2015-05-14 08:44:38 +02:00
|
|
|
package Lemonldap::NG::Handler::PSGI;
|
|
|
|
|
|
|
|
use 5.10.0;
|
|
|
|
use Mouse;
|
2015-07-24 09:23:57 +02:00
|
|
|
use Lemonldap::NG::Handler::SharedConf qw(:tsv :variables :jailSharedVars);
|
2015-05-14 08:44:38 +02:00
|
|
|
extends 'Lemonldap::NG::Common::PSGI::Router';
|
|
|
|
|
2015-12-18 10:31:36 +01:00
|
|
|
our $VERSION = '1.9.0';
|
2015-05-14 08:44:38 +02:00
|
|
|
|
2015-12-25 11:46:11 +01:00
|
|
|
has protection => ( is => 'rw', isa => 'Str' );
|
|
|
|
|
2015-05-14 08:44:38 +02:00
|
|
|
around init => sub {
|
|
|
|
my ( $method, $self, $args ) = splice @_;
|
2015-06-10 22:40:26 +02:00
|
|
|
Lemonldap::NG::Handler::SharedConf->init($self);
|
2015-12-21 12:16:10 +01:00
|
|
|
Lemonldap::NG::Handler::SharedConf->checkConf($self);
|
2015-05-14 08:44:38 +02:00
|
|
|
return $self->$method($args);
|
|
|
|
};
|
|
|
|
|
|
|
|
sub _run {
|
|
|
|
my $self = shift;
|
|
|
|
my $rule = $self->{protection} || $localConfig->{protection};
|
|
|
|
if ( $rule ne 'none' ) {
|
|
|
|
$rule =
|
|
|
|
$rule eq "authenticate" ? "accept" : $rule eq "manager" ? "" : $rule;
|
|
|
|
return sub {
|
|
|
|
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
|
|
|
|
Lemonldap::NG::Handler::API->newRequest($req);
|
|
|
|
my $res = Lemonldap::NG::Handler::SharedConf->run($rule);
|
2015-12-10 13:28:07 +01:00
|
|
|
$req->userData($datas) if ($datas);
|
2015-05-14 08:44:38 +02:00
|
|
|
|
|
|
|
# TODO: Userdata
|
|
|
|
#print STDERR Dumper( \@_, $res ); use Data::Dumper;
|
|
|
|
if ( $res == 403 ) {
|
|
|
|
return [
|
|
|
|
403,
|
|
|
|
[ 'Content-Type' => 'text/plain' ],
|
|
|
|
["You don't have rights to access this page"]
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
# Ajax hook: Ajax requests can not understand 30x responses. This
|
|
|
|
# is not really HTTP compliant but nothing in this
|
|
|
|
# protocol can do this. Our javascript understand that
|
|
|
|
# it has to prompt user with the URL
|
|
|
|
elsif (
|
|
|
|
( $res == 302 or $res == 303 )
|
2015-06-10 22:40:26 +02:00
|
|
|
and (
|
|
|
|
$req->accept =~ m|application/json|
|
|
|
|
or ( $req->contentType
|
|
|
|
and $req->contentType =~ m|application/json| )
|
|
|
|
)
|
2015-05-14 08:44:38 +02:00
|
|
|
)
|
|
|
|
{
|
|
|
|
return [
|
|
|
|
401, [ Authorization => $req->{respHeaders}->{Location} ],
|
|
|
|
['']
|
|
|
|
];
|
|
|
|
}
|
|
|
|
elsif ($res) {
|
|
|
|
return [ $res, [ %{ $req->{respHeaders} } ], [''] ];
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return $self->router($req);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
eval { Lemonldap::NG::Handler::SharedConf->checkConf() } unless (%$tsv);
|
|
|
|
$self->lmLog( $@, 'error' ) if ($@);
|
|
|
|
return sub {
|
|
|
|
|
|
|
|
#print STDERR Dumper(\@_);use Data::Dumper;
|
|
|
|
$self->router( Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
|
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-24 09:23:57 +02:00
|
|
|
## @method hashRef user()
|
|
|
|
# @return hash of user datas
|
|
|
|
sub user {
|
2015-07-27 23:15:14 +02:00
|
|
|
my ( $self, $req ) = splice @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return $req->userData || { _whatToTrace => 'anonymous' };
|
2015-07-24 09:23:57 +02:00
|
|
|
}
|
|
|
|
|
2015-07-26 14:18:16 +02:00
|
|
|
## @method string userId()
|
|
|
|
# @return user identifier to log
|
|
|
|
sub userId {
|
2015-07-27 23:15:14 +02:00
|
|
|
my ( $self, $req ) = splice @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return $req->userData->{_whatToTrace} || 'anonymous';
