search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
gallery: Fix phan annotation for ImageGalleryBase::getImages
[mediawiki.git] / includes / libs / rdbms / ChronologyProtector.php
blob5b8783cbe047def906dbb675f5e60c2472b33998
1 <?php
2 /**
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation; either version 2 of the License, or
6 * (at your option) any later version.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License along
14 * with this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
16 * http://www.gnu.org/copyleft/gpl.html
17 *
18 * @file
19 */
20 namespace Wikimedia\Rdbms;
21
22 use LogicException;
23 use Psr\Log\LoggerAwareInterface;
24 use Psr\Log\LoggerInterface;
25 use Psr\Log\NullLogger;
26 use Wikimedia\ObjectCache\BagOStuff;
27 use Wikimedia\ObjectCache\EmptyBagOStuff;
28
29 /**
30 * Provide a given client with protection against visible database lag.
31 *
32 * ### In a nut shell
33 *
34 * This class tries to hide visible effects of database lag. It does this by temporarily remembering
35 * the database positions after a client makes a write, and on their next web request we will prefer
36 * non-lagged database replicas. When replica connections are established, we wait up to a few seconds
37 * for sufficient replication to have occurred, if they were not yet caught up to that same point.
38 *
39 * This ensures a consistent ordering of events as seen by a client. Kind of like Hawking's
40 * [Chronology Protection Agency](https://en.wikipedia.org/wiki/Chronology_protection_conjecture).
41 *
42 * ### Purpose
43 *
44 * For performance and scalability reasons, almost all data is queried from replica databases.
45 * Only queries relating to writing data, are sent to a primary database. When rendering a web page
46 * with content or activity feeds on it, the very latest information may thus not yet be there.
47 * That's okay in general, but if, for example, a client recently changed their preferences or
48 * submitted new data, we do our best to make sure their next web response does reflect at least
49 * their own recent changes.
50 *
51 * ### How
52 *
53 * To explain how it works, we will look at an example lifecycle for a client.
54 *
55 * A client is browsing the site. Their web requests are generally read-only and display data from
56 * database replicas, which may be a few seconds out of date if a client elsewhere in the world
57 * recently modified that same data. If the application is run from multiple data centers, then
58 * these web requests may be served from the nearest secondary DC.
59 *
60 * A client performs a POST request, perhaps to publish an edit or change their preferences. This
61 * request is routed to the primary DC (this is the responsibility of infrastructure outside
62 * the web app). There, the data is saved to the primary database, after which the database
63 * host will asynchronously replicate this to its replicas in the same and any other DCs.
64 *
65 * Toward the end of the response to this POST request, the application takes note of the primary
66 * database's current "position", and save this under a "clientId" key in the ChronologyProtector
67 * store. The web response will also set two cookies that are similarly short-lived (about ten
68 * seconds): `UseDC=master` and `cpPosIndex=<posIndex>@<write time>#<clientId>`.
69 *
70 * The ten seconds window is meant to account for the time needed for the database writes to have
71 * replicated across all active database replicas, including the cross-dc latency for those
72 * further away in any secondary DCs. The "clientId" is placed in the cookie to handle the case
73 * where the client IP addresses frequently changes between web requests.
74 *
75 * Future web requests from the client should fall in one of two categories:
76 *
77 * 1. Within the ten second window. Their UseDC cookie will make them return
78 * to the primary DC where we access the ChronologyProtector store and use
79 * the database "position" to decide which local database replica to use
80 * and on-demand wait a split second for replication to catch up if needed.
81 * 2. After the ten second window. They will be routed to the nearest and
82 * possibly different DC. Any local ChronologyProtector store existing there
83 * will not be interacted with. A random database replica may be used as
84 * the client's own writes are expected to have been applied here by now.
