allow enable the profiler per-request by setting a shared secret

Signed-off-by: Robin Appelman <[email protected]>

lib/private/Diagnostics/EventLogger.php

@@ -28,6 +28,7 @@
 use OC\SystemConfig;
 use OCP\Diagnostics\IEvent;
 use OCP\Diagnostics\IEventLogger;
+use OCP\Profiler\IProfiler;
 use Psr\Log\LoggerInterface;
 
 class EventLogger implements IEventLogger {
@@ -47,27 +48,32 @@ class EventLogger implements IEventLogger {
 	 * @var bool - Module needs to be activated by some app
 	 */
 	private $activated = false;
+	private IProfiler $profiler;
 
-	public function __construct(SystemConfig $config, LoggerInterface $logger, Log $internalLogger) {
+	public function __construct(SystemConfig $config, LoggerInterface $logger, Log $internalLogger, IProfiler $profiler) {
 		$this->config = $config;
 		$this->logger = $logger;
 		$this->internalLogger = $internalLogger;
+		$this->profiler = $profiler;
 
 		if ($this->isLoggingActivated()) {
 			$this->activate();
 		}
 	}
 
 	public function isLoggingActivated(): bool {
-		$systemValue = (bool)$this->config->getValue('diagnostics.logging', false)
-			|| (bool)$this->config->getValue('profiler', false);
+		if ($this->profiler->isEnabled()) {
+			return true;
+		}
+
+		$diagnosticsEnabled = $this->config->getValue('diagnostics.logging', false);
 
-		if ($systemValue && $this->config->getValue('debug', false)) {
+		if ($diagnosticsEnabled && $this->config->getValue('debug', false)) {
 			return true;
 		}
 
 		$isDebugLevel = $this->internalLogger->getLogLevel([]) === Log::DEBUG;
-		return $systemValue && $isDebugLevel;
+		return $diagnosticsEnabled && $isDebugLevel;
 	}
 
 	/**

lib/private/Profiler/Profiler.php

@@ -1,6 +1,6 @@
 <?php
 
-declare(strict_types = 1);
+declare(strict_types=1);
 
 /**
  * @copyright 2021 Carl Schwan <[email protected]>
@@ -27,11 +27,14 @@
 namespace OC\Profiler;
 
 use OC\AppFramework\Http\Request;
+use OC\AppFramework\Http\RequestVars;
 use OCP\AppFramework\Http\Response;
 use OCP\DataCollector\IDataCollector;
+use OCP\IRequest;
 use OCP\Profiler\IProfiler;
 use OCP\Profiler\IProfile;
 use OC\SystemConfig;
+use Psr\Container\ContainerInterface;
 
 class Profiler implements IProfiler {
 	/** @var array<string, IDataCollector> */
@@ -41,11 +44,34 @@ class Profiler implements IProfiler {
 
 	private bool $enabled = false;
 
-	public function __construct(SystemConfig $config) {
-		$this->enabled = $config->getValue('profiler', false);
-		if ($this->enabled) {
-			$this->storage = new FileProfilerStorage($config->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/profiler');
+	/**
+	 * we inject the container, else we get a loop with the IRequest
+	 */
+	public function __construct(SystemConfig $config, RequestVars $request) {
+		$this->enabled = $this->shouldProfilerBeEnabled($config, $request);
+		$this->storage = new FileProfilerStorage($config->getValue('datadirectory', \OC::$SERVERROOT . '/data') . '/profiler');
+	}
+
+	private function shouldProfilerBeEnabled(SystemConfig $config, RequestVars $request): bool {
+		if ($config->getValue('profiler', false)) {
+			return true;
 		}
+		$condition = $config->getValue('profiler.condition', []);
+		if (isset($condition['shared_secret'])) {
+			if ($request->getMethod() === 'PUT' &&
+				!str_contains($request->getHeader('Content-Type'), 'application/x-www-form-urlencoded') &&
+				!str_contains($request->getHeader('Content-Type'), 'application/json')) {
+				$logSecretRequest = '';
+			} else {
+				$logSecretRequest = $request->getParam('profiler_secret', '');
+			}
+
+			// if token is found in the request change set the log condition to satisfied
+			if (hash_equals($condition['shared_secret'], $logSecretRequest)) {
+				return true;
+			}
+		}
+		return false;
 	}
 
 	public function add(IDataCollector $dataCollector): void {
@@ -94,13 +120,15 @@ public function collect(Request $request, Response $response): IProfile {
 	/**
 	 * @return array[]
 	 */
-	public function find(?string $url, ?int $limit, ?string $method, ?int $start, ?int $end,
-						 string $statusCode = null): array {
-		if ($this->storage) {
-			return $this->storage->find($url, $limit, $method, $start, $end, $statusCode);
-		} else {
-			return [];
-		}
+	public function find(
+		?string $url,
+		?int $limit,
+		?string $method,
+		?int $start,
+		?int $end,
+		string $statusCode = null
+	): array {
+		return $this->storage->find($url, $limit, $method, $start, $end, $statusCode);
 	}
 
 	public function dataProviders(): array {

lib/private/Server.php

@@ -352,9 +352,7 @@ public function __construct($webRoot, \OC\Config $config) {
 			);
 		});
 
-		$this->registerService(IProfiler::class, function (Server $c) {
-			return new Profiler($c->get(SystemConfig::class));
-		});
+		$this->registerAlias(IProfiler::class, Profiler::class);
 
 		$this->registerService(\OCP\Encryption\IManager::class, function (Server $c): Encryption\Manager {
 			$view = new View();
@@ -847,7 +845,7 @@ public function __construct($webRoot, \OC\Config $config) {
 		});
 		$this->registerDeprecatedAlias('HttpClientService', IClientService::class);
 		$this->registerService(IEventLogger::class, function (ContainerInterface $c) {
-			return new EventLogger($c->get(SystemConfig::class), $c->get(LoggerInterface::class), $c->get(Log::class));
+			return new EventLogger($c->get(SystemConfig::class), $c->get(LoggerInterface::class), $c->get(Log::class), $c->get(IProfiler::class));
 		});
 		/** @deprecated 19.0.0 */
 		$this->registerDeprecatedAlias('EventLogger', IEventLogger::class);