Merge pull request #71 from FriendsOfSymfony/user-context

User context

Author: ddeboer

DependencyInjection/Compiler/UserContextListenerPass.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace FOS\HttpCacheBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Reference;
+
+/**
+ * Add tagged provider to the hash generator for user context
+ */
+class UserContextListenerPass implements CompilerPassInterface
+{
+    const TAG_NAME = "fos_http_cache.user_context_provider";
+
+    /**
+     * {@inheritdoc}
+     */
+    public function process(ContainerBuilder $container)
+    {
+        if (!$container->has('fos_http_cache.user_context.hash_generator')) {
+            return;
+        }
+
+        $definition = $container->getDefinition('fos_http_cache.user_context.hash_generator');
+
+        $providers = array();
+        foreach ($container->findTaggedServiceIds(self::TAG_NAME) as $id => $parameters) {
+            $providers[] = new Reference($id);
+        }
+
+        if (!count($providers)) {
+            throw new InvalidConfigurationException('No user context providers found. Either tag providers or disable fos_http_cache.user_context');
+        }
+
+        $definition->addArgument($providers);
+    }
+}

DependencyInjection/Configuration.php

@@ -33,13 +33,10 @@ public function getConfigTreeBuilder()
                     ->defaultValue('X-Cache-Debug')
                     ->info('The header to send if debug is true.')
                 ->end()
-                ->booleanNode('authorization_listener')
-                    ->defaultFalse()
-                    ->info('Whether to activate the authorization listener that early returns head request after the security check.')
-                ->end()
             ->end()
         ;
 
+        $this->addUserContextListenerSection($rootNode);
         $this->addRulesSection($rootNode);
         $this->addProxyClientSection($rootNode);
         $this->addTagListenerSection($rootNode);
@@ -49,6 +46,55 @@ public function getConfigTreeBuilder()
         return $treeBuilder;
     }
 
+    private function addUserContextListenerSection(ArrayNodeDefinition $rootNode)
+    {
+        $rootNode
+            ->fixXmlConfig('user_identifier_header')
+            ->children()
+                ->arrayNode('user_context')
+                    ->info('Listener that returns the request for the user context hash as early as possible.')
+                    ->addDefaultsIfNotSet()
+                    ->canBeEnabled()
+                    ->children()
+                        ->arrayNode('match')
+                            ->addDefaultsIfNotSet()
+                            ->children()
+                                ->scalarNode('matcher_service')
+                                    ->defaultValue('fos_http_cache.user_context.request_matcher')
+                                    ->info('Service id of a request matcher that tells whether the request is a context hash request.')
+                                ->end()
+                                ->scalarNode('accept')
+                                    ->defaultValue('application/vnd.fos.user-context-hash')
+                                    ->info('Specify the accept HTTP header used for context hash requests.')
+                                ->end()
+                                ->scalarNode('method')
+                                    ->defaultNull()
+                                    ->info('Specify the HTTP method used for context hash requests.')
+                                ->end()
+                            ->end()
+                        ->end()
+                        ->scalarNode('hash_cache_ttl')
+                            ->defaultValue(0)
+                            ->info('Cache the response for the hash for the specified number of seconds. Setting this to 0 will not cache those responses at all.')
+                        ->end()
+                        ->arrayNode('user_identifier_headers')
+                            ->prototype('scalar')->end()
+                            ->defaultValue(array('Cookie', 'Authorization'))
+                            ->info('List of headers that contains the unique identifier for the user in the hash request.')
+                        ->end()
+                        ->scalarNode('user_hash_header')
+                            ->defaultValue('X-User-Context-Hash')
+                            ->info('Name of the header that contains the hash information for the context.')
+                        ->end()
+                        ->booleanNode('role_provider')
+                            ->defaultFalse()
+                            ->info('Whether to enable a provider that automatically adds all roles of the current user to the context.')
+                        ->end()
+                    ->end()
+                ->end()
+            ->end();
+    }
+
     private function addRulesSection(ArrayNodeDefinition $rootNode)
     {
         $rules = $rootNode

DependencyInjection/FOSHttpCacheExtension.php

@@ -2,6 +2,7 @@
 
 namespace FOS\HttpCacheBundle\DependencyInjection;
 
