Skip to content

Added token authentication #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added token authentication #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,21 @@ Then you can symlink it to your public folder or require it from another php fil
Or just copy and paste ```opcache.php``` anywhere in your public folder. You can use something such as:
```wget https://raw.github.com/carlosbuenosvinos/opcache-dashboard/master/opcache.php```

**Try to keep it safe for non authorized users.**
Authentication
==============

It is possible to restrict access to the dashboard using a request token.
To do so define the `OPCACHE_DASHBOARD_TOKEN` environment variable.

Further requests to the dashboard will require the `token` query parameter value to match the environment variable value.

Apache configuration example :

```
SetEnv OPCACHE_DASHBOARD_TOKEN my_secret_token
```

This configuration will restrict dashboard access unless the token parameter is correctly set : `opcache.php?token=my_secret_token`

Screenshots
===========
Expand Down
42 changes: 38 additions & 4 deletions opcache.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,26 @@
<?php

// Authentication
$token = filter_input(INPUT_GET, 'token');
if (dashboardIsSecure()) {
if ($token !== getenv('OPCACHE_DASHBOARD_TOKEN')) {
header('HTTP/1.0 403 Forbidden');
echo sprintf('Invalid token : %s', $token);
exit;
}
}

if (isset($_GET['invalidate'])) {
opcache_invalidate($_GET['invalidate'], true);
header('Location: ' . $_SERVER['PHP_SELF'].'#scripts');
header('Location: ' . $_SERVER['PHP_SELF'].sprintf('?token=%s#scripts', $token));
}

if (isset($_GET['reset'])) {
opcache_reset();
header('Cache-Control: no-store, no-cache, must-revalidate, max-age=0');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
header('Location: ' . $_SERVER['PHP_SELF'].'#scripts');
header('Location: ' . $_SERVER['PHP_SELF'].sprintf('?token=%s#scripts', $token));
}

/**
Expand Down Expand Up @@ -55,6 +66,13 @@ function getSuggestionMessage($property, $value)
case 'opcache.validate_timestamps':
return $value ? '<span class="glyphicon glyphicon-search"></span> If you are in a production environment you should disabled it' : '';
break;
case 'dashboard_secure':
return $value ? sprintf(
'<span class="glyphicon glyphicon-warning-sign"></span> OPCACHE_DASHBOARD_TOKEN environment variable is not defined : access to OPcache Dashboard at %s%s access is not restricted',
$_SERVER['HTTP_HOST'],
$_SERVER['PHP_SELF']
) : '';
break;
}

return '';
Expand Down Expand Up @@ -89,6 +107,16 @@ function getStringFromPropertyAndValue($property, $value)
return $value;
}

/**
* Checks if token authentication is activated.
*
* @return bool
*/
function dashboardIsSecure()
{
return getenv('OPCACHE_DASHBOARD_TOKEN') !== false;
}

?>
<!DOCTYPE html>
<html>
Expand Down Expand Up @@ -139,6 +167,12 @@ function getStringFromPropertyAndValue($property, $value)
</nav>

<div class="container">
<?php if (dashboardIsSecure() === false): ?>
<div class="alert alert-danger" role="alert">
<?php echo getSuggestionMessage('dashboard_secure', true); ?>
</div>
<?php endif ?>

<div class="jumbotron">
<h1>OPcache Dashboard</h1>
<h2>by Carlos Buenosvinos (<a href="https://twitter.com/buenosvinos">@buenosvinos</a>)</h2>
Expand Down Expand Up @@ -236,7 +270,7 @@ function getStringFromPropertyAndValue($property, $value)
</table>
</div>

<h2 id="scripts">Scripts (<?= count($status["scripts"]) ?>) <a type="button" class="btn btn-success" href="?reset">Reset all</a></h2>
<h2 id="scripts">Scripts (<?= count($status["scripts"]) ?>) <a type="button" class="btn btn-success" href="?reset&token=<?php echo $token ?>">Reset all</a></h2>
<table class="table table-striped">
<tr>
<th>Options</th>
Expand All @@ -263,7 +297,7 @@ function getStringFromPropertyAndValue($property, $value)
foreach ($status['scripts'] as $key => $data) {
?>
<tr>
<td><a href="?invalidate=<?= $data['full_path'] ?>">Invalidate</a></td>
<td><a href="?invalidate=<?= $data['full_path'] ?>&token=<?php echo $token ?>">Invalidate</a></td>
<td><?= $data['hits'] ?></td>
<td><?= size_for_humans($data['memory_consumption']) ?></td>
<td><?= substr($data['full_path'], $offset - 1) ?></td>
Expand Down