Release 0.4.0

- Upgrade awscr-s3 (connection pool for the S3 client, SSL Context reuse)

fixes #4

Author: philipp-classen

shard.yml

@@ -1,5 +1,5 @@
 name: easy-awscr
-version: 0.3.3
+version: 0.4.0
 
 authors:
   - Philipp Claßen <philipp.classen@posteo.com>
@@ -12,6 +12,6 @@ dependencies:
     commit: 8b1853609c069a1e70b967a7d654e07a0dbdbcfc
   awscr-s3:
     github: taylorfinnell/awscr-s3
-    commit: 47c97e2f545ed5fead268a02b58501e0c968ec65
+    commit: 2e93fb9e8c74f11a24c5808fc4b1f8b304181830
 
 license: MIT

src/easy-awscr/s3/client.cr

@@ -1,22 +1,34 @@
 require "awscr-s3"
+require "./internals/connection_pool"
 require "./internals/async_chunk_uploader"
 
 module EasyAwscr::S3
   class Client
     @s3_client : Awscr::S3::Client?
+    @client_factory : Internals::ConnectionPool?
 
     # This is a hard limit enforced by AWS for multipart uploads:
     # each part must be at least 5 MB.
     MINIMUM_PART_SIZE_5MB = 5242880
 
+    # From time to time, we should recreated the connection pool, so it will reload
+    # the SSL context (see https://github.com/crystal-lang/crystal/issues/15419).
+    DEFAULT_POOL_REFRESH_INTERVAL = 24.hours
+
     def initialize(*,
                    @region = EasyAwscr::Config.default_region!,
                    @credential_provider = EasyAwscr::Config.default_credential_provider,
                    lazy_init = false)
-      @mutex = Mutex.new
+      @mutex = Mutex.new(:unchecked)
       client unless lazy_init
     end
 
+    private def create_connection_pool
+      # TODO: this uses the defaults, but it would make sense to
+      # let the user overwrite them.
+      Internals::ConnectionPool.new
+    end
+
     # List s3 buckets
     #
     # ```
@@ -265,15 +277,32 @@ module EasyAwscr::S3
     end
 
     private def client(*, force_new = false) : Awscr::S3::Client
+      dead_client_factory = nil
       @mutex.synchronize do
         s3_client = @s3_client
-        if s3_client && !force_new
+        if s3_client && !force_new && !client_factory_needs_refresh?
           s3_client
         else
           cred = @credential_provider.credentials
-          @s3_client = Awscr::S3::Client.new(@region, cred.access_key_id, cred.secret_access_key, cred.session_token)
+
+          # refresh the connection pool (updates also the SSL context)
+          client_factory = create_connection_pool
+          dead_client_factory = @client_factory
+          @client_factory = client_factory
+
+          @s3_client = Awscr::S3::Client.new(@region, cred.access_key_id, cred.secret_access_key, cred.session_token, client_factory: client_factory)
         end
       end
+    ensure
+      dead_client_factory.try &.close
+    end
+
+    private def client_factory_needs_refresh? : Bool
+      if cf = @client_factory
+        Time.utc - cf.created_at > DEFAULT_POOL_REFRESH_INTERVAL
+      else
+        false
+      end
     end
   end
 end

src/easy-awscr/s3/internals/connection_pool.cr

@@ -0,0 +1,107 @@
+require "http/client"
+
+module EasyAwscr::S3::Internals
+  class ConnectionPool < Awscr::S3::HttpClientFactory
+    getter created_at
+
+    def initialize(*, @max_ttl : Time::Span? = 5.minutes, @max_size = 128)
+      @pool = Hash(Fiber, {HTTP::Client, Time}).new
+      @tls = OpenSSL::SSL::Context::Client.new
+      @mutex = Mutex.new(:unchecked)
+      @closed = false
+      @created_at = Time.utc
+    end
+
+    def acquire_client(endpoint : URI, signer : Awscr::Signer::Signers::Interface) : HTTP::Client
+      @mutex.synchronize { @pool.delete(Fiber.current) }.try do |client, last_checked|
+        if expired?(last_checked)
+          client.close
+        else
+          return client
+        end
+      end
+
+      # creates a new client
+      super
+    end
+
+    # Overwritten only to call "reset_headers" (see comment there for details).
+    #
+    # Note: At this point it is not clear if the workaround can be improved. Should
+    # it become clear that it cannot, then this code should perhaps be moved into the
+    # awscr-s3 library (since then every user would need to replicate the code here).
+    protected def attach_signer(client, signer)
+      if signer.is_a?(Awscr::Signer::Signers::V4)
+        client.before_request do |req|
+          reset_headers(req)
+          signer.as(Awscr::Signer::Signers::V4).sign(req, encode_path: false)
+        end
+      else
+        client.before_request do |req|
+          reset_headers(req)
+          signer.sign(req)
+        end
+      end
+    end
+
+    # Workaround to avoid signing errors when requests have to be repeated
+    # after a TCPSocket has to be reconnected.
+    #
+    # Background:
+    # * https://github.com/taylorfinnell/awscr-signer/issues/56
+    # * https://github.com/crystal-lang/crystal/issues/16028
+    private def reset_headers(req)
+      req.headers.delete "Authorization"
+      req.headers.delete "X-Amz-Content-Sha256"
+      req.headers.delete "X-Amz-Date"
+    end
+
+    private def expired?(last_checked, now = Time.utc)
+      @max_ttl.try { |ttl| now - last_checked > ttl }
+    end
+
+    def acquire_raw_client(endpoint : URI) : HTTP::Client
+      HTTP::Client.new(endpoint, tls: @tls)
+    end
+
+    def release(client : HTTP::Client?)
+      return unless client
+
+      if @max_size == 0
+        client.close
+        return
+      end
+
+      now = Time.utc
+      dead1 = nil
+      dead2 = nil
+      dead3 = nil
+
+      current_fiber = Fiber.current
+      @mutex.synchronize do
+        unless @closed
+          @pool.first_key?.try do |fiber|
+            dead1 = @pool.shift[1][0] if fiber.dead? || expired?(@pool.first_value[1], now)
+            @pool.delete(current_fiber).try { |old_client, _| dead2 = old_client }
+          end
+          @pool[current_fiber] = {client, now}
+          dead3 = @pool.shift[1][0] if @pool.size > @max_size
+        end
+      end
+    ensure
+      dead1.try &.close
+      dead2.try &.close
+      dead3.try &.close
+    end
+
+    def close
+      @mutex.synchronize do
+        return if @closed
+
+        @closed = true
+        @pool.values.each { |client, _| client.close }
+        @pool.clear
+      end
+    end
+  end
+end