vendor/symfony/http-kernel/HttpCache/HttpCache.php line 332

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Symfony package.
  5. *
  6. * (c) Fabien Potencier <fabien@symfony.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. /*
  13. * This code is partially based on the Rack-Cache library by Ryan Tomayko,
  14. * which is released under the MIT license.
  15. * (based on commit 02d2b48d75bcb63cf1c0c7149c077ad256542801)
  16. */
  18. namespace Symfony\Component\HttpKernel\HttpCache;
  20. use Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Symfony\Component\HttpFoundation\Response;
  23. use Symfony\Component\HttpKernel\HttpKernelInterface;
  24. use Symfony\Component\HttpKernel\TerminableInterface;
  26. /**
  27. * Cache provides HTTP caching.
  28. *
  29. * @author Fabien Potencier <fabien@symfony.com>
  30. */
  31. class HttpCache implements HttpKernelInterface, TerminableInterface
  32. {
  33. public const BODY_EVAL_BOUNDARY_LENGTH = 24;
  35. private $kernel;
  36. private $store;
  37. private $request;
  38. private $surrogate;
  39. private $surrogateCacheStrategy;
  40. private $options = [];
  41. private $traces = [];
  43. /**
  44. * Constructor.
  45. *
  46. * The available options are:
  47. *
  48. * * debug If true, exceptions are thrown when things go wrong. Otherwise, the cache
  49. * will try to carry on and deliver a meaningful response.
  50. *
  51. * * trace_level May be one of 'none', 'short' and 'full'. For 'short', a concise trace of the
  52. * main request will be added as an HTTP header. 'full' will add traces for all
  53. * requests (including ESI subrequests). (default: 'full' if in debug; 'none' otherwise)
  54. *
  55. * * trace_header Header name to use for traces. (default: X-Symfony-Cache)
  56. *
  57. * * default_ttl The number of seconds that a cache entry should be considered
  58. * fresh when no explicit freshness information is provided in
  59. * a response. Explicit Cache-Control or Expires headers
  60. * override this value. (default: 0)
  61. *
  62. * * private_headers Set of request headers that trigger "private" cache-control behavior
  63. * on responses that don't explicitly state whether the response is
  64. * public or private via a Cache-Control directive. (default: Authorization and Cookie)
  65. *
  66. * * allow_reload Specifies whether the client can force a cache reload by including a
  67. * Cache-Control "no-cache" directive in the request. Set it to ``true``
  68. * for compliance with RFC 2616. (default: false)
  69. *
  70. * * allow_revalidate Specifies whether the client can force a cache revalidate by including
  71. * a Cache-Control "max-age=0" directive in the request. Set it to ``true``
  72. * for compliance with RFC 2616. (default: false)
  73. *
  74. * * stale_while_revalidate Specifies the default number of seconds (the granularity is the second as the
  75. * Response TTL precision is a second) during which the cache can immediately return
  76. * a stale response while it revalidates it in the background (default: 2).
  77. * This setting is overridden by the stale-while-revalidate HTTP Cache-Control
  78. * extension (see RFC 5861).
  79. *
  80. * * stale_if_error Specifies the default number of seconds (the granularity is the second) during which
  81. * the cache can serve a stale response when an error is encountered (default: 60).
  82. * This setting is overridden by the stale-if-error HTTP Cache-Control extension
  83. * (see RFC 5861).
  84. */
  85. public function __construct(HttpKernelInterface $kernel, StoreInterface $store, ?SurrogateInterface $surrogate = null, array $options = [])
  86. {
  87. $this->store = $store;
  88. $this->kernel = $kernel;
  89. $this->surrogate = $surrogate;
  91. // needed in case there is a fatal error because the backend is too slow to respond
  92. register_shutdown_function([$this->store, 'cleanup']);
  94. $this->options = array_merge([
  95. 'debug' => false,
  96. 'default_ttl' => 0,
  97. 'private_headers' => ['Authorization', 'Cookie'],
  98. 'allow_reload' => false,
  99. 'allow_revalidate' => false,
  100. 'stale_while_revalidate' => 2,
  101. 'stale_if_error' => 60,
  102. 'trace_level' => 'none',
  103. 'trace_header' => 'X-Symfony-Cache',
  104. ], $options);
  106. if (!isset($options['trace_level'])) {
  107. $this->options['trace_level'] = $this->options['debug'] ? 'full' : 'none';
  108. }
  109. }
  111. /**
  112. * Gets the current store.
