lemonldap-ng/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Viewer.pm

package Lemonldap::NG::Manager::Viewer;

use 5.10.0;
use utf8;
use Mouse;
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::UserAgent;
use URI::URL;

use feature 'state';

extends 'Lemonldap::NG::Manager::Conf';

has diffRule => ( is => 'rw', default => sub { 0 } );
has brwRule  => ( is => 'rw', default => sub { 0 } );

our $VERSION = '2.1.0';

#############################
# I. INITIALIZATION METHODS #
#############################

use constant defaultRoute => 'viewer.html';

has ua => ( is => 'rw' );

sub init {
    my ( $self, $conf ) = @_;
    $self->ua( Lemonldap::NG::Common::UserAgent->new($conf) );
    my $hd = "Lemonldap::NG::Handler::PSGI::Main";

    # Parse Diff activation rule
    $conf->{viewerAllowDiff} //= 0;
    $self->logger->debug(
        "Diff activation rule -> " . ( $conf->{viewerAllowDiff} ) );
    my $rule = $hd->buildSub( $hd->substitute( $conf->{viewerAllowDiff} ) );
    unless ($rule) {
        $self->logger->error(
            "Bad Diff activation rule -> " . $hd->tsv->{jail}->error );
        return 0;
    }
    $self->diffRule($rule);

    # Parse Browser activation rule
    $conf->{viewerAllowBrowser} //= 0;
    $self->logger->debug(
        "Browser activation rule -> " . ( $conf->{viewerAllowBrowser} ) );
    $rule = $hd->buildSub( $hd->substitute( $conf->{viewerAllowBrowser} ) );
    unless ($rule) {
        $self->logger->error(
            "Bad Browser activation rule -> " . $hd->tsv->{jail}->error );
        return 0;
    }
    $self->brwRule($rule);

    my $hiddenKeys  = $conf->{viewerHiddenKeys} || '';
    my @enabledKeys = ();
    my @keys        = qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes
      applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes
      casSrvMetaDataNodes casAppMetaDataNodes sfExtra
      authChoiceModules grantSessionRules combModules
      openIdIDPList);

    foreach (@keys) {

        # Ignore hidden ConfTree Primary Keys
        push @enabledKeys, $_
          unless ( $hiddenKeys =~ /\b$_\b/ );
    }

    # Forbid hidden keys
    foreach ( split /\s+/, $hiddenKeys ) {
        $self->addRoute(
            view => { ':cfgNum' => { $_ => 'rejectKey' } },
            ['GET']
        );
    }

    # HTML templates
    $self->addRoute( 'viewer.html', undef, ['GET'] )
      ->addRoute( 'viewDiff.html', undef, ['GET'] )

      # READ
      # Special keys
      ->addRoute(
        view => {
            ':cfgNum' => \@enabledKeys
        },
        ['GET']
      )

      # Difference between confs
      ->addRoute(
        view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )

      # Other keys
      ->addRoute( view => { ':cfgNum' => { '*' => 'viewKey' } }, ['GET'] );
    return 1;
}

sub getConfByNum {
    my ( $self, $cfgNum, @args ) = @_;
    $self->SUPER::getConfByNum( $cfgNum, @args );
}

sub viewDiff {
    my ( $self, $req, @path ) = @_;

    # Check Diff activation rule
    unless ( $self->diffRule->( $req, $req->{userData} ) ) {
        my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
        $self->userLogger->warn(
            "$user is not authorized to compare configurations");
        return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );
    }

    return $self->sendError( $req, 'to many arguments in path info', 400 )
      if (@path);
    my @cfgNum =
      ( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) );
    my @conf;
    $self->logger->debug(" Loading confs");

