Implemented Symfony reverse proxy support for user context hash.

lolautruche · lolautruche · commit 0e4941031a54 · 2014-10-21T17:09:15.000+02:00
Ref #26
diff --git a/EventListener/UserContextSubscriber.php b/EventListener/UserContextSubscriber.php
@@ -103,6 +103,7 @@ public function onKernelRequest(GetResponseEvent $event)
         if ($this->ttl > 0) {
             $response->setClientTtl($this->ttl);
             $response->setVary($this->userIdentifierHeaders);
+            $response->setPublic();
         } else {
             $response->setClientTtl(0);
             $response->headers->addCacheControlDirective('no-cache');
diff --git a/HttpCache.php b/HttpCache.php
@@ -0,0 +1,174 @@
+<?php
+
+/*
+ * This file is part of the FOSHttpCacheBundle package.
+ *
+ * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace FOS\HttpCacheBundle;
+
+use Symfony\Bundle\FrameworkBundle\HttpCache\HttpCache as BaseHttpCache;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+/**
+ * Base class for enhanced Symfony reverse proxy.
+ *
+ * @author Jérôme Vieilledent <lolautruche@gmail.com>
+ *
+ * {@inheritdoc}
+ */
+abstract class HttpCache extends BaseHttpCache
+{
+    /**
+     * Hash for anonymous user.
+     */
+    const ANONYMOUS_HASH = '38015b703d82206ebc01d17a39c727e5';
+
+    /**
+     * Accept header value to be used to request the user hash to the backend application.
+     * It must match the one defined in FOSHttpCacheBundle's configuration.
+     */
+    const USER_HASH_ACCEPT_HEADER = 'application/vnd.fos.user-context-hash';
+
+    /**
+     * Name of the header the user context hash will be stored into.
+     * It must match the one defined in FOSHttpCacheBundle's configuration.
+     */
+    const USER_HASH_HEADER = 'X-User-Context-Hash';
+
+    /**
+     * URI used with the forwarded request for user context hash generation.
+     */
+    const USER_HASH_URI = '/_fos_user_context_hash';
+
+    /**
+     * HTTP Method used with the forwarded request for user context hash generation.
+     */
+    const USER_HASH_METHOD = 'GET';
+
+    /**
+     * Prefix for session names.
+     * Must match your session configuration.
+     */
+    const SESSION_NAME_PREFIX = 'PHPSESSID';
+
+    /**
+     * Generated user hash.
+     *
+     * @var string
+     */
+    private $userHash;
+
+    public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
+    {
+        if (!$this->isInternalRequest($request)) {
+            // Prevent tampering attacks on the hash mechanism
+            if ($request->headers->get('accept') === static::USER_HASH_ACCEPT_HEADER
+                || $request->headers->get(static::USER_HASH_HEADER) !== null) {
+                return new Response('', 400);
+            }
+
+            if ($request->isMethodSafe()) {
+                $request->headers->set(static::USER_HASH_HEADER, $this->getUserHash($request));
+            }
+        }
+
+        return parent::handle($request, $type, $catch);
+    }
+
+    /**
+     * Checks if passed request object is to be considered internal (e.g. for user hash lookup).
+     *
+     * @param Request $request
+     *
+     * @return bool
+     */
+    protected function isInternalRequest(Request $request)
+    {
+        return $request->attributes->get('internalRequest', false) === true;
+    }
+
+    /**
+     * Returns the user context hash for $request.
+     *
+     * @param Request $request
+     *
+     * @return string
+     */
+    protected function getUserHash(Request $request)
+    {
+        if (isset($this->userHash)) {
+            return $this->userHash;
+        }
+
+        if ($this->isAnonymous($request)) {
+            return $this->userHash = static::ANONYMOUS_HASH;
+        }
+
+        // Forward the request to generate the user hash
+        $forwardReq = $this->generateForwardRequest($request);
+        $resp = $this->handle($forwardReq);
+        // Store the user hash in memory for sub-requests (processed in the same thread).
+        return $this->userHash = $resp->headers->get(static::USER_HASH_HEADER);
+    }
+
+    /**
+     * Checks if current request is considered anonymous.
+     *
+     * @param Request $request
+     *
+     * @return bool
+     */
+    protected function isAnonymous(Request $request)
+    {
+        foreach ($request->cookies as $name => $value) {
+            if ($this->isSessionName($name)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * Checks if passed string can be considered as a session name, such as would be used in cookies.
+     *
+     * @param string $name
+     *
+     * @return bool
+     */
+    protected function isSessionName($name)
+    {
+        return strpos($name, static::SESSION_NAME_PREFIX) === 0;
+    }
+
+    /**
+     * Generates the request object that will be forwarded to get the user context hash.
+     *
+     * @param Request $request
+     *
+     * @return Request
+     */
+    protected function generateForwardRequest(Request $request)
+    {
+        $forwardReq = Request::create(static::USER_HASH_URI, static::USER_HASH_METHOD, array(), $request->cookies->all(), array(), $request->server->all() );
+        $forwardReq->attributes->set('internalRequest', true);
+        $forwardReq->headers->set('Accept', static::USER_HASH_ACCEPT_HEADER);
+        // Clean cookie header to only get proper sessionIds in it. This is to make the hash request cacheable.
+        $sessionIds = array();
+        foreach ($request->cookies as $name => $value) {
+            if ($this->isSessionName($name)) {
+                $sessionIds[] = $value;
+            }
+        }
+        $forwardReq->headers->set('Cookie', implode('|', $sessionIds));
+
+        return $forwardReq;
+    }
+}
diff --git a/Tests/Unit/EventListener/UserContextSubscriberTest.php b/Tests/Unit/EventListener/UserContextSubscriberTest.php
@@ -94,7 +94,7 @@ public function testOnKernelRequestCached()
         $this->assertInstanceOf('\Symfony\Component\HttpFoundation\Response', $response);
         $this->assertEquals('hash', $response->headers->get('X-Hash'));
         $this->assertEquals('X-SessionId', $response->headers->get('Vary'));
-        $this->assertEquals('max-age=30, private', $response->headers->get('Cache-Control'));
+        $this->assertEquals('max-age=30, public', $response->headers->get('Cache-Control'));
     }
 
     public function testOnKernelRequestNotMatched()

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ public function testOnKernelRequestCached()`
`94`	`94`	`$this->assertInstanceOf('\Symfony\Component\HttpFoundation\Response', $response);`
`95`	`95`	`$this->assertEquals('hash', $response->headers->get('X-Hash'));`
`96`	`96`	`$this->assertEquals('X-SessionId', $response->headers->get('Vary'));`
`97`		`- $this->assertEquals('max-age=30, private', $response->headers->get('Cache-Control'));`
	`97`	`+ $this->assertEquals('max-age=30, public', $response->headers->get('Cache-Control'));`
`98`	`98`	`}`
`99`	`99`
`100`	`100`	`public function testOnKernelRequestNotMatched()`