+use FOS\HttpCacheBundle\DependencyInjection\Compiler\UserContextListenerPass;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\Config\FileLocator;
@@ -64,8 +65,8 @@ public function load(array $configs, ContainerBuilder $container)
             throw new InvalidConfigurationException('You need to configure a proxy client to use the tag listener.');
         }
 
-        if ($config['authorization_listener']) {
-            $loader->load('authorization_request_listener.xml');
+        if ($config['user_context']['enabled']) {
+            $this->loadUserContext($container, $loader, $config['user_context']);
         }
 
         if (!empty($config['flash_message_listener']) && $config['flash_message_listener']['enabled']) {
@@ -135,6 +136,27 @@ protected function createRuleMatcher(ContainerBuilder $container, Reference $req
         return new Reference($id);
     }
 
+    protected function loadUserContext(ContainerBuilder $container, XmlFileLoader $loader, array $config)
+    {
+        $loader->load('user_context.xml');
+
+        $container->getDefinition($this->getAlias().'.user_context.request_matcher')
+            ->replaceArgument(0, $config['match']['accept'])
+            ->replaceArgument(1, $config['match']['method']);
+
+        $container->getDefinition($this->getAlias().'.event_listener.user_context')
+            ->replaceArgument(0, new Reference($config['match']['matcher_service']))
+            ->replaceArgument(2, $config['user_identifier_headers'])
+            ->replaceArgument(3, $config['user_hash_header'])
+            ->replaceArgument(4, $config['hash_cache_ttl']);
+
+        if ($config['role_provider']) {
+            $container->getDefinition($this->getAlias().'.user_context.role_provider')
+                ->addTag(UserContextListenerPass::TAG_NAME)
+                ->setAbstract(false);
+        }
+    }
+
     protected function createRequestMatcher(ContainerBuilder $container, $path = null, $host = null, $methods = null, $ips = null, array $attributes = array())
     {
         $arguments = array($path, $host, $methods, $ips, $attributes);

EventListener/CacheAuthorizationSubscriber.php

@@ -0,0 +1,145 @@
+<?php
+
+namespace FOS\HttpCacheBundle\EventListener;
+
+use FOS\HttpCache\UserContext\HashGenerator;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\RequestMatcherInterface;
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+/**
+ * Check requests and responses with the matcher.
+ *
+ * Abort context hash requests immediately and return the hash.
+ * Add the vary information on responses to normal requests.
+ *
+ * @author Stefan Paschke <[email protected]>
+ * @author Joel Wurtz <[email protected]>
+ */
+class UserContextSubscriber implements EventSubscriberInterface
+{
+    /**
+     * @var RequestMatcherInterface
+     */
+    private $requestMatcher;
+
+    /**
+     * @var HashGenerator
+     */
+    private $hashGenerator;
+
+    /**
+     * @var string[]
+     */
+    private $userIdentifierHeaders;
+
+    /**
+     * @var string
+     */
+    private $hashHeader;
+
+    /**
+     * @var integer
+     */
+    private $ttl;
+
+    public function __construct(
+        RequestMatcherInterface $requestMatcher,
+        HashGenerator $hashGenerator,
+        array $userIdentifierHeaders = array('Cookie', 'Authorization'),
+        $hashHeader = "X-User-Context-Hash",
+        $ttl = 0
+    )
+    {
+        if (!count($userIdentifierHeaders)) {
+            throw new \InvalidArgumentException('The user context must vary on some request headers');
+        }
+        $this->requestMatcher        = $requestMatcher;
+        $this->hashGenerator         = $hashGenerator;
+        $this->userIdentifierHeaders = $userIdentifierHeaders;
+        $this->hashHeader            = $hashHeader;
+        $this->ttl                   = $ttl;
+    }
+
+    /**
+     * Return the response to the context hash request with a header containing
+     * the generated hash.
+     *
+     * If the ttl is bigger than 0, cache headers will be set for this response.
+     *
+     * @param GetResponseEvent $event
+     */
+    public function onKernelRequest(GetResponseEvent $event)
+    {
+        if ($event->getRequestType() != HttpKernelInterface::MASTER_REQUEST) {
+            return;
+        }
+
+        if (!$this->requestMatcher->matches($event->getRequest())) {
+            return;
+        }
+
+        $hash = $this->hashGenerator->generateHash();
+
+        // status needs to be 200 as otherwise varnish will not cache the response.
+        $response = new Response('', 200, array(
+            $this->hashHeader => $hash,
+            'Content-Type'    => 'application/vnd.fos.user-context-hash'
+        ));
+
+        if ($this->ttl > 0) {
+            $response->setClientTtl($this->ttl);
+            $response->setVary($this->userIdentifierHeaders);
+        } else {
+            $response->setClientTtl(0);
+            $response->headers->addCacheControlDirective('no-cache');
+        }
+
+        $event->setResponse($response);
+    }
+
+    /**
+     * Add the context hash header to the headers to vary on if the header was
+     * present in the request.
+     *
+     * @param FilterResponseEvent $event
+     */
+    public function onKernelResponse(FilterResponseEvent $event)
+    {
+        if ($event->getRequestType() != HttpKernelInterface::MASTER_REQUEST) {
+            return;
+        }
+
+        $response = $event->getResponse();
+        $vary = $response->getVary();
+
+        if ($event->getRequest()->headers->has($this->hashHeader)) {
+            if (!in_array($this->hashHeader, $vary)) {
+                $vary[] = $this->hashHeader;
+            }
+        } else {
+            foreach ($this->userIdentifierHeaders as $header) {
+                if (!in_array($header, $vary)) {
+                    $vary[] = $header;
+                }
+            }
+        }
+
+        $response->setVary($vary, true);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public static function getSubscribedEvents()
+    {
+        return array(
+            KernelEvents::RESPONSE => 'onKernelResponse',
+            KernelEvents::REQUEST  => array('onKernelRequest', 7),
+        );
+    }
+}

