archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
d3268aecc226397a09e47b8b24aebe48f226fe9c
phabricator/src/applications/conduit/protocol/ConduitAPIRequest.php
epriestley d94d1da610 Proxy Diffusion Conduit API calls 
Summary:
Fixes T7020. When an external user makes a Conduit request to Diffusion but the repository isn't hosted locally, we need to proxy it.

This also adds a guard layer to prevent requests from getting infinitely proxied inside the cluster.

In "trivial" configurations (where the repository is a service repository, but the service is on the local device) I'm making us always proxy anyway. This basically makes it reasonable to test this stuff (otherwise you'd have to set up two different installs) and this configuration doesn't make much sense in real life (if you're using multiple machines, making one a dedicating daemons+repo box is almost certainly the most reasonable configuration, even for a cluster size of 2).

Test Plan:
  - With a service-hosted repository, made Diffusion conduit calls and browsed the UI. Verified requests got proxied once, then resovled.
  - With a non-service repository, made Diffusion conduit calls and browsed UI. Verified requests were handled in-process immediately.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T7020

Differential Revision: https://secure.phabricator.com/D11475
2015-01-23 13:30:52 -08:00

56 lines
1.4 KiB
PHP
Raw Blame History

<?php
final class ConduitAPIRequest {
protected $params;
private $user;
private $isClusterRequest = false;
public function __construct(array $params) {
$this->params = $params;
}
public function getValue($key, $default = null) {
return coalesce(idx($this->params, $key), $default);
}
public function getAllParameters() {
return $this->params;
}
public function setUser(PhabricatorUser $user) {
$this->user = $user;
return $this;
}
/**
* Retrieve the authentic identity of the user making the request. If a
* method requires authentication (the default) the user object will always
* be available. If a method does not require authentication (i.e., overrides
* shouldRequireAuthentication() to return false) the user object will NEVER
* be available.
*
* @return PhabricatorUser Authentic user, available ONLY if the method
* requires authentication.
*/
public function getUser() {
if (!$this->user) {
throw new Exception(
'You can not access the user inside the implementation of a Conduit '.
'method which does not require authentication (as per '.
'shouldRequireAuthentication()).');
}
return $this->user;
}
public function setIsClusterRequest($is_cluster_request) {
$this->isClusterRequest = $is_cluster_request;
return $this;
}
public function getIsClusterRequest() {
return $this->isClusterRequest;
}
}
Reference in New Issue View Git Blame Copy Permalink