feat: measure external latency #779
Conversation
httpx/ssrf.go
Outdated
| @@ -64,7 +64,7 @@ func init() { | |||
| ssrf.WithAnyPort(), | |||
| ssrf.WithNetworks("tcp4", "tcp6"), | |||
| ).Safe | |||
| prohibitInternalAllowIPv6 = t | |||
| prohibitInternalAllowIPv6 = &MeasureExternalLatencyTransport{Transport: t} | |||
There was a problem hiding this comment.
Please let's not couple this functionality to the SSRF protection mechanism. We should allow users to opt into the MeasureExternalLatencyTransport if they wish. It's as easy as wrapping the transport at the site of res, err := client.Do(req).
There was a problem hiding this comment.
This is still opt-in, because the transport is just a no-op when there is no "container" in the context. However, it does make sense to not do this per default for the httpx client.
I was at first thinking about only measuring the external latency on the "prohibitInternal*" variants of this transport, but as it is right now it does not make sense.
There was a problem hiding this comment.
We will always need some kind of middleware to add the data container to the context. As is, the context key is not exposed but there are easy functions to add or get to the data container, I will also add a way to add the data container to a context without the middleware wrapping.
httpx/ssrf.go
Outdated
| @@ -64,7 +64,7 @@ func init() { | |||
| ssrf.WithAnyPort(), | |||
| ssrf.WithNetworks("tcp4", "tcp6"), | |||
| ).Safe | |||
| prohibitInternalAllowIPv6 = t | |||
| prohibitInternalAllowIPv6 = &MeasureExternalLatencyTransport{Transport: t} | |||
There was a problem hiding this comment.
This is still opt-in, because the transport is just a no-op when there is no "container" in the context. However, it does make sense to not do this per default for the httpx client.
I was at first thinking about only measuring the external latency on the "prohibitInternal*" variants of this transport, but as it is right now it does not make sense.
Can we add the context key in the existing reqlog package? |
What's the benefit of exposing the context key? Or do you mean add a context key for the overall latency as well? |
|
This second iteration of the API is a lot better. 👍 IMO, this would be better with a such an API: func SendWebhook() (...) {
req, err := http.NewRequestWithContext(ctx, ...)
defer reqlog.IncrExternalLatency(ctx, time.Now())
res, err := client.Do(req)
// maybe retries
return res, err
}Alternative usage: func SendWebhook() (...) {
req, err := http.NewRequestWithContext(ctx, ...)
t0 := time.Now()
res, err := client.Do(req)
// maybe retries
reqlog.IncrExternalLatency(ctx, t0)
// time-consuming post-processing
return res, err
} |
|
Just re-read the code and this already exists in your API essentially 😅 |
This adds a middleware and utilities to measure external latency.