@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Write a basic SSH pull log for Git
Summary: Ref T11766. When users run `git pull` or similar, log the operation in the pull log.
Test Plan: Performed SSH pulls, got a log in the database. Today, this event log is purely diagnostic and has no UI.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T11766
Differential Revision: https://secure.phabricator.com/D16738
+53
-5
+24
-1
src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php
+24
-1
src/applications/diffusion/ssh/DiffusionGitUploadPackSSHWorkflow.php
···
19
19
$device = AlmanacKeys::getLiveDevice();
20
20
21
21
$skip_sync = $this->shouldSkipReadSynchronization();
22
+
$is_proxy = $this->shouldProxy();
22
23
23
-
if ($this->shouldProxy()) {
24
+
if ($is_proxy) {
24
25
$command = $this->getProxyCommand();
25
26
26
27
if ($device) {
···
48
49
}
49
50
$command = PhabricatorDaemon::sudoCommandAsDaemonUser($command);
50
51
52
+
$pull_event = $this->newPullEvent();
53
+
51
54
$future = id(new ExecFuture('%C', $command))
52
55
->setEnv($this->getEnvironment());
53
56
···
55
58
->setIOChannel($this->getIOChannel())
56
59
->setCommandChannelFromExecFuture($future)
57
60
->execute();
61
+
62
+
if ($err) {
63
+
$pull_event
64
+
->setResultType('error')
65
+
->setResultCode($err);
66
+
} else {
67
+
$pull_event
68
+
->setResultType('pull')
69
+
->setResultCode(0);
70
+
}
71
+
72
+
// TODO: Currently, when proxying, we do not write a log on the proxy.
73
+
// Perhaps we should write a "proxy log". This is not very useful for
74
+
// statistics or auditing, but could be useful for diagnostics. Marking
75
+
// the proxy logs as proxied (and recording devicePHID on all logs) would
76
+
// make differentiating between these use cases easier.
77
+
78
+
if (!$is_proxy) {
79
+
$pull_event->save();
80
+
}
58
81
59
82
if (!$err) {
60
83
$this->waitForGitClient();
+14
-4
src/applications/diffusion/ssh/DiffusionSSHWorkflow.php
+14
-4
src/applications/diffusion/ssh/DiffusionSSHWorkflow.php
···
30
30
DiffusionCommitHookEngine::ENV_REMOTE_PROTOCOL => 'ssh',
31
31
);
32
32
33
-
$ssh_client = getenv('SSH_CLIENT');
34
-
if ($ssh_client) {
35
-
// This has the format "<ip> <remote-port> <local-port>". Grab the IP.
36
-
$remote_address = head(explode(' ', $ssh_client));
33
+
$remote_address = $this->getSSHRemoteAddress();
34
+
if ($remote_address !== null) {
37
35
$env[DiffusionCommitHookEngine::ENV_REMOTE_ADDRESS] = $remote_address;
38
36
}
39
37
···
259
257
return false;
260
258
}
261
259
260
+
protected function newPullEvent() {
261
+
$viewer = $this->getViewer();
262
+
$repository = $this->getRepository();
263
+
$remote_address = $this->getSSHRemoteAddress();
264
+
265
+
return id(new PhabricatorRepositoryPullEvent())
266
+
->setEpoch(PhabricatorTime::getNow())
267
+
->setRemoteAddress($remote_address)
268
+
->setRemoteProtocol('ssh')
269
+
->setPullerPHID($viewer->getPHID())
270
+
->setRepositoryPHID($repository->getPHID());
271
+
}
262
272
263
273
}
+15
src/infrastructure/ssh/PhabricatorSSHWorkflow.php
+15
src/infrastructure/ssh/PhabricatorSSHWorkflow.php
···
83
83
return $this->originalArguments;
84
84
}
85
85
86
+
public function getSSHRemoteAddress() {
87
+
$ssh_client = getenv('SSH_CLIENT');
88
+
if (!strlen($ssh_client)) {
89
+
return null;
90
+
}
91
+
92
+
// TODO: When commands are proxied, the original remote address should
93
+
// also be proxied.
94
+
95
+
// This has the format "<ip> <remote-port> <local-port>". Grab the IP.
96
+
$remote_address = head(explode(' ', $ssh_client));
97
+
98
+
return $remote_address;
99
+
}
100
+
86
101
}