20after4 has uploaded a new change for review.
https://gerrit.wikimedia.org/r/168509
Change subject: preamble script to read client address from HTTP_X_FORWARDED_FOR
......................................................................
preamble script to read client address from HTTP_X_FORWARDED_FOR
Proxy provides the x-forwarded-for header to tell the application
the true IP address of the client. This makes phabricator aware of
the real client address instead of logging the proxy's ip as the
client.
Change-Id: I81dd5349fb45fe0fc0693850505dc9d27e8f7306
---
M manifests/role/phabricator.pp
M modules/phabricator/files/preamble.php
A modules/phabricator/files/redirector.php
M modules/phabricator/manifests/init.pp
4 files changed, 76 insertions(+), 64 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/09/168509/1
diff --git a/manifests/role/phabricator.pp b/manifests/role/phabricator.pp
index e21d8f1..b5e0f9d 100644
--- a/manifests/role/phabricator.pp
+++ b/manifests/role/phabricator.pp
@@ -49,6 +49,7 @@
mysql_admin_user => $::mysql_adminuser,
mysql_admin_pass => $::mysql_adminpass,
auth_type => 'dual',
+ preamble => 'preamble.php'
extension_tag => 'HEAD',
extensions => ['MediaWikiUserpageCustomField.php',
'SecurityPolicyEnforcerAction.php'],
@@ -123,6 +124,7 @@
git_tag => $current_tag,
lock_file => '/var/run/phab_repo_lock',
auth_type => 'local',
+ preamble_script => '',
libext_tag => 'HEAD',
libraries => {
'burndown' => '/srv/phab/libext/Sprint',
diff --git a/modules/phabricator/files/preamble.php
b/modules/phabricator/files/preamble.php
index 668695f..974eac8 100644
--- a/modules/phabricator/files/preamble.php
+++ b/modules/phabricator/files/preamble.php
@@ -1,65 +1,3 @@
<?php
-// this is a test setup to prove the redirection code works as expected
-// this should only respond to requests on the test subdomain
-// phabzilla.wmflabs.org which is a proxy for phab-01
-if ($_SERVER['HTTP_HOST'] == 'phabzilla.wmflabs.org') {
- $_SERVER['HTTP_HOST'] = 'bugs.wikimedia.org';
-} else {
- // other hostnames are "NO-OP"
- return;
-}
-
-class redirector {
- protected $config;
- protected $mysqli;
-
- function __construct() {
- $this->config =
json_decode(file_get_contents(__DIR__.'/redirect_config.json'));
- $this->mysqli = new mysqli(
- $this->config->mysql->host,
- $this->config->mysql->user,
- $this->config->mysql->pass,
- 'phabricator_maniphest'
- );
- if ($this->mysqli->connect_error) {
- die('Connect Error (' . $this->mysqli->connect_errno . ') '
- . $this->mysqli->connect_error);
- }
- }
- public function redirect($url) {
-
- foreach ($this->config->urlPatterns as $i=>$p) {
- $matches = array();
- $pattern = '#'.$p->pattern.'#';
-
- if (preg_match( $pattern, $url, $matches )) {
-
- if (isset($p->fieldValue)) {
- // dynamic redirect, look up $id using cross reference
query
- $fieldValue = str_replace('$1', $matches[1],
$p->fieldValue);
- $sql = $this->config->query;
- $sql = str_replace('$fieldValue', $fieldValue, $sql);
- $sql = str_replace('$fieldIndex',
$this->config->fieldIndex, $sql);
-
- if ($res = $this->mysqli->query($sql)) {
- $res = $res->fetch_assoc();
- // insert the cross referenced id into the redirectUrl
- $redirect = str_replace('$id', $res['id'],
$p->redirectUrl);
- header("Location: $redirect");
- echo "Redirecting to $redirect\n";
- exit;
- }
- } else {
- // static redirect
- header("Location: ". $p->redirectUrl);
- exit;
- }
- }
- }
- }
-}
-
-$full_uri = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
