Skip to content

Commit

Permalink
PDO: Move online schema creation behind feature flag
Browse files Browse the repository at this point in the history
The XHGui install at Wikimedia Foundation is deployed with database
credentials that permit read-write operations (SELECT, INSERT) but
as safety precaution do not permit admin actions like CREATE from
individual web requests. In addition to not allowing admin actions,
our install also disallows DELETE queries, given that the install
is exposed to the public Internet (ref #248)
and further disables POST requests (so that those features serve
HTTP 40x instead of a db query error with HTTP 50x).

Since XHGui version 0.16.0, with #355,
the lazy-creation for tables was moved from the Saver code (which is
not used when browsing XHGui) to to Repo code, and thus resulted in
the application serving HTTP 500 on all requests, unless the
`CREATE TABLE` query is permitted on all web requests.

Fix this by making this method call feature flagged in a way that
can be disabled using XHGUI_PDO_INITSCHEMA=false.

Change-Id: I681d500fd393a47471a475b705c67280b39ab7ce
  • Loading branch information
Krinkle committed Jul 10, 2023
1 parent e648dc1 commit 3e87168
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
1 change: 1 addition & 0 deletions config/config.default.php
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
'pass' => getenv('XHGUI_PDO_PASS') ?: null,
'table' => getenv('XHGUI_PDO_TABLE') ?: 'results',
'tableWatch' => getenv('XHGUI_PDO_TABLE_WATCHES') ?: 'watches',
'initSchema' => getenv('XHGUI_PDO_INITSCHEMA') ?: 'true',
],

// Database options for MongoDB.
Expand Down
1 change: 0 additions & 1 deletion src/Db/PdoRepository.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ public function __construct(PDO $pdo, string $driverName, string $table, string
$this->driverName = $driverName;
$this->table = sprintf('"%s"', $table);
$this->tableWatches = sprintf('"%s"', $tableWatch);
$this->initSchema();
}

public function getLatest(): array
Expand Down
6 changes: 5 additions & 1 deletion src/ServiceProvider/PdoStorageProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,16 @@ public function register(Container $app): void
};

$app[PdoRepository::class] = static function ($app) {
return new PdoRepository(
$repo = new PdoRepository(
$app['pdo'],
$app['pdo.driver'],
$app['config']['pdo']['table'],
$app['config']['pdo']['tableWatch']
);
if ($app['config']['pdo']['initSchema'] === 'true') {
$repo->initSchema();
}
return $repo;
};

$app['searcher.pdo'] = static function ($app) {
Expand Down

0 comments on commit 3e87168

Please sign in to comment.