard_cache_key(token), SHARDING_CACHE_EXPIRATION_RANGE.rand.minutes)
+    end
+
+    #---------------------------------------------------------------------------
+    #  CurrentRequestCache - caching data only for this request
+    #---------------------------------------------------------------------------
+
+    class CurrentRequestCache
+      CACHE_ID = :right_sharding_current_request_cache
+
+      def self.init
+        Thread.current[CACHE_ID] = {}
+
+        Thread.current[CACHE_ID]["shard_map"]     = {}
+        Thread.current[CACHE_ID]["this_shard_id"] = nil
+      end
+
+      def self.destroy
+        Thread.current[CACHE_ID] = nil
+      end
+
+      def self.is_activated?
+        !Thread.current[CACHE_ID].nil?
+      end
+
+      def self.find_or_save_shard_map(account_id, value_proc)
+        Thread.current[CACHE_ID]["shard_map"][account_id] ||= value_proc.call
+      end
+
+      def self.find_or_save_this_shard_id(value_proc)
+        Thread.current[CACHE_ID]["this_shard_id"] ||= value_proc.call
+      end
+
+      def self.find_or_save_this_shard(value_proc)
+        Thread.current[CACHE_ID]["this_shard"] ||= value_proc.call
+      end
+    end
+
+  end
+end

data/lib/right_sharding/user_api_proxy.rb

@@ -0,0 +1,147 @@
+#--
+# Copyright (c) 2012 RightScale, Inc, All Rights Reserved Worldwide.
+#
+# THIS PROGRAM IS CONFIDENTIAL AND PROPRIETARY TO RIGHTSCALE
+# AND CONSTITUTES A VALUABLE TRADE SECRET.  Any unauthorized use,
+# reproduction, modification, or disclosure of this program is
+# strictly prohibited.  Any use of this program by an authorized
+# licensee is strictly subject to the terms and conditions,
+# including confidentiality obligations, set forth in the applicable
+# License Agreement between RightScale, Inc. and
+# the licensee.
+#++
+
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "right_sharding"))
+
+module RightSharding
+  module Rack
+    module Middleware
+
+      class UserApiProxy < BaseProxy
+
+        ACCOUNTS_TO_PROXY = []
+
+        class UserApiProxyYield < BaseProxyYield; end
+        class UserApiProxyException < BaseProxyException; end
+
+        #-----------------------------------------------------------------------
+        # Rack Middleware
+        #-----------------------------------------------------------------------
+
+        def initialize(app, params = {})
+          super
+          @http_proto        = params[:http_proto]
+          @accounts_to_proxy = params[:accounts_to_proxy] || []
+        end
+
+        def call(env)
+          @env = env
+
+          if is_an_api_call?
+            account_id = get_account_id()
+            if is_proxiable?(account_id)
+              this_shard_id = RightSharding::ShardHandler.fetch_this_shard_id(@config_object)
+              requested_shard = RightSharding::ShardHandler.fetch_shard_id_and_hostname(@sharding_object, account_id.to_i)
+              requested_shard_id = requested_shard.blank? ? nil : requested_shard[:shard_id]
+
+              if !requested_shard_id.blank? && (this_shard_id != requested_shard_id)
+                @env['global_session.req.update'] = false
+                hostname = get_shard_hostname(account_id)
+                return proxy_request_to_the_destinated_shard(hostname, :proxy_global_session => true)
+              end
+            end
+          end
+
+          # everything is good
+          return @app.call(env)
+        rescue UserApiProxyYield => e
+          shard_proxy_logger(:error, e.message)
+          return @app.call(env)
+        rescue UserApiProxyException => e
+          shard_proxy_logger(:error, "failed: #{e.class} " + e.message + "\n  " + e.backtrace.join("\n  "))
+          return [e.code, e.headers, e.body]
+        end
+
+        # -----------------------------------------------------------------------
+        # General Helpers
+        # -----------------------------------------------------------------------
+
+        def is_proxiable?(account_id)
+          return true if @accounts_to_proxy.any? {|p| p == account_id}
+          false
+        end
+
+        def get_shard_hostname(account_id)
+          RightSharding::ShardHandler.fetch_shard_hostname(@sharding_object, account_id)
+        end
+
+        def get_account_id()
+          account_id = nil
+          api_version = get_api_version()
+          if api_version == 1.0 # It can be in url or global session, prefer url
+            if @env["PATH_INFO"] =~ /(?:^|\/)api\/acct\/([^\/]+)(?:\/|$)/
+              account_id = $1
+            else
+              if @env['global_session'] && @env['global_session']['account']
+                account_id = @env['global_session']['account']
+              end
+            end
+          elsif api_version == 1.5 # version 1.5 assumes a global account session
+            if @env['global_session'] && @env['global_session']['account']
+              account_id = @env['global_session']['account']
+            elsif @env['PATH_INFO'] =~ /(?:^|\/)api\/session.*$/
+              # We get here if it's a session request
+              req = ::Rack::Request.new(@env)
+              params = req.params
+              if params['account_href'] =~ /\/api\/accounts\/(\d+)/
+                account_id = $1
+              end
+            end
+          end
+          account_id.nil? ? nil : account_id.to_i
+        end
+
+        def is_an_api_call?
+          return true if @env['PATH_INFO'] =~ /(?:^|\/)api\/.*$/
+          false
+        end
+
+        def new_uri_handler(schema, hostname_with_port, path_info, query_string)
+          hostname, port = hostname_with_port.split(":")
+
+          uri_handler = if schema == "http"
+            URI::HTTP.build(:host => hostname, :port => port)
+          else
+            URI::HTTPS.build(:host => hostname, :port => port)
+          end
+
+          uri_handler.path  = path_info || ""
+          # set the query string to nil if it is blank (otherwise it will leave a '?' in the url)
+          uri_handler.query = (query_string && !query_string.empty?) ? query_string : nil
+          uri_handler
+        end
+
+        def get_http_proto(env)
+          if @http_proto
+            @http_proto
+          elsif env['HTTPS'] == 'on'
+            'https'
+          elsif env['HTTP_X_FORWARDED_SSL'] == 'on'
+            'https'
+          elsif env['HTTP_X_FORWARDED_PROTO']
+            env['HTTP_X_FORWARDED_PROTO'].split(',')[0]
+          else
+            'https'
+          end
+        end
+
+      end
+
+    end
+  end
+end
+
+module Rack
+  ShardUserApiProxy = ::RightSharding::Rack::Middleware::UserApiProxy unless defined?(::Rack::ShardUserApiProxy)
+end
+

