2019-05-02 17:17:27 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2021-05-20 22:37:17 -05:00
|
|
|
# we want MessageBus to be close to the front
|
2015-12-08 18:48:41 -06:00
|
|
|
# this is important cause the vast majority of web requests go to it
|
|
|
|
# this allows us to avoid full middleware crawls each time
|
2020-03-30 06:01:06 -05:00
|
|
|
#
|
|
|
|
# We aren't manipulating the middleware stack directly because of
|
|
|
|
# https://github.com/rails/rails/pull/27936
|
2017-09-04 07:42:22 -05:00
|
|
|
|
2020-05-07 19:44:51 -05:00
|
|
|
Rails.configuration.middleware.unshift(MessageBus::Rack::Middleware)
|
2015-12-08 18:48:41 -06:00
|
|
|
|
|
|
|
# no reason to track this in development, that is 300+ redis calls saved per
|
|
|
|
# page view (we serve all assets out of thin in development)
|
|
|
|
if Rails.env != "development" || ENV["TRACK_REQUESTS"]
|
|
|
|
require "middleware/request_tracker"
|
|
|
|
Rails.configuration.middleware.unshift Middleware::RequestTracker
|
2019-06-05 01:08:11 -05:00
|
|
|
|
|
|
|
MethodProfiler.ensure_discourse_instrumentation! if GlobalSetting.enable_performance_http_headers
|
2015-12-08 18:48:41 -06:00
|
|
|
end
|
2020-03-30 06:01:06 -05:00
|
|
|
|
2021-11-11 10:44:58 -06:00
|
|
|
if Rails.env.test?
|
|
|
|
# In test mode we can't insert/remove middlewares
|
|
|
|
# Therefore we insert a small helper which effectively switches the multisite
|
|
|
|
# middleware on/off based on the Rails.configuration.multisite value
|
|
|
|
class TestMultisiteMiddleware < RailsMultisite::Middleware
|
|
|
|
def call(env)
|
|
|
|
return @app.call(env) if !Rails.configuration.multisite
|
|
|
|
super(env)
|
|
|
|
end
|
|
|
|
end
|
2024-02-15 02:36:12 -06:00
|
|
|
|
2021-11-11 10:44:58 -06:00
|
|
|
Rails.configuration.middleware.unshift TestMultisiteMiddleware,
|
|
|
|
RailsMultisite::DiscoursePatches.config
|
2024-02-15 02:36:12 -06:00
|
|
|
|
|
|
|
class BlockRequestsMiddleware
|
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?
We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.
I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.
In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.
To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:
```
def self.find_v1_auth_cookie(env)
return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)
env[DECRYPTED_AUTH_COOKIE] = begin
request = ActionDispatch::Request.new(env)
cookie = request.cookies[TOKEN_COOKIE]
# don't even initialize a cookie jar if we don't have a cookie at all
if cookie&.valid_encoding? && cookie.present?
puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
end
end
end
```
After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`
It takes a few tries but the last spec should fail and you should see something like this:
```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
redirects to existing chat channel
redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
```
Note how the `/presence/get` request is using a token from the previous example.
Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 05:41:10 -06:00
|
|
|
RSPEC_CURRENT_EXAMPLE_COOKIE_STRING = "rspec_current_example_location"
|
|
|
|
|
|
|
|
cattr_accessor :current_example_location
|
|
|
|
|
2024-02-15 02:36:12 -06:00
|
|
|
@@block_requests = false
|
|
|
|
|
|
|
|
def self.block_requests!
|
|
|
|
@@block_requests = true
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.allow_requests!
|
|
|
|
@@block_requests = false
|
|
|
|
end
|
|
|
|
|
|
|
|
def initialize(app)
|
|
|
|
@app = app
|
|
|
|
end
|
|
|
|
|
|
|
|
def call(env)
|
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?
We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.
I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.
In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.
To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:
```
def self.find_v1_auth_cookie(env)
return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)
env[DECRYPTED_AUTH_COOKIE] = begin
request = ActionDispatch::Request.new(env)
cookie = request.cookies[TOKEN_COOKIE]
# don't even initialize a cookie jar if we don't have a cookie at all
if cookie&.valid_encoding? && cookie.present?
puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
end
end
end
```
After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`
It takes a few tries but the last spec should fail and you should see something like this:
```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
redirects to existing chat channel
redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
```
Note how the `/presence/get` request is using a token from the previous example.
Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 05:41:10 -06:00
|
|
|
request = Rack::Request.new(env)
|
|
|
|
|
|
|
|
if request.xhr? &&
|
|
|
|
(
|
|
|
|
@@block_requests ||
|
|
|
|
(
|
|
|
|
self.class.current_example_location.present? &&
|
|
|
|
self.class.current_example_location !=
|
|
|
|
request.cookies[RSPEC_CURRENT_EXAMPLE_COOKIE_STRING]
|
|
|
|
)
|
|
|
|
)
|
2024-02-15 02:36:12 -06:00
|
|
|
[503, { "Content-Type" => "text/plain" }, ["Blocked by BlockRequestsMiddleware"]]
|
|
|
|
else
|
|
|
|
@app.call(env)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
Rails.configuration.middleware.unshift BlockRequestsMiddleware
|
2021-11-11 10:44:58 -06:00
|
|
|
elsif Rails.configuration.multisite
|
2020-09-17 04:11:57 -05:00
|
|
|
assets_hostnames = GlobalSetting.cdn_hostnames
|
|
|
|
|
|
|
|
if assets_hostnames.empty?
|
|
|
|
assets_hostnames = Discourse::Application.config.database_configuration[Rails.env]["host_names"]
|
|
|
|
end
|
|
|
|
|
|
|
|
RailsMultisite::ConnectionManagement.asset_hostnames = assets_hostnames
|
2020-09-15 04:07:03 -05:00
|
|
|
|
2020-05-07 19:44:51 -05:00
|
|
|
# Multisite needs to be first, because the request tracker and message bus rely on it
|
|
|
|
Rails.configuration.middleware.unshift RailsMultisite::Middleware,
|
|
|
|
RailsMultisite::DiscoursePatches.config
|
|
|
|
Rails.configuration.middleware.delete ActionDispatch::Executor
|
2020-06-15 03:23:24 -05:00
|
|
|
|
2020-06-15 22:03:47 -05:00
|
|
|
if defined?(RailsFailover::ActiveRecord) && Rails.configuration.active_record_rails_failover
|
2020-06-15 03:23:24 -05:00
|
|
|
Rails.configuration.middleware.insert_after(
|
|
|
|
RailsMultisite::Middleware,
|
|
|
|
RailsFailover::ActiveRecord::Middleware,
|
|
|
|
)
|
|
|
|
end
|
2022-06-27 14:58:33 -05:00
|
|
|
|
|
|
|
if Rails.env.development?
|
|
|
|
# Automatically allow development multisite hosts
|
|
|
|
RailsMultisite::ConnectionManagement.instance.db_spec_cache.each do |db, specification|
|
|
|
|
next if db == "default"
|
|
|
|
Rails.configuration.hosts.concat(specification.spec.configuration_hash[:host_names])
|
|
|
|
end
|
|
|
|
end
|
2020-06-15 22:03:47 -05:00
|
|
|
elsif defined?(RailsFailover::ActiveRecord) && Rails.configuration.active_record_rails_failover
|
2020-06-11 00:45:46 -05:00
|
|
|
Rails.configuration.middleware.insert_before(
|
|
|
|
MessageBus::Rack::Middleware,
|
|
|
|
RailsFailover::ActiveRecord::Middleware,
|
|
|
|
)
|
2020-06-04 04:13:59 -05:00
|
|
|
end
|