85 *
86 * @anchor ChronologyProtector-storage-requirements
87 *
88 * ### Storage requirements
89 *
90 * The store used by ChronologyProtector, as configured via {@link $wgMicroStashType},
91 * should meet the following requirements:
92 *
93 * - Low latencies. Nearly all web requests that involve a database connection will
94 * unconditionally query this store first. It is expected to respond within the order
95 * of one millisecond.
96 * - Best effort persistence, without active eviction pressure. Data stored here cannot be
97 * obtained elsewhere or recomputed. As such, under normal operating conditions, this store
98 * should not be full, and should not evict values before their intended expiry time elapsed.
99 * - No replication, local consistency. Each DC may have a fully independent dc-local store
100 * associated with ChronologyProtector (no replication across DCs is needed). Local writes
101 * must be immediately reflected in subsequent local reads. No intra-dc read lag is allowed.
102 * - No redundancy, fast failure. Loss of data will likely be noticeable and disruptive to
103 * clients, but the data is not considered essential. Under maintenance or unprecedented load,
104 * it is recommended to lose some data, instead of compromising other requirements such as
105 * latency or availability for new writes. The fallback is that users may be temporary
106 * confused as they observe their own actions as not being immediately reflected.
107 * For example, they might change their skin or language preference but still get a one or two
108 * page views afterward with the old settings. Or they might have published an edit and briefly
109 * not yet see it appear in their contribution history.
110 *
111 * ### Operational requirements
112 *
113 * These are the expectations a site administrator must meet for chronology protection:
114 *
115 * - If the application is run from multiple data centers, then you must designate one of them
116 * as the "primary DC". The primary DC is where the primary database is located, from which
117 * replication propagates to replica databases in that same DC and any other DCs.
118 *
119 * - Web requests that use the POST verb, or carry a `UseDC=master` cookie, must be routed to
120 * the primary DC only.
121 *
122 * An exception is requests carrying the `Promise-Non-Write-API-Action: true` header,
123 * which use the POST verb for large read queries, but don't actually require the primary DC.
124 *
125 * If you have legacy extensions deployed that perform queries on the primary database during
126 * GET requests, then you will have to identify a way to route any of its relevant URLs to the
127 * primary DC as well, or to accept that their reads do not enjoy chronology protection, and
128 * that writes may be slower (due to cross-dc latency).
129 * See [T91820](https://phabricator.wikimedia.org/T91820) for %Wikimedia Foundation's routing.
130 *
131 * @ingroup Database
132 * @internal
133 */
134 class ChronologyProtector implements LoggerAwareInterface {
135 /** @var array Web request information about the client */
136 private $requestInfo;
137 /** @var string Secret string for HMAC hashing */
138 private string $secret;
139 private bool $cliMode;
140 /** @var BagOStuff */
141 private $store;
142 /** @var LoggerInterface */
143 protected $logger;
144
145 /** @var string Storage key name */
146 protected $key;
147 /** @var string Hash of client parameters */
148 protected $clientId;
149 /** @var string[] Map of client information fields for logging */
150 protected $clientLogInfo;
151 /** @var int|null Expected minimum index of the last write to the position store */
152 protected $waitForPosIndex;
153
154 /** @var bool Whether reading/writing session consistency replication positions is enabled */
155 protected $enabled = true;
156 /** @var float|null UNIX timestamp when the client data was loaded */
157 protected $startupTimestamp;
158
159 /** @var array<string,DBPrimaryPos> Map of (primary server name => position) */
160 protected $startupPositionsByPrimary = [];
161 /** @var array<string,DBPrimaryPos> Map of (primary server name => position) */
162 protected $shutdownPositionsByPrimary = [];
163 /** @var array<string,float> Map of (DB cluster name => UNIX timestamp) */
164 protected $startupTimestampsByCluster = [];
165 /** @var array<string,float> Map of (DB cluster name => UNIX timestamp) */
166 protected $shutdownTimestampsByCluster = [];
167
168 /** @var float|null */
169 private $wallClockOverride;
170
171 /**
172 * Whether a clientId is new during this request.