  113. *
  114. * @return StoreInterface
  115. */
  116. public function getStore()
  117. {
  118. return $this->store;
  119. }
  121. /**
  122. * Returns an array of events that took place during processing of the last request.
  123. *
  124. * @return array
  125. */
  126. public function getTraces()
  127. {
  128. return $this->traces;
  129. }
  131. private function addTraces(Response $response)
  132. {
  133. $traceString = null;
  135. if ('full' === $this->options['trace_level']) {
  136. $traceString = $this->getLog();
  137. }
  139. if ('short' === $this->options['trace_level'] && $masterId = array_key_first($this->traces)) {
  140. $traceString = implode('/', $this->traces[$masterId]);
  141. }
  143. if (null !== $traceString) {
  144. $response->headers->add([$this->options['trace_header'] => $traceString]);
  145. }
  146. }
  148. /**
  149. * Returns a log message for the events of the last request processing.
  150. *
  151. * @return string
  152. */
  153. public function getLog()
  154. {
  155. $log = [];
  156. foreach ($this->traces as $request => $traces) {
  157. $log[] = sprintf('%s: %s', $request, implode(', ', $traces));
  158. }
  160. return implode('; ', $log);
  161. }
  163. /**
  164. * Gets the Request instance associated with the main request.
  165. *
  166. * @return Request
  167. */
  168. public function getRequest()
  169. {
  170. return $this->request;
  171. }
  173. /**
  174. * Gets the Kernel instance.
  175. *
  176. * @return HttpKernelInterface
  177. */
  178. public function getKernel()
  179. {
  180. return $this->kernel;
  181. }
  183. /**
  184. * Gets the Surrogate instance.
  185. *
  186. * @return SurrogateInterface
  187. *
  188. * @throws \LogicException
  189. */
  190. public function getSurrogate()
  191. {
  192. return $this->surrogate;
  193. }
  195. /**
  196. * {@inheritdoc}
  197. */
  198. public function handle(Request $request, int $type = HttpKernelInterface::MAIN_REQUEST, bool $catch = true)
  199. {
  200. // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism
  201. if (HttpKernelInterface::MAIN_REQUEST === $type) {
  202. $this->traces = [];
  203. // Keep a clone of the original request for surrogates so they can access it.
  204. // We must clone here to get a separate instance because the application will modify the request during
  205. // the application flow (we know it always does because we do ourselves by setting REMOTE_ADDR to 127.0.0.1
  206. // and adding the X-Forwarded-For header, see HttpCache::forward()).
  207. $this->request = clone $request;
  208. if (null !== $this->surrogate) {
  209. $this->surrogateCacheStrategy = $this->surrogate->createCacheStrategy();
  210. }
  211. }
  213. $this->traces[$this->getTraceKey($request)] = [];
  215. if (!$request->isMethodSafe()) {
  216. $response = $this->invalidate($request, $catch);
  217. } elseif ($request->headers->has('expect') || !$request->isMethodCacheable()) {
  218. $response = $this->pass($request, $catch);
  219. } elseif ($this->options['allow_reload'] && $request->isNoCache()) {
  220. /*
  221. If allow_reload is configured and the client requests "Cache-Control: no-cache",
  222. reload the cache by fetching a fresh response and caching it (if possible).
