2015-05-14 08:44:38 +02:00
|
|
|
package Lemonldap::NG::Handler::PSGI;
|
|
|
|
|
|
|
|
use 5.10.0;
|
|
|
|
use Mouse;
|
2015-07-24 09:23:57 +02:00
|
|
|
use Lemonldap::NG::Handler::SharedConf qw(:tsv :variables :jailSharedVars);
|
2015-05-14 08:44:38 +02:00
|
|
|
extends 'Lemonldap::NG::Common::PSGI::Router';
|
|
|
|
|
2015-12-18 10:31:36 +01:00
|
|
|
our $VERSION = '1.9.0';
|
2015-05-14 08:44:38 +02:00
|
|
|
|
2015-12-25 11:46:11 +01:00
|
|
|
has protection => ( is => 'rw', isa => 'Str' );
|
|
|
|
|
2015-05-14 08:44:38 +02:00
|
|
|
around init => sub {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $method, $self, $args ) = @_;
|
2016-01-05 13:33:27 +01:00
|
|
|
eval { Lemonldap::NG::Handler::SharedConf->init($self) };
|
2016-01-05 19:27:16 +01:00
|
|
|
if ( $@ and not $self->{protection} eq 'none' ) {
|
|
|
|
$self->lmLog( $@, 'error' );
|
2016-01-05 13:33:27 +01:00
|
|
|
$self->error($@);
|
|
|
|
$self->$method($args);
|
|
|
|
return 0;
|
|
|
|
}
|
2016-01-05 19:27:16 +01:00
|
|
|
unless ( Lemonldap::NG::Handler::SharedConf->checkConf($self)
|
|
|
|
or $self->{protection} eq 'none' )
|
|
|
|
{
|
|
|
|
$self->error(
|
|
|
|
"Unable to protect this app ($Lemonldap::NG::Common::Conf::msg)");
|
2016-01-05 13:33:27 +01:00
|
|
|
$self->$method($args);
|
|
|
|
return 0;
|
|
|
|
}
|
2015-05-14 08:44:38 +02:00
|
|
|
return $self->$method($args);
|
|
|
|
};
|
|
|
|
|
|
|
|
sub _run {
|
|
|
|
my $self = shift;
|
2015-12-27 09:31:41 +01:00
|
|
|
|
|
|
|
# Override _run() only if protection != 'none'
|
2015-05-14 08:44:38 +02:00
|
|
|
my $rule = $self->{protection} || $localConfig->{protection};
|
|
|
|
if ( $rule ne 'none' ) {
|
|
|
|
$rule =
|
|
|
|
$rule eq "authenticate" ? "accept" : $rule eq "manager" ? "" : $rule;
|
2015-12-27 09:31:41 +01:00
|
|
|
|
|
|
|
# Handle requests
|
|
|
|
# Developers, be careful: Only this part is executed at each request
|
2015-05-14 08:44:38 +02:00
|
|
|
return sub {
|
|
|
|
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
|
|
|
|
Lemonldap::NG::Handler::API->newRequest($req);
|
|
|
|
my $res = Lemonldap::NG::Handler::SharedConf->run($rule);
|
2015-12-10 13:28:07 +01:00
|
|
|
$req->userData($datas) if ($datas);
|
2015-05-14 08:44:38 +02:00
|
|
|
|
2015-12-27 09:31:41 +01:00
|
|
|
if ( $res < 300 ) {
|
|
|
|
return $self->router($req);
|
2015-05-14 08:44:38 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# Ajax hook: Ajax requests can not understand 30x responses. This
|
|
|
|
# is not really HTTP compliant but nothing in this
|
2015-12-27 09:31:41 +01:00
|
|
|
# protocol can do this. Our javascripts understand that
|
2015-12-27 10:16:04 +01:00
|
|
|
# they have to prompt user with the URL
|
2015-05-14 08:44:38 +02:00
|
|
|
elsif (
|
2015-12-27 09:31:41 +01:00
|
|
|
$req->accept =~ m|application/json|
|
|
|
|
or ( $req->contentType
|
|
|
|
and $req->contentType =~ m|application/json| )
|
2015-05-14 08:44:38 +02:00
|
|
|
)
|
|
|
|
{
|
2015-12-27 09:31:41 +01:00
|
|
|
if ( $res == 302 or $res == 303 ) {
|
|
|
|
return [
|
|
|
|
401,
|
|
|
|
[ Authorization => $req->{respHeaders}->{Location} ],
|
|
|
|
['']
|
|
|
|
];
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return [
|
|
|
|
$res, [ 'Content-Type', 'application/json' ],
|
|
|
|
[qq({"error":"$res"})]
|
|
|
|
];
|
|
|
|
}
|
2015-05-14 08:44:38 +02:00
|
|
|
}
|
2015-12-27 09:31:41 +01:00
|
|
|
|
|
|
|
# Non Ajax requests may be redirected to portal
|