173 *
174 * If the clientId wasn't passed by the incoming request, lazyStartup()
175 * can skip fetching position data, and thus LoadBalancer can skip
176 * its IDatabaseForOwner::primaryPosWait() call.
177 *
178 * See also: <https://phabricator.wikimedia.org/T314434>
179 *
180 * @var bool
181 */
182 private $hasNewClientId = false;
183
184 /** Seconds to store position write index cookies (safely less than POSITION_STORE_TTL) */
185 public const POSITION_COOKIE_TTL = 10;
186 /** Seconds to store replication positions */
187 private const POSITION_STORE_TTL = 60;
188
189 /** Lock timeout to use for key updates */
190 private const LOCK_TIMEOUT = 3;
191 /** Lock expiry to use for key updates */
192 private const LOCK_TTL = 6;
193
194 private const FLD_POSITIONS = 'positions';
195 private const FLD_TIMESTAMPS = 'timestamps';
196 private const FLD_WRITE_INDEX = 'writeIndex';
197
198 /**
199 * @param BagOStuff|null $cpStash
200 * @param string|null $secret Secret string for HMAC hashing [optional]
201 * @param bool|null $cliMode Whether the context is CLI or not, setting it to true would disable CP
202 * @param LoggerInterface|null $logger
203 * @since 1.27
204 */
205 public function __construct( $cpStash = null, $secret = null, $cliMode = null, $logger = null ) {
206 $this->requestInfo = [
207 'IPAddress' => $_SERVER['REMOTE_ADDR'] ?? '',
208 'UserAgent' => $_SERVER['HTTP_USER_AGENT'] ?? '',
209 // Headers application can inject via LBFactory::setRequestInfo()
210 'ChronologyClientId' => null, // prior $cpClientId value from LBFactory::shutdown()
211 'ChronologyPositionIndex' => null // prior $cpIndex value from LBFactory::shutdown()
212 ];
213 $this->store = $cpStash ?? new EmptyBagOStuff();
214 $this->secret = $secret ?? '';
215 $this->logger = $logger ?? new NullLogger();
216 $this->cliMode = $cliMode ?? ( PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg' );
217 }
218
219 private function load() {
220 // Not enabled or already loaded, short-circuit.
221 if ( !$this->enabled || $this->clientId ) {
222 return;
223 }
224 $client = [
225 'ip' => $this->requestInfo['IPAddress'],
226 'agent' => $this->requestInfo['UserAgent'],
227 'clientId' => $this->requestInfo['ChronologyClientId'] ?: null
228 ];
229 if ( $this->cliMode ) {
230 $this->setEnabled( false );
231 } elseif ( $this->store instanceof EmptyBagOStuff ) {
232 // No where to store any DB positions and wait for them to appear
233 $this->setEnabled( false );
234 $this->logger->debug( 'Cannot use ChronologyProtector with EmptyBagOStuff' );
235 }
236
237 if ( isset( $client['clientId'] ) ) {
238 $this->clientId = $client['clientId'];
239 } else {
240 $this->hasNewClientId = true;
241 $this->clientId = ( $this->secret != '' )
242 ? hash_hmac( 'md5', $client['ip'] . "\n" . $client['agent'], $this->secret )
243 : md5( $client['ip'] . "\n" . $client['agent'] );
244 }
245 $this->key = $this->store->makeGlobalKey( __CLASS__, $this->clientId, 'v4' );
246 $this->waitForPosIndex = $this->requestInfo['ChronologyPositionIndex'];
247
248 $this->clientLogInfo = [
249 'clientIP' => $client['ip'],
250 'clientAgent' => $client['agent'],
251 'clientId' => $client['clientId'] ?? null
252 ];
253 }
254
255 public function setRequestInfo( array $info ) {
256 if ( $this->clientId ) {
257 throw new LogicException( 'ChronologyProtector already initialized' );
258 }
259
260 $this->requestInfo = $info + $this->requestInfo;
261 }
262
263 public function setLogger( LoggerInterface $logger ) {
264 $this->load();
265 $this->logger = $logger;
266 }
267
268 /**
269 * @return string Client ID hash
270 * @since 1.32
271 */
272 public function getClientId() {
273 $this->load();
274 return $this->clientId;
275 }
276
277 /**
278 * @param bool $enabled Whether reading/writing session replication positions is enabled
279 * @since 1.27
280 */
281 public function setEnabled( $enabled ) {
282 $this->enabled = $enabled;
283 }
284
285 /**
286 * Yield client "session consistency" replication position for a new ILoadBalancer
287 *
288 * If the stash has a previous primary position recorded, this will try to make
289 * sure that the next query to a replica server of that primary will see changes up
290 * to that position by delaying execution. The delay may timeout and allow stale
291 * data if no non-lagged replica servers are available.
