Add tracing to headers & redirects for Workers Assets (#9050)

Author: WalshyDev

.changeset/cyan-ends-melt.md

@@ -0,0 +1,5 @@
+---
+"@cloudflare/workers-shared": patch
+---
+
+Adds tracing to \_headers & \_redirects in Workers Assets allowing Cloudflare employees to better debug customer issues regarding these features.

packages/workers-shared/asset-worker/src/handler.ts

@@ -11,18 +11,22 @@ import {
 	SeeOtherResponse,
 	TemporaryRedirectResponse,
 } from "../../utils/responses";
+import { mockJaegerBinding } from "../../utils/tracing";
 import {
 	flagIsEnabled,
 	SEC_FETCH_MODE_NAVIGATE_HEADER_PREFERS_ASSET_SERVING,
 } from "./compatibility-flags";
 import { attachCustomHeaders, getAssetHeaders } from "./utils/headers";
-import { generateRulesMatcher, replacer } from "./utils/rules-engine";
+import {
+	generateRedirectsMatcher,
+	staticRedirectsMatcher,
+} from "./utils/rules-engine";
 import type { AssetConfig } from "../../utils/types";
 import type { Analytics } from "./analytics";
 import type EntrypointType from "./index";
 import type { Env } from "./index";
 
-const REDIRECTS_VERSION = 1;
+export const REDIRECTS_VERSION = 1;
 export const HEADERS_VERSION = 2;
 
 type AssetIntent = {
@@ -39,77 +43,20 @@ const getResponseOrAssetIntent = async (
 	exists: typeof EntrypointType.prototype.unstable_exists
 ): Promise<Response | AssetIntentWithResolver> => {
 	const url = new URL(request.url);
-	const { host, search } = url;
-	let { pathname } = url;
-
-	const staticRedirectsMatcher = () => {
-		const withHostMatch =
-			configuration.redirects.staticRules[`https://${host}${pathname}`];
-		const withoutHostMatch = configuration.redirects.staticRules[pathname];
-
-		if (withHostMatch && withoutHostMatch) {
-			if (withHostMatch.lineNumber < withoutHostMatch.lineNumber) {
-				return withHostMatch;
-			} else {
-				return withoutHostMatch;
-			}
-		}
-
-		return withHostMatch || withoutHostMatch;
-	};
-
-	const generateRedirectsMatcher = () =>
-		generateRulesMatcher(
-			configuration.redirects.version === REDIRECTS_VERSION
-				? configuration.redirects.rules
-				: {},
-			({ status, to }, replacements) => ({
-				status,
-				to: replacer(to, replacements),
-			})
-		);
+	const { search } = url;
 
-	const redirectMatch =
-		staticRedirectsMatcher() || generateRedirectsMatcher()({ request })[0];
-
-	let proxied = false;
-
-	if (redirectMatch) {
-		if (redirectMatch.status === 200) {
-			// A 200 redirect means that we are proxying/rewriting to a different asset, for example,
-			// a request with url /users/12345 could be pointed to /users/id.html. In order to
-			// do this, we overwrite the pathname, and instead match for assets with that url,
-			// and importantly, do not use the regular redirect handler - as the url visible to
-			// the user does not change
-			pathname = new URL(redirectMatch.to, request.url).pathname;
-			proxied = true;
-		} else {
-			const { status, to } = redirectMatch;
-			const destination = new URL(to, request.url);
-			const location =
-				destination.origin === new URL(request.url).origin
-					? `${destination.pathname}${destination.search || search}${
-							destination.hash
-						}`
-					: `${destination.href.slice(0, destination.href.length - (destination.search.length + destination.hash.length))}${
-							destination.search ? destination.search : search
-						}${destination.hash}`;
-
-			switch (status) {
-				case MovedPermanentlyResponse.status:
-					return new MovedPermanentlyResponse(location);
-				case SeeOtherResponse.status:
-					return new SeeOtherResponse(location);
-				case TemporaryRedirectResponse.status:
-					return new TemporaryRedirectResponse(location);
-				case PermanentRedirectResponse.status:
-					return new PermanentRedirectResponse(location);
-				case FoundResponse.status:
-				default:
-					return new FoundResponse(location);
-			}
-		}
+	const redirectResult = handleRedirects(
+		env,
+		request,
+		configuration,
+		url.host,
+		url.pathname,
+		search
+	);
+	if (redirectResult instanceof Response) {
+		return redirectResult;
 	}
+	const { proxied, pathname } = redirectResult;
 
 	const decodedPathname = decodePath(pathname);
 
