2011-07-31 22:54:58 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/*
|
2012-04-09 00:07:34 +02:00
|
|
|
* Copyright 2012 Facebook, Inc.
|
2011-07-31 22:54:58 +02:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Amazon S3 file storage engine. This engine scales well but is relatively
|
|
|
|
|
* high-latency since data has to be pulled off S3.
|
|
|
|
|
*
|
|
|
|
|
* @task impl Implementation
|
|
|
|
|
* @task internal Internals
|
|
|
|
|
* @group filestorage
|
|
|
|
|
*/
|
|
|
|
|
final class PhabricatorS3FileStorageEngine
|
|
|
|
|
extends PhabricatorFileStorageEngine {
|
|
|
|
|
|
|
|
|
|
/* -( Implementation )----------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* This engine identifies as "amazon-s3".
|
|
|
|
|
*
|
|
|
|
|
* @task impl
|
|
|
|
|
*/
|
|
|
|
|
public function getEngineIdentifier() {
|
|
|
|
|
return 'amazon-s3';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Write file data into S3.
|
|
|
|
|
* @task impl
|
|
|
|
|
*/
|
|
|
|
|
public function writeFile($data, array $params) {
|
|
|
|
|
$s3 = $this->newS3API();
|
|
|
|
|
|
Replace callsites to sha1() that use it to asciify entropy with
Filesystem::readRandomCharacters()
Summary: See T547. To improve auditability of use of crypto-sensitive hash
functions, use Filesystem::readRandomCharacters() in place of
sha1(Filesystem::readRandomBytes()) when we're just generating random ASCII
strings.
Test Plan:
- Generated a new PHID.
- Logged out and logged back in (to test sessions).
- Regenerated Conduit certificate.
- Created a new task, verified mail key generated sensibly.
- Created a new revision, verified mail key generated sensibly.
- Ran "arc list", got blocked, installed new certificate, ran "arc list"
again.
Reviewers: jungejason, nh, tuomaspelkonen, aran, benmathews
Reviewed By: jungejason
CC: aran, epriestley, jungejason
Differential Revision: 1000
2011-10-11 04:22:30 +02:00
|
|
|
$name = 'phabricator/'.Filesystem::readRandomCharacters(20);
|
2011-07-31 22:54:58 +02:00
|
|
|
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
AphrontWriteGuard::willWrite();
|
2011-07-31 22:54:58 +02:00
|
|
|
$s3->putObject(
|
|
|
|
|
$data,
|
|
|
|
|
$this->getBucketName(),
|
|
|
|
|
$name,
|
|
|
|
|
$acl = 'private');
|
|
|
|
|
|
|
|
|
|
return $name;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Load a stored blob from S3.
|
|
|
|
|
* @task impl
|
|
|
|
|
*/
|
|
|
|
|
public function readFile($handle) {
|
|
|
|
|
$result = $this->newS3API()->getObject(
|
|
|
|
|
$this->getBucketName(),
|
|
|
|
|
$handle);
|
|
|
|
|
return $result->body;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete a blob from S3.
|
|
|
|
|
* @task impl
|
|
|
|
|
*/
|
|
|
|
|
public function deleteFile($handle) {
|
Create AphrontWriteGuard, a backup mechanism for CSRF validation
Summary:
Provide a catchall mechanism to find unprotected writes.
- Depends on D758.
- Similar to WriteOnHTTPGet stuff from Facebook's stack.
- Since we have a small number of storage mechanisms and highly structured
read/write pathways, we can explicitly answer the question "is this page
performing a write?".
- Never allow writes without CSRF checks.
- This will probably break some things. That's fine: they're CSRF
vulnerabilities or weird edge cases that we can fix. But don't push to Facebook
for a few days unless you're prepared to deal with this.
- **>>> MEGADERP: All Conduit write APIs are currently vulnerable to CSRF!
<<<**
Test Plan:
- Ran some scripts that perform writes (scripts/search indexers), no issues.
- Performed normal CSRF submits.
- Added writes to an un-CSRF'd page, got an exception.
- Executed conduit methods.
- Did login/logout (this works because the logged-out user validates the
logged-out csrf "token").
- Did OAuth login.
- Did OAuth registration.
Reviewers: pedram, andrewjcg, erling, jungejason, tuomaspelkonen, aran,
codeblock
Commenters: pedram
CC: aran, epriestley, pedram
Differential Revision: 777
2011-08-03 20:49:27 +02:00
|
|
|
|
|
|
|
|
AphrontWriteGuard::willWrite();
|
2011-07-31 22:54:58 +02:00
|
|
|
$this->newS3API()->deleteObject(
|
|
|
|
|
$this->getBucketName(),
|
|
|
|
|
$handle);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* -( Internals )---------------------------------------------------------- */
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Retrieve the S3 bucket name.
|
|
|
|
|
*
|
|
|
|
|
* @task internal
|
|
|
|
|
*/
|
|
|
|
|
private function getBucketName() {
|
|
|
|
|
$bucket = PhabricatorEnv::getEnvConfig('storage.s3.bucket');
|
|
|
|
|
if (!$bucket) {
|
2012-04-09 00:07:34 +02:00
|
|
|
throw new PhabricatorFileStorageConfigurationException(
|
|
|
|
|
"No 'storage.s3.bucket' specified!");
|
2011-07-31 22:54:58 +02:00
|
|
|
}
|
|
|
|
|
return $bucket;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Create a new S3 API object.
|
|
|
|
|
*
|
|
|
|
|
* @task internal
|
2012-05-31 01:38:53 +02:00
|
|
|
* @phutil-external-symbol class S3
|
2011-07-31 22:54:58 +02:00
|
|
|
*/
|
|
|
|
|
private function newS3API() {
|
|
|
|
|
$libroot = dirname(phutil_get_library_root('phabricator'));
|
|
|
|
|
require_once $libroot.'/externals/s3/S3.php';
|
|
|
|
|
|
|
|
|
|
$access_key = PhabricatorEnv::getEnvConfig('amazon-s3.access-key');
|
|
|
|
|
$secret_key = PhabricatorEnv::getEnvConfig('amazon-s3.secret-key');
|
|
|
|
|
|
|
|
|
|
if (!$access_key || !$secret_key) {
|
2012-04-09 00:07:34 +02:00
|
|
|
throw new PhabricatorFileStorageConfigurationException(
|
2011-07-31 22:54:58 +02:00
|
|
|
"Specify 'amazon-s3.access-key' and 'amazon-s3.secret-key'!");
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-31 01:38:53 +02:00
|
|
|
$s3 = new S3($access_key, $secret_key, $use_ssl = true);
|
2011-07-31 22:54:58 +02:00
|
|
|
|
|
|
|
|
$s3->setExceptions(true);
|
|
|
|
|
|
|
|
|
|
return $s3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