292 *
293 * @internal This method should only be called from LBFactory.
294 *
295 * @param ILoadBalancer $lb
296 * @return DBPrimaryPos|null
297 */
298 public function getSessionPrimaryPos( ILoadBalancer $lb ) {
299 $this->load();
300 if ( !$this->enabled ) {
301 return null;
302 }
303
304 $cluster = $lb->getClusterName();
305 $primaryName = $lb->getServerName( ServerInfo::WRITER_INDEX );
306
307 $pos = $this->getStartupSessionPositions()[$primaryName] ?? null;
308 if ( $pos instanceof DBPrimaryPos ) {
309 $this->logger->debug( "ChronologyProtector will wait for '$pos' on $cluster ($primaryName)'" );
310 } else {
311 $this->logger->debug( "ChronologyProtector skips wait on $cluster ($primaryName)" );
312 }
313
314 return $pos;
315 }
316
317 /**
318 * Update client "session consistency" replication position for an end-of-life ILoadBalancer
319 *
320 * This remarks the replication position of the primary DB if this request made writes to
321 * it using the provided ILoadBalancer instance.
322 *
323 * @internal This method should only be called from LBFactory.
324 *
325 * @param ILoadBalancer $lb
326 * @return void
327 */
328 public function stageSessionPrimaryPos( ILoadBalancer $lb ) {
329 $this->load();
330 if ( !$this->enabled || !$lb->hasOrMadeRecentPrimaryChanges( INF ) ) {
331 return;
332 }
333
334 $cluster = $lb->getClusterName();
335 $masterName = $lb->getServerName( ServerInfo::WRITER_INDEX );
336
337 if ( $lb->hasStreamingReplicaServers() ) {
338 $pos = $lb->getPrimaryPos();
339 if ( $pos ) {
340 $this->logger->debug( __METHOD__ . ": $cluster ($masterName) position now '$pos'" );
341 $this->shutdownPositionsByPrimary[$masterName] = $pos;
342 $this->shutdownTimestampsByCluster[$cluster] = $pos->asOfTime();
343 } else {
344 $this->logger->debug( __METHOD__ . ": $cluster ($masterName) position unknown" );
345 $this->shutdownTimestampsByCluster[$cluster] = $this->getCurrentTime();
346 }
347 } else {
348 $this->logger->debug( __METHOD__ . ": $cluster ($masterName) has no replication" );
349 $this->shutdownTimestampsByCluster[$cluster] = $this->getCurrentTime();
350 }
351 }
352
353 /**
354 * Persist any staged client "session consistency" replication positions
355 *
356 * @internal This method should only be called from LBFactory.