@@ -306,7 +253,7 @@ export const handleRequest = async (
 					analytics
 				);
 
-	return attachCustomHeaders(request, response, configuration);
+	return attachCustomHeaders(request, response, configuration, env);
 };
 
 type Resolver = "html-handling" | "not-found";
@@ -1048,3 +995,76 @@ const encodePath = (pathname: string) => {
 		})
 		.join("/");
 };
+
+const handleRedirects = (
+	env: Env,
+	request: Request,
+	configuration: Required<AssetConfig>,
+	host: string,
+	pathname: string,
+	search: string
+): { proxied: boolean; pathname: string } | Response => {
+	const jaeger = env.JAEGER ?? mockJaegerBinding();
+	return jaeger.enterSpan("handle_redirects", (span) => {
+		const redirectMatch =
+			staticRedirectsMatcher(configuration, host, pathname) ||
+			generateRedirectsMatcher(configuration)({ request })[0];
+
+		let proxied = false;
+		if (redirectMatch) {
+			if (redirectMatch.status === 200) {
+				// A 200 redirect means that we are proxying/rewriting to a different asset, for example,
+				// a request with url /users/12345 could be pointed to /users/id.html. In order to
+				// do this, we overwrite the pathname, and instead match for assets with that url,
+				// and importantly, do not use the regular redirect handler - as the url visible to
+				// the user does not change
+				pathname = new URL(redirectMatch.to, request.url).pathname;
+				proxied = true;
+
+				span.setTags({
+					matched: true,
+					proxied: true,
+					new_path: pathname,
+					status: redirectMatch.status,
+				});
+			} else {
+				const { status, to } = redirectMatch;
+				const destination = new URL(to, request.url);
+				const location =
+					destination.origin === new URL(request.url).origin
+						? `${destination.pathname}${destination.search || search}${
+								destination.hash
+							}`
+						: `${destination.href.slice(0, destination.href.length - (destination.search.length + destination.hash.length))}${
+								destination.search ? destination.search : search
+							}${destination.hash}`;
+
+				span.setTags({
+					matched: true,
+					destination: location,
+					status,
+				});
+
+				switch (status) {
+					case MovedPermanentlyResponse.status:
+						return new MovedPermanentlyResponse(location);
+					case SeeOtherResponse.status:
+						return new SeeOtherResponse(location);
+					case TemporaryRedirectResponse.status:
+						return new TemporaryRedirectResponse(location);
+					case PermanentRedirectResponse.status:
+						return new PermanentRedirectResponse(location);
+					case FoundResponse.status:
+					default:
+						return new FoundResponse(location);
+				}
+			}
+		} else {
+			span.setTags({
+				matched: false,
+			});
+		}
+
+		return { proxied, pathname };
+	});
+};

packages/workers-shared/asset-worker/src/utils/headers.ts

@@ -1,10 +1,12 @@
+import { mockJaegerBinding } from "../../../utils/tracing";
 import {
 	flagIsEnabled,
 	SEC_FETCH_MODE_NAVIGATE_HEADER_PREFERS_ASSET_SERVING,
 } from "../compatibility-flags";
 import { CACHE_CONTROL_BROWSER } from "../constants";
 import { HEADERS_VERSION } from "../handler";
 import { generateRulesMatcher, replacer } from "./rules-engine";
+import type { Env } from "..";
 import type { AssetConfig } from "../../../utils/types";
 import type { AssetIntentWithResolver } from "../handler";
 
