Introduce zstd & brotli compression + output buffering

Dockerfile

@@ -14,6 +14,10 @@ RUN apt-get update \
   && docker-php-ext-install -j$(nproc) opcache \
   && docker-php-ext-configure pdo_mysql \
   && docker-php-ext-install -j$(nproc) pdo_mysql \
+  && pecl install brotli \
+  && docker-php-ext-enable brotli \
+  && pecl install zstd \
+  && docker-php-ext-enable zstd \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 

composer.json

@@ -28,6 +28,7 @@
         "filp/whoops": "^2.14",
         "gabordemooij/redbean": "^5.7",
         "geoip2/geoip2": "^3.0.0",
+        "hostbybelle/compressionbuffer": "^1.0",
         "io-developer/php-whois": "^4.1",
         "lcharette/webpack-encore-twig": "^1.2.0",
         "league/commonmark": "^2.3",

cspell.json

@@ -393,7 +393,8 @@
         "intval",
         "thisfiledoesnotexist",
         "exchangerate",
-        "currencydata"
+        "currencydata",
+        "brotli"
     ],
     "ignorePaths": [
         "tests-legacy/**",

phpstan.neon

@@ -26,8 +26,6 @@ parameters:
 		- '#^Function __trans not found\.$#'
 		- '#^Function __pluralTrans not found\.$#'
 		- '#^Inner named functions are not supported by PHPStan\. Consider refactoring to an anonymous function, class method, or a top\-level\-defined function\. See issue \#165 \(https\://github\.com/phpstan/phpstan/issues/165\) for more details\.$#'
-		- message: '#^Result of function header \(void\) is used\.$#'
-		  path: src/modules/Custompages/Controller/Client.php
 		- message: '#^Variable \$ext_id on left side of \?\?\= is never defined\.$#'
 		  path: src/modules/Extension/Service.php
 		- '#^Access to an undefined property RedBeanPHP\\SimpleModel\:\:\$updated_at\.$#'

src/config-sample.php

@@ -48,27 +48,45 @@
         'report_errors' => false,
     ],
 
+    'system' => [
+        /*
+         * Full URL where FOSSBilling is installed with trailing slash.
+         */
+        'url' => 'http://localhost/',
+
+        /*
+         * The URL prefix to access the BB admin area. Ex: '/admin' for https://example.com/admin.
+         */
+        'admin_area_prefix' => '/admin',
+
+        /*
+         * Configure the update branch for the automatic updater.
+         * Currently acceptable options are "release" or "preview".
+         */
+        'update_branch' => 'release',
+
+        /*
+         * FOSSBilling will automatically execute cron when you login to the admin panel if it hasn't been executed in awhile. You can disable this fallback here.
+         */
+        'disable_auto_cron' => false,
+
+        /*
+         * Set location to store sensitive data.
+         */
+        'path_data' => __DIR__ . '/data',
+
+        /*
+         * FOSSBilling will automatically perform zstd, brotli, gzip, or deflate output compression depending on installed extensions and the client connecting.
+         * Disable this here if you want to not use output compression or control it outside of FOSSBilling itself (such as your webserver)
+         */
+        'do_output_compression' => true,
+    ],
+
     'info' => [
         'salt' => bin2hex(random_bytes(16)),
         'instance_id' => 'XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX',
     ],
 
-    /*
-     * Full URL where FOSSBilling is installed with trailing slash.
-     */
-    'url' => 'http://localhost/',
-
-    /*
-     * The URL prefix to access the BB admin area. Ex: '/admin' for https://example.com/admin.
-     */
-    'admin_area_prefix' => '/admin',
-
-    /*
-     * Configure the update branch for the automatic updater.
-     * Currently acceptable options are "release" or "preview".
-     */
-    'update_branch' => 'release',
-
     'maintenance_mode' => [
         /*
          * Enable or disable the system maintenance mode.
@@ -90,11 +108,6 @@
         'allowed_ips' => [],
     ],
 
-    /*
-     * FOSSBilling will automatically execute cron when you login to the admin panel if it hasn't been executed in awhile. You can disable this fallback here.
-     */
-    'disable_auto_cron' => false,
-
     /* 
      * These configuration options allow you to configure the default localisation.
      */
@@ -112,11 +125,6 @@
         'datetime_pattern' => '',
     ],
 
-    /*
-     * Set location to store sensitive data.
-     */
-    'path_data' => __DIR__ . '/data',
-
     'db' => [
         /*
          * Database type. Don't change this if in doubt.
@@ -168,7 +176,7 @@
         // How many requests allowed per time span
         'rate_limit' => 1000,
 
