Drupal investigation

HttpCache.php 24KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714
  1. <?php
  2. /*
  3. * This file is part of the Symfony package.
  4. *
  5. * (c) Fabien Potencier <fabien@symfony.com>
  6. *
  7. * This code is partially based on the Rack-Cache library by Ryan Tomayko,
  8. * which is released under the MIT license.
  9. * (based on commit 02d2b48d75bcb63cf1c0c7149c077ad256542801)
  10. *
  11. * For the full copyright and license information, please view the LICENSE
  12. * file that was distributed with this source code.
  13. */
  14. namespace Symfony\Component\HttpKernel\HttpCache;
  15. use Symfony\Component\HttpKernel\HttpKernelInterface;
  16. use Symfony\Component\HttpKernel\TerminableInterface;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. /**
  20. * Cache provides HTTP caching.
  21. *
  22. * @author Fabien Potencier <fabien@symfony.com>
  23. */
  24. class HttpCache implements HttpKernelInterface, TerminableInterface
  25. {
  26. private $kernel;
  27. private $store;
  28. private $request;
  29. private $surrogate;
  30. private $surrogateCacheStrategy;
  31. private $options = array();
  32. private $traces = array();
  33. /**
  34. * Constructor.
  35. *
  36. * The available options are:
  37. *
  38. * * debug: If true, the traces are added as a HTTP header to ease debugging
  39. *
  40. * * default_ttl The number of seconds that a cache entry should be considered
  41. * fresh when no explicit freshness information is provided in
  42. * a response. Explicit Cache-Control or Expires headers
  43. * override this value. (default: 0)
  44. *
  45. * * private_headers Set of request headers that trigger "private" cache-control behavior
  46. * on responses that don't explicitly state whether the response is
  47. * public or private via a Cache-Control directive. (default: Authorization and Cookie)
  48. *
  49. * * allow_reload Specifies whether the client can force a cache reload by including a
  50. * Cache-Control "no-cache" directive in the request. Set it to ``true``
  51. * for compliance with RFC 2616. (default: false)
  52. *
  53. * * allow_revalidate Specifies whether the client can force a cache revalidate by including
  54. * a Cache-Control "max-age=0" directive in the request. Set it to ``true``
  55. * for compliance with RFC 2616. (default: false)
  56. *
  57. * * stale_while_revalidate Specifies the default number of seconds (the granularity is the second as the
  58. * Response TTL precision is a second) during which the cache can immediately return
  59. * a stale response while it revalidates it in the background (default: 2).
  60. * This setting is overridden by the stale-while-revalidate HTTP Cache-Control
  61. * extension (see RFC 5861).
  62. *
  63. * * stale_if_error Specifies the default number of seconds (the granularity is the second) during which
  64. * the cache can serve a stale response when an error is encountered (default: 60).
  65. * This setting is overridden by the stale-if-error HTTP Cache-Control extension
  66. * (see RFC 5861).
  67. *
  68. * @param HttpKernelInterface $kernel An HttpKernelInterface instance
  69. * @param StoreInterface $store A Store instance
  70. * @param SurrogateInterface $surrogate A SurrogateInterface instance
  71. * @param array $options An array of options
  72. */
  73. public function __construct(HttpKernelInterface $kernel, StoreInterface $store, SurrogateInterface $surrogate = null, array $options = array())
  74. {
  75. $this->store = $store;
  76. $this->kernel = $kernel;
  77. $this->surrogate = $surrogate;
  78. // needed in case there is a fatal error because the backend is too slow to respond
  79. register_shutdown_function(array($this->store, 'cleanup'));
  80. $this->options = array_merge(array(
  81. 'debug' => false,
  82. 'default_ttl' => 0,
  83. 'private_headers' => array('Authorization', 'Cookie'),
  84. 'allow_reload' => false,
  85. 'allow_revalidate' => false,
  86. 'stale_while_revalidate' => 2,
  87. 'stale_if_error' => 60,
  88. ), $options);
  89. }
  90. /**
  91. * Gets the current store.
  92. *
  93. * @return StoreInterface $store A StoreInterface instance
  94. */
  95. public function getStore()
  96. {
  97. return $this->store;
  98. }
  99. /**
  100. * Returns an array of events that took place during processing of the last request.
  101. *
  102. * @return array An array of events
  103. */
  104. public function getTraces()
  105. {
  106. return $this->traces;
  107. }
  108. /**
  109. * Returns a log message for the events of the last request processing.
