| blob | 550a5a03164198b305a0584b8a36aec1c0ed5398 |
1 <?php
3 /**
4 * @task routing URI Routing
5 * @task response Response Handling
6 * @task exception Exception Handling
7 */
8 final class AphrontApplicationConfiguration
33 }
41 ),
42 );
43 }
48 }
52 }
56 }
61 }
66 }
70 }
75 }
79 }
82 /**
83 * @phutil-external-symbol class PhabricatorStartup
84 */
89 }
96 // Build a no-op write guard for the setup phase. We'll replace this with a
97 // real write guard later on, but we need to survive setup and build a
98 // request object first.
106 }
117 }
119 // If we're in developer mode, set a flag so that top-level exception
120 // handlers can add more information.
123 }
131 }
139 }
141 // This is the earliest we can get away with this, we need env config first.
152 }
159 ));
163 // We just activated the profiler, so we don't need to keep track of
164 // startup phases anymore: it can take over from here.
172 }
183 // Now that we have a request, convert the write guard into one which
184 // actually checks CSRF tokens.
188 // Build the server URI implied by the request headers. If an administrator
189 // has not configured "phabricator.base-uri" yet, we'll use this to generate
190 // links.
199 ));
212 }
220 ));
236 ));
240 }
241 }
258 ));
266 // If execution throws an exception and then trying to render that
267 // exception throws another exception, we want to show the original
268 // exception, as it is likely the root cause of the rendering exception.
278 ));
280 }
286 }
291 }
297 }
308 }
311 // If we encountered an exception while building a normal response, then
312 // encountered another exception while building a response for the first
313 // exception, throw an aggregate exception that will be unpacked by the
314 // higher-level handler. This is above our pay grade.
323 ));
324 }
326 // If we built a response successfully and then ran into an exception
327 // trying to render it, try to handle and present that exception to the
328 // user using the standard handler.
330 // The problem here might be in rendering (more common) or in the actual
331 // response mechanism (less common). If it's in rendering, we can likely
332 // still render a nice exception page: the majority of rendering issues
333 // are in main page content, not content shared with the exception page.
348 }
350 // If we didn't have any luck with that, raise the original response
351 // exception. As above, this is the root cause exception and more likely
352 // to be useful. This will go to the fallback error handler at top
353 // level.
357 }
358 }
361 }
377 }
378 }
381 }
384 /* -( URI Routing )-------------------------------------------------------- */
387 /**
388 * Build a controller to respond to the request.
389 *
390 * @return pair<AphrontController,dict> Controller and dictionary of request
391 * parameters.
392 * @task routing
393 */
397 // If we're configured to operate in cluster mode, reject requests which
398 // were not received on a cluster interface.
399 //
400 // For example, a host may have an internal address like "170.0.0.1", and
401 // also have a public address like "51.23.95.16". Assuming the cluster
402 // is configured on a range like "170.0.0.0/16", we want to reject the
403 // requests received on the public interface.
404 //
405 // Ideally, nodes in a cluster should only be listening on internal
406 // interfaces, but they may be configured in such a way that they also
407 // listen on external interfaces, since this is easy to forget about or
408 // get wrong. As a broad security measure, reject requests received on any
409 // interfaces which aren't on the whitelist.
416 // This is a command line script (probably something like a unit
417 // test) so it's fine that we don't have SERVER_ADDR defined.
428 }
438 }
439 }
440 }
447 // Don't redirect intracluster requests: doing so drops headers and
448 // parameters, imposes a performance penalty, and indicates a
449 // misconfiguration.
456 }
462 // In this scenario, we'll be redirecting to HTTPS using an absolute
463 // URI, so we need to permit an external redirect.
465 }
466 }
474 }
476 // If we failed to match anything but don't have a trailing slash, try
477 // to add a trailing slash and issue a redirect if that resolves.
479 // NOTE: We only do this for GET, since redirects switch to GET and drop
480 // data like POST parameters.
486 // We need to restore URI encoding because the webserver has
487 // interpreted it. For example, this allows us to redirect a path
488 // like `/tag/aa%20bb` to `/tag/aa%20bb/`, which may eventually be
489 // resolved meaningfully by an application.
495 }
496 }
501 }
507 }
509 /**
510 * Map a specific path to the corresponding controller. For a description
511 * of routing, see @{method:buildController}.
