silverstripe-environmentcheck/code/EnvironmentChecker.php
Sean Harvey cda00c8a62 Provide a way to enable basic auth for authenticating dev/check URL.
In live or test environments, you need to be logged in as an admin to
access dev/check, but that's not appropriate if you wish to use that
page for a service that automatically checks the health of a site.
2014-06-19 17:44:02 +12:00

146 lines
3.9 KiB
PHP

<?php
/**
* Provides an interface for checking the given EnvironmentCheckSuite.
*/
class EnvironmentChecker extends RequestHandler {
static $url_handlers = array(
'' => 'index',
);
protected $checkSuiteName;
protected $title;
protected $errorCode = 500;
public static $to_email_address = null;
public static $from_email_address = null;
public static $email_results = false;
function __construct($checkSuiteName, $title) {
parent::__construct();
$this->checkSuiteName = $checkSuiteName;
$this->title = $title;
}
function init($permission = 'ADMIN') {
// if the environment supports it, provide a basic auth challenge and see if it matches configured credentials
if(defined('ENVCHECK_BASICAUTH_USERNAME') && defined('ENVCHECK_BASICAUTH_PASSWORD')) {
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
// authenticate the input user/pass with the configured credentials
if(
!(
$_SERVER['PHP_AUTH_USER'] == ENVCHECK_BASICAUTH_USERNAME
&& $_SERVER['PHP_AUTH_PW'] == ENVCHECK_BASICAUTH_PASSWORD
)
) {
$response = new SS_HTTPResponse(null, 401);
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
$e = new SS_HTTPResponse_Exception(null, 401);
$e->setResponse($response);
throw $e;
}
} else {
$response = new SS_HTTPResponse(null, 401);
$response->addHeader('WWW-Authenticate', "Basic realm=\"Environment check\"");
// Exception is caught by RequestHandler->handleRequest() and will halt further execution
$e = new SS_HTTPResponse_Exception(null, 401);
$e->setResponse($response);
throw $e;
}
} else {
if(!$this->canAccess(null, $permission)) return $this->httpError(403);
}
}
function canAccess($member = null, $permission = "ADMIN") {
if(!$member) $member = Member::currentUser();
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
if(
Director::isDev()
|| Director::is_cli()
|| empty($permission)
|| Permission::checkMember($member, $permission)
) {
return true;
}
// Extended access checks.
// "Veto" style, return NULL to abstain vote.
$canExtended = null;
$results = $this->extend('canAccess', $member);
if($results && is_array($results)) {
if(!min($results)) return false;
else return true;
}
return false;
}
function index() {
$response = new SS_HTTPResponse;
$result = EnvironmentCheckSuite::inst($this->checkSuiteName)->run();
if(!$result->ShouldPass()) {
$response->setStatusCode($this->errorCode);
}
$resultText = $result->customise(array(
"URL" => Director::absoluteBaseURL(),
"Title" => $this->title,
"Name" => $this->checkSuiteName,
"ErrorCode" => $this->errorCode,
))->renderWith("EnvironmentChecker");
if (self::$email_results && !$result->ShouldPass()) {
$email = new Email(self::$from_email_address, self::$to_email_address, $this->title, $resultText);
$email->send();
}
$response->setBody($resultText);
return $response;
}
/**
* Set the HTTP status code that should be returned when there's an error.
* Defaults to 500
*/
function setErrorCode($errorCode) {
$this->errorCode = $errorCode;
}
public static function set_from_email_address($from) {
self::$from_email_address = $from;
}
public static function get_from_email_address() {
return self::$from_email_address;
}
public static function set_to_email_address($to) {
self::$to_email_address = $to;
}
public static function get_to_email_address() {
return self::$to_email_address;
}
public static function set_email_results($results) {
self::$email_results = $results;
}
public static function get_email_results() {
return self::$email_results;
}
}