summaryrefslogtreecommitdiffstats
path: root/index.cgi
blob: d73ccd5d906da98b9ed34b90538f4f96a298811c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/usr/bin/perl -T
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

use 5.10.1;
use strict;
use warnings;

use lib qw(. lib local/lib/perl5);

use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Update;
use Digest::MD5 qw(md5_hex);
use List::MoreUtils qw(any);

# Check whether or not the user is logged in
my $user = Bugzilla->login(LOGIN_OPTIONAL);
my $cgi = Bugzilla->cgi;
my $vars = {};

# Yes, I really want to avoid two calls to the id method.
my $user_id = $user->id;

# We only cache unauthenticated requests now, because invalidating is harder for logged in users.
my $can_cache = $user_id == 0;

# And log out the user if requested. We do this first so that nothing
# else accidentally relies on the current login.
if ($cgi->param('logout')) {
    Bugzilla->logout();
    $user = Bugzilla->user;
    $user_id = 0;
    $can_cache = 0;
    $vars->{'message'} = "logged_out";
    # Make sure that templates or other code doesn't get confused about this.
    $cgi->delete('logout');
}

# our weak etag is based on the bugzilla version parameter (BMO customization) and the announcehtml
# if either change, the cache will be considered invalid.
my @etag_parts = (
    Bugzilla->VERSION,
    Bugzilla->params->{announcehtml},
    Bugzilla->params->{createemailregexp},
);
my $weak_etag = q{W/"} . md5_hex(@etag_parts) . q{"};
my $if_none_match = $cgi->http('If-None-Match');

# load balancer (or client) will check back with us after max-age seconds
# If the etag in If-None-Match is unchanged, we quickly respond without doing much work.
my @cache_control = (
    $can_cache ? 'public' : 'no-cache',
    sprintf('max-age=%d', 60 * 5),
);

if ($can_cache && $if_none_match && any { $_ eq $weak_etag } split(/,\s*/, $if_none_match)) {
    print $cgi->header(-status => '304 Not Modified', -ETag => $weak_etag);
}
else {
    my $template = Bugzilla->template;
    $cgi->content_security_policy(script_src  => ['self']);

    # Return the appropriate HTTP response headers.
    print $cgi->header(
        -Cache_Control => join(', ', @cache_control),
        $can_cache ? (-ETag => $weak_etag) : (),
    );

    if ($user_id && $user->in_group('admin')) {
        # If 'urlbase' is not set, display the Welcome page.
        unless (Bugzilla->params->{'urlbase'}) {
            $template->process('welcome-admin.html.tmpl')
                or ThrowTemplateError($template->error());
            exit;
        }
        # Inform the administrator about new releases, if any.
        $vars->{'release'} = Bugzilla::Update::get_notifications();
    }

    $vars->{use_login_page} = 1;

    # Generate and return the UI (HTML page) from the appropriate template.
    $template->process("index.html.tmpl", $vars)
        or ThrowTemplateError( $template->error() );
}