revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-28 14:39:36 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/aphront/sink/AphrontHTTPSink.php
epriestley c7f23f522a Accept and route VCS HTTP requests 
Summary:
Mostly ripped from D7391, with some changes:

  - Serve repositories at `/diffusion/X/`, with no special `/git/` or `/serve/` URI component.
    - This requires a little bit of magic, but I got the magic working for Git, Mercurial and SVN, and it seems reasonable.
    - I think having one URI for everything will make it easier for users to understand.
    - One downside is that git will clone into `X` by default, but I think that's not a big deal, and we can work around that in the future easily enough.
  - Accept HTTP requests for Git, SVN and Mercurial repositories.
  - Auth logic is a little different in order to be more consistent with how other things work.
  - Instead of AphrontBasicAuthResponse, added "VCSResponse". Mercurial can print strings we send it on the CLI if we're careful, so support that. I did a fair amount of digging and didn't have any luck with git or svn.
  - Commands we don't know about are assumed to require "Push" capability by default.

No actual VCS data going over the wire yet.

Test Plan:
Ran a bunch of stuff like this:

  $ hg clone http://local.aphront.com:8080/diffusion/P/
  abort: HTTP Error 403: This repository is not available over HTTP.

...and got pretty reasonable-seeming errors in all cases. All this can do is produce errors for now.

Reviewers: hach-que, btrahan

Reviewed By: hach-que

CC: aran

Maniphest Tasks: T2230

Differential Revision: https://secure.phabricator.com/D7417
2013-10-29 15:32:40 -07:00

120 lines
3.2 KiB
PHP
Raw Blame History

<?php
/**
* Abstract class which wraps some sort of output mechanism for HTTP responses.
* Normally this is just @{class:AphrontPHPHTTPSink}, which uses "echo" and
* "header()" to emit responses.
*
* Mostly, this class allows us to do install security or metrics hooks in the
* output pipeline.
*
* @task write Writing Response Components
* @task emit Emitting the Response
*
* @group aphront
*/
abstract class AphrontHTTPSink {
/* -( Writing Response Components )---------------------------------------- */
/**
* Write an HTTP status code to the output.
*
* @param int Numeric HTTP status code.
* @return void
*/
final public function writeHTTPStatus($code, $message = '') {
if (!preg_match('/^\d{3}$/', $code)) {
throw new Exception("Malformed HTTP status code '{$code}'!");
}
$code = (int)$code;
$this->emitHTTPStatus($code, $message);
}
/**
* Write HTTP headers to the output.
*
* @param list<pair> List of <name, value> pairs.
* @return void
*/
final public function writeHeaders(array $headers) {
foreach ($headers as $header) {
if (!is_array($header) || count($header) !== 2) {
throw new Exception('Malformed header.');
}
list($name, $value) = $header;
if (strpos($name, ':') !== false) {
throw new Exception(
"Declining to emit response with malformed HTTP header name: ".
$name);
}
// Attackers may perform an "HTTP response splitting" attack by making
// the application emit certain types of headers containing newlines:
//
// http://en.wikipedia.org/wiki/HTTP_response_splitting
//
// PHP has built-in protections against HTTP response-splitting, but they
// are of dubious trustworthiness:
//
// http://news.php.net/php.internals/57655
if (preg_match('/[\r\n\0]/', $name.$value)) {
throw new Exception(
"Declining to emit response with unsafe HTTP header: ".
"<'".$name."', '".$value."'>.");
}
}
foreach ($headers as $header) {
list($name, $value) = $header;
$this->emitHeader($name, $value);
}
}
/**
* Write HTTP body data to the output.
*
* @param string Body data.
* @return void
*/
final public function writeData($data) {
$this->emitData($data);
}
/**
* Write an entire @{class:AphrontResponse} to the output.
*
* @param AphrontResponse The response object to write.
* @return void
*/
final public function writeResponse(AphrontResponse $response) {
// Do this first, in case it throws.
$response_string = $response->buildResponseString();
$all_headers = array_merge(
$response->getHeaders(),
$response->getCacheHeaders());
$this->writeHTTPStatus(
$response->getHTTPResponseCode(),
$response->getHTTPResponseMessage());
$this->writeHeaders($all_headers);
$this->writeData($response_string);
}
/* -( Emitting the Response )---------------------------------------------- */
abstract protected function emitHTTPStatus($code, $message = '');
abstract protected function emitHeader($name, $value);
abstract protected function emitData($data);
}
View git blame Copy permalink