@@ -61,44 +63,51 @@ function isCacheable(request: Request) {
 export function attachCustomHeaders(
 	request: Request,
 	response: Response,
-	configuration: Required<AssetConfig>
+	configuration: Required<AssetConfig>,
+	env: Env
 ) {
-	// Iterate through rules and find rules that match the path
-	const headersMatcher = generateRulesMatcher(
-		configuration.headers?.version === HEADERS_VERSION
-			? configuration.headers.rules
-			: {},
-		({ set = {}, unset = [] }, replacements) => {
-			const replacedSet: Record<string, string> = {};
+	const jaeger = env.JAEGER ?? mockJaegerBinding();
+	return jaeger.enterSpan("add_headers", (span) => {
+		// Iterate through rules and find rules that match the path
+		const headersMatcher = generateRulesMatcher(
+			configuration.headers?.version === HEADERS_VERSION
+				? configuration.headers.rules
+				: {},
+			({ set = {}, unset = [] }, replacements) => {
+				const replacedSet: Record<string, string> = {};
+				Object.keys(set).forEach((key) => {
+					replacedSet[key] = replacer(set[key], replacements);
+				});
+				return {
+					set: replacedSet,
+					unset,
+				};
+			}
+		);
+		const matches = headersMatcher({ request });
+
+		// This keeps track of every header that we've set from _headers
+		// because we want to combine user declared headers but overwrite
+		// existing and extra ones
+		const setMap = new Set();
+		// Apply every matched rule in order
+		matches.forEach(({ set = {}, unset = [] }) => {
+			unset.forEach((key) => {
+				response.headers.delete(key);
+				span.addLogs({ remove_header: key });
+			});
 			Object.keys(set).forEach((key) => {
-				replacedSet[key] = replacer(set[key], replacements);
+				if (setMap.has(key.toLowerCase())) {
+					response.headers.append(key, set[key]);
+					span.addLogs({ append_header: key });
+				} else {
+					response.headers.set(key, set[key]);
+					setMap.add(key.toLowerCase());
+					span.addLogs({ add_header: key });
+				}
 			});
-			return {
-				set: replacedSet,
-				unset,
-			};
-		}
-	);
-	const matches = headersMatcher({ request });
-
-	// This keeps track of every header that we've set from _headers
-	// because we want to combine user declared headers but overwrite
-	// existing and extra ones
-	const setMap = new Set();
-	// Apply every matched rule in order
-	matches.forEach(({ set = {}, unset = [] }) => {
-		unset.forEach((key) => {
-			response.headers.delete(key);
-		});
-		Object.keys(set).forEach((key) => {
-			if (setMap.has(key.toLowerCase())) {
-				response.headers.append(key, set[key]);
-			} else {
-				response.headers.set(key, set[key]);
-				setMap.add(key.toLowerCase());
-			}
 		});
-	});
 
-	return response;
+		return response;
+	});
 }

packages/workers-shared/asset-worker/src/utils/rules-engine.ts

@@ -1,6 +1,10 @@
 // Taken from https://stackoverflow.com/a/3561711
 // which is everything from the tc39 proposal, plus the following two characters: ^/
 // It's also everything included in the URLPattern escape (https://wicg.github.io/urlpattern/#escape-a-regexp-string), plus the following: -
+
+import { REDIRECTS_VERSION } from "../handler";
+import type { AssetConfig } from "../../../utils/types";
+
 // As the answer says, there's no downside to escaping these extra characters, so better safe than sorry
 const ESCAPE_REGEX_CHARACTERS = /[-/\\^$*+?.()|[\]{}]/g;
 const escapeRegex = (str: string) => {
@@ -94,3 +98,36 @@ export const generateRulesMatcher = <T>(
 			.filter((value) => value !== undefined) as T[];
 	};
 };
+
+export const staticRedirectsMatcher = (
+	configuration: Required<AssetConfig>,
+	host: string,
+	pathname: string
+) => {
+	const withHostMatch =
+		configuration.redirects.staticRules[`https://${host}${pathname}`];
+	const withoutHostMatch = configuration.redirects.staticRules[pathname];
+
+	if (withHostMatch && withoutHostMatch) {
+		if (withHostMatch.lineNumber < withoutHostMatch.lineNumber) {
+			return withHostMatch;
+		} else {
+			return withoutHostMatch;
+		}
+	}
+
+	return withHostMatch || withoutHostMatch;
+};
+
+export const generateRedirectsMatcher = (
+	configuration: Required<AssetConfig>
+) =>
+	generateRulesMatcher(
+		configuration.redirects.version === REDIRECTS_VERSION
+			? configuration.redirects.rules
+			: {},
+		({ status, to }, replacements) => ({
+			status,
+			to: replacer(to, replacements),
+		})
+	);