Commit 91d636b9 authored by Dennis Schubert's avatar Dennis Schubert

Merge pull request #6727 from SuperTux88/improve-pod-check

Improve pod check
parents cc5a3997 acb91c79
......@@ -91,6 +91,7 @@ Contributions are very welcome, the hard work is done!
* Dropped `parent_author_signature` from relayables [#6586](https://github.com/diaspora/diaspora/pull/6586)
* Attached ShareVisibilities to the User, not the Contact [#6723](https://github.com/diaspora/diaspora/pull/6723)
* Refactor mentions input, now based on typeahead.js [#6728](https://github.com/diaspora/diaspora/pull/6728)
* Optimized the pod up checks [#6727](https://github.com/diaspora/diaspora/pull/6727)
## Bug fixes
* Destroy Participation when removing interactions with a post [#5852](https://github.com/diaspora/diaspora/pull/5852)
......
......@@ -34,6 +34,11 @@ app.pages.AdminPods = app.views.Base.extend({
.append(Diaspora.I18n.t("admin.pods.unchecked", {count: gon.uncheckedCount}));
msgs.appendChild(unchecked[0]);
}
if( gon.versionFailedCount && gon.versionFailedCount > 0 ) {
var versionFailed = $("<div class='alert alert-warning' />")
.append(Diaspora.I18n.t("admin.pods.version_failed", {count: gon.versionFailedCount}));
msgs.appendChild(versionFailed[0]);
}
if( gon.errorCount && gon.errorCount > 0 ) {
var errors = $("<div class='alert alert-danger' />")
.append(Diaspora.I18n.t("admin.pods.errors", {count: gon.errorCount}));
......
......@@ -31,7 +31,8 @@ app.views.PodEntry = app.views.Base.extend({
has_no_errors: (this.model.get("status")==="no_errors"),
has_errors: (this.model.get("status")!=="no_errors"),
status_text: Diaspora.I18n.t("admin.pods.states."+this.model.get("status")),
pod_url: (this.model.get("ssl") ? "https" : "http") + "://" + this.model.get("host"),
pod_url: (this.model.get("ssl") ? "https" : "http") + "://" + this.model.get("host") +
(this.model.get("port") ? ":" + this.model.get("port") : ""),
response_time_fmt: this._fmtResponseTime()
/* jshint camelcase: true */
});
......
......@@ -39,6 +39,12 @@
/** pod list **/
#pod-list {
.pod-title {
max-width: 200px;
overflow: hidden;
text-overflow: ellipsis;
}
th.added,
td.added,
td.actions { white-space: nowrap; }
......
......@@ -7,7 +7,7 @@
{{/if}}
</i>
</td>
<td>{{host}}</td>
<td class="pod-title" title="{{host}}">{{host}}</td>
<td class="added">
<small><time datetime="{{created_at}}" title="{{localTime created_at}}" /></small>
</td>
......
......@@ -10,6 +10,7 @@ module Admin
format.html do
gon.preloads[:pods] = pods_json
gon.unchecked_count = Pod.unchecked.count
gon.version_failed_count = Pod.version_failed.count
gon.error_count = Pod.check_failed.count
render "admins/pods"
......
......@@ -50,15 +50,14 @@ class Person < ActiveRecord::Base
has_many :roles
belongs_to :owner, :class_name => 'User'
belongs_to :pod
has_many :notification_actors
has_many :notifications, :through => :notification_actors
has_many :mentions, :dependent => :destroy
before_validation :clean_url
validates :url, :presence => true
validate :owner_xor_pod
validates :profile, :presence => true
validates :serialized_public_key, :presence => true
validates :diaspora_handle, :uniqueness => true
......@@ -205,8 +204,6 @@ class Person < ActiveRecord::Base
def url
url_to "/"
rescue
self[:url]
end
def profile_url
......@@ -290,23 +287,6 @@ class Person < ActiveRecord::Base
json
end
# Update an array of people given a url, and set it as the new destination_url
# @param people [Array<People>]
# @param url [String]
def self.url_batch_update(people, url)
people.each do |person|
person.update_url(url)
end
end
# @param person [Person]
# @param url [String]
def update_url(url)
@uri = URI.parse(url)
@uri.path = "/"
update_attributes(:url => @uri.to_s)
end
def lock_access!
self.closed_account = true
self.save
......@@ -317,27 +297,12 @@ class Person < ActiveRecord::Base
self
end
protected
def clean_url
if self.url
self.url = 'http://' + self.url unless self.url.match(/https?:\/\//)
self.url = self.url + '/' if self.url[-1, 1] != '/'
end
end
private
# @return [URI]
def uri
@uri ||= URI.parse(self[:url])
@uri.dup
end
# @param path [String]
# @return [String]
def url_to(path)
uri.tap {|uri| uri.path = path }.to_s
local? ? AppConfig.url_to(path) : pod.url_to(path)
end
def fix_profile
......@@ -345,4 +310,8 @@ class Person < ActiveRecord::Base
DiasporaFederation::Discovery::Discovery.new(diaspora_handle).fetch_and_save
reload
end
def owner_xor_pod
errors.add(:base, "Specify an owner or a pod, not both") unless owner.blank? ^ pod.blank?
end
end
......@@ -19,18 +19,21 @@ class Pod < ActiveRecord::Base
ConnectionTester::NodeInfoFailure => :version_failed
}
DEFAULT_PORTS = [URI::HTTP::DEFAULT_PORT, URI::HTTPS::DEFAULT_PORT]
has_many :people
scope :check_failed, lambda {
where(arel_table[:status].gt(Pod.statuses[:no_errors]))
where(arel_table[:status].gt(Pod.statuses[:no_errors])).where.not(status: Pod.statuses[:version_failed])
}
class << self
def find_or_create_by(opts) # Rename this method to not override an AR method
u = URI.parse(opts.fetch(:url))
find_or_initialize_by(host: u.host).tap do |pod|
unless pod.persisted?
pod.ssl = (u.scheme == "https")
pod.save
end
uri = URI.parse(opts.fetch(:url))
port = DEFAULT_PORTS.include?(uri.port) ? nil : uri.port
find_or_initialize_by(host: uri.host, port: port).tap do |pod|
pod.ssl ||= (uri.scheme == "https")
pod.save
end
end
......@@ -57,15 +60,20 @@ class Pod < ActiveRecord::Base
end
def test_connection!
url = "#{ssl ? 'https' : 'http'}://#{host}"
result = ConnectionTester.check url
logger.info "testing pod: '#{url}' - #{result.inspect}"
result = ConnectionTester.check uri.to_s
logger.debug "tested pod: '#{uri}' - #{result.inspect}"
transaction do
update_from_result(result)
end
end
# @param path [String]
# @return [String]
def url_to(path)
uri.tap {|uri| uri.path = path }.to_s
end
private
def update_from_result(result)
......@@ -85,6 +93,7 @@ class Pod < ActiveRecord::Base
end
def attributes_from_result(result)
self.ssl ||= result.ssl
self.error = result.failure_message[0..254] if result.error?
self.software = result.software_version[0..254] if result.software_version.present?
self.response_time = result.rt
......@@ -97,4 +106,10 @@ class Pod < ActiveRecord::Base
:no_errors
end
end
# @return [URI]
def uri
@uri ||= (ssl ? URI::HTTPS : URI::HTTP).build(host: host, port: port)
@uri.dup
end
end
......@@ -39,7 +39,7 @@ class User < ActiveRecord::Base
serialize :hidden_shareables, Hash
has_one :person, :foreign_key => :owner_id
has_one :person, inverse_of: :owner, foreign_key: :owner_id
has_one :profile, through: :person
delegate :guid, :public_key, :posts, :photos, :owns?, :image_url,
......@@ -82,8 +82,7 @@ class User < ActiveRecord::Base
has_many :share_visibilities
before_save :guard_unconfirmed_email,
:save_person!
before_save :guard_unconfirmed_email
def self.all_sharing_with_person(person)
User.joins(:contacts).where(:contacts => {:person_id => person.id})
......@@ -460,7 +459,6 @@ class User < ActiveRecord::Base
end
def set_person(person)
person.url = AppConfig.pod_uri.to_s
person.diaspora_handle = "#{self.username}#{User.diaspora_id_host}"
self.person = person
end
......@@ -539,16 +537,6 @@ class User < ActiveRecord::Base
end
end
# Sometimes we access the person in a strange way and need to do this
# @note we should make this method depricated.
#
# @return [Person]
def save_person!
self.person.save if self.person && self.person.changed?
self.person
end
def no_person_with_same_username
diaspora_id = "#{self.username}#{User.diaspora_id_host}"
if self.username_changed? && Person.exists?(:diaspora_handle => diaspora_id)
......
