Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66651

Have the ability to sign pluginfile urls to short circuit db and session checks

    XMLWordPrintable

Details

    Description

      This type of improvement would be possible once MDL-66006 lands.

      A typical page like a course page might load many dozen other plugin files, typically images. The page which is calling these has already done all the access checks and only links to these files if we know the user can access them. When this page loads there is a huge spike in lots of db connections and calls, session connections and read, muc calls, and access checks which could be avoided.

      By signing all the of the outgoing urls we can skip all of that by asserting that these checks have already been done. Roughly it would look like:

      The parent html page:

      1) for each outgoing link, gather the context of the link, check it's access, find the raw file object that will be served and then encrypt / sign all of that with an appropriate expiration and add it to the url. Typically within that parent process most of these lookups and checks are already in memory and likely even statically cached already so the overhead of moving it all 'back' a process is very small.

      Then pluginfile.php and friends would do:

      1) set ABORT_AFTER_CONFIG

      2) check if there a signature param?

      2) if so validate it, in which case we get a raw reference to a file object and we can bootstrap a minimal moodle with no cookies and pass that directly to the file system to serve without opening a session (not even a readonly one MDL-58018)

      3) If the signature is not valid, eg has expired, then ABORT_AFTER_CONFIG_CANCEL with cookies and fall back to the current process

      4) Optional bonus points: An alternative nginx decoder could be implemented which would could cut php out of the equation completely for most file requests. Vaguely similar to xsendfile but a few steps better.

       

      Catalyst will be implementing a very similar type of url signing for object storage S3 but this same concept could have an equally large impact in vanilla core without an alternate file system class in use. 

       

      There is some vague conceptual similarity with tokenpluginfile.php, except those tokens are stateful, whereas these signatures are stateless. 

       

      Attachments

        Issue Links

          has been marked as being related by

          Improvement - An enhancement to an existing Moodle feature. MDL-65718 Handle 206 range requests for audio / video more efficiently

          • Minor - Minor loss of function where workaround is possible
          • Open
          is blocked by

          New Feature - A new Moodle feature which has yet to be developed. MDL-66006 Can access file methods aka refactor into a proper 'File Serving API'

          • Minor - Minor loss of function where workaround is possible
          • Open

          Activity

            People

              Unassigned Unassigned
              brendanheywood Brendan Heywood
              Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo, Matteo Scaramuccia, David Woloszyn, Huong Nguyen, Jake Dallimore, Meirza, Michael Hawkins, Raquel Ortega, Safat Shahin, Stevani Andolo
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: