Opened 7 months ago

Closed 7 months ago

#335 closed enhancement (invalid)

whitelist auth for admin functions

Reported by: godog Owned by: moo
Priority: minor Milestone: undecided
Component: cacher Version: 3.0.4
Keywords: Cc:
Application: PHP Version:
Other Exts: SAPI: Irrelevant
Probability: Blocked By:
Blocking:

Description

Hi,
thanks for xcache!

I was trying to get some stats out and was wondering if some of the admin functions could be whitelisted (say via config, via a list of functions) to not require auth, e.g. if you are trying to get statistics out (say towards a monitoring platform) then they are effectively read-only (xcache_count and xcache_info). Whitelist rationale being that calling these functions just gets data out.

thanks!

I've come up with sth like this:

$EXPORTED_STATS = array(
  "compiling", "disabled", "misses", "hits", "clogs",
  "ooms", "errors", "cached", "deleted", "size", "avail"
);

function xcache_type_stats($type) {
  global $EXPORTED_STATS;

  $total = array();
  $type_stats = array();

  for ($i = 0; $i < xcache_count($type); $i++) {
    $type_stats[] = xcache_info($type, $i);
  }

  foreach($type_stats as $unused => $type_stat) {
    foreach($type_stat as $k => $v) {
      if(!in_array($k, $EXPORTED_STATS)) {
        continue;
      }

      if(!isset($total[$k])) {
        $total[$k] = 0;
      }
      $total[$k] += $v;
    }
  }
  return $total;
}

Change History (2)

comment:1 Changed 7 months ago by godog

  • Priority changed from major to minor

comment:2 Changed 7 months ago by moo

  • Resolution set to invalid
  • Status changed from new to closed

you can check config.example.php, see how to "by pass" the http auth by actually providing auth info in $_SERVER array. any more question can be ask in google groups #xcache

Note: See TracTickets for help on using tickets.