    # Load the 2 configurations
    for ( my $i = 0 ; $i < 2 ; $i++ ) {
        if ( %{ $self->currentConf }
            and $cfgNum[$i] == $self->currentConf->{cfgNum} )
        {
            $conf[$i] = $self->currentConf;
        }
        else {
            $conf[$i] = $self->confAcc->getConf(
                { cfgNum => $cfgNum[$i], raw => 1, noCache => 1 } );
            return $self->sendError(
                $req,
"Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg",
                400
            ) unless ( $conf[$i] );
        }
    }
    require Lemonldap::NG::Manager::Conf::Diff;
    my @res =
      $self->Lemonldap::NG::Manager::Conf::Diff::diff( $conf[0], $conf[1] );
    my $hiddenKeys = $self->{viewerHiddenKeys} || '';
    $self->logger->debug("Deleting hidden Conf keys...");
    foreach ( split /\s+/, $hiddenKeys ) {
        $self->logger->debug("-> Delete $_");
        delete $res[0]->{$_};
        delete $res[1]->{$_};
    }
    return $self->sendJSONresponse( $req, [@res] );
}

sub rejectKey {
    my ( $self, $req, @args ) = @_;
    return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );
}

sub viewKey {
    my ( $self, $req, @args ) = @_;
    $self->logger->debug("Viewer requested URI -> $req->{env}->{REQUEST_URI}");

    # Check Browser activation rule
    if ( $self->brwRule->( $req, $req->{userData} ) ) {
        $self->logger->debug(" No restriction");
        $self->SUPER::getKey( $req, @args );
    }
    else {
        if ( $req->{env}->{REQUEST_URI} =~ m%/view/(?:latest|\d+/\w+)$% ) {
            $self->logger->debug(" $req->{env}->{REQUEST_URI} -> URI allowed");
            $self->SUPER::getKey( $req, @args );
        }
        else {
            $self->logger->debug(
                " $req->{env}->{REQUEST_URI} -> URI FORBIDDEN");
            my $user = $req->{userData}->{_whatToTrace} || 'anonymous';
            $self->userLogger->warn(
                "$user is not authorized to browse configurations");
            $self->rejectKey( $req, @args );
        }
    }
}

1;
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`package Lemonldap::NG::Manager::Viewer;`

			`use 5.10.0;`
			`use utf8;`
			`use Mouse;`
			`use Lemonldap::NG::Common::Conf::Constants;`
			`use Lemonldap::NG::Common::UserAgent;`
			`use URI::URL;`

			`use feature 'state';`

WIP - Inherits Conf.pm (#1661) 2019-03-14 16:39:49 +01:00			`extends 'Lemonldap::NG::Manager::Conf';`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00
Change Manager framework to plugins 2020-01-27 18:32:59 +01:00			`has diffRule => ( is => 'rw', default => sub { 0 } );`
Tidy 2020-02-20 23:34:02 +01:00			`has brwRule => ( is => 'rw', default => sub { 0 } );`
Change Manager framework to plugins 2020-01-27 18:32:59 +01:00
Merge branch 'v2.0' 2019-04-05 10:10:40 +02:00			`our $VERSION = '2.1.0';`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00
			`#############################`
			`# I. INITIALIZATION METHODS #`
			`#############################`

			`use constant defaultRoute => 'viewer.html';`

			`has ua => ( is => 'rw' );`

Change Manager framework to plugins 2020-01-27 18:32:59 +01:00			`sub init {`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`my ( $self, $conf ) = @_;`
			`$self->ua( Lemonldap::NG::Common::UserAgent->new($conf) );`
Change Manager framework to plugins 2020-01-27 18:32:59 +01:00			`my $hd = "Lemonldap::NG::Handler::PSGI::Main";`

			`# Parse Diff activation rule`
			`$conf->{viewerAllowDiff} //= 0;`
			`$self->logger->debug(`
			`"Diff activation rule -> " . ( $conf->{viewerAllowDiff} ) );`
			`my $rule = $hd->buildSub( $hd->substitute( $conf->{viewerAllowDiff} ) );`
			`unless ($rule) {`
			`$self->logger->error(`
			`"Bad Diff activation rule -> " . $hd->tsv->{jail}->error );`
			`return 0;`
			`}`
			`$self->diffRule($rule);`

