Allow custom request checker prior to displaying page

Summary: We want to allow a broader access to our installation but we need to check the request in that case. Test Plan: Created a simple `PhabricatorRequestChecker` returning a custom controller. Verified that this controller is used when accessing any page. Returned `null` from this checker and verified that all 209 Phabricator pages are accessible. Reviewers: epriestley Reviewed By: epriestley CC: scottmac, aran, Korvin, btrahan Differential Revision: https://secure.phabricator.com/D2488
2024-09-20 01:08:50 +02:00 · 2012-09-25 17:37:52 -07:00 · 2012-09-25 17:37:52 -07:00 · 5a5d0b2b56
commit 5a5d0b2b56
parent 057d857568
3 changed files with 31 additions and 0 deletions
--- a/src/applications/base/controller/PhabricatorController.php
+++ b/src/applications/base/controller/PhabricatorController.php
@ -79,6 +79,19 @@ abstract class PhabricatorController extends AphrontController {
      return $this->delegateToController($disabled_user_controller);
    }

+    $event = new PhabricatorEvent(
+      PhabricatorEventType::TYPE_CONTROLLER_CHECKREQUEST,
+      array(
+        'request' => $request,
+        'controller' => get_class($this),
+      ));
+    $event->setUser($user);
+    PhutilEventEngine::dispatchEvent($event);
+    $checker_controller = $event->getValue('controller');
+    if ($checker_controller != get_class($this)) {
+      return $this->delegateToController($checker_controller);
+    }
+
    if (PhabricatorEnv::getEnvConfig('darkconsole.enabled')) {
      if ($user->getConsoleEnabled() ||
          PhabricatorEnv::getEnvConfig('darkconsole.always-on')) {
--- a/src/docs/userguide/events.diviner
+++ b/src/docs/userguide/events.diviner
@ -130,6 +130,22 @@ fields to, e.g., edit revision titles. Data available on this event:
  - `specification` Parameters that will be used to invoke the
    `differential.createrevision` Conduit call.

+== Controller: Check Request ==
+
+The constant for this event is
+`PhabricatorEventType::TYPE_CONTROLLER_CHECKREQUEST`.
+
+This event is dispatched when controller is about to begin execution. It is
+meant for checking if the user is allowed to use the application at the moment.
+It can check if the user has performed too many operations recently, if his IP
+address is allowed or if the servers are overloaded to process the request.
+Data available on this event:
+
+- `request` Object of class @{class:AphrontRequest}.
+- `controller` Class name of the current controller.
+
+You can delegate the execution to another controller by modifying `controller`.
+
 == Maniphest: Will Edit Task ==

 The constant for this event is
--- a/src/infrastructure/events/constant/PhabricatorEventType.php
+++ b/src/infrastructure/events/constant/PhabricatorEventType.php
@ -24,6 +24,8 @@
 */
 final class PhabricatorEventType extends PhutilEventType {

+  const TYPE_CONTROLLER_CHECKREQUEST        = 'controller.checkRequest';
+
  const TYPE_MANIPHEST_WILLEDITTASK         = 'maniphest.willEditTask';
  const TYPE_MANIPHEST_DIDEDITTASK          = 'maniphest.didEditTask';