revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-03-19 15:50:17 +01:00
Code Issues Releases Wiki Activity
No description
8772 commits 3 branches 7 tags 154 MiB
PHP 93.5%
JavaScript 4.1%
CSS 2.4%
Find a file
epriestley fa7bb8ff7a Add cluster.addresses and require membership before accepting cluster authentication tokens 
Summary:
Ref T2783. Ref T6706.

  - Add `cluster.addresses`. This is a whitelist of CIDR blocks which define cluster hosts.
  - When we recieve a request that has a cluster-based authentication token, require the cluster to be configured and require the remote address to be a cluster member before we accept it.
    - This provides a general layer of security for these mechanisms.
    - In particular, it means they do not work by default on unconfigured hosts.
  - When cluster addresses are configured, and we receive a request //to// an address not on the list, reject it.
    - This provides a general layer of security for getting the Ops side of cluster configuration correct.
    - If cluster nodes have public IPs and are listening on them, we'll reject requests.
    - Basically, this means that any requests which bypass the LB get rejected.

Test Plan:
  - With addresses not configured, tried to make requests; rejected for using a cluster auth mechanism.
  - With addresses configred wrong, tried to make requests; rejected for sending from (or to) an address outside of the cluster.
  - With addresses configured correctly, made valid requests.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6706, T2783

Differential Revision: https://secure.phabricator.com/D11159
2015-01-02 15:13:41 -08:00
bin Add bin/worker flood, for flooding the task queue with work 2014-11-24 11:10:15 -08:00
conf Add bin/almanac register to associate a host with an Almanac device and trust it 2015-01-02 15:13:30 -08:00
externals Update Stripe PHP API 2014-07-13 09:19:07 -07:00
resources Basic style for exception page 2015-01-02 13:48:18 -08:00
scripts Use new FutureIterator instead of Futures 2014-12-30 23:13:38 +11:00
src Add cluster.addresses and require membership before accepting cluster authentication tokens 2015-01-02 15:13:41 -08:00
support Minor improvements to handling Aphlict status code 2015-01-03 09:11:08 +11:00
webroot Basic style for exception page 2015-01-02 13:48:18 -08:00
.arcconfig Update .arclint in Phabricator for phutil-library lint 2014-05-12 06:01:30 -07:00
.arclint Define a seperate JSHint configuration for NodeJS files 2014-12-30 03:02:13 -08:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Add bin/almanac register to associate a host with an Almanac device and trust it 2015-01-02 15:13:30 -08:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README Reformat README as Remarkup 2014-07-16 22:10:36 +10:00

README 

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) [[http://phabricator.org/ | here]].

Phabricator is developed and maintained by [[http://phacility.com/ |
Phacility]]. The first version of Phabricator was originally built at Facebook.

= LICENSE =
Phabricator is released under the Apache 2.0 license except as otherwise noted.