2011-01-16 22:51:39 +01:00
|
|
|
<?php
|
|
|
|
|
2015-08-21 23:53:29 +02:00
|
|
|
phabricator_startup();
|
2012-03-26 19:32:01 +02:00
|
|
|
|
2019-02-11 18:58:45 +01:00
|
|
|
$fatal_exception = null;
|
2011-04-05 19:48:36 +02:00
|
|
|
try {
|
2015-08-21 23:53:29 +02:00
|
|
|
PhabricatorStartup::beginStartupPhase('libraries');
|
2012-12-25 15:15:28 +01:00
|
|
|
PhabricatorStartup::loadCoreLibraries();
|
2015-08-21 23:53:29 +02:00
|
|
|
|
|
|
|
PhabricatorStartup::beginStartupPhase('purge');
|
2015-06-05 02:27:31 +02:00
|
|
|
PhabricatorCaches::destroyRequestCache();
|
|
|
|
|
2015-08-21 23:53:29 +02:00
|
|
|
PhabricatorStartup::beginStartupPhase('sink');
|
2012-12-25 15:17:45 +01:00
|
|
|
$sink = new AphrontPHPHTTPSink();
|
|
|
|
|
2019-02-11 18:58:45 +01:00
|
|
|
// PHP introduced a "Throwable" interface in PHP 7 and began making more
|
|
|
|
// runtime errors throw as "Throwable" errors. This is generally good, but
|
|
|
|
// makes top-level exception handling that is compatible with both PHP 5
|
|
|
|
// and PHP 7 a bit tricky.
|
|
|
|
|
|
|
|
// In PHP 5, "Throwable" does not exist, so "catch (Throwable $ex)" catches
|
|
|
|
// nothing.
|
|
|
|
|
|
|
|
// In PHP 7, various runtime conditions raise an Error which is a Throwable
|
|
|
|
// but NOT an Exception, so "catch (Exception $ex)" will not catch them.
|
|
|
|
|
|
|
|
// To cover both cases, we "catch (Exception $ex)" to catch everything in
|
|
|
|
// PHP 5, and most things in PHP 7. Then, we "catch (Throwable $ex)" to catch
|
|
|
|
// everything else in PHP 7. For the most part, we only need to do this at
|
|
|
|
// the top level.
|
|
|
|
|
|
|
|
$main_exception = null;
|
2012-10-04 08:54:24 +02:00
|
|
|
try {
|
2015-08-21 23:53:29 +02:00
|
|
|
PhabricatorStartup::beginStartupPhase('run');
|
Improve top-level exception handling
Summary:
Fixes T6692. Addresses two main issues:
- The write guard would sometimes not get disposed of on exception pathways, generating an unnecessary secondary error which was just a symptom of the original root error.
- This was generally confusing and reduced the quality of reports we received because users would report the symptomatic error sometimes instead of the real error.
- Instead, reflow the handling so that we always dispose of the write guard if we create one.
- If we missed the Controller-level error page generation (normally, a nice page with full CSS, etc), we'd jump straight to Startup-level error page generation (very basic plain text).
- A large class of errors occur too early or too late to be handled by Controller-level pages, but many of these errors are not fundamental, and the plain text page is excessively severe.
- Provide a mid-level simple HTML error page for errors which can't get full CSS, but also aren't so fundamental that we have no recourse but plain text.
Test Plan:
Mid-level errors now produce an intentional-looking error page:
{F259885}
Verified that setup errors still render properly.
@chad, feel free to tweak the exception page -- I just did a rough pass on it. Like the setup error stuff, it doesn't have Celerity, so we can't use `{$colors}` and no other CSS will be loaded.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley, chad
Maniphest Tasks: T6692
Differential Revision: https://secure.phabricator.com/D11126
2015-01-02 19:49:27 +01:00
|
|
|
AphrontApplicationConfiguration::runHTTPRequest($sink);
|
2012-10-04 08:54:24 +02:00
|
|
|
} catch (Exception $ex) {
|
2019-02-11 18:58:45 +01:00
|
|
|
$main_exception = $ex;
|
|
|
|
} catch (Throwable $ex) {
|
|
|
|
$main_exception = $ex;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($main_exception) {
|
|
|
|
$response_exception = null;
|
Improve top-level exception handling
Summary:
Fixes T6692. Addresses two main issues:
- The write guard would sometimes not get disposed of on exception pathways, generating an unnecessary secondary error which was just a symptom of the original root error.
- This was generally confusing and reduced the quality of reports we received because users would report the symptomatic error sometimes instead of the real error.
- Instead, reflow the handling so that we always dispose of the write guard if we create one.