......@@ -3,6 +3,7 @@ class PodPresenter < BasePresenter
{
id: id,
host: host,
port: port,
ssl: ssl,
status: status,
checked_at: checked_at,
......
......@@ -47,7 +47,7 @@ DiasporaFederation.configure do |config|
# find existing person or create a new one
person_entity = Person.find_by(diaspora_handle: person.diaspora_id) ||
Person.new(diaspora_handle: person.diaspora_id, guid: person.guid,
serialized_public_key: person.exported_key, url: person.url)
serialized_public_key: person.exported_key, pod: Pod.find_or_create_by(url: person.url))
profile = person.profile
profile_entity = person_entity.profile ||= Profile.new
......
......@@ -72,6 +72,9 @@ en:
unchecked:
one: "There is still one pod that hasn't been checked at all."
other: "There are still <%= count %> pods that haven't been checked at all."
version_failed:
one: "There is one pod that has no version (old pod, no NodeInfo)."
other: "There are <%= count %> pods that have no version (old pods, no NodeInfo)."
errors:
one: "The connection test returned an error for one pod."
other: "The connection test returned an error for <%= count %> pods."
......
class ExtendPods < ActiveRecord::Migration
class Pod < ActiveRecord::Base
has_many :people
DEFAULT_PORTS = [URI::HTTP::DEFAULT_PORT, URI::HTTPS::DEFAULT_PORT]
def self.find_or_create_by(opts)
uri = URI.parse(opts.fetch(:url))
port = DEFAULT_PORTS.include?(uri.port) ? nil : uri.port
find_or_initialize_by(host: uri.host, port: port).tap do |pod|
pod.ssl ||= (uri.scheme == "https")
pod.save
end
end
def url
(ssl ? URI::HTTPS : URI::HTTP).build(host: host, port: port, path: "/")
end
end
class Person < ActiveRecord::Base
belongs_to :owner, class_name: "User"
belongs_to :pod
def url
owner_id.nil? ? pod.url.to_s : AppConfig.url_to("/")
end
end
class User < ActiveRecord::Base
has_one :person, inverse_of: :owner, foreign_key: :owner_id
end
def up
remove_index :pods, :host
# add port
add_column :pods, :port, :integer
add_index :pods, %i(host port), unique: true, length: {host: 190, port: nil}, using: :btree
add_column :pods, :blocked, :boolean, default: false
Pod.reset_column_information
# link people with pod
add_column :people, :pod_id, :integer
add_index :people, :url, length: 190
add_foreign_key :people, :pods, name: :people_pod_id_fk, on_delete: :cascade
Person.where(owner: nil).group_by {|person| person[:url] }.each do |url, _|
pod = Pod.find_or_create_by(url: url)
Person.where(url: url).update_all(pod_id: pod.id)
end
# cleanup unused pods
Pod.joins("LEFT OUTER JOIN people ON pods.id = people.pod_id").delete_all("people.id is NULL")
remove_column :people, :url
end
def down
# restore url
add_column :people, :url, :text
Person.all.group_by(&:pod_id).each do |pod_id, persons|
Person.where(pod_id: pod_id).update_all(url: persons.first.url)
end
change_column :people, :url, :text, null: false
remove_foreign_key :people, :pods
remove_column :people, :pod_id
# remove pods with port
Pod.where.not(port: nil).delete_all
remove_index :pods, column: %i(host port)
remove_columns :pods, :port, :blocked
add_index :pods, :host, unique: true, length: 190
end
end
......@@ -327,7 +327,6 @@ ActiveRecord::Schema.define(version: 20160225232049) do
create_table "people", force: :cascade do |t|
t.string "guid", limit: 255, null: false
t.text "url", limit: 65535, null: false
t.string "diaspora_handle", limit: 255, null: false
t.text "serialized_public_key", limit: 65535, null: false
t.integer "owner_id", limit: 4
......@@ -335,11 +334,13 @@ ActiveRecord::Schema.define(version: 20160225232049) do
t.datetime "updated_at", null: false
t.boolean "closed_account", default: false
t.integer "fetch_status", limit: 4, default: 0
t.integer "pod_id", limit: 4
end
add_index "people", ["diaspora_handle"], name: "index_people_on_diaspora_handle", unique: true, length: {"diaspora_handle"=>191}, using: :btree
add_index "people", ["guid"], name: "index_people_on_guid", unique: true, length: {"guid"=>191}, using: :btree
add_index "people", ["owner_id"], name: "index_people_on_owner_id", unique: true, using: :btree
add_index "people", ["pod_id"], name: "people_pod_id_fk", using: :btree
create_table "photos", force: :cascade do |t|
t.integer "tmp_old_id", limit: 4
......@@ -375,10 +376,12 @@ ActiveRecord::Schema.define(version: 20160225232049) do
t.integer "response_time", limit: 4, default: -1