  223. */
  224. $this->record($request, 'reload');
  225. $response = $this->fetch($request, $catch);
  226. } else {
  227. $response = $this->lookup($request, $catch);
  228. }
  230. $this->restoreResponseBody($request, $response);
  232. if (HttpKernelInterface::MAIN_REQUEST === $type) {
  233. $this->addTraces($response);
  234. }
  236. if (null !== $this->surrogate) {
  237. if (HttpKernelInterface::MAIN_REQUEST === $type) {
  238. $this->surrogateCacheStrategy->update($response);
  239. } else {
  240. $this->surrogateCacheStrategy->add($response);
  241. }
  242. }
  244. $response->prepare($request);
  246. $response->isNotModified($request);
  248. return $response;
  249. }
  251. /**
  252. * {@inheritdoc}
  253. */
  254. public function terminate(Request $request, Response $response)
  255. {
  256. if ($this->getKernel() instanceof TerminableInterface) {
  257. $this->getKernel()->terminate($request, $response);
  258. }
  259. }
  261. /**
  262. * Forwards the Request to the backend without storing the Response in the cache.
  263. *
  264. * @param bool $catch Whether to process exceptions
  265. *
  266. * @return Response
  267. */
  268. protected function pass(Request $request, bool $catch = false)
  269. {
  270. $this->record($request, 'pass');
  272. return $this->forward($request, $catch);
  273. }
  275. /**
  276. * Invalidates non-safe methods (like POST, PUT, and DELETE).
  277. *
  278. * @param bool $catch Whether to process exceptions
  279. *
  280. * @return Response
  281. *
  282. * @throws \Exception
  283. *
  284. * @see RFC2616 13.10
  285. */
  286. protected function invalidate(Request $request, bool $catch = false)
  287. {
  288. $response = $this->pass($request, $catch);
  290. // invalidate only when the response is successful
  291. if ($response->isSuccessful() || $response->isRedirect()) {
  292. try {
  293. $this->store->invalidate($request);
  295. // As per the RFC, invalidate Location and Content-Location URLs if present
  296. foreach (['Location', 'Content-Location'] as $header) {
  297. if ($uri = $response->headers->get($header)) {
  298. $subRequest = Request::create($uri, 'get', [], [], [], $request->server->all());
  300. $this->store->invalidate($subRequest);
  301. }
  302. }
  304. $this->record($request, 'invalidate');
  305. } catch (\Exception $e) {
  306. $this->record($request, 'invalidate-failed');
  308. if ($this->options['debug']) {
  309. throw $e;
  310. }
  311. }
  312. }
  314. return $response;
  315. }
  317. /**
  318. * Lookups a Response from the cache for the given Request.
  319. *
  320. * When a matching cache entry is found and is fresh, it uses it as the
  321. * response without forwarding any request to the backend. When a matching
  322. * cache entry is found but is stale, it attempts to "validate" the entry with
  323. * the backend using conditional GET. When no matching cache entry is found,
  324. * it triggers "miss" processing.
  325. *
  326. * @param bool $catch Whether to process exceptions
  327. *
  328. * @return Response
  329. *
  330. * @throws \Exception
  331. */
  332. protected function lookup(Request $request, bool $catch = false)
  333. {
  334. try {
  335. $entry = $this->store->lookup($request);
  336. } catch (\Exception $e) {
  337. $this->record($request, 'lookup-failed');
  339. if ($this->options['debug']) {
  340. throw $e;
  341. }
  343. return $this->pass($request, $catch);
  344. }
  346. if (null === $entry) {
  347. $this->record($request, 'miss');
  349. return $this->fetch($request, $catch);
  350. }
  352. if (!$this->isFreshEnough($request, $entry)) {
  353. $this->record($request, 'stale');
  355. return $this->validate($request, $entry, $catch);
  356. }
  358. if ($entry->headers->hasCacheControlDirective('no-cache')) {
  359. return $this->validate($request, $entry, $catch);
  360. }
  362. $this->record($request, 'fresh');
  364. $entry->headers->set('Age', $entry->getAge());
  366. return $entry;
  367. }
  369. /**
  370. * Validates that a cache entry is fresh.
  371. *
  372. * The original request is used as a template for a conditional
  373. * GET request with the backend.
  374. *
  375. * @param bool $catch Whether to process exceptions
  376. *
  377. * @return Response
  378. */
  379. protected function validate(Request $request, Response $entry, bool $catch = false)
  380. {
  381. $subRequest = clone $request;
  383. // send no head requests because we want content
  384. if ('HEAD' === $request->getMethod()) {
  385. $subRequest->setMethod('GET');
  386. }
  388. // add our cached last-modified validator
  389. if ($entry->headers->has('Last-Modified')) {
  390. $subRequest->headers->set('If-Modified-Since', $entry->headers->get('Last-Modified'));
  391. }
  393. // Add our cached etag validator to the environment.