- If we missed the Controller-level error page generation (normally, a nice page with full CSS, etc), we'd jump straight to Startup-level error page generation (very basic plain text).
- A large class of errors occur too early or too late to be handled by Controller-level pages, but many of these errors are not fundamental, and the plain text page is excessively severe.
- Provide a mid-level simple HTML error page for errors which can't get full CSS, but also aren't so fundamental that we have no recourse but plain text.
Test Plan:
Mid-level errors now produce an intentional-looking error page:
{F259885}
Verified that setup errors still render properly.
@chad, feel free to tweak the exception page -- I just did a rough pass on it. Like the setup error stuff, it doesn't have Celerity, so we can't use `{$colors}` and no other CSS will be loaded.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley, chad
Maniphest Tasks: T6692
Differential Revision: https://secure.phabricator.com/D11126
2015-01-02 19:49:27 +01:00
|
|
|
try {
|
|
|
|
$response = new AphrontUnhandledExceptionResponse();
|
2019-02-11 18:58:45 +01:00
|
|
|
$response->setException($main_exception);
|
2019-02-11 22:00:53 +01:00
|
|
|
$response->setShowStackTraces($sink->getShowStackTraces());
|
Improve top-level exception handling
Summary:
Fixes T6692. Addresses two main issues:
- The write guard would sometimes not get disposed of on exception pathways, generating an unnecessary secondary error which was just a symptom of the original root error.
- This was generally confusing and reduced the quality of reports we received because users would report the symptomatic error sometimes instead of the real error.
- Instead, reflow the handling so that we always dispose of the write guard if we create one.
- If we missed the Controller-level error page generation (normally, a nice page with full CSS, etc), we'd jump straight to Startup-level error page generation (very basic plain text).
- A large class of errors occur too early or too late to be handled by Controller-level pages, but many of these errors are not fundamental, and the plain text page is excessively severe.
- Provide a mid-level simple HTML error page for errors which can't get full CSS, but also aren't so fundamental that we have no recourse but plain text.
Test Plan:
Mid-level errors now produce an intentional-looking error page:
{F259885}
Verified that setup errors still render properly.
@chad, feel free to tweak the exception page -- I just did a rough pass on it. Like the setup error stuff, it doesn't have Celerity, so we can't use `{$colors}` and no other CSS will be loaded.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley, chad
Maniphest Tasks: T6692
Differential Revision: https://secure.phabricator.com/D11126
2015-01-02 19:49:27 +01:00
|
|
|
|
|
|
|
PhabricatorStartup::endOutputCapture();
|
|
|
|
$sink->writeResponse($response);
|
2019-02-11 18:58:45 +01:00
|
|
|
} catch (Exception $ex) {
|
|
|
|
$response_exception = $ex;
|
|
|
|
} catch (Throwable $ex) {
|
|
|
|
$response_exception = $ex;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we hit a rendering exception, ignore it and throw the original
|
|
|
|
// exception. It is generally more interesting and more likely to be
|
|
|
|
// the root cause.
|
|
|
|
|
|
|
|
if ($response_exception) {
|
|
|
|
throw $main_exception;
|
Allow Phabricator to write an access log using PhutilDeferredLog
Summary: Provide a configurable access log.
Test Plan:
Got a sensible-looking log including logged-in, logged-out, conduit, 404, etc:
[Mon, 23 Apr 2012 20:08:12 -0700] 32599 orbital - epriestley DifferentialCommentPreviewController - /differential/comment/preview/42/ http://local.aphront.com:8080/D42 200 65406
[Mon, 23 Apr 2012 20:08:12 -0700] 32881 orbital - epriestley DifferentialChangesetViewController - /differential/changeset/ http://local.aphront.com:8080/D42 200 72669
[Mon, 23 Apr 2012 20:08:39 -0700] 32882 orbital 127.0.0.1 epriestley DifferentialRevisionListController - /differential/ http://local.aphront.com:8080/D42 200 106444