t.string "software", limit: 255
t.string "error", limit: 255
t.integer "port", limit: 4
t.boolean "blocked", default: false
end
add_index "pods", ["checked_at"], name: "index_pods_on_checked_at", using: :btree
add_index "pods", ["host"], name: "index_pods_on_host", unique: true, length: {"host"=>190}, using: :btree
add_index "pods", ["host", "port"], name: "index_pods_on_host_and_port", unique: true, length: {"host"=>190, "port"=>nil}, using: :btree
add_index "pods", ["offline_since"], name: "index_pods_on_offline_since", using: :btree
add_index "pods", ["status"], name: "index_pods_on_status", using: :btree
......@@ -672,6 +675,7 @@ ActiveRecord::Schema.define(version: 20160225232049) do
add_foreign_key "notification_actors", "notifications", name: "notification_actors_notification_id_fk", on_delete: :cascade
add_foreign_key "o_auth_access_tokens", "authorizations"
add_foreign_key "o_auth_applications", "users"
add_foreign_key "people", "pods", name: "people_pod_id_fk", on_delete: :cascade
add_foreign_key "posts", "people", column: "author_id", name: "posts_author_id_fk", on_delete: :cascade
add_foreign_key "ppid", "o_auth_applications"
add_foreign_key "ppid", "users"
......
......@@ -104,11 +104,11 @@ class AccountDeleter
end
def normal_ar_person_associates_to_delete
[:posts, :photos, :mentions, :participations, :roles]
%i(posts photos mentions participations roles)
end
def ignored_or_special_ar_person_associations
[:comments, :contacts, :notification_actors, :notifications, :owner, :profile, :conversation_visibilities]
%i(comments contacts notification_actors notifications owner profile conversation_visibilities pod)
end
def mark_account_deletion_complete
......
......@@ -17,11 +17,10 @@ class ConnectionTester
#
# @api This is the entry point you're supposed to use for testing
# connections to other diaspora-compatible servers.
# @param [String] server URL
# @param [String] url URL
# @return [Result] result object containing information about the
# server and to what point the connection was successful
def check(url)
url = "http://#{url}" unless url.include?("://")
result = Result.new
begin
......@@ -54,7 +53,7 @@ class ConnectionTester
result.reachable = false
when SSLFailure
result.reachable = true
result.ssl_status = false
result.ssl = false
when HTTPFailure
result.reachable = true
when NodeInfoFailure
......@@ -70,8 +69,6 @@ class ConnectionTester
@uri ||= URI.parse(@url)
raise AddressFailure,
"invalid protocol: '#{@uri.scheme.upcase}'" unless http_uri?(@uri)
result.hostname = @uri.host
rescue AddressFailure => e
raise e
rescue URI::InvalidURIError => e
......@@ -83,11 +80,8 @@ class ConnectionTester
# Perform the DNS query, the IP address will be stored in the result
# @raise [DNSFailure] caused by a failure to resolve or a timeout
def resolve
with_dns_resolver do |dns|
addr = dns.getaddress(@uri.host)
@result.ip = addr.to_s
end
rescue Resolv::ResolvError, Resolv::ResolvTimeout => e
@result.ip = IPSocket.getaddress(@uri.host)
rescue SocketError => e
raise DNSFailure, "'#{@uri.host}' - #{e.message}"
rescue StandardError => e
raise Failure, e.inspect
......@@ -99,13 +93,15 @@ class ConnectionTester
# * is the SSL certificate valid (only on HTTPS)
# * does the server return a successful HTTP status code
# * is there a reasonable amount of redirects (3 by default)
# * is there a /.well-known/host-meta (this is needed to work, this can be replaced with a mandatory NodeInfo later)
# (can't do a HEAD request, since that's not a defined route in the app)
#
# @raise [NetFailure, SSLFailure, HTTPFailure] if any of the checks fail
# @return [Integer] HTTP status code
def request
with_http_connection do |http|
response = capture_response_time { http.get("/") }
capture_response_time { http.get("/") }
response = http.get("/.well-known/host-meta")
handle_http_response(response)
end
rescue HTTPFailure => e
......@@ -132,7 +128,7 @@ class ConnectionTester
find_software_version(nd_resp.body)
end
rescue Faraday::ResourceNotFound, JSON::JSONError => e
raise NodeInfoFailure, e.message[0..255]
raise NodeInfoFailure, e.message[0..255].encode(Encoding.default_external, undef: :replace)
rescue StandardError => e
raise Failure, e.inspect
end
......@@ -153,39 +149,29 @@ class ConnectionTester
yield(@http) if block_given?