-$r = new redirector();
-$r->redirect($full_uri);
+$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
\ No newline at end of file
diff --git a/modules/phabricator/files/redirector.php
b/modules/phabricator/files/redirector.php
new file mode 100644
index 0000000..668695f
--- /dev/null
+++ b/modules/phabricator/files/redirector.php
@@ -0,0 +1,65 @@
+<?php
+
+// this is a test setup to prove the redirection code works as expected
+// this should only respond to requests on the test subdomain
+// phabzilla.wmflabs.org which is a proxy for phab-01
+if ($_SERVER['HTTP_HOST'] == 'phabzilla.wmflabs.org') {
+ $_SERVER['HTTP_HOST'] = 'bugs.wikimedia.org';
+} else {
+ // other hostnames are "NO-OP"
+ return;
+}
+
+class redirector {
+ protected $config;
+ protected $mysqli;
+
+ function __construct() {
+ $this->config =
json_decode(file_get_contents(__DIR__.'/redirect_config.json'));
+ $this->mysqli = new mysqli(
+ $this->config->mysql->host,
+ $this->config->mysql->user,
+ $this->config->mysql->pass,
+ 'phabricator_maniphest'
+ );
+ if ($this->mysqli->connect_error) {
+ die('Connect Error (' . $this->mysqli->connect_errno . ') '
+ . $this->mysqli->connect_error);
+ }
+ }
+ public function redirect($url) {
+
+ foreach ($this->config->urlPatterns as $i=>$p) {
+ $matches = array();
+ $pattern = '#'.$p->pattern.'#';
+
+ if (preg_match( $pattern, $url, $matches )) {
+
+ if (isset($p->fieldValue)) {
+ // dynamic redirect, look up $id using cross reference
query
+ $fieldValue = str_replace('$1', $matches[1],
$p->fieldValue);
+ $sql = $this->config->query;
+ $sql = str_replace('$fieldValue', $fieldValue, $sql);
+ $sql = str_replace('$fieldIndex',
$this->config->fieldIndex, $sql);
+
+ if ($res = $this->mysqli->query($sql)) {
+ $res = $res->fetch_assoc();
+ // insert the cross referenced id into the redirectUrl
+ $redirect = str_replace('$id', $res['id'],
$p->redirectUrl);
+ header("Location: $redirect");
+ echo "Redirecting to $redirect\n";
+ exit;
+ }
+ } else {
+ // static redirect
+ header("Location: ". $p->redirectUrl);
+ exit;
+ }
+ }
+ }
+ }
+}
+
+$full_uri = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
+$r = new redirector();
+$r->redirect($full_uri);
diff --git a/modules/phabricator/manifests/init.pp
b/modules/phabricator/manifests/init.pp
index c9fb02c..d76b432 100644
--- a/modules/phabricator/manifests/init.pp
+++ b/modules/phabricator/manifests/init.pp
@@ -79,6 +79,7 @@
$mysql_admin_pass = '',
$serveradmin = '',
$auth_type = '',
+ $preamble_script = 'preamble.php',
) {
include phabricator::migration
@@ -267,6 +268,12 @@
status => "${phd} status",
require => Git::Install['phabricator/phabricator'],
}
+
+ if ($preamble_script) {
+ file { "${phabdir}/phabricator/support/preamble.php":
+ source => "puppet:///modules/phabricator/${preamble_script}",
+ }
+ }
}
define phabricator::extension($rootdir='/') {
@@ -278,7 +285,7 @@
define phabricator::redirector($mysql_user, $mysql_pass, $mysql_host,
$rootdir='/') {
file { "${rootdir}/phabricator/support/preamble.php":
- source => 'puppet:///modules/phabricator/preamble.php',
+ source => 'puppet:///modules/phabricator/redirector.php',
require => File["${rootdir}/phabricator/support/redirect_config.json"]
}
--
To view, visit https://gerrit.wikimedia.org/r/168509
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I81dd5349fb45fe0fc0693850505dc9d27e8f7306
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <mmod...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
