summaryrefslogtreecommitdiffstats
path: root/index.cgi
blob: 4452714e005abc0626f513f3e29299d012fe153f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#!/usr/bin/perl -T
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# This Source Code Form is "Incompatible With Secondary Licenses", as
# defined by the Mozilla Public License, v. 2.0.

use 5.10.1;
use strict;
use warnings;

use lib qw(. lib local/lib/perl5);

use Bugzilla;
use Bugzilla::Constants;
use Bugzilla::Error;
use Bugzilla::Update;
use Digest::MD5 qw(md5_hex);
use List::MoreUtils qw(any);

# Check whether or not the user is logged in
my $user = Bugzilla->login(LOGIN_OPTIONAL);
my $cgi  = Bugzilla->cgi;
my $vars = {};

# Yes, I really want to avoid two calls to the id method.
my $user_id = $user->id;

# Disable content caching by browser because there will be different items on the global navigation
# before and after signed in.
my $can_cache = 0;

# And log out the user if requested. We do this first so that nothing
# else accidentally relies on the current login.
if ($cgi->param('logout')) {
  Bugzilla->logout();
  $user              = Bugzilla->user;
  $user_id           = 0;
  $can_cache         = 0;
  $vars->{'message'} = "logged_out";

  # Make sure that templates or other code doesn't get confused about this.
  $cgi->delete('logout');
}

# our weak etag is based on the bugzilla version parameter (BMO customization) and the announcehtml
# if either change, the cache will be considered invalid.
my @etag_parts = (
  Bugzilla->VERSION,
  Bugzilla->params->{announcehtml},
  Bugzilla->params->{createemailregexp},
);
my $weak_etag     = q{W/"} . md5_hex(@etag_parts) . q{"};
my $if_none_match = $cgi->http('If-None-Match');

# load balancer (or client) will check back with us after max-age seconds
# If the etag in If-None-Match is unchanged, we quickly respond without doing much work.
my @cache_control
  = ($can_cache ? 'public' : 'no-cache', sprintf('max-age=%d', 60 * 5),);

if (
  $can_cache && $if_none_match && any { $_ eq $weak_etag }
  split(/,\s*/, $if_none_match)
  )
{
  print $cgi->header(-status => '304 Not Modified', -ETag => $weak_etag);
}
else {
  my $template = Bugzilla->template;
  $cgi->content_security_policy(
    script_src => ['self', 'https://www.google-analytics.com']);

  # Return the appropriate HTTP response headers.
  print $cgi->header(
    -Cache_Control => join(', ', @cache_control),
    $can_cache ? (-ETag => $weak_etag) : (),
  );

  if ($user_id && $user->in_group('admin')) {

    # If 'urlbase' is not set, display the Welcome page.
    unless (Bugzilla->localconfig->{'urlbase'}) {
      $template->process('welcome-admin.html.tmpl')
        or ThrowTemplateError($template->error());
      exit;
    }

    # Inform the administrator about new releases, if any.
    $vars->{'release'} = Bugzilla::Update::get_notifications();
  }

  $vars->{use_login_page} = 1;

  # Generate and return the UI (HTML page) from the appropriate template.
  $template->process("index.html.tmpl", $vars)
    or ThrowTemplateError($template->error());
}