			`# Parse Browser activation rule`
			`$conf->{viewerAllowBrowser} //= 0;`
			`$self->logger->debug(`
			`"Browser activation rule -> " . ( $conf->{viewerAllowBrowser} ) );`
			`$rule = $hd->buildSub( $hd->substitute( $conf->{viewerAllowBrowser} ) );`
			`unless ($rule) {`
			`$self->logger->error(`
			`"Bad Browser activation rule -> " . $hd->tsv->{jail}->error );`
			`return 0;`
			`}`
			`$self->brwRule($rule);`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00
Change Manager framework to plugins 2020-01-27 18:32:59 +01:00			`my $hiddenKeys = $conf->{viewerHiddenKeys} \|\| '';`
Rename vars to be more consistent 2019-05-12 21:07:47 +02:00			`my @enabledKeys = ();`
Tidy 2019-05-16 20:45:14 +02:00			`my @keys = qw(virtualHosts samlIDPMetaDataNodes samlSPMetaDataNodes`
WIP - Hidden ConfTree PK (#1661) 2019-03-13 22:56:16 +01:00			`applicationList oidcOPMetaDataNodes oidcRPMetaDataNodes`
Update viewer 2019-08-18 11:14:42 +02:00			`casSrvMetaDataNodes casAppMetaDataNodes sfExtra`
WIP - Hidden ConfTree PK (#1661) 2019-03-13 22:56:16 +01:00			`authChoiceModules grantSessionRules combModules`
			`openIdIDPList);`

			`foreach (@keys) {`

			`# Ignore hidden ConfTree Primary Keys`
Rename vars to be more consistent 2019-05-12 21:07:47 +02:00			`push @enabledKeys, $_`
			`unless ( $hiddenKeys =~ /\b$_\b/ );`
WIP - Hidden ConfTree PK (#1661) 2019-03-13 22:56:16 +01:00			`}`

Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`# Forbid hidden keys`
Rename vars to be more consistent 2019-05-12 21:07:47 +02:00			`foreach ( split /\s+/, $hiddenKeys ) {`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`$self->addRoute(`
			`view => { ':cfgNum' => { $_ => 'rejectKey' } },`
			`['GET']`
			`);`
			`}`

			`# HTML templates`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`$self->addRoute( 'viewer.html', undef, ['GET'] )`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`->addRoute( 'viewDiff.html', undef, ['GET'] )`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00
			`# READ`
			`# Special keys`
			`->addRoute(`
WIP - Viewer SPA (#1661) 2019-03-12 22:59:15 +01:00			`view => {`
Rename vars to be more consistent 2019-05-12 21:07:47 +02:00			`':cfgNum' => \@enabledKeys`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`},`
			`['GET']`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`)`
Allow to hide other keys (#1661) 2019-03-19 17:56:23 +01:00
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`# Difference between confs`
			`->addRoute(`
			`view => { diff => { ':conf1' => { ':conf2' => 'viewDiff' } } } )`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`# Other keys`
			`->addRoute( view => { ':cfgNum' => { '*' => 'viewKey' } }, ['GET'] );`
Change Manager framework to plugins 2020-01-27 18:32:59 +01:00			`return 1;`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`}`

			`sub getConfByNum {`
			`my ( $self, $cfgNum, @args ) = @_;`
WIP - Inherits Conf.pm (#1661) 2019-03-14 16:39:49 +01:00			`$self->SUPER::getConfByNum( $cfgNum, @args );`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`}`

Hide secret keys in diff.html 2019-04-01 14:42:25 +02:00			`sub viewDiff {`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`my ( $self, $req, @path ) = @_;`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00
			`# Check Diff activation rule`
			`unless ( $self->diffRule->( $req, $req->{userData} ) ) {`
			`my $user = $req->{userData}->{_whatToTrace} \|\| 'anonymous';`
Tidy 2020-02-20 23:34:02 +01:00			`$self->userLogger->warn(`
			`"$user is not authorized to compare configurations");`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00			`return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );`
			`}`