-        /**
+        /*
          * Note about rate-limiting login attempts:
          * When the limit is reached, a default delay of 2 seconds is added to the request.
          * This makes brute-forcing a password useless while not outright blocking legitimate traffic.
@@ -184,13 +192,13 @@
         'rate_limit_login' => 20,
 
         /*
-        * This enables the usage of a token to protect the system from CSRF attacks.
-        * Disabling this is highly discouraged and opens your instance to a known vulnerability.
-        * This option is only here for backwards compatibility.
-        */
+         * This enables the usage of a token to protect the system from CSRF attacks.
+         * Disabling this is highly discouraged and opens your instance to a known vulnerability.
+         * This option is only here for backwards compatibility.
+         */
         'CSRFPrevention' => true,
 
-        /**
+        /*
          * Any IP address within this list will not be put through the rate-limiter system.
          * This is useful if you have an application with a static IP address that needs to make frequent API requests to FOSSBilling.
          */

src/di.php

@@ -406,6 +406,7 @@
         $di['set_return_uri'];
 
         header(sprintf('Location: %s', $di['url']->adminLink('staff/login')));
+        ob_end_flush();
         exit;
     }
 
@@ -439,6 +440,7 @@
             // Redirect to login page if browser request
             $login_url = $di['url']->link('login');
             header("Location: $login_url");
+            ob_end_flush();
             exit;
         }
     }
@@ -477,6 +479,7 @@
             // Redirect to login page if browser request
             $login_url = $di['url']->adminLink('staff/login');
             header("Location: $login_url");
+            ob_end_flush();
             exit;
         }
     }
@@ -528,6 +531,7 @@
             // If they aren't attempting to access their profile, redirect them to it.
             $login_url = $di['url']->link('client/profile');
             header("Location: $login_url");
+            ob_end_flush();
             exit;
         }
     }
@@ -834,6 +838,7 @@
     $csv->output($outputName);
 
     // Prevent further output from being added to the end of the CSV
+    ob_end_flush();
     exit;
 });
 

src/index.php

@@ -1,4 +1,5 @@
 <?php
+use HostByBelle\CompressionBuffer;
 
 /**
  * Copyright 2022-2024 FOSSBilling
@@ -38,10 +39,11 @@
         $patcher->applyCorePatches();
         $di['tools']->emptyFolder(PATH_CACHE);
 
-        exit('Any missing config migrations or database patches have been applied and the cache has been cleared');
+        echo 'Any missing config migrations or database patches have been applied and the cache has been cleared';
     } catch (Exception $e) {
-        exit('An error occurred while attempting to apply patches: <br>' . $e->getMessage());
+        echo 'An error occurred while attempting to apply patches: <br>' . $e->getMessage();
     }
+    exit;
 }
 
 $debugBar['time']->startMeasure('session_start', 'Starting / restoring the session');
@@ -90,6 +92,9 @@
     exit;
 }
 
-// If no HTTP error passed, run the app.
-echo $app->run();
+// Start output buffering & run the app
+ob_start(CompressionBuffer::handler(...));
+header('X-Accel-Buffering: no');
+$app->run();
+ob_end_flush();
 exit;

src/library/Box/App.php

@@ -112,7 +112,7 @@ public function delete(string $url, string $methodName, ?array $conditions = [],
         $this->event('delete', $url, $methodName, $conditions, $class);
     }
 
-    public function run(): string
+    public function run(): void
     {
         $this->debugBar['time']->startMeasure('registerModule', 'Registering module routes');
         $this->registerModule();
@@ -126,7 +126,7 @@ public function run(): string
         $this->checkPermission();
         $this->debugBar['time']->stopMeasure('checkperm');
 
-        return $this->processRequest();
+        echo $this->processRequest();
     }
 
     /**
@@ -136,6 +136,7 @@ public function redirect($path): never
     {
         $location = $this->di['url']->link($path);
         header("Location: $location");
+        ob_end_flush();
         exit;
     }
 

src/library/Box/AppAdmin.php

@@ -34,6 +34,7 @@ protected function checkPermission(): void
             http_response_code(403);
             $e = new FOSSBilling\InformationException('You do not have permission to access the :mod: module', [':mod:' => $this->mod], 403);
             echo $this->render('error', ['exception' => $e]);
+            ob_end_flush();
             exit;
         }
     }
@@ -49,6 +50,7 @@ public function redirect($path): never
     {
         $location = $this->di['url']->adminLink($path);
         header("Location: $location");
+        ob_end_flush();
         exit;
     }