  394. // We keep the etags from the client to handle the case when the client
  395. // has a different private valid entry which is not cached here.
  396. $cachedEtags = $entry->getEtag() ? [$entry->getEtag()] : [];
  397. $requestEtags = $request->getETags();
  398. if ($etags = array_unique(array_merge($cachedEtags, $requestEtags))) {
  399. $subRequest->headers->set('If-None-Match', implode(', ', $etags));
  400. }
  402. $response = $this->forward($subRequest, $catch, $entry);
  404. if (304 == $response->getStatusCode()) {
  405. $this->record($request, 'valid');
  407. // return the response and not the cache entry if the response is valid but not cached
  408. $etag = $response->getEtag();
  409. if ($etag && \in_array($etag, $requestEtags) && !\in_array($etag, $cachedEtags)) {
  410. return $response;
  411. }
  413. $entry = clone $entry;
  414. $entry->headers->remove('Date');
  416. foreach (['Date', 'Expires', 'Cache-Control', 'ETag', 'Last-Modified'] as $name) {
  417. if ($response->headers->has($name)) {
  418. $entry->headers->set($name, $response->headers->get($name));
  419. }
  420. }
  422. $response = $entry;
  423. } else {
  424. $this->record($request, 'invalid');
  425. }
  427. if ($response->isCacheable()) {
  428. $this->store($request, $response);
  429. }
  431. return $response;
  432. }
  434. /**
  435. * Unconditionally fetches a fresh response from the backend and
  436. * stores it in the cache if is cacheable.
  437. *
  438. * @param bool $catch Whether to process exceptions
  439. *
  440. * @return Response
  441. */
  442. protected function fetch(Request $request, bool $catch = false)
  443. {
  444. $subRequest = clone $request;
  446. // send no head requests because we want content
  447. if ('HEAD' === $request->getMethod()) {
  448. $subRequest->setMethod('GET');
  449. }
  451. // avoid that the backend sends no content
  452. $subRequest->headers->remove('If-Modified-Since');
  453. $subRequest->headers->remove('If-None-Match');
  455. $response = $this->forward($subRequest, $catch);
  457. if ($response->isCacheable()) {
  458. $this->store($request, $response);
  459. }
  461. return $response;
  462. }
  464. /**
  465. * Forwards the Request to the backend and returns the Response.
  466. *
  467. * All backend requests (cache passes, fetches, cache validations)
  468. * run through this method.
  469. *
  470. * @param bool $catch Whether to catch exceptions or not
  471. * @param Response|null $entry A Response instance (the stale entry if present, null otherwise)
  472. *
  473. * @return Response
  474. */
  475. protected function forward(Request $request, bool $catch = false, ?Response $entry = null)
  476. {
  477. if ($this->surrogate) {
  478. $this->surrogate->addSurrogateCapability($request);
  479. }
  481. // always a "master" request (as the real master request can be in cache)
  482. $response = SubRequestHandler::handle($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST, $catch);
  484. /*
  485. * Support stale-if-error given on Responses or as a config option.
  486. * RFC 7234 summarizes in Section 4.2.4 (but also mentions with the individual
  487. * Cache-Control directives) that
  488. *
  489. * A cache MUST NOT generate a stale response if it is prohibited by an
  490. * explicit in-protocol directive (e.g., by a "no-store" or "no-cache"
  491. * cache directive, a "must-revalidate" cache-response-directive, or an
  492. * applicable "s-maxage" or "proxy-revalidate" cache-response-directive;
  493. * see Section 5.2.2).
  494. *
  495. * https://tools.ietf.org/html/rfc7234#section-4.2.4
  496. *
  497. * We deviate from this in one detail, namely that we *do* serve entries in the
  498. * stale-if-error case even if they have a `s-maxage` Cache-Control directive.
