mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-15 19:32:40 +01:00
439821c7b2
Summary: Ref T10262. This removes one-time tokens and makes file data responses always-cacheable (for 30 days). The URI will stop working once any attached object changes its view policy, or the file view policy itself changes. Files with `canCDN` (totally public data like profile images, CSS, JS, etc) use "cache-control: public" so they can be CDN'd. Files without `canCDN` use "cache-control: private" so they won't be cached by the CDN. They could still be cached by a misbehaving local cache, but if you don't want your users seeing one anothers' secret files you should configure your local network properly. Our "Cache-Control" headers were also from 1999 or something, update them to be more modern/sane. I can't find any evidence that any browser has done the wrong thing with this simpler ruleset in the last ~10 years. Test Plan: - Configured alternate file domain. - Viewed site: stuff worked. - Accessed a file on primary domain, got redirected to alternate domain. - Verified proper cache headers for `canCDN` (public) and non-`canCDN` (private) files. - Uploaded a file to a task, edited task policy, verified it scrambled the old URI. - Reloaded task, new URI generated transparently. Reviewers: chad Reviewed By: chad Maniphest Tasks: T10262 Differential Revision: https://secure.phabricator.com/D15642
152 lines
4.8 KiB
PHP
152 lines
4.8 KiB
PHP
<?php
|
|
|
|
final class PhabricatorFileDataController extends PhabricatorFileController {
|
|
|
|
private $phid;
|
|
private $key;
|
|
private $file;
|
|
|
|
public function shouldRequireLogin() {
|
|
return false;
|
|
}
|
|
|
|
public function handleRequest(AphrontRequest $request) {
|
|
$viewer = $request->getViewer();
|
|
$this->phid = $request->getURIData('phid');
|
|
$this->key = $request->getURIData('key');
|
|
|
|
$alt = PhabricatorEnv::getEnvConfig('security.alternate-file-domain');
|
|
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
|
|
$alt_uri = new PhutilURI($alt);
|
|
$alt_domain = $alt_uri->getDomain();
|
|
$req_domain = $request->getHost();
|
|
$main_domain = id(new PhutilURI($base_uri))->getDomain();
|
|
|
|
|
|
if (!strlen($alt) || $main_domain == $alt_domain) {
|
|
// No alternate domain.
|
|
$should_redirect = false;
|
|
$use_viewer = $viewer;
|
|
$is_alternate_domain = false;
|
|
} else if ($req_domain != $alt_domain) {
|
|
// Alternate domain, but this request is on the main domain.
|
|
$should_redirect = true;
|
|
$use_viewer = $viewer;
|
|
$is_alternate_domain = false;
|
|
} else {
|
|
// Alternate domain, and on the alternate domain.
|
|
$should_redirect = false;
|
|
$use_viewer = PhabricatorUser::getOmnipotentUser();
|
|
$is_alternate_domain = true;
|
|
}
|
|
|
|
$response = $this->loadFile($use_viewer);
|
|
if ($response) {
|
|
return $response;
|
|
}
|
|
|
|
$file = $this->getFile();
|
|
|
|
if ($should_redirect) {
|
|
return id(new AphrontRedirectResponse())
|
|
->setIsExternal(true)
|
|
->setURI($file->getCDNURI());
|
|
}
|
|
|
|
$response = new AphrontFileResponse();
|
|
$response->setCacheDurationInSeconds(60 * 60 * 24 * 30);
|
|
$response->setCanCDN($file->getCanCDN());
|
|
|
|
$begin = null;
|
|
$end = null;
|
|
|
|
// NOTE: It's important to accept "Range" requests when playing audio.
|
|
// If we don't, Safari has difficulty figuring out how long sounds are
|
|
// and glitches when trying to loop them. In particular, Safari sends
|
|
// an initial request for bytes 0-1 of the audio file, and things go south
|
|
// if we can't respond with a 206 Partial Content.
|
|
$range = $request->getHTTPHeader('range');
|
|
if ($range) {
|
|
$matches = null;
|
|
if (preg_match('/^bytes=(\d+)-(\d+)$/', $range, $matches)) {
|
|
// Note that the "Range" header specifies bytes differently than
|
|
// we do internally: the range 0-1 has 2 bytes (byte 0 and byte 1).
|
|
$begin = (int)$matches[1];
|
|
$end = (int)$matches[2] + 1;
|
|
|
|
$response->setHTTPResponseCode(206);
|
|
$response->setRange($begin, ($end - 1));
|
|
}
|
|
}
|
|
|
|
$is_viewable = $file->isViewableInBrowser();
|
|
$force_download = $request->getExists('download');
|
|
|
|
if ($is_viewable && !$force_download) {
|
|
$response->setMimeType($file->getViewableMimeType());
|
|
} else {
|
|
if (!$request->isHTTPPost() && !$is_alternate_domain) {
|
|
// NOTE: Require POST to download files from the primary domain. We'd
|
|
// rather go full-bore and do a real CSRF check, but can't currently
|
|
// authenticate users on the file domain. This should blunt any
|
|
// attacks based on iframes, script tags, applet tags, etc., at least.
|
|
// Send the user to the "info" page if they're using some other method.
|
|
|
|
// This is marked as "external" because it is fully qualified.
|
|
return id(new AphrontRedirectResponse())
|
|
->setIsExternal(true)
|
|
->setURI(PhabricatorEnv::getProductionURI($file->getBestURI()));
|
|
}
|
|
$response->setMimeType($file->getMimeType());
|
|
$response->setDownload($file->getName());
|
|
}
|
|
|
|
$iterator = $file->getFileDataIterator($begin, $end);
|
|
|
|
$response->setContentLength($file->getByteSize());
|
|
$response->setContentIterator($iterator);
|
|
|
|
return $response;
|
|
}
|
|
|
|
private function loadFile(PhabricatorUser $viewer) {
|
|
$file = id(new PhabricatorFileQuery())
|
|
->setViewer($viewer)
|
|
->withPHIDs(array($this->phid))
|
|
->executeOne();
|
|
|
|
if (!$file) {
|
|
return new Aphront404Response();
|
|
}
|
|
|
|
if (!$file->validateSecretKey($this->key)) {
|
|
return new Aphront403Response();
|
|
}
|
|
|
|
if ($file->getIsPartial()) {
|
|
// We may be on the CDN domain, so we need to use a fully-qualified URI
|
|
// here to make sure we end up back on the main domain.
|
|
$info_uri = PhabricatorEnv::getURI($file->getInfoURI());
|
|
|
|
return $this->newDialog()
|
|
->setTitle(pht('Partial Upload'))
|
|
->appendParagraph(
|
|
pht(
|
|
'This file has only been partially uploaded. It must be '.
|
|
'uploaded completely before you can download it.'))
|
|
->addCancelButton($info_uri);
|
|
}
|
|
|
|
$this->file = $file;
|
|
|
|
return null;
|
|
}
|
|
|
|
private function getFile() {
|
|
if (!$this->file) {
|
|
throw new PhutilInvalidStateException('loadFile');
|
|
}
|
|
return $this->file;
|
|
}
|
|
|
|
}
|