512 *
513 * @param list<AphrontRoutingMap> List of routing maps.
514 * @param string Path to route.
515 * @return pair<AphrontController,dict> Controller and dictionary of request
516 * parameters.
517 * @task routing
518 */
524 }
525 }
526 }
536 }
537 }
550 }
555 }
558 /* -( Response Handling )-------------------------------------------------- */
561 /**
562 * Tests if a response is of a valid type.
563 *
564 * @param wild Supposedly valid response.
565 * @return bool True if the object is of a valid type.
566 * @task response
567 */
571 }
575 }
578 }
581 /**
582 * Verifies that the return value from an @{class:AphrontController} is
583 * of an allowed type.
584 *
585 * @param AphrontController Controller which returned the response.
586 * @param wild Supposedly valid response.
587 * @return void
588 * @task response
589 */
596 }
607 }
610 /**
611 * Verifies that the return value from an
612 * @{class:AphrontResponseProducerInterface} is of an allowed type.
613 *
614 * @param AphrontResponseProducerInterface Object which produced
615 * this response.
616 * @param wild Supposedly valid response.
617 * @return void
618 * @task response
619 */
626 }
637 }
640 /**
641 * Verifies that the return value from an
642 * @{class:AphrontRequestExceptionHandler} is of an allowed type.
643 *
644 * @param AphrontRequestExceptionHandler Object which produced this
645 * response.
646 * @param wild Supposedly valid response.
647 * @return void
648 * @task response
649 */
656 }
667 }
670 /**
671 * Resolves a response object into an @{class:AphrontResponse}.
672 *
673 * Controllers are permitted to return actual responses of class
674 * @{class:AphrontResponse}, or other objects which implement
675 * @{interface:AphrontResponseProducerInterface} and can produce a response.
676 *
677 * If a controller returns a response producer, invoke it now and produce
678 * the real response.
679 *
680 * @param AphrontRequest Request being handled.
681 * @param AphrontResponse|AphrontResponseProducerInterface Response, or
682 * response producer.
683 * @return AphrontResponse Response after any required production.
684 * @task response
685 */
689 // Detect cycles on the exact same objects. It's still possible to produce
690 // infinite responses as long as they're all unique, but we can only
691 // reasonably detect cycles, not guarantee that response production halts.
695 // NOTE: It is permissible for an object to be both a response and a
696 // response producer. If so, being a producer is "stronger". This is
697 // used by AphrontProxyResponse.
699 // If this response is a valid response, hand over the request first.
702 }
704 // If this isn't a producer, we're all done.
707 }
718 }
725 }
728 }
731 /* -( Error Handling )----------------------------------------------------- */
734 /**
735 * Convert an exception which has escaped the controller into a response.
736 *
737 * This method delegates exception handling to available subclasses of
738 * @{class:AphrontRequestExceptionHandler}.
739 *
740 * @param Throwable Exception which needs to be handled.
741 * @return wild Response or response producer, or null if no available
742 * handler can produce a response.
743 * @task exception
744 */
754 }
755 }
758 }
772 );
773 }
780 }
790 // This just makes sure that the response compresses well, so reasonable
791 // algorithms should want to gzip or deflate it.
793 );
798 }
803 // For PUT requests, do nothing: in particular, do NOT read input. This
804 // allows us to stream input later and process very large PUT requests,
805 // like those coming from Git LFS.
807 }
810 // For POST requests, we're going to read the raw input ourselves here
811 // if we can. Among other things, this corrects variable names with
812 // the "." character in them, which PHP normally converts into "_".
814 // If "enable_post_data_reading" is on, the documentation suggests we
815 // can not read the body. In practice, we seem to be able to. This may
816 // need to be resolved at some point, likely by instructing installs
817 // to disable this option.
819 // If the content type is "multipart/form-data", we need to build both
820 // $_POST and $_FILES, which is involved. The body itself is also more
821 // difficult to parse than other requests.
837 // We're building and then parsing a query string so that requests
838 // with arrays (like "x[]=apple&x[]=banana") work correctly. This also
839 // means we can't use "phutil_build_http_querystring()", since it
840 // can't build a query string with duplicate names.
846 }
851 }
859 }
862 }
866 }
875 }
876 }
877 }
879 }