2015-05-14 08:44:38 +02:00
|
|
|
else {
|
2015-12-27 09:31:41 +01:00
|
|
|
my %h = $req->{respHeaders} ? %{ $req->{respHeaders} } : ();
|
|
|
|
my $s = $tsv->{portal}->() . "?lmError=$res";
|
|
|
|
$s =
|
|
|
|
'<html><head><title>Redirection</title></head><body>'
|
|
|
|
. qq{<script type="text/javascript">window.location='$s'</script>}
|
|
|
|
. '<h1>Please wait</h1>'
|
|
|
|
. qq{<p>An error occurs, you're going to be redirected to <a href="$s">$s</a>.</p>}
|
|
|
|
. '</body></html>';
|
|
|
|
$h{'Content-Type'} = 'text/html';
|
|
|
|
$h{'Content-Length'} = length $s;
|
|
|
|
return [ $res, [%h], [$s] ];
|
2015-05-14 08:44:38 +02:00
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
2015-12-27 09:31:41 +01:00
|
|
|
|
2015-05-14 08:44:38 +02:00
|
|
|
else {
|
2015-12-27 09:31:41 +01:00
|
|
|
eval { Lemonldap::NG::Handler::SharedConf->checkConf() }
|
|
|
|
unless (%$tsv);
|
2015-05-14 08:44:38 +02:00
|
|
|
$self->lmLog( $@, 'error' ) if ($@);
|
|
|
|
|
2015-12-27 09:31:41 +01:00
|
|
|
# Handle unprotected requests
|
|
|
|
return sub {
|
2015-05-14 08:44:38 +02:00
|
|
|
$self->router( Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-24 09:23:57 +02:00
|
|
|
## @method hashRef user()
|
|
|
|
# @return hash of user datas
|
|
|
|
sub user {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $self, $req ) = @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return $req->userData || { _whatToTrace => 'anonymous' };
|
2015-07-24 09:23:57 +02:00
|
|
|
}
|
|
|
|
|
2015-07-26 14:18:16 +02:00
|
|
|
## @method string userId()
|
|
|
|
# @return user identifier to log
|
|
|
|
sub userId {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $self, $req ) = @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return $req->userData->{_whatToTrace} || 'anonymous';
|
2015-07-26 14:18:16 +02:00
|
|
|
}
|
|
|
|
|
2015-07-24 09:23:57 +02:00
|
|
|
## @method boolean group(string group)
|
|
|
|
# @param $group name of the Lemonldap::NG group to test
|
|
|
|
# @return boolean : true if user is in this group
|
|
|
|
sub group {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $self, $req, $group ) = @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return () unless ( $req->userData->{groups} );
|
2015-07-27 23:15:14 +02:00
|
|
|
return ( $req->userData->{groups} =~ /\b$group\b/ );
|
2015-07-24 09:23:57 +02:00
|
|
|
}
|
|
|
|
|
2015-12-10 13:28:07 +01:00
|
|
|
## @method PSGI::Response sendError($req,$err,$code)
|
|
|
|
# Add user di to $err before calling Lemonldap::NG::Common::PSGI::sendError()
|
|
|
|
# @param $req Lemonldap::NG::Common::PSGI::Request
|
|
|
|
# @param $err String to push
|
|
|
|
# @code int HTTP error code (default to 500)
|
|
|
|
sub sendError {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $self, $req, $err, $code ) = @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
$err ||= $req->error;
|
|
|
|
$err = '[' . $self->userId($req) . "] $err";
|
|
|
|
return $self->SUPER::sendError( $req, $err, $code );
|
|
|
|
}
|
|
|
|
|
2015-05-14 08:44:38 +02:00
|
|
|
1;
|
2015-12-25 11:46:11 +01:00
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
|
|
|
Lemonldap::NG::Handler::PSGI - Base library for protected REST APIs of
|
|
|
|
Lemonldap::NG.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
package My::PSGI;
|
|
|
|
|
|
|
|
use base Lemonldap::NG::Handler;
|
|
|
|
|
|
|
|
sub init {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ($self,$args) = @_;