  110. *
  111. * @return string A log message
  112. */
  113. public function getLog()
  114. {
  115. $log = array();
  116. foreach ($this->traces as $request => $traces) {
  117. $log[] = sprintf('%s: %s', $request, implode(', ', $traces));
  118. }
  119. return implode('; ', $log);
  120. }
  121. /**
  122. * Gets the Request instance associated with the master request.
  123. *
  124. * @return Request A Request instance
  125. */
  126. public function getRequest()
  127. {
  128. return $this->request;
  129. }
  130. /**
  131. * Gets the Kernel instance.
  132. *
  133. * @return HttpKernelInterface An HttpKernelInterface instance
  134. */
  135. public function getKernel()
  136. {
  137. return $this->kernel;
  138. }
  139. /**
  140. * Gets the Surrogate instance.
  141. *
  142. * @return SurrogateInterface A Surrogate instance
  143. *
  144. * @throws \LogicException
  145. */
  146. public function getSurrogate()
  147. {
  148. if (!$this->surrogate instanceof Esi) {
  149. throw new \LogicException('This instance of HttpCache was not set up to use ESI as surrogate handler. You must overwrite and use createSurrogate');
  150. }
  151. return $this->surrogate;
  152. }
  153. /**
  154. * Gets the Esi instance.
  155. *
  156. * @return Esi An Esi instance
  157. *
  158. * @throws \LogicException
  159. *
  160. * @deprecated since version 2.6, to be removed in 3.0. Use getSurrogate() instead
  161. */
  162. public function getEsi()
  163. {
  164. @trigger_error('The '.__METHOD__.' method is deprecated since version 2.6 and will be removed in 3.0. Use the getSurrogate() method instead.', E_USER_DEPRECATED);
  165. return $this->getSurrogate();
  166. }
  167. /**
  168. * {@inheritdoc}
  169. */
  170. public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
  171. {
  172. // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism
  173. if (HttpKernelInterface::MASTER_REQUEST === $type) {
  174. $this->traces = array();
  175. $this->request = $request;
  176. if (null !== $this->surrogate) {
  177. $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
  178. }
  179. }
  180. $path = $request->getPathInfo();
  181. if ($qs = $request->getQueryString()) {
  182. $path .= '?'.$qs;
  183. }
  184. $this->traces[$request->getMethod().' '.$path] = array();
  185. if (!$request->isMethodSafe(false)) {
  186. $response = $this->invalidate($request, $catch);
  187. } elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
  188. $response = $this->pass($request, $catch);
  189. } else {
  190. $response = $this->lookup($request, $catch);
  191. }
  192. $this->restoreResponseBody($request, $response);
  193. $response->setDate(\DateTime::createFromFormat('U', time(), new \DateTimeZone('UTC')));
  194. if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) {
  195. $response->headers->set('X-Symfony-Cache', $this->getLog());
  196. }
  197. if (null !== $this->surrogate) {
  198. if (HttpKernelInterface::MASTER_REQUEST === $type) {
  199. $this->surrogateCacheStrategy->update($response);
  200. } else {
  201. $this->surrogateCacheStrategy->add($response);
  202. }
  203. }
  204. $response->prepare($request);
  205. $response->isNotModified($request);
  206. return $response;
  207. }
  208. /**
  209. * {@inheritdoc}
  210. */
  211. public function terminate(Request $request, Response $response)
  212. {
  213. if ($this->getKernel() instanceof TerminableInterface) {
  214. $this->getKernel()->terminate($request, $response);
  215. }
  216. }
  217. /**
  218. * Forwards the Request to the backend without storing the Response in the cache.
  219. *
  220. * @param Request $request A Request instance
  221. * @param bool $catch Whether to process exceptions
  222. *
  223. * @return Response A Response instance
  224. */
  225. protected function pass(Request $request, $catch = false)
  226. {
  227. $this->record($request, 'pass');
  228. return $this->forward($request, $catch);
  229. }
  230. /**
  231. * Invalidates non-safe methods (like POST, PUT, and DELETE).
  232. *
  233. * @param Request $request A Request instance
  234. * @param bool $catch Whether to process exceptions
  235. *
  236. * @return Response A Response instance
  237. *
  238. * @throws \Exception
  239. *
  240. * @see RFC2616 13.10
  241. */
  242. protected function invalidate(Request $request, $catch = false)
  243. {
  244. $response = $this->pass($request, $catch);
  245. // invalidate only when the response is successful
  246. if ($response->isSuccessful() || $response->isRedirect()) {
  247. try {
  248. $this->store->invalidate($request);
  249. // As per the RFC, invalidate Location and Content-Location URLs if present
  250. foreach (array('Location', 'Content-Location') as $header) {
  251. if ($uri = $response->headers->get($header)) {
  252. $subRequest = Request::create($uri, 'get', array(), array(), array(), $request->server->all());
  253. $this->store->invalidate($subRequest);
  254. }
  255. }
  256. $this->record($request, 'invalidate');
  257. } catch (\Exception $e) {
  258. $this->record($request, 'invalidate-failed');
  259. if ($this->options['debug']) {
  260. throw $e;
  261. }
  262. }
  263. }
  264. return $response;
  265. }
  266. /**
  267. * Lookups a Response from the cache for the given Request.
