123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700 |
- <?php
-
- /*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien@symfony.com>
- *
- * This code is partially based on the Rack-Cache library by Ryan Tomayko,
- * which is released under the MIT license.
- * (based on commit 02d2b48d75bcb63cf1c0c7149c077ad256542801)
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
- namespace Symfony\Component\HttpKernel\HttpCache;
-
- use Symfony\Component\HttpKernel\HttpKernelInterface;
- use Symfony\Component\HttpKernel\TerminableInterface;
- use Symfony\Component\HttpFoundation\Request;
- use Symfony\Component\HttpFoundation\Response;
-
- /**
- * Cache provides HTTP caching.
- *
- * @author Fabien Potencier <fabien@symfony.com>
- */
- class HttpCache implements HttpKernelInterface, TerminableInterface
- {
- private $kernel;
- private $store;
- private $request;
- private $surrogate;
- private $surrogateCacheStrategy;
- private $options = array();
- private $traces = array();
-
- /**
- * Constructor.
- *
- * The available options are:
- *
- * * debug: If true, the traces are added as a HTTP header to ease debugging
- *
- * * default_ttl The number of seconds that a cache entry should be considered
- * fresh when no explicit freshness information is provided in
- * a response. Explicit Cache-Control or Expires headers
- * override this value. (default: 0)
- *
- * * private_headers Set of request headers that trigger "private" cache-control behavior
- * on responses that don't explicitly state whether the response is
- * public or private via a Cache-Control directive. (default: Authorization and Cookie)
- *
- * * allow_reload Specifies whether the client can force a cache reload by including a
- * Cache-Control "no-cache" directive in the request. Set it to ``true``
- * for compliance with RFC 2616. (default: false)
- *
- * * allow_revalidate Specifies whether the client can force a cache revalidate by including
- * a Cache-Control "max-age=0" directive in the request. Set it to ``true``
- * for compliance with RFC 2616. (default: false)
- *
- * * stale_while_revalidate Specifies the default number of seconds (the granularity is the second as the
- * Response TTL precision is a second) during which the cache can immediately return
- * a stale response while it revalidates it in the background (default: 2).
- * This setting is overridden by the stale-while-revalidate HTTP Cache-Control
- * extension (see RFC 5861).
- *
- * * stale_if_error Specifies the default number of seconds (the granularity is the second) during which
- * the cache can serve a stale response when an error is encountered (default: 60).
- * This setting is overridden by the stale-if-error HTTP Cache-Control extension
- * (see RFC 5861).
- */
- public function __construct(HttpKernelInterface $kernel, StoreInterface $store, SurrogateInterface $surrogate = null, array $options = array())
- {
- $this->store = $store;
- $this->kernel = $kernel;
- $this->surrogate = $surrogate;
-
- // needed in case there is a fatal error because the backend is too slow to respond
- register_shutdown_function(array($this->store, 'cleanup'));
-
- $this->options = array_merge(array(
- 'debug' => false,
- 'default_ttl' => 0,
- 'private_headers' => array('Authorization', 'Cookie'),
- 'allow_reload' => false,
- 'allow_revalidate' => false,
- 'stale_while_revalidate' => 2,
- 'stale_if_error' => 60,
- ), $options);
- }
-
- /**
- * Gets the current store.
- *
- * @return StoreInterface $store A StoreInterface instance
- */
- public function getStore()
- {
- return $this->store;
- }
-
- /**
- * Returns an array of events that took place during processing of the last request.
- *
- * @return array An array of events
- */
- public function getTraces()
- {
- return $this->traces;
- }
-
- /**
- * Returns a log message for the events of the last request processing.
- *
- * @return string A log message
- */
- public function getLog()
- {
- $log = array();
- foreach ($this->traces as $request => $traces) {
- $log[] = sprintf('%s: %s', $request, implode(', ', $traces));
- }
-
- return implode('; ', $log);
- }
-
- /**
- * Gets the Request instance associated with the master request.