EventListener/UserContextSubscriber.php

@@ -4,6 +4,7 @@
 
 use FOS\HttpCacheBundle\DependencyInjection\Compiler\LoggerPass;
 use FOS\HttpCacheBundle\DependencyInjection\Compiler\TagListenerPass;
+use FOS\HttpCacheBundle\DependencyInjection\Compiler\UserContextListenerPass;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
@@ -16,5 +17,6 @@ public function build(ContainerBuilder $container)
     {
         $container->addCompilerPass(new LoggerPass());
         $container->addCompilerPass(new TagListenerPass());
+        $container->addCompilerPass(new UserContextListenerPass());
     }
 }

FOSHttpCacheBundle.php

@@ -0,0 +1,36 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <parameters>
+        <parameter key="fos_http_cache.event_listener.user_context.class">FOS\HttpCacheBundle\EventListener\UserContextSubscriber</parameter>
+        <parameter key="fos_http_cache.user_context.hash_generator.class">FOS\HttpCache\UserContext\HashGenerator</parameter>
+        <parameter key="fos_http_cache.user_context.role_provider.class">FOS\HttpCacheBundle\UserContext\RoleProvider</parameter>
+        <parameter key="fos_http_cache.user_context.request_matcher.class">FOS\HttpCacheBundle\UserContext\RequestMatcher</parameter>
+    </parameters>
+
+    <services>
+        <service id="fos_http_cache.user_context.hash_generator" class="%fos_http_cache.user_context.hash_generator.class%">
+        </service>
+
+        <service id="fos_http_cache.user_context.request_matcher" class="%fos_http_cache.user_context.request_matcher.class%">
+            <argument />
+            <argument />
+        </service>
+
+        <service id="fos_http_cache.event_listener.user_context" class="%fos_http_cache.event_listener.user_context.class%">
+            <argument type="service" id="fos_http_cache.user_context.request_matcher" />
+            <argument type="service" id="fos_http_cache.user_context.hash_generator" />
+            <argument />
+            <argument />
+            <argument />
+            <tag name="kernel.event_subscriber" />
+        </service>
+
+        <service id="fos_http_cache.user_context.role_provider" class="%fos_http_cache.user_context.role_provider.class%" abstract="true">
+            <argument type="service" id="security.context" on-invalid="ignore" />
+        </service>
+    </services>
+</container>