[Mon, 23 Apr 2012 20:08:54 -0700] 32867 orbital 127.0.0.1 epriestley DifferentialRevisionListController - /differential/ http://local.aphront.com:8080/differential/ 200 112229
[Mon, 23 Apr 2012 20:09:05 -0700] 32530 orbital 127.0.0.1 epriestley PhabricatorDirectoryMainController - / http://local.aphront.com:8080/differential/ 200 141350
[Mon, 23 Apr 2012 20:09:10 -0700] 32598 orbital 127.0.0.1 epriestley PhabricatorDirectoryCategoryViewController - /directory/6/ http://local.aphront.com:8080/ 200 43474
[Mon, 23 Apr 2012 20:09:12 -0700] 32880 orbital 127.0.0.1 epriestley PhabricatorConduitConsoleController - /conduit/ http://local.aphront.com:8080/directory/6/ 200 139340
[Mon, 23 Apr 2012 20:09:15 -0700] 32868 orbital 127.0.0.1 epriestley PhabricatorConduitAPIController arcanist.projectinfo /api/arcanist.projectinfo http://local.aphront.com:8080/conduit/ 200 128774
[Mon, 23 Apr 2012 20:10:04 -0700] 32599 orbital 127.0.0.1 epriestley Phabricator404Controller - /asdbmabdmbsm - 404 38782
[Mon, 23 Apr 2012 20:10:04 -0700] 32881 orbital 127.0.0.1 - CelerityResourceController - /res/c9a43002/rsrc/css/aphront/request-failure-view.css http://local.aphront.com:8080/asdbmabdmbsm 200 25160
[Mon, 23 Apr 2012 20:10:57 -0700] 32882 orbital 127.0.0.1 epriestley PhabricatorLogoutController - /logout/ http://local.aphront.com:8080/asdbmabdmbsm 200 40810
[Mon, 23 Apr 2012 20:10:57 -0700] 32867 orbital 127.0.0.1 - PhabricatorLoginController - /login/ http://local.aphront.com:8080/asdbmabdmbsm 200 42526
[Mon, 23 Apr 2012 20:10:59 -0700] 32919 orbital 127.0.0.1 - PhabricatorLoginController - /login/ http://local.aphront.com:8080/asdbmabdmbsm 200 49052
[Mon, 23 Apr 2012 20:10:59 -0700] 32880 orbital 127.0.0.1 - CelerityResourceController - /res/c80156c4/rsrc/js/application/core/behavior-dark-console.js http://local.aphront.com:8080/login/ 200 33166
[Mon, 23 Apr 2012 20:10:59 -0700] 32868 orbital 127.0.0.1 - CelerityResourceController - /res/4965d970/rsrc/css/aphront/dark-console.css http://local.aphront.com:8080/login/ 200 38078
[Mon, 23 Apr 2012 20:10:59 -0700] 32599 orbital 127.0.0.1 - CelerityResourceController - /res/pkg/8a5de8a3/javelin.pkg.js http://local.aphront.com:8080/login/ 200 40534
[Mon, 23 Apr 2012 20:10:59 -0700] 32882 orbital 127.0.0.1 - CelerityResourceController - /res/pkg/9c4e265b/core.pkg.css http://local.aphront.com:8080/login/ 200 41262
[Mon, 23 Apr 2012 20:10:59 -0700] 32881 orbital 127.0.0.1 - CelerityResourceController - /res/pkg/0c96375e/core.pkg.js http://local.aphront.com:8080/login/ 200 43720
[Mon, 23 Apr 2012 20:10:59 -0700] 32921 orbital 127.0.0.1 - CelerityResourceController - /res/caa86a45/rsrc/js/javelin/core/init.js http://local.aphront.com:8080/login/ 200 47566
[Mon, 23 Apr 2012 20:10:59 -0700] 32867 orbital 127.0.0.1 - CelerityResourceController - /res/f46289e9/rsrc/js/application/core/behavior-error-log.js http://local.aphront.com:8080/login/ 200 29328
[Mon, 23 Apr 2012 20:10:59 -0700] 32919 orbital 127.0.0.1 - CelerityResourceController - /res/7e62ff40/rsrc/image/phabricator_logo.png http://local.aphront.com:8080/login/ 200 25583
[Mon, 23 Apr 2012 20:10:59 -0700] 32880 orbital 127.0.0.1 - CelerityResourceController - /res/8c6200d3/rsrc/image/sprite.png http://local.aphront.com:8080/login/ 200 29829
[Mon, 23 Apr 2012 20:11:01 -0700] 32868 orbital 127.0.0.1 - PhabricatorOAuthLoginController - /oauth/facebook/login/ http://local.aphront.com:8080/login/ 200 855931
[Mon, 23 Apr 2012 20:11:02 -0700] 32882 orbital 127.0.0.1 epriestley789 PhabricatorLoginValidateController - /login/validate/ http://local.aphront.com:8080/login/ 200 29793
[Mon, 23 Apr 2012 20:11:02 -0700] 32881 orbital 127.0.0.1 epriestley789 PhabricatorDirectoryMainController - / http://local.aphront.com:8080/login/ 200 91638
Reviewers: jungejason, btrahan, vrana
Reviewed By: btrahan
CC: aran
Differential Revision: https://secure.phabricator.com/D2310
2012-04-25 16:24:08 +02:00
|
|
|
}
|
Rate limit requests by IP
Summary:
Fixes T3923. On `secure.phabricator.com`, we occasionally get slowed to a crawl when someone runs a security scanner against us, or 5 search bots decide to simultaneously index every line of every file in Diffusion.