Hide secret keys in diff.html 2019-04-01 14:42:25 +02:00			`return $self->sendError( $req, 'to many arguments in path info', 400 )`
			`if (@path);`
			`my @cfgNum =`
			`( scalar( $req->param('conf1') ), scalar( $req->param('conf2') ) );`
			`my @conf;`
			`$self->logger->debug(" Loading confs");`

			`# Load the 2 configurations`
			`for ( my $i = 0 ; $i < 2 ; $i++ ) {`
			`if ( %{ $self->currentConf }`
			`and $cfgNum[$i] == $self->currentConf->{cfgNum} )`
			`{`
			`$conf[$i] = $self->currentConf;`
			`}`
			`else {`
			`$conf[$i] = $self->confAcc->getConf(`
			`{ cfgNum => $cfgNum[$i], raw => 1, noCache => 1 } );`
			`return $self->sendError(`
			`$req,`
			`"Configuration $cfgNum[$i] not available $Lemonldap::NG::Common::Conf::msg",`
			`400`
			`) unless ( $conf[$i] );`
			`}`
			`}`
			`require Lemonldap::NG::Manager::Conf::Diff;`
			`my @res =`
			`$self->Lemonldap::NG::Manager::Conf::Diff::diff( $conf[0], $conf[1] );`
Update parameter name (#1661) 2019-04-01 14:52:23 +02:00			`my $hiddenKeys = $self->{viewerHiddenKeys} \|\| '';`
Hide secret keys in diff.html 2019-04-01 14:42:25 +02:00			`$self->logger->debug("Deleting hidden Conf keys...");`
			`foreach ( split /\s+/, $hiddenKeys ) {`
			`$self->logger->debug("-> Delete $_");`
			`delete $res[0]->{$_};`
			`delete $res[1]->{$_};`
			`}`
			`return $self->sendJSONresponse( $req, [@res] );`
WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`}`

Allow to hide other keys (#1661) 2019-03-19 17:56:23 +01:00			`sub rejectKey {`
Merge branch 'v2.0' 2019-04-14 21:13:43 +02:00			`my ( $self, $req, @args ) = @_;`
Allow to hide other keys (#1661) 2019-03-19 17:56:23 +01:00			`return $self->sendJSONresponse( $req, { 'value' => '_Hidden_' } );`
			`}`

Merge branch 'v2.0' 2019-04-14 21:13:43 +02:00			`sub viewKey {`
			`my ( $self, $req, @args ) = @_;`
			`$self->logger->debug("Viewer requested URI -> $req->{env}->{REQUEST_URI}");`
Set Viewer options by using rules (#1661) 2019-04-21 11:26:08 +02:00
			`# Check Browser activation rule`
			`if ( $self->brwRule->( $req, $req->{userData} ) ) {`
Merge branch 'v2.0' 2019-04-14 21:13:43 +02:00			`$self->logger->debug(" No restriction");`
			`$self->SUPER::getKey( $req, @args );`
			`}`
			`else {`
			`if ( $req->{env}->{REQUEST_URI} =~ m%/view/(?:latest\|\d+/\w+)$% ) {`
			`$self->logger->debug(" $req->{env}->{REQUEST_URI} -> URI allowed");`
			`$self->SUPER::getKey( $req, @args );`
			`}`
			`else {`
			`$self->logger->debug(`
			`" $req->{env}->{REQUEST_URI} -> URI FORBIDDEN");`
			`my $user = $req->{userData}->{_whatToTrace} \|\| 'anonymous';`
Tidy 2020-02-20 23:34:02 +01:00			`$self->userLogger->warn(`
			`"$user is not authorized to browse configurations");`
Merge branch 'v2.0' 2019-04-14 21:13:43 +02:00			`$self->rejectKey( $req, @args );`
			`}`
			`}`
			`}`

WIP - Append relative files (#1661) 2019-03-12 16:33:09 +01:00			`1;`