- *
- * @return Request A Request instance
- */
- public function getRequest()
- {
- return $this->request;
- }
-
- /**
- * Gets the Kernel instance.
- *
- * @return HttpKernelInterface An HttpKernelInterface instance
- */
- public function getKernel()
- {
- return $this->kernel;
- }
-
- /**
- * Gets the Surrogate instance.
- *
- * @return SurrogateInterface A Surrogate instance
- *
- * @throws \LogicException
- */
- public function getSurrogate()
- {
- return $this->surrogate;
- }
-
- /**
- * {@inheritdoc}
- */
- public function handle(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, $catch = true)
- {
- // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism
- if (HttpKernelInterface::MASTER_REQUEST === $type) {
- $this->traces = array();
- $this->request = $request;
- if (null !== $this->surrogate) {
- $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
- }
- }
-
- $this->traces[$this->getTraceKey($request)] = array();
-
- if (!$request->isMethodSafe(false)) {
- $response = $this->invalidate($request, $catch);
- } elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
- $response = $this->pass($request, $catch);
- } elseif ($this->options['allow_reload'] && $request->isNoCache()) {
- /*
- If allow_reload is configured and the client requests "Cache-Control: no-cache",
- reload the cache by fetching a fresh response and caching it (if possible).
- */
- $this->record($request, 'reload');
- $response = $this->fetch($request, $catch);
- } else {
- $response = $this->lookup($request, $catch);
- }
-
- $this->restoreResponseBody($request, $response);
-
- if (HttpKernelInterface::MASTER_REQUEST === $type && $this->options['debug']) {
- $response->headers->set('X-Symfony-Cache', $this->getLog());
- }
-
- if (null !== $this->surrogate) {
- if (HttpKernelInterface::MASTER_REQUEST === $type) {
- $this->surrogateCacheStrategy->update($response);
- } else {
- $this->surrogateCacheStrategy->add($response);
- }
- }
-
- $response->prepare($request);
-
- $response->isNotModified($request);
-
- return $response;
- }
-
- /**
- * {@inheritdoc}
- */
- public function terminate(Request $request, Response $response)
- {
- if ($this->getKernel() instanceof TerminableInterface) {
- $this->getKernel()->terminate($request, $response);
- }
- }
-
- /**
- * Forwards the Request to the backend without storing the Response in the cache.
- *
- * @param Request $request A Request instance
- * @param bool $catch Whether to process exceptions
- *
- * @return Response A Response instance
- */
- protected function pass(Request $request, $catch = false)
- {
- $this->record($request, 'pass');
-
- return $this->forward($request, $catch);
- }
-
- /**
- * Invalidates non-safe methods (like POST, PUT, and DELETE).
- *
- * @param Request $request A Request instance
- * @param bool $catch Whether to process exceptions
- *
- * @return Response A Response instance
- *
- * @throws \Exception
- *
- * @see RFC2616 13.10
- */
- protected function invalidate(Request $request, $catch = false)
- {
- $response = $this->pass($request, $catch);
-
- // invalidate only when the response is successful
- if ($response->isSuccessful() || $response->isRedirect()) {
- try {
- $this->store->invalidate($request);
-
- // As per the RFC, invalidate Location and Content-Location URLs if present
- foreach (array('Location', 'Content-Location') as $header) {
- if ($uri = $response->headers->get($header)) {
- $subRequest = Request::create($uri, 'get', array(), array(), array(), $request->server->all());
-
- $this->store->invalidate($subRequest);
- }
- }
-
- $this->record($request, 'invalidate');
- } catch (\Exception $e) {
- $this->record($request, 'invalidate-failed');
-
- if ($this->options['debug']) {
- throw $e;
- }
- }
- }
-
- return $response;
- }
-
- /**
- * Lookups a Response from the cache for the given Request.
- *
- * When a matching cache entry is found and is fresh, it uses it as the
- * response without forwarding any request to the backend. When a matching
- * cache entry is found but is stale, it attempts to "validate" the entry with
- * the backend using conditional GET. When no matching cache entry is found,
- * it triggers "miss" processing.