Every time a user makes a request, give their IP address some points. If they get too many points in 5 minutes, start blocking their requests automatically for a while.
We give fewer points for logged in requests. We could futher refine this (more points for a 404, more points for a really slow page, etc.) but let's start simply.
Also, provide a mechanism for configuring this, and configuring the LB environment stuff at the same time (this comes up rarely, but we don't have a good answer right now).
Test Plan: Used `ab` and reloading over and over again to hit rate limits. Read documentation.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: chad, epriestley
Maniphest Tasks: T3923
Differential Revision: https://secure.phabricator.com/D8713
2014-04-09 03:36:21 +02:00
|
|
|
}
|
2012-10-04 08:54:24 +02:00
|
|
|
} catch (Exception $ex) {
|
2019-02-11 18:58:45 +01:00
|
|
|
$fatal_exception = $ex;
|
|
|
|
} catch (Throwable $ex) {
|
|
|
|
$fatal_exception = $ex;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($fatal_exception) {
|
|
|
|
PhabricatorStartup::didEncounterFatalException(
|
|
|
|
'Core Exception',
|
|
|
|
$fatal_exception,
|
|
|
|
false);
|
2012-08-25 00:14:38 +02:00
|
|
|
}
|
2015-08-21 23:53:29 +02:00
|
|
|
|
|
|
|
function phabricator_startup() {
|
|
|
|
// Load the PhabricatorStartup class itself.
|
|
|
|
$t_startup = microtime(true);
|
|
|
|
$root = dirname(dirname(__FILE__));
|
2017-10-11 23:23:09 +02:00
|
|
|
require_once $root.'/support/startup/PhabricatorStartup.php';
|
|
|
|
|
|
|
|
// Load client limit classes so the preamble can configure limits.
|
|
|
|
require_once $root.'/support/startup/PhabricatorClientLimit.php';
|
|
|
|
require_once $root.'/support/startup/PhabricatorClientRateLimit.php';
|
|
|
|
require_once $root.'/support/startup/PhabricatorClientConnectionLimit.php';
|
Make it easier to parse "X-Forwarded-For" with one or more load balancers
Summary:
Fixes T13392. If you have 17 load balancers in sequence, Phabricator will receive requests with at least 17 "X-Forwarded-For" components in the header.
We want to select the 17th-from-last element, since prior elements are not trustworthy.
This currently isn't very easy/obvious, and you have to add a kind of sketchy piece of custom code to `preamble.php` to do any "X-Forwarded-For" parsing. Make handling this correctly easier.
Test Plan:
- Ran unit tests.
- Configured my local `preamble.php` to call `preamble_trust_x_forwarded_for_header(4)`, then made `/debug/` dump the header and the final value of `REMOTE_ADDR`.
```
$ curl http://local.phacility.com/debug/
<pre>
HTTP_X_FORWARDED_FOR =
FINAL REMOTE_ADDR = 127.0.0.1
</pre>
```
```
$ curl -H 'X-Forwarded-For: 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6' http://local.phacility.com/debug/
<pre>
HTTP_X_FORWARDED_FOR = 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6
FINAL REMOTE_ADDR = 3.3.3.3
</pre>
```
```
$ curl -H 'X-Forwarded-For: 5.5.5.5, 6.6.6.6' http://local.phacility.com/debug/
<pre>
HTTP_X_FORWARDED_FOR = 5.5.5.5, 6.6.6.6
FINAL REMOTE_ADDR = 5.5.5.5
</pre>
```
Maniphest Tasks: T13392
Differential Revision: https://secure.phabricator.com/D20785
2019-09-05 12:43:22 +02:00
|
|
|
require_once $root.'/support/startup/preamble-utils.php';
|
2015-08-21 23:53:29 +02:00
|
|
|
|
|
|
|
// If the preamble script exists, load it.
|
|
|
|
$t_preamble = microtime(true);
|
|
|
|
$preamble_path = $root.'/support/preamble.php';
|
|
|
|
if (file_exists($preamble_path)) {
|
|
|
|
require_once $preamble_path;
|
|
|
|
}
|
|
|
|
|
|
|
|
$t_hook = microtime(true);
|
|
|
|
PhabricatorStartup::didStartup($t_startup);
|
|
|
|
|
|
|
|
PhabricatorStartup::recordStartupPhase('startup.init', $t_startup);
|
|
|
|
PhabricatorStartup::recordStartupPhase('preamble', $t_preamble);
|
|
|
|
PhabricatorStartup::recordStartupPhase('hook', $t_hook);
|
|
|
|
}
|