357 *
358 * @param int|null &$clientPosIndex DB position key write counter; incremented on update
359 * @return DBPrimaryPos[] Empty on success; map of (db name => unsaved position) on failure
360 */
361 public function persistSessionReplicationPositions( &$clientPosIndex = null ) {
362 $this->load();
363 if ( !$this->enabled ) {
364 return [];
365 }
366
367 if ( !$this->shutdownTimestampsByCluster ) {
368 $this->logger->debug( __METHOD__ . ": no primary positions data to save" );
369
370 return [];
371 }
372
373 $scopeLock = $this->store->getScopedLock( $this->key, self::LOCK_TIMEOUT, self::LOCK_TTL );
374 if ( $scopeLock ) {
375 $positions = $this->mergePositions(
376 $this->unmarshalPositions( $this->store->get( $this->key ) ),
377 $this->shutdownPositionsByPrimary,
378 $this->shutdownTimestampsByCluster,
379 $clientPosIndex
380 );
381
382 $ok = $this->store->set(
383 $this->key,
384 $this->marshalPositions( $positions ),
385 self::POSITION_STORE_TTL
386 );
387 unset( $scopeLock );
388 } else {
389 $ok = false;
390 }
391
392 $clusterList = implode( ', ', array_keys( $this->shutdownTimestampsByCluster ) );
393
394 if ( $ok ) {
395 $this->logger->debug( "ChronologyProtector saved position data for $clusterList" );
396 $bouncedPositions = [];
397 } else {
398 // Maybe position store is down
399 $this->logger->warning( "ChronologyProtector failed to save position data for $clusterList" );
400 $clientPosIndex = null;
401 $bouncedPositions = $this->shutdownPositionsByPrimary;
402 }
403
404 return $bouncedPositions;
405 }
406
407 /**
408 * Get the UNIX timestamp when the client last touched the DB, if they did so recently
409 *
410 * @internal This method should only be called from LBFactory.
411 *
412 * @param ILoadBalancer $lb
413 * @return float|false UNIX timestamp; false if not recent or on record
414 * @since 1.35
415 */
416 public function getTouched( ILoadBalancer $lb ) {
417 $this->load();
418 if ( !$this->enabled ) {
419 return false;
420 }
421
422 $cluster = $lb->getClusterName();
423
424 $timestampsByCluster = $this->getStartupSessionTimestamps();
425 $timestamp = $timestampsByCluster[$cluster] ?? null;
426 if ( $timestamp === null ) {
427 $recentTouchTimestamp = false;
428 } elseif ( ( $this->startupTimestamp - $timestamp ) > self::POSITION_COOKIE_TTL ) {
429 // If the position store is not replicated among datacenters and the cookie that
430 // sticks the client to the primary datacenter expires, then the touch timestamp
431 // will be found for requests in one datacenter but not others. For consistency,
432 // return false once the user is no longer routed to the primary datacenter.
433 $recentTouchTimestamp = false;
434 $this->logger->debug( __METHOD__ . ": old timestamp ($timestamp) for $cluster" );
435 } else {
436 $recentTouchTimestamp = $timestamp;
437 $this->logger->debug( __METHOD__ . ": recent timestamp ($timestamp) for $cluster" );
438 }
439
440 return $recentTouchTimestamp;
441 }
442
443 /**
444 * @return array<string,DBPrimaryPos>
445 */
446 protected function getStartupSessionPositions() {
447 $this->lazyStartup();
448
449 return $this->startupPositionsByPrimary;
450 }
451
452 /**
453 * @return array<string,float>
454 */
455 protected function getStartupSessionTimestamps() {
456 $this->lazyStartup();
457
458 return $this->startupTimestampsByCluster;
459 }
460
461 /**
462 * Load the stored replication positions and touch timestamps for the client
463 *
464 * @return void
465 */
466 protected function lazyStartup() {
467 if ( $this->startupTimestamp !== null ) {
468 return;
469 }
470
471 $this->startupTimestamp = $this->getCurrentTime();
472
473 // There wasn't a client id in the cookie so we built one
474 // There is no point in looking it up.
475 if ( $this->hasNewClientId ) {
476 $this->startupPositionsByPrimary = [];
477 $this->startupTimestampsByCluster = [];
478 return;
479 }
480
481 $this->logger->debug( 'ChronologyProtector using store ' . get_class( $this->store ) );
482 $this->logger->debug( "ChronologyProtector fetching positions for {$this->clientId}" );
483
484 $data = $this->unmarshalPositions( $this->store->get( $this->key ) );
485
486 $this->startupPositionsByPrimary = $data ? $data[self::FLD_POSITIONS] : [];
487 $this->startupTimestampsByCluster = $data[self::FLD_TIMESTAMPS] ?? [];
488
489 // When a stored array expires and is re-created under the same (deterministic) key,
490 // the array value naturally starts again from index zero. As such, it is possible
491 // that if certain store writes were lost (e.g. store down), that we unintentionally
492 // point to an offset in an older incarnation of the array.
493 // We don't try to detect or do something about this because:
494 // 1. Waiting for an older offset is harmless and generally no-ops.
495 // 2. The older value will have expired by now and thus treated as non-existing,
496 // which means we wouldn't even "see" it here.
497 $indexReached = is_array( $data ) ? $data[self::FLD_WRITE_INDEX] : null;
498 if ( $this->waitForPosIndex > 0 ) {
499 if ( $indexReached >= $this->waitForPosIndex ) {
500 $this->logger->debug( 'expected and found position index {cpPosIndex}', [
501 'cpPosIndex' => $this->waitForPosIndex,
502 ] + $this->clientLogInfo );
503 } else {
504 $this->logger->warning( 'expected but failed to find position index {cpPosIndex}', [
505 'cpPosIndex' => $this->waitForPosIndex,
506 'indexReached' => $indexReached,
507 'exception' => new \RuntimeException(),
508 ] + $this->clientLogInfo );
509 }
510 } else {
511 if ( $indexReached ) {
512 $this->logger->debug( 'found position data with index {indexReached}', [
513 'indexReached' => $indexReached
514 ] + $this->clientLogInfo );
515 }
516 }
517 }
518
519 /**
520 * Merge the new replication positions with the currently stored ones (highest wins)
521 *
522 * @param array<string,mixed>|false $storedValue Current replication position data
523 * @param array<string,DBPrimaryPos> $shutdownPositions New replication positions
524 * @param array<string,float> $shutdownTimestamps New DB post-commit shutdown timestamps
525 * @param int|null &$clientPosIndex New position write index
526 * @return array<string,mixed> Combined replication position data
527 */
528 protected function mergePositions(
529 $storedValue,
530 array $shutdownPositions,
531 array $shutdownTimestamps,
532 ?int &$clientPosIndex = null
533 ) {
534 /** @var array<string,DBPrimaryPos> $mergedPositions */
535 $mergedPositions = $storedValue[self::FLD_POSITIONS] ?? [];
536 // Use the newest positions for each DB primary
537 foreach ( $shutdownPositions as $masterName => $pos ) {
538 if (
539 !isset( $mergedPositions[$masterName] ) ||
540 !( $mergedPositions[$masterName] instanceof DBPrimaryPos ) ||
541 $pos->asOfTime() > $mergedPositions[$masterName]->asOfTime()
542 ) {
543 $mergedPositions[$masterName] = $pos;
544 }
545 }
546
547 /** @var array<string,float> $mergedTimestamps */
548 $mergedTimestamps = $storedValue[self::FLD_TIMESTAMPS] ?? [];
549 // Use the newest touch timestamp for each DB primary
550 foreach ( $shutdownTimestamps as $cluster => $timestamp ) {
551 if (
552 !isset( $mergedTimestamps[$cluster] ) ||
553 $timestamp > $mergedTimestamps[$cluster]
554 ) {
555 $mergedTimestamps[$cluster] = $timestamp;
556 }
557 }
558
559 $clientPosIndex = ( $storedValue[self::FLD_WRITE_INDEX] ?? 0 ) + 1;
560
561 return [
562 self::FLD_POSITIONS => $mergedPositions,
563 self::FLD_TIMESTAMPS => $mergedTimestamps,
564 self::FLD_WRITE_INDEX => $clientPosIndex
565 ];
566 }
567
568 /**
569 * @internal For testing only
570 * @return float UNIX timestamp
571 * @codeCoverageIgnore
572 */
573 protected function getCurrentTime() {
574 if ( $this->wallClockOverride ) {
575 return $this->wallClockOverride;
576 }
577
578 $clockTime = (float)time(); // call this first
579 // microtime() can severely drift from time() and the microtime() value of other threads.