end
def with_dns_resolver
dns = Resolv::DNS.new
yield(dns) if block_given?
ensure
dns.close
end
def http_uri?(uri)
uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
end
def uses_ssl?
@uses_ssl
end
# request root path, measure response time
# measured time may be skewed, if there are redirects
#
# @return [Faraday::Response]
def capture_response_time
start = Time.zone.now
start = Time.zone.now
resp = yield if block_given?
@result.rt = ((Time.zone.now - start) * 1000.0).to_i # milliseconds
resp
end
def handle_http_response(response)
@uses_ssl = (response.env.url.scheme == "https")
@result.status_code = Integer(response.status)
if response.success?
@result.reachable = true
@result.ssl_status = @uses_ssl
raise HTTPFailure, "redirected to other hostname: #{response.env.url}" unless @uri.host == response.env.url.host
@result.reachable = true
@result.ssl = (response.env.url.scheme == "https")
else
raise HTTPFailure, "unsuccessful response code: #{response.status}"
end
......@@ -228,19 +214,16 @@ class ConnectionTester
end
Result = Struct.new(
:hostname, :ip, :reachable, :ssl_status, :status_code, :rt, :software_version, :error
:ip, :reachable, :ssl, :status_code, :rt, :software_version, :error
) do
# @!attribute hostname
# @return [String] hostname derived from the URL
# @!attribute ip
# @return [String] resolved IP address from DNS query
# @!attribute reachable
# @return [Boolean] whether the host was reachable over the network
# @!attribute ssl_status
# @return [Boolean] indicating how the SSL verification went
# @!attribute ssl
# @return [Boolean] whether the host has working ssl
# @!attribute status_code
# @return [Integer] HTTP status code that was returned for the HEAD request
......
......@@ -86,10 +86,6 @@ class HydraWrapper
# Save the reference to the pod to the database if not already present
Pod.find_or_create_by(url: response.effective_url)
if redirecting_to_https? response
Person.url_batch_update people_for_receive_url, response.headers_hash['Location']
end
unless response.success?
logger.warn "event=http_multi_fail sender_id=#{@user.id} url=#{response.effective_url} " \
"return_code=#{response.return_code} response_code=#{response.response_code}"
......@@ -101,10 +97,4 @@ class HydraWrapper
end
end
end
# @return [Boolean]
def redirecting_to_https? response
response.code >= 300 && response.code < 400 &&
response.headers_hash['Location'] == response.request.url.sub('http://', 'https://')
end
end
......@@ -25,10 +25,11 @@ describe Admin::PodsController, type: :controller do
end
it "returns the json data" do
@pods = (0..2).map { FactoryGirl.create(:pod).reload } # normalize timestamps
3.times { FactoryGirl.create(:pod) }
get :index, format: :json
expect(response.body).to eql(PodPresenter.as_collection(@pods).to_json)
expect(response.body).to eql(PodPresenter.as_collection(Pod.all).to_json)
end
end
......