metadata

@@ -0,0 +1,239 @@
+--- !ruby/object:Gem::Specification 
+name: right_sharding
+version: !ruby/object:Gem::Version 
+  hash: 17
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 3
+  version: 1.0.3
+platform: ruby
+authors: 
+- RightScale, Inc.
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2014-07-25 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: global_session
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - <
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 4
+        - 0
+        version: "4.0"
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 1
+        - 0
+        - 15
+        version: 1.0.15
+  prerelease: false
+  requirement: *id001
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: mime-types
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 47
+        segments: 
+        - 1
+        - 16
+        version: "1.16"
+  prerelease: false
+  requirement: *id002
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: rest-client
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 97
+        segments: 
+        - 1
+        - 7
+        - 0
+        - 3
+        version: 1.7.0.3
+  prerelease: false
+  requirement: *id003
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: actionpack
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - <
+      - !ruby/object:Gem::Version 
+        hash: 27
+        segments: 
+        - 4
+        - 0
+        version: "4.0"
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 2
+        - 3
+        - 5
+        version: 2.3.5
+  prerelease: false
+  requirement: *id004
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: right_support
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 2
+        - 5
+        version: "2.5"
+  prerelease: false
+  requirement: *id005
+- !ruby/object:Gem::Dependency 
+  type: :runtime
+  name: simple_uuid
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 15
+        segments: 
+        - 0
+        - 2
+        version: "0.2"
+  prerelease: false
+  requirement: *id006
+- !ruby/object:Gem::Dependency 
+  type: :development
+  name: nokogiri
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 1
+        - 5
+        - 0
+        version: 1.5.0
+  prerelease: false
+  requirement: *id007
+- !ruby/object:Gem::Dependency 
+  type: :development
+  name: jeweler
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  prerelease: false
+  requirement: *id008
+- !ruby/object:Gem::Dependency 
+  type: :development
+  name: yard
+  version_requirements: &id009 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  prerelease: false
+  requirement: *id009
+- !ruby/object:Gem::Dependency 
+  type: :development
+  name: redcarpet
+  version_requirements: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - <
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  prerelease: false
+  requirement: *id010
+description: 
+email: 
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- lib/right_sharding.rb
+- lib/right_sharding/base_proxy.rb
+- lib/right_sharding/current_account.rb
+- lib/right_sharding/extensions/core.rb
+- lib/right_sharding/instance_api_proxy.rb
+- lib/right_sharding/routing.rb
+- lib/right_sharding/shard_handler.rb
+- lib/right_sharding/user_api_proxy.rb
+- README.md
+homepage: 
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: ""
+test_files: []
+