  499. */
  500. if (null !== $entry
  501. && \in_array($response->getStatusCode(), [500, 502, 503, 504])
  502. && !$entry->headers->hasCacheControlDirective('no-cache')
  503. && !$entry->mustRevalidate()
  504. ) {
  505. if (null === $age = $entry->headers->getCacheControlDirective('stale-if-error')) {
  506. $age = $this->options['stale_if_error'];
  507. }
  509. /*
  510. * stale-if-error gives the (extra) time that the Response may be used *after* it has become stale.
  511. * So we compare the time the $entry has been sitting in the cache already with the
  512. * time it was fresh plus the allowed grace period.
  513. */
  514. if ($entry->getAge() <= $entry->getMaxAge() + $age) {
  515. $this->record($request, 'stale-if-error');
  517. return $entry;
  518. }
  519. }
  521. /*
  522. RFC 7231 Sect. 7.1.1.2 says that a server that does not have a reasonably accurate
  523. clock MUST NOT send a "Date" header, although it MUST send one in most other cases
  524. except for 1xx or 5xx responses where it MAY do so.
  526. Anyway, a client that received a message without a "Date" header MUST add it.
  527. */
  528. if (!$response->headers->has('Date')) {
  529. $response->setDate(\DateTime::createFromFormat('U', time()));
  530. }
  532. $this->processResponseBody($request, $response);
  534. if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
  535. $response->setPrivate();
  536. } elseif ($this->options['default_ttl'] > 0 && null === $response->getTtl() && !$response->headers->getCacheControlDirective('must-revalidate')) {
  537. $response->setTtl($this->options['default_ttl']);
  538. }
  540. return $response;
  541. }
  543. /**
  544. * Checks whether the cache entry is "fresh enough" to satisfy the Request.
  545. *
  546. * @return bool
  547. */
  548. protected function isFreshEnough(Request $request, Response $entry)
  549. {
  550. if (!$entry->isFresh()) {
  551. return $this->lock($request, $entry);
  552. }
  554. if ($this->options['allow_revalidate'] && null !== $maxAge = $request->headers->getCacheControlDirective('max-age')) {
  555. return $maxAge > 0 && $maxAge >= $entry->getAge();
  556. }
  558. return true;
  559. }
  561. /**
  562. * Locks a Request during the call to the backend.
  563. *
  564. * @return bool true if the cache entry can be returned even if it is staled, false otherwise
  565. */
  566. protected function lock(Request $request, Response $entry)
  567. {
  568. // try to acquire a lock to call the backend
  569. $lock = $this->store->lock($request);
  571. if (true === $lock) {
  572. // we have the lock, call the backend
  573. return false;
  574. }
  576. // there is already another process calling the backend
  578. // May we serve a stale response?
  579. if ($this->mayServeStaleWhileRevalidate($entry)) {
  580. $this->record($request, 'stale-while-revalidate');
  582. return true;
  583. }
  585. // wait for the lock to be released
  586. if ($this->waitForLock($request)) {
  587. // replace the current entry with the fresh one
  588. $new = $this->lookup($request);
  589. $entry->headers = $new->headers;
  590. $entry->setContent($new->getContent());
  591. $entry->setStatusCode($new->getStatusCode());
  592. $entry->setProtocolVersion($new->getProtocolVersion());
  593. foreach ($new->headers->getCookies() as $cookie) {
  594. $entry->headers->setCookie($cookie);
  595. }
  596. } else {
  597. // backend is slow as hell, send a 503 response (to avoid the dog pile effect)
  598. $entry->setStatusCode(503);
  599. $entry->setContent('503 Service Unavailable');
  600. $entry->headers->set('Retry-After', 10);
  601. }
  603. return true;
  604. }
  606. /**
  607. * Writes the Response to the cache.
  608. *
  609. * @throws \Exception
  610. */
  611. protected function store(Request $request, Response $response)
  612. {
  613. try {
  614. $this->store->write($request, $response);
  616. $this->record($request, 'store');
  618. $response->headers->set('Age', $response->getAge());
  619. } catch (\Exception $e) {
  620. $this->record($request, 'store-failed');
  622. if ($this->options['debug']) {
  623. throw $e;
  624. }
  625. }
  627. // now that the response is cached, release the lock
  628. $this->store->unlock($request);
  629. }
  631. /**
  632. * Restores the Response body.