580 // Instead of seeing the current time as being in the past, use the value of time().
581 return max( microtime( true ), $clockTime );
582 }
583
584 /**
585 * @internal For testing only
586 * @param float|null &$time Mock UNIX timestamp
587 * @codeCoverageIgnore
588 */
589 public function setMockTime( &$time ) {
590 $this->load();
591 $this->wallClockOverride =& $time;
592 }
593
594 private function marshalPositions( array $positions ) {
595 foreach ( $positions[ self::FLD_POSITIONS ] as $key => $pos ) {
596 $positions[ self::FLD_POSITIONS ][ $key ] = $pos->toArray();
597 }
598
599 return $positions;
600 }
601
602 /**
603 * @param array|false $positions
604 * @return array|false
605 */
606 private function unmarshalPositions( $positions ) {
607 if ( !$positions ) {
608 return $positions;
609 }
610
611 foreach ( $positions[ self::FLD_POSITIONS ] as $key => $pos ) {
612 $class = $pos[ '_type_' ];
613 $positions[ self::FLD_POSITIONS ][ $key ] = $class::newFromArray( $pos );
614 }
615
616 return $positions;
617 }
618
619 /**
620 * Build a string conveying the client and write index of the chronology protector data
621 *
622 * @param int $writeIndex
623 * @param int $time UNIX timestamp; can be used to detect stale cookies (T190082)
624 * @param string $clientId Client ID hash from ILBFactory::shutdown()
625 * @return string Value to use for "cpPosIndex" cookie
626 * @since 1.32 in LBFactory, moved to CP in 1.41
627 */
628 public static function makeCookieValueFromCPIndex(
629 int $writeIndex,
630 int $time,
631 string $clientId
632 ) {
633 // Format is "<write index>@<write timestamp>#<client ID hash>"
634 return "{$writeIndex}@{$time}#{$clientId}";
635 }
636
637 /**
638 * Parse a string conveying the client and write index of the chronology protector data
639 *
640 * @param string|null $value Value of "cpPosIndex" cookie
641 * @param int $minTimestamp Lowest UNIX timestamp that a non-expired value can have
642 * @return array (index: int or null, clientId: string or null)
643 * @since 1.32 in LBFactory, moved to CP in 1.41
644 */
645 public static function getCPInfoFromCookieValue( ?string $value, int $minTimestamp ) {
646 static $placeholder = [ 'index' => null, 'clientId' => null ];
647
648 if ( $value === null ) {
649 return $placeholder; // not set
650 }
651
652 // Format is "<write index>@<write timestamp>#<client ID hash>"
653 if ( !preg_match( '/^(\d+)@(\d+)#([0-9a-f]{32})$/', $value, $m ) ) {
654 return $placeholder; // invalid
655 }
656
657 $index = (int)$m[1];
658 if ( $index <= 0 ) {
659 return $placeholder; // invalid
660 } elseif ( isset( $m[2] ) && $m[2] !== '' && (int)$m[2] < $minTimestamp ) {
661 return $placeholder; // expired
662 }
663
664 $clientId = ( isset( $m[3] ) && $m[3] !== '' ) ? $m[3] : null;
665
666 return [ 'index' => $index, 'clientId' => $clientId ];
667 }
668 }
MediaWiki Core