|
2015-12-25 11:46:11 +01:00
|
|
|
$self->protection('manager');
|
|
|
|
# See Lemonldap::NG::Common::PSGI for more
|
|
|
|
|
|
|
|
# Declare REST routes (could be HTML templates or methods)
|
|
|
|
$self->addRoute ( 'index.html', undef, ['GET'] )
|
|
|
|
->addRoute ( books => { ':book' => 'booksMethod' }, ['GET', 'POST'] );
|
|
|
|
|
|
|
|
# Default route (ie: PATH_INFO == '/')
|
|
|
|
$self->defaultRoute('index.html');
|
|
|
|
|
|
|
|
# Return a boolean. If false, then error message has to be stored in
|
|
|
|
# $self->error
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub booksMethod {
|
2016-01-02 10:29:05 +01:00
|
|
|
my ( $self, $req, @otherPathInfo ) = @_;
|
2015-12-25 11:46:11 +01:00
|
|
|
|
|
|
|
# Will be called only if authorisated
|
|
|
|
my $userId = $self->userId;
|
|
|
|
my $book = $req->params('book');
|
|
|
|
my $method = $req->method;
|
|
|
|
...
|
|
|
|
$self->sendJSONresponse(...);
|
|
|
|
}
|
|
|
|
|
|
|
|
This package could then be called as a CGI, using FastCGI,...
|
|
|
|
|
|
|
|
#!/usr/bin/env perl
|
|
|
|
|
|
|
|
use My::PSGI;
|
|
|
|
use Plack::Handler::FCGI; # or Plack::Handler::CGI
|
|
|
|
|
|
|
|
Plack::Handler::FCGI->new->run( My::PSGI->run() );
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This package provides base class for Lemonldap::NG protected REST API.
|
|
|
|
|
|
|
|
=head1 METHODS
|
|
|
|
|
|
|
|
See L<Lemonldap::NG::Common::PSGI> for logging methods, content sending,...
|
|
|
|
|
|
|
|
=head2 Accessors
|
|
|
|
|
|
|
|
See L<Lemonldap::NG::Common::PSGI::Router> for inherited accessors.
|
|
|
|
|
|
|
|
=head3 protection
|
|
|
|
|
|
|
|
Level of protection. It can be one of:
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item 'none': no protection
|
|
|
|
|
|
|
|
=item 'authenticate': all authenticated users are granted
|
|
|
|
|
|
|
|
=item 'manager': access is granted following Lemonldap::NG rules
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head2 Running methods
|
|
|
|
|
|
|
|
=head3 user
|
|
|
|
|
|
|
|
Returns user session datas. If empty (no protection), returns:
|
|
|
|
|
|
|
|
{ _whatToTrace => 'anonymous' }
|
|
|
|
|
|
|
|
But if page is protected by server (Auth-Basic,...), it will return:
|
|
|
|
|
|
|
|
{ _whatToTrace => $REMOTE_USER }
|
|
|
|
|
|
|
|
=head3 UserId
|
|
|
|
|
|
|
|
Returns user()->{'_whatToTrace'}.
|
|
|
|
|
|
|
|
=head3 group
|
|
|
|
|
|
|
|
Returns a list of groups to which user belongs.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<http://lemonldap-ng.org/>, L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Handler>,
|
|
|
|
L<Plack>, L<PSGI>, L<Lemonldap::NG::Common::PSGI::Router>,
|
|
|
|
L<Lemonldap::NG::Common::PSGI::Request>, L<HTML::Template>,
|
|
|
|
|
|
|
|
=head1 AUTHORS
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
|
|
|
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
|
|
|
|
|
|
|
|
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=item Thomas Chemineau, E<lt>thomas.chemineau@gmail.comE<gt>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://jira.ow2.org>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item Copyright (C) 2015 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
2015-12-25 11:46:22 +01:00
|
|
|
=item Copyright (C) 2015 by Clément Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
2015-12-25 11:46:11 +01:00
|
|
|
=back
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
=cut
|