Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66651

Have the ability to sign pluginfile urls to short circuit db and session checks




      This type of improvement would be possible once MDL-66006 lands.

      A typical page like a course page might load many dozen other plugin files, typically images. The page which is calling these has already done all the access checks and only links to these files if we know the user can access them. When this page loads there is a huge spike in lots of db connections and calls, session connections and read, muc calls, and access checks which could be avoided.

      By signing all the of the outgoing urls we can skip all of that by asserting that these checks have already been done. Roughly it would look like:

      The parent html page:

      1) for each outgoing link, gather the context of the link, check it's access, find the raw file object that will be served and then encrypt / sign all of that with an appropriate expiration and add it to the url. Typically within that parent process most of these lookups and checks are already in memory and likely even statically cached already so the overhead of moving it all 'back' a process is very small.

      Then pluginfile.php and friends would do:


      2) check if there a signature param?

      2) if so validate it, in which case we get a raw reference to a file object and we can bootstrap a minimal moodle with no cookies and pass that directly to the file system to serve without opening a session (not even a readonly one MDL-58018)

      3) If the signature is not valid, eg has expired, then ABORT_AFTER_CONFIG_CANCEL with cookies and fall back to the current process

      4) Optional bonus points: An alternative nginx decoder could be implemented which would could cut php out of the equation completely for most file requests. Vaguely similar to xsendfile but a few steps better.


      Catalyst will be implementing a very similar type of url signing for object storage S3 but this same concept could have an equally large impact in vanilla core without an alternate file system class in use. 


      There is some vague conceptual similarity with tokenpluginfile.php, except those tokens are stateful, whereas these signatures are stateless. 



        Issue Links



              Unassigned Unassigned
              brendanheywood Brendan Heywood
              3 Vote for this issue
              4 Start watching this issue




                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.