  268. *
  269. * When a matching cache entry is found and is fresh, it uses it as the
  270. * response without forwarding any request to the backend. When a matching
  271. * cache entry is found but is stale, it attempts to "validate" the entry with
  272. * the backend using conditional GET. When no matching cache entry is found,
  273. * it triggers "miss" processing.
  274. *
  275. * @param Request $request A Request instance
  276. * @param bool $catch whether to process exceptions
  277. *
  278. * @return Response A Response instance
  279. *
  280. * @throws \Exception
  281. */
  282. protected function lookup(Request $request, $catch = false)
  283. {
  284. // if allow_reload and no-cache Cache-Control, allow a cache reload
  285. if ($this->options['allow_reload'] && $request->isNoCache()) {
  286. $this->record($request, 'reload');
  287. return $this->fetch($request, $catch);
  288. }
  289. try {
  290. $entry = $this->store->lookup($request);
  291. } catch (\Exception $e) {
  292. $this->record($request, 'lookup-failed');
  293. if ($this->options['debug']) {
  294. throw $e;
  295. }
  296. return $this->pass($request, $catch);
  297. }
  298. if (null === $entry) {
  299. $this->record($request, 'miss');
  300. return $this->fetch($request, $catch);
  301. }
  302. if (!$this->isFreshEnough($request, $entry)) {
  303. $this->record($request, 'stale');
  304. return $this->validate($request, $entry, $catch);
  305. }
  306. $this->record($request, 'fresh');
  307. $entry->headers->set('Age', $entry->getAge());
  308. return $entry;
  309. }
  310. /**
  311. * Validates that a cache entry is fresh.
  312. *
  313. * The original request is used as a template for a conditional
  314. * GET request with the backend.
  315. *
  316. * @param Request $request A Request instance
  317. * @param Response $entry A Response instance to validate
  318. * @param bool $catch Whether to process exceptions
  319. *
  320. * @return Response A Response instance
  321. */
  322. protected function validate(Request $request, Response $entry, $catch = false)
  323. {
  324. $subRequest = clone $request;
  325. // send no head requests because we want content
  326. if ('HEAD' === $request->getMethod()) {
  327. $subRequest->setMethod('GET');
  328. }
  329. // add our cached last-modified validator
  330. $subRequest->headers->set('if_modified_since', $entry->headers->get('Last-Modified'));
  331. // Add our cached etag validator to the environment.
  332. // We keep the etags from the client to handle the case when the client
  333. // has a different private valid entry which is not cached here.
  334. $cachedEtags = $entry->getEtag() ? array($entry->getEtag()) : array();
  335. $requestEtags = $request->getETags();
  336. if ($etags = array_unique(array_merge($cachedEtags, $requestEtags))) {
  337. $subRequest->headers->set('if_none_match', implode(', ', $etags));
  338. }
  339. $response = $this->forward($subRequest, $catch, $entry);
  340. if (304 == $response->getStatusCode()) {
  341. $this->record($request, 'valid');
  342. // return the response and not the cache entry if the response is valid but not cached
  343. $etag = $response->getEtag();
  344. if ($etag && in_array($etag, $requestEtags) && !in_array($etag, $cachedEtags)) {
  345. return $response;
  346. }
  347. $entry = clone $entry;
  348. $entry->headers->remove('Date');
  349. foreach (array('Date', 'Expires', 'Cache-Control', 'ETag', 'Last-Modified') as $name) {
  350. if ($response->headers->has($name)) {
  351. $entry->headers->set($name, $response->headers->get($name));
  352. }
  353. }
  354. $response = $entry;
  355. } else {
  356. $this->record($request, 'invalid');
  357. }
  358. if ($response->isCacheable()) {
  359. $this->store($request, $response);
  360. }
  361. return $response;
  362. }
  363. /**
  364. * Forwards the Request to the backend and determines whether the response should be stored.
  365. *
  366. * This methods is triggered when the cache missed or a reload is required.
  367. *
  368. * @param Request $request A Request instance
  369. * @param bool $catch whether to process exceptions
  370. *
  371. * @return Response A Response instance
  372. */
  373. protected function fetch(Request $request, $catch = false)
  374. {
  375. $subRequest = clone $request;
  376. // send no head requests because we want content
  377. if ('HEAD' === $request->getMethod()) {
  378. $subRequest->setMethod('GET');
  379. }
  380. // avoid that the backend sends no content
  381. $subRequest->headers->remove('if_modified_since');
  382. $subRequest->headers->remove('if_none_match');
  383. $response = $this->forward($subRequest, $catch);
  384. if ($response->isCacheable()) {
  385. $this->store($request, $response);
  386. }
  387. return $response;
  388. }
  389. /**
  390. * Forwards the Request to the backend and returns the Response.
  391. *
  392. * @param Request $request A Request instance
  393. * @param bool $catch Whether to catch exceptions or not
  394. * @param Response $entry A Response instance (the stale entry if present, null otherwise)
  395. *
  396. * @return Response A Response instance
  397. */
  398. protected function forward(Request $request, $catch = false, Response $entry = null)
  399. {
  400. if ($this->surrogate) {
  401. $this->surrogate->addSurrogateCapability($request);
  402. }
  403. // modify the X-Forwarded-For header if needed
  404. $forwardedFor = $request->headers->get('X-Forwarded-For');
  405. if ($forwardedFor) {
  406. $request->headers->set('X-Forwarded-For', $forwardedFor.', '.$request->server->get('REMOTE_ADDR'));
  407. } else {
  408. $request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR'));
  409. }
  410. // fix the client IP address by setting it to 127.0.0.1 as HttpCache
  411. // is always called from the same process as the backend.
  412. $request->server->set('REMOTE_ADDR', '127.0.0.1');
  413. // make sure HttpCache is a trusted proxy
  414. if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
  415. $trustedProxies[] = '127.0.0.1';
  416. Request::setTrustedProxies($trustedProxies);
  417. }
  418. // always a "master" request (as the real master request can be in cache)
  419. $response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
  420. // FIXME: we probably need to also catch exceptions if raw === true
  421. // we don't implement the stale-if-error on Requests, which is nonetheless part of the RFC
  422. if (null !== $entry && in_array($response->getStatusCode(), array(500, 502, 503, 504))) {
  423. if (null === $age = $entry->headers->getCacheControlDirective('stale-if-error')) {
  424. $age = $this->options['stale_if_error'];
  425. }
  426. if (abs($entry->getTtl()) < $age) {
  427. $this->record($request, 'stale-if-error');
  428. return $entry;
  429. }
  430. }
  431. $this->processResponseBody($request, $response);
  432. if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
  433. $response->setPrivate();
  434. } elseif ($this->options['default_ttl'] > 0 && null === $response->getTtl() && !$response->headers->getCacheControlDirective('must-revalidate')) {
  435. $response->setTtl($this->options['default_ttl']);
  436. }
  437. return $response;
  438. }
  439. /**
  440. * Checks whether the cache entry is "fresh enough" to satisfy the Request.
  441. *
  442. * @param Request $request A Request instance
  443. * @param Response $entry A Response instance
  444. *
  445. * @return bool true if the cache entry if fresh enough, false otherwise
  446. */
  447. protected function isFreshEnough(Request $request, Response $entry)
  448. {
  449. if (!$entry->isFresh()) {
  450. return $this->lock($request, $entry);
  451. }
  452. if ($this->options['allow_revalidate'] && null !== $maxAge = $request->headers->getCacheControlDirective('max-age')) {
  453. return $maxAge > 0 && $maxAge >= $entry->getAge();
  454. }
  455. return true;
  456. }
  457. /**
  458. * Locks a Request during the call to the backend.