......@@ -31,7 +31,7 @@ FactoryGirl.define do
factory(:person, aliases: %i(author)) do
sequence(:diaspora_handle) {|n| "bob-person-#{n}#{r_str}@example.net" }
url AppConfig.pod_uri.to_s
pod { Pod.find_or_create_by(url: "http://example.net") }
serialized_public_key OpenSSL::PKey::RSA.generate(1024).public_key.export
after(:build) do |person|
unless person.profile.first_name.present?
......@@ -69,10 +69,11 @@ FactoryGirl.define do
password_confirmation { |u| u.password }
serialized_private_key OpenSSL::PKey::RSA.generate(1024).export
after(:build) do |u|
u.person = FactoryGirl.build(:person, :profile => FactoryGirl.build(:profile),
:owner_id => u.id,
:serialized_public_key => u.encryption_key.public_key.export,
:diaspora_handle => "#{u.username}#{User.diaspora_id_host}")
u.person = FactoryGirl.build(:person,
profile: FactoryGirl.build(:profile),
pod: nil,
serialized_public_key: u.encryption_key.public_key.export,
diaspora_handle: "#{u.username}#{User.diaspora_id_host}")
end
after(:create) do |u|
u.person.save
......
......@@ -8,10 +8,13 @@ end
def create_remote_user(pod)
FactoryGirl.build(:user).tap do |user|
user.person = FactoryGirl.create(:person,
profile: FactoryGirl.build(:profile),
serialized_public_key: user.encryption_key.public_key.export,
diaspora_handle: "#{user.username}@#{pod}")
allow(user).to receive(:person).and_return(
FactoryGirl.create(:person,
profile: FactoryGirl.build(:profile),
serialized_public_key: user.encryption_key.public_key.export,
pod: Pod.find_or_create_by(url: "http://#{pod}"),
diaspora_handle: "#{user.username}@#{pod}")
)
allow(DiasporaFederation.callbacks).to receive(:trigger)
.with(:fetch_private_key_by_diaspora_id, user.diaspora_handle) {
user.encryption_key
......
......@@ -2,6 +2,10 @@
require "spec_helper"
describe ConnectionTester do
let(:url) { "https://pod.example.com" }
let(:result) { ConnectionTester::Result.new }
let(:tester) { ConnectionTester.new(url, result) }
describe "::check" do
it "takes a http url and returns a result object" do
res = ConnectionTester.check("https://pod.example.com")
......@@ -29,102 +33,108 @@ describe ConnectionTester do
end
describe "#resolve" do
before do
@result = ConnectionTester::Result.new
@dns = instance_double("Resolv::DNS")
allow(@dns).to receive(:close).once
end
it "resolves the IP address" do
tester = ConnectionTester.new("https://pod.example.com", @result)
expect(tester).to receive(:with_dns_resolver).and_yield(@dns)
expect(@dns).to receive(:getaddress).and_return("192.168.1.2")
expect(IPSocket).to receive(:getaddress).with("pod.example.com").and_return("192.168.1.2")
tester.resolve
expect(@result.ip).to eq("192.168.1.2")
expect(result.ip).to eq("192.168.1.2")
end
it "raises DNSFailure if host is unknown" do
expect(IPSocket).to receive(:getaddress).with("pod.example.com").and_raise(SocketError.new("Error!"))
expect { tester.resolve }.to raise_error(ConnectionTester::DNSFailure, "'pod.example.com' - Error!")
end
end
describe "#request" do
before do
@url = "https://pod.example.com"
@stub =
@result = ConnectionTester::Result.new
@tester = ConnectionTester.new(@url, @result)
it "performs a successful GET request on '/' and '/.well-known/host-meta'" do
stub_request(:get, url).to_return(status: 200, body: "Hello World!")
stub_request(:get, "#{url}/.well-known/host-meta").to_return(status: 200, body: "host-meta")
tester.request
expect(result.rt).to be > -1
expect(result.reachable).to be_truthy
expect(result.ssl).to be_truthy
end
it "receives a 'normal' 301 redirect" do
stub_request(:get, url).to_return(status: 301, headers: {"Location" => "#{url}/redirect"})
stub_request(:get, "#{url}/redirect").to_return(status: 200, body: "Hello World!")
stub_request(:get, "#{url}/.well-known/host-meta").to_return(status: 200, body: "host-meta")
tester.request
end
it "performs a successful GET request on '/'" do
stub_request(:get, @url).to_return(status: 200, body: "Hello World!")
it "updates ssl after https redirect" do