- *
- * @param Request $request A Request instance
- * @param bool $catch Whether to process exceptions
- *
- * @return Response A Response instance
- *
- * @throws \Exception
- */
- protected function lookup(Request $request, $catch = false)
- {
- try {
- $entry = $this->store->lookup($request);
- } catch (\Exception $e) {
- $this->record($request, 'lookup-failed');
-
- if ($this->options['debug']) {
- throw $e;
- }
-
- return $this->pass($request, $catch);
- }
-
- if (null === $entry) {
- $this->record($request, 'miss');
-
- return $this->fetch($request, $catch);
- }
-
- if (!$this->isFreshEnough($request, $entry)) {
- $this->record($request, 'stale');
-
- return $this->validate($request, $entry, $catch);
- }
-
- $this->record($request, 'fresh');
-
- $entry->headers->set('Age', $entry->getAge());
-
- return $entry;
- }
-
- /**
- * Validates that a cache entry is fresh.
- *
- * The original request is used as a template for a conditional
- * GET request with the backend.
- *
- * @param Request $request A Request instance
- * @param Response $entry A Response instance to validate
- * @param bool $catch Whether to process exceptions
- *
- * @return Response A Response instance
- */
- protected function validate(Request $request, Response $entry, $catch = false)
- {
- $subRequest = clone $request;
-
- // send no head requests because we want content
- if ('HEAD' === $request->getMethod()) {
- $subRequest->setMethod('GET');
- }
-
- // add our cached last-modified validator
- $subRequest->headers->set('if_modified_since', $entry->headers->get('Last-Modified'));
-
- // Add our cached etag validator to the environment.
- // We keep the etags from the client to handle the case when the client
- // has a different private valid entry which is not cached here.
- $cachedEtags = $entry->getEtag() ? array($entry->getEtag()) : array();
- $requestEtags = $request->getETags();
- if ($etags = array_unique(array_merge($cachedEtags, $requestEtags))) {
- $subRequest->headers->set('if_none_match', implode(', ', $etags));
- }
-
- $response = $this->forward($subRequest, $catch, $entry);
-
- if (304 == $response->getStatusCode()) {
- $this->record($request, 'valid');
-
- // return the response and not the cache entry if the response is valid but not cached
- $etag = $response->getEtag();
- if ($etag && in_array($etag, $requestEtags) && !in_array($etag, $cachedEtags)) {
- return $response;
- }
-
- $entry = clone $entry;
- $entry->headers->remove('Date');
-
- foreach (array('Date', 'Expires', 'Cache-Control', 'ETag', 'Last-Modified') as $name) {
- if ($response->headers->has($name)) {
- $entry->headers->set($name, $response->headers->get($name));
- }
- }
-
- $response = $entry;
- } else {
- $this->record($request, 'invalid');
- }
-
- if ($response->isCacheable()) {
- $this->store($request, $response);
- }
-
- return $response;
- }
-
- /**
- * Unconditionally fetches a fresh response from the backend and
- * stores it in the cache if is cacheable.
- *
- * @param Request $request A Request instance
- * @param bool $catch Whether to process exceptions
- *
- * @return Response A Response instance
- */
- protected function fetch(Request $request, $catch = false)
- {
- $subRequest = clone $request;
-
- // send no head requests because we want content
- if ('HEAD' === $request->getMethod()) {
- $subRequest->setMethod('GET');
- }
-
- // avoid that the backend sends no content
- $subRequest->headers->remove('if_modified_since');
- $subRequest->headers->remove('if_none_match');
-
- $response = $this->forward($subRequest, $catch);
-
- if ($response->isCacheable()) {
- $this->store($request, $response);
- }
-
- return $response;
- }
-
- /**
- * Forwards the Request to the backend and returns the Response.
- *
- * All backend requests (cache passes, fetches, cache validations)
- * run through this method.
