Skip to content

fix: let PHP handle basic auth. #2142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dunglas merged 1 commit into from
Jan 26, 2026
+17 −19
Merged

fix: let PHP handle basic auth. #2142

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 9 additions & 12 deletions cgi.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,23 +277,13 @@ func splitPos(path string, splitPath []string) int {
// See: https://github.com/php/php-src/blob/345e04b619c3bc11ea17ee02cdecad6ae8ce5891/main/SAPI.h#L72
//
//export go_update_request_info
func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info) {
func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info) *C.char {
thread := phpThreads[threadIndex]
fc := thread.frankenPHPContext()
request := fc.request

if request == nil {
return
}

authUser, authPassword, ok := request.BasicAuth()
if ok {
if authPassword != "" {
info.auth_password = thread.pinCString(authPassword)
}
if authUser != "" {
info.auth_user = thread.pinCString(authUser)
}
return nil
}

info.request_method = thread.pinCString(request.Method)
Expand All @@ -311,6 +301,13 @@ func go_update_request_info(threadIndex C.uintptr_t, info *C.sapi_request_info)
info.request_uri = thread.pinCString(request.URL.RequestURI())

info.proto_num = C.int(request.ProtoMajor*1000 + request.ProtoMinor)

authorizationHeader := request.Header.Get("Authorization")
if authorizationHeader == "" {
return nil
}

return thread.pinCString(authorizationHeader)
}

// SanitizedPathJoin performs filepath.Join(root, reqPath) that
Expand Down
15 changes: 8 additions & 7 deletions frankenphp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,11 @@ static void frankenphp_update_request_context() {
/* status It is not reset by zend engine, set it to 200. */
SG(sapi_headers).http_response_code = 200;

go_update_request_info(thread_index, &SG(request_info));
char *authorization_header =
go_update_request_info(thread_index, &SG(request_info));

/* let PHP handle basic auth */
php_handle_auth_data(authorization_header);
}

static void frankenphp_free_request_context() {
Expand All @@ -95,8 +99,6 @@ static void frankenphp_free_request_context() {
}

/* freed via thread.Unpin() */
SG(request_info).auth_password = NULL;
SG(request_info).auth_user = NULL;
SG(request_info).request_method = NULL;
SG(request_info).query_string = NULL;
SG(request_info).content_type = NULL;
Expand Down Expand Up @@ -187,9 +189,9 @@ static void frankenphp_worker_request_shutdown() {
zend_end_try();

/* SAPI related shutdown (free stuff) */
frankenphp_free_request_context();
zend_try { sapi_deactivate(); }
zend_end_try();
frankenphp_free_request_context();

zend_set_memory_limit(PG(memory_limit));
}
Expand Down Expand Up @@ -609,8 +611,8 @@ static zend_module_entry frankenphp_module = {
STANDARD_MODULE_PROPERTIES};

static void frankenphp_request_shutdown() {
frankenphp_free_request_context();
php_request_shutdown((void *)0);
frankenphp_free_request_context();
}

static int frankenphp_startup(sapi_module_struct *sapi_module) {
Expand Down Expand Up @@ -1055,8 +1057,7 @@ static int frankenphp_request_startup() {
return SUCCESS;
}

frankenphp_free_request_context();
php_request_shutdown((void *)0);
frankenphp_request_shutdown();

return FAILURE;
}
Expand Down