  633. */
  634. private function restoreResponseBody(Request $request, Response $response)
  635. {
  636. if ($response->headers->has('X-Body-Eval')) {
  637. \assert(self::BODY_EVAL_BOUNDARY_LENGTH === 24);
  639. ob_start();
  641. $content = $response->getContent();
  642. $boundary = substr($content, 0, 24);
  643. $j = strpos($content, $boundary, 24);
  644. echo substr($content, 24, $j - 24);
  645. $i = $j + 24;
  647. while (false !== $j = strpos($content, $boundary, $i)) {
  648. [$uri, $alt, $ignoreErrors, $part] = explode("\n", substr($content, $i, $j - $i), 4);
  649. $i = $j + 24;
  651. echo $this->surrogate->handle($this, $uri, $alt, $ignoreErrors);
  652. echo $part;
  653. }
  655. $response->setContent(ob_get_clean());
  656. $response->headers->remove('X-Body-Eval');
  657. if (!$response->headers->has('Transfer-Encoding')) {
  658. $response->headers->set('Content-Length', \strlen($response->getContent()));
  659. }
  660. } elseif ($response->headers->has('X-Body-File')) {
  661. // Response does not include possibly dynamic content (ESI, SSI), so we need
  662. // not handle the content for HEAD requests
  663. if (!$request->isMethod('HEAD')) {
  664. $response->setContent(file_get_contents($response->headers->get('X-Body-File')));
  665. }
  666. } else {
  667. return;
  668. }
  670. $response->headers->remove('X-Body-File');
  671. }
  673. protected function processResponseBody(Request $request, Response $response)
  674. {
  675. if (null !== $this->surrogate && $this->surrogate->needsParsing($response)) {
  676. $this->surrogate->process($request, $response);
  677. }
  678. }
  680. /**
  681. * Checks if the Request includes authorization or other sensitive information
  682. * that should cause the Response to be considered private by default.
  683. */
  684. private function isPrivateRequest(Request $request): bool
  685. {
  686. foreach ($this->options['private_headers'] as $key) {
  687. $key = strtolower(str_replace('HTTP_', '', $key));
  689. if ('cookie' === $key) {
  690. if (\count($request->cookies->all())) {
  691. return true;
  692. }
  693. } elseif ($request->headers->has($key)) {
  694. return true;
  695. }
  696. }
  698. return false;
  699. }
  701. /**
  702. * Records that an event took place.
  703. */
  704. private function record(Request $request, string $event)
  705. {
  706. $this->traces[$this->getTraceKey($request)][] = $event;
  707. }
  709. /**
  710. * Calculates the key we use in the "trace" array for a given request.
  711. */
  712. private function getTraceKey(Request $request): string
  713. {
  714. $path = $request->getPathInfo();
  715. if ($qs = $request->getQueryString()) {
  716. $path .= '?'.$qs;
  717. }
  719. try {
  720. return $request->getMethod().' '.$path;
  721. } catch (SuspiciousOperationException $e) {
  722. return '_BAD_METHOD_ '.$path;
  723. }
  724. }
  726. /**
  727. * Checks whether the given (cached) response may be served as "stale" when a revalidation
  728. * is currently in progress.
  729. */
  730. private function mayServeStaleWhileRevalidate(Response $entry): bool
  731. {
  732. $timeout = $entry->headers->getCacheControlDirective('stale-while-revalidate');
  734. if (null === $timeout) {
  735. $timeout = $this->options['stale_while_revalidate'];
  736. }
  738. $age = $entry->getAge();
  739. $maxAge = $entry->getMaxAge() ?? 0;
  740. $ttl = $maxAge - $age;
  742. return abs($ttl) < $timeout;
  743. }
  745. /**
  746. * Waits for the store to release a locked entry.
  747. */
  748. private function waitForLock(Request $request): bool
  749. {
  750. $wait = 0;
  751. while ($this->store->isLocked($request) && $wait < 100) {
  752. usleep(50000);
  753. ++$wait;
  754. }
  756. return $wait < 100;
  757. }
  758. }