- *
- * @param Request $request A Request instance
- * @param bool $catch Whether to catch exceptions or not
- * @param Response $entry A Response instance (the stale entry if present, null otherwise)
- *
- * @return Response A Response instance
- */
- protected function forward(Request $request, $catch = false, Response $entry = null)
- {
- if ($this->surrogate) {
- $this->surrogate->addSurrogateCapability($request);
- }
-
- // modify the X-Forwarded-For header if needed
- $forwardedFor = $request->headers->get('X-Forwarded-For');
- if ($forwardedFor) {
- $request->headers->set('X-Forwarded-For', $forwardedFor.', '.$request->server->get('REMOTE_ADDR'));
- } else {
- $request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR'));
- }
-
- // fix the client IP address by setting it to 127.0.0.1 as HttpCache
- // is always called from the same process as the backend.
- $request->server->set('REMOTE_ADDR', '127.0.0.1');
-
- // make sure HttpCache is a trusted proxy
- if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
- $trustedProxies[] = '127.0.0.1';
- Request::setTrustedProxies($trustedProxies, Request::HEADER_X_FORWARDED_ALL);
- }
-
- // always a "master" request (as the real master request can be in cache)
- $response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
- // FIXME: we probably need to also catch exceptions if raw === true
-
- // we don't implement the stale-if-error on Requests, which is nonetheless part of the RFC
- if (null !== $entry && in_array($response->getStatusCode(), array(500, 502, 503, 504))) {
- if (null === $age = $entry->headers->getCacheControlDirective('stale-if-error')) {
- $age = $this->options['stale_if_error'];
- }
-
- if (abs($entry->getTtl()) < $age) {
- $this->record($request, 'stale-if-error');
-
- return $entry;
- }
- }
-
- /*
- RFC 7231 Sect. 7.1.1.2 says that a server that does not have a reasonably accurate
- clock MUST NOT send a "Date" header, although it MUST send one in most other cases
- except for 1xx or 5xx responses where it MAY do so.
-
- Anyway, a client that received a message without a "Date" header MUST add it.
- */
- if (!$response->headers->has('Date')) {
- $response->setDate(\DateTime::createFromFormat('U', time()));
- }
-
- $this->processResponseBody($request, $response);
-
- if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
- $response->setPrivate();
- } elseif ($this->options['default_ttl'] > 0 && null === $response->getTtl() && !$response->headers->getCacheControlDirective('must-revalidate')) {
- $response->setTtl($this->options['default_ttl']);
- }
-
- return $response;
- }
-
- /**
- * Checks whether the cache entry is "fresh enough" to satisfy the Request.
- *
- * @return bool true if the cache entry if fresh enough, false otherwise
- */
- protected function isFreshEnough(Request $request, Response $entry)
- {
- if (!$entry->isFresh()) {
- return $this->lock($request, $entry);
- }
-
- if ($this->options['allow_revalidate'] && null !== $maxAge = $request->headers->getCacheControlDirective('max-age')) {
- return $maxAge > 0 && $maxAge >= $entry->getAge();
- }
-
- return true;
- }
-
- /**
- * Locks a Request during the call to the backend.
- *
- * @return bool true if the cache entry can be returned even if it is staled, false otherwise
- */
- protected function lock(Request $request, Response $entry)
- {
- // try to acquire a lock to call the backend
- $lock = $this->store->lock($request);
-
- if (true === $lock) {
- // we have the lock, call the backend
- return false;
- }
-
- // there is already another process calling the backend
-
- // May we serve a stale response?