  459. *
  460. * @param Request $request A Request instance
  461. * @param Response $entry A Response instance
  462. *
  463. * @return bool true if the cache entry can be returned even if it is staled, false otherwise
  464. */
  465. protected function lock(Request $request, Response $entry)
  466. {
  467. // try to acquire a lock to call the backend
  468. $lock = $this->store->lock($request);
  469. // there is already another process calling the backend
  470. if (true !== $lock) {
  471. // check if we can serve the stale entry
  472. if (null === $age = $entry->headers->getCacheControlDirective('stale-while-revalidate')) {
  473. $age = $this->options['stale_while_revalidate'];
  474. }
  475. if (abs($entry->getTtl()) < $age) {
  476. $this->record($request, 'stale-while-revalidate');
  477. // server the stale response while there is a revalidation
  478. return true;
  479. }
  480. // wait for the lock to be released
  481. $wait = 0;
  482. while ($this->store->isLocked($request) && $wait < 5000000) {
  483. usleep(50000);
  484. $wait += 50000;
  485. }
  486. if ($wait < 5000000) {
  487. // replace the current entry with the fresh one
  488. $new = $this->lookup($request);
  489. $entry->headers = $new->headers;
  490. $entry->setContent($new->getContent());
  491. $entry->setStatusCode($new->getStatusCode());
  492. $entry->setProtocolVersion($new->getProtocolVersion());
  493. foreach ($new->headers->getCookies() as $cookie) {
  494. $entry->headers->setCookie($cookie);
  495. }
  496. } else {
  497. // backend is slow as hell, send a 503 response (to avoid the dog pile effect)
  498. $entry->setStatusCode(503);
  499. $entry->setContent('503 Service Unavailable');
  500. $entry->headers->set('Retry-After', 10);
  501. }
  502. return true;
  503. }
  504. // we have the lock, call the backend
  505. return false;
  506. }
  507. /**
  508. * Writes the Response to the cache.
  509. *
  510. * @param Request $request A Request instance
  511. * @param Response $response A Response instance
  512. *
  513. * @throws \Exception
  514. */
  515. protected function store(Request $request, Response $response)
  516. {
  517. if (!$response->headers->has('Date')) {
  518. $response->setDate(\DateTime::createFromFormat('U', time()));
  519. }
  520. try {
  521. $this->store->write($request, $response);
  522. $this->record($request, 'store');
  523. $response->headers->set('Age', $response->getAge());
  524. } catch (\Exception $e) {
  525. $this->record($request, 'store-failed');
  526. if ($this->options['debug']) {
  527. throw $e;
  528. }
  529. }
  530. // now that the response is cached, release the lock
  531. $this->store->unlock($request);
  532. }
  533. /**
  534. * Restores the Response body.
  535. *
  536. * @param Request $request A Request instance
  537. * @param Response $response A Response instance
  538. */
  539. private function restoreResponseBody(Request $request, Response $response)
  540. {
  541. if ($request->isMethod('HEAD') || 304 === $response->getStatusCode()) {
  542. $response->setContent(null);
  543. $response->headers->remove('X-Body-Eval');
  544. $response->headers->remove('X-Body-File');
  545. return;
  546. }
  547. if ($response->headers->has('X-Body-Eval')) {
  548. ob_start();
  549. if ($response->headers->has('X-Body-File')) {
  550. include $response->headers->get('X-Body-File');
  551. } else {
  552. eval('; ?>'.$response->getContent().'<?php ;');
  553. }
  554. $response->setContent(ob_get_clean());
  555. $response->headers->remove('X-Body-Eval');
  556. if (!$response->headers->has('Transfer-Encoding')) {
  557. $response->headers->set('Content-Length', strlen($response->getContent()));
  558. }
  559. } elseif ($response->headers->has('X-Body-File')) {
  560. $response->setContent(file_get_contents($response->headers->get('X-Body-File')));
  561. } else {
  562. return;
  563. }
  564. $response->headers->remove('X-Body-File');
  565. }
  566. protected function processResponseBody(Request $request, Response $response)
  567. {
  568. if (null !== $this->surrogate && $this->surrogate->needsParsing($response)) {
  569. $this->surrogate->process($request, $response);
  570. }
  571. }
  572. /**
  573. * Checks if the Request includes authorization or other sensitive information
  574. * that should cause the Response to be considered private by default.
  575. *
  576. * @param Request $request A Request instance
  577. *
  578. * @return bool true if the Request is private, false otherwise
  579. */
  580. private function isPrivateRequest(Request $request)
  581. {
  582. foreach ($this->options['private_headers'] as $key) {
  583. $key = strtolower(str_replace('HTTP_', '', $key));
  584. if ('cookie' === $key) {
  585. if (count($request->cookies->all())) {
  586. return true;
  587. }
  588. } elseif ($request->headers->has($key)) {
  589. return true;
  590. }
  591. }
  592. return false;
  593. }
  594. /**
  595. * Records that an event took place.
  596. *
  597. * @param Request $request A Request instance
  598. * @param string $event The event name
  599. */
  600. private function record(Request $request, $event)
  601. {
  602. $path = $request->getPathInfo();
  603. if ($qs = $request->getQueryString()) {
  604. $path .= '?'.$qs;
  605. }
  606. $this->traces[$request->getMethod().' '.$path][] = $event;
  607. }
  608. }