Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secure storage by default #1443

Merged
merged 3 commits into from
Aug 24, 2023
Merged

Secure storage by default #1443

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5937d68
Update debugbar.php
barryvdh Aug 24, 2023
5895606
Check storage.open config
barryvdh Aug 24, 2023
1a5848f
Update readme.md
barryvdh Aug 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions config/debugbar.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,13 @@
| By default, file storage (in the storage folder) is used. Redis and PDO
| can also be used. For PDO, run the package migrations first.
|
| Warning: Enabling storage.open will allow everyone to access previous request,
| do not enable open storage in publicly available environments!
| Specify a callback if you want to limit based on IP or authentication.
*/
'storage' => [
'enabled' => true,
'open' => env('DEBUGBAR_OPEN_STORAGE', false), // Can be bool or callback.
'driver' => 'file', // redis, file, pdo, socket, custom
'path' => storage_path('debugbar'), // For file driver
'connection' => null, // Leave null for default connection (Redis/PDO)
Expand Down
8 changes: 7 additions & 1 deletion readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Read [the documentation](http://phpdebugbar.com/docs/) for more configuration op
![Debugbar 3.3 Screenshot](https://user-images.githubusercontent.com/973269/79428890-196cc680-7fc7-11ea-8229-189f5eac9009.png)


> Note: Use the DebugBar only in development. Do not use Debugbar on public websites, as it will leak information from stored requests (by design). It can also slow the application down (because it has to gather data). So when experiencing slowness, try disabling some of the collectors.
### Note: Use the DebugBar only in development. Do not use Debugbar on publicly accessible websites, as it will leak information from stored requests (by design). It can also slow the application down (because it has to gather data). So when experiencing slowness, try disabling some of the collectors.

This package includes some custom collectors:
- QueryCollector: Show all queries, including binding + timing
Expand Down Expand Up @@ -183,6 +183,12 @@ You can enable or disable the debugbar during run time.

NB. Once enabled, the collectors are added (and could produce extra overhead), so if you want to use the debugbar in production, disable in the config and only enable when needed.

## Storage

Debugbar remembers previous requests, which you can view using the Browse button on the right. This will only work if you enable `debugbar.storage.open` in the config.
Make sure you only do this on local development, because otherwise other people will be able to view previous requests.
In general, Debugbar should only be used locally or at least restricted by IP.
It's possible to pass a callback, which will receive the Request object, so you can determine access to the OpenHandler storage.

## Twig Integration

Expand Down
41 changes: 38 additions & 3 deletions src/Controllers/OpenHandlerController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,47 @@
namespace Barryvdh\Debugbar\Controllers;

use Barryvdh\Debugbar\Support\Clockwork\Converter;
use DebugBar\DebugBarException;
use DebugBar\OpenHandler;
use Illuminate\Http\Request;
use Illuminate\Http\Response;

class OpenHandlerController extends BaseController
{
/**
* Check if the storage is open for inspecting.
*
* @param Request $request
* @return bool
*/
protected function isStorageOpen(Request $request)
{
$open = config('debugbar.storage.open');

if (is_callable($open)) {
return call_user_func($open, [$request]);
}

return $open;
}

public function handle(Request $request)
{
$openHandler = new OpenHandler($this->debugbar);
$data = $openHandler->handle($request->input(), false, false);
if ($this->isStorageOpen($request)) {
$openHandler = new OpenHandler($this->debugbar);
$data = $openHandler->handle($request->input(), false, false);
} else {
$data = [
[
'datetime' => date("Y-m-d H:i:s"),
'id' => null,
'ip' => $request->getClientIp(),
'method' => 'ERROR',
'uri' => '!! To enable public access to previous requests, set debugbar.storage.open, or DEBUGBAR_OPEN_STORAGE to true in you config !!',
'utime' => microtime(true),
]
];
}

return new Response(
$data,
Expand All @@ -30,8 +61,12 @@ public function handle(Request $request)
* @return mixed
* @throws \DebugBar\DebugBarException
*/
public function clockwork($id)
public function clockwork(Request $request, $id)
{
if (!$this->isStorageOpen($request)) {
throw new DebugBarException(" o enable public access to previous requests, set debugbar.storage.open, or DEBUGBAR_OPEN_STORAGE to true in you config");
}

$request = [
'op' => 'get',
'id' => $id,
Expand Down
Loading