- if ($this->mayServeStaleWhileRevalidate($entry)) {
- $this->record($request, 'stale-while-revalidate');
-
- return true;
- }
-
- // wait for the lock to be released
- if ($this->waitForLock($request)) {
- // replace the current entry with the fresh one
- $new = $this->lookup($request);
- $entry->headers = $new->headers;
- $entry->setContent($new->getContent());
- $entry->setStatusCode($new->getStatusCode());
- $entry->setProtocolVersion($new->getProtocolVersion());
- foreach ($new->headers->getCookies() as $cookie) {
- $entry->headers->setCookie($cookie);
- }
- } else {
- // backend is slow as hell, send a 503 response (to avoid the dog pile effect)
- $entry->setStatusCode(503);
- $entry->setContent('503 Service Unavailable');
- $entry->headers->set('Retry-After', 10);
- }
-
- return true;
- }
-
- /**
- * Writes the Response to the cache.
- *
- * @throws \Exception
- */
- protected function store(Request $request, Response $response)
- {
- try {
- $this->store->write($request, $response);
-
- $this->record($request, 'store');
-
- $response->headers->set('Age', $response->getAge());
- } catch (\Exception $e) {
- $this->record($request, 'store-failed');
-
- if ($this->options['debug']) {
- throw $e;
- }
- }
-
- // now that the response is cached, release the lock
- $this->store->unlock($request);
- }
-
- /**
- * Restores the Response body.
- */
- private function restoreResponseBody(Request $request, Response $response)
- {
- if ($response->headers->has('X-Body-Eval')) {
- ob_start();
-
- if ($response->headers->has('X-Body-File')) {
- include $response->headers->get('X-Body-File');
- } else {
- eval('; ?>'.$response->getContent().'<?php ;');
- }
-
- $response->setContent(ob_get_clean());
- $response->headers->remove('X-Body-Eval');
- if (!$response->headers->has('Transfer-Encoding')) {
- $response->headers->set('Content-Length', strlen($response->getContent()));
- }
- } elseif ($response->headers->has('X-Body-File')) {
- // Response does not include possibly dynamic content (ESI, SSI), so we need
- // not handle the content for HEAD requests
- if (!$request->isMethod('HEAD')) {
- $response->setContent(file_get_contents($response->headers->get('X-Body-File')));
- }
- } else {
- return;
- }
-
- $response->headers->remove('X-Body-File');
- }
-
- protected function processResponseBody(Request $request, Response $response)
- {
- if (null !== $this->surrogate && $this->surrogate->needsParsing($response)) {
- $this->surrogate->process($request, $response);
- }
- }
-
- /**
- * Checks if the Request includes authorization or other sensitive information
- * that should cause the Response to be considered private by default.
- *
- * @return bool true if the Request is private, false otherwise
- */
- private function isPrivateRequest(Request $request)
- {
- foreach ($this->options['private_headers'] as $key) {
- $key = strtolower(str_replace('HTTP_', '', $key));
-
- if ('cookie' === $key) {
- if (count($request->cookies->all())) {
- return true;
- }
- } elseif ($request->headers->has($key)) {
- return true;
- }
- }
-
- return false;
- }
-
- /**
- * Records that an event took place.
- */
- private function record(Request $request, string $event)
- {
- $this->traces[$this->getTraceKey($request)][] = $event;
- }
-
- /**
- * Calculates the key we use in the "trace" array for a given request.
- */
- private function getTraceKey(Request $request): string
- {
- $path = $request->getPathInfo();
- if ($qs = $request->getQueryString()) {
- $path .= '?'.$qs;
- }
-
- return $request->getMethod().' '.$path;
- }
-
- /**
- * Checks whether the given (cached) response may be served as "stale" when a revalidation
- * is currently in progress.
- */
- private function mayServeStaleWhileRevalidate(Response $entry): bool
- {
- $timeout = $entry->headers->getCacheControlDirective('stale-while-revalidate');
-
- if (null === $timeout) {
- $timeout = $this->options['stale_while_revalidate'];
- }
-
- return abs($entry->getTtl()) < $timeout;
- }
-
- /**
- * Waits for the store to release a locked entry.
- */
- private function waitForLock(Request $request): bool
- {
- $wait = 0;
- while ($this->store->isLocked($request) && $wait < 100) {
- usleep(50000);
- ++$wait;
- }
-
- return $wait < 100;
- }
- }
|