|
2015-07-26 14:18:16 +02:00
|
|
|
}
|
|
|
|
|
2015-07-24 09:23:57 +02:00
|
|
|
## @method boolean group(string group)
|
|
|
|
# @param $group name of the Lemonldap::NG group to test
|
|
|
|
# @return boolean : true if user is in this group
|
|
|
|
sub group {
|
2015-07-27 23:15:14 +02:00
|
|
|
my ( $self, $req, $group ) = splice @_;
|
2015-12-10 13:28:07 +01:00
|
|
|
return () unless ( $req->userData->{groups} );
|
2015-07-27 23:15:14 +02:00
|
|
|
return ( $req->userData->{groups} =~ /\b$group\b/ );
|
2015-07-24 09:23:57 +02:00
|
|
|
}
|
|
|
|
|
2015-12-10 13:28:07 +01:00
|
|
|
## @method PSGI::Response sendError($req,$err,$code)
|
|
|
|
# Add user di to $err before calling Lemonldap::NG::Common::PSGI::sendError()
|
|
|
|
# @param $req Lemonldap::NG::Common::PSGI::Request
|
|
|
|
# @param $err String to push
|
|
|
|
# @code int HTTP error code (default to 500)
|
|
|
|
sub sendError {
|
|
|
|
my ( $self, $req, $err, $code ) = splice @_;
|
|
|
|
$err ||= $req->error;
|
|
|
|
$err = '[' . $self->userId($req) . "] $err";
|
|
|
|
return $self->SUPER::sendError( $req, $err, $code );
|
|
|
|
}
|
|
|
|
|
2015-05-14 08:44:38 +02:00
|
|
|
1;
|
2015-12-25 11:46:11 +01:00
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
=encoding utf8
|
|
|
|
|
|
|
|
Lemonldap::NG::Handler::PSGI - Base library for protected REST APIs of
|
|
|
|
Lemonldap::NG.
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
package My::PSGI;
|
|
|
|
|
|
|
|
use base Lemonldap::NG::Handler;
|
|
|
|
|
|
|
|
sub init {
|
|
|
|
my ($self,$args) = splice @_;
|
|
|
|
$self->protection('manager');
|
|
|
|
# See Lemonldap::NG::Common::PSGI for more
|
|
|
|
|
|
|
|
# Declare REST routes (could be HTML templates or methods)
|
|
|
|
$self->addRoute ( 'index.html', undef, ['GET'] )
|
|
|
|
->addRoute ( books => { ':book' => 'booksMethod' }, ['GET', 'POST'] );
|
|
|
|
|
|
|
|
# Default route (ie: PATH_INFO == '/')
|
|
|
|
$self->defaultRoute('index.html');
|
|
|
|
|
|
|
|
# Return a boolean. If false, then error message has to be stored in
|
|
|
|
# $self->error
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sub booksMethod {
|
|
|
|
my ( $self, $req, @otherPathInfo ) = splice @_;
|
|
|
|
|
|
|
|
# Will be called only if authorisated
|
|
|
|
my $userId = $self->userId;
|
|
|
|
my $book = $req->params('book');
|
|
|
|
my $method = $req->method;
|
|
|
|
...
|
|
|
|
$self->sendJSONresponse(...);
|
|
|
|
}
|
|
|
|
|
|
|
|
This package could then be called as a CGI, using FastCGI,...
|
|
|
|
|
|
|
|
#!/usr/bin/env perl
|
|
|
|
|
|
|
|
use My::PSGI;
|
|
|
|
use Plack::Handler::FCGI; # or Plack::Handler::CGI
|
|
|
|
|
|
|
|
Plack::Handler::FCGI->new->run( My::PSGI->run() );
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
This package provides base class for Lemonldap::NG protected REST API.
|
|
|
|
|
|
|
|
=head1 METHODS
|
|
|
|
|
|
|
|
See L<Lemonldap::NG::Common::PSGI> for logging methods, content sending,...
|
|
|
|
|
|
|
|
=head2 Accessors
|
|
|
|
|
|
|
|
See L<Lemonldap::NG::Common::PSGI::Router> for inherited accessors.
|
|
|
|
|
|
|
|
=head3 protection
|
|
|
|
|
|
|
|
Level of protection. It can be one of:
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item 'none': no protection
|
|
|
|
|
|
|
|
=item 'authenticate': all authenticated users are granted
|
|
|
|
|
|
|
|
=item 'manager': access is granted following Lemonldap::NG rules
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head2 Running methods
|
|
|
|
|
|
|
|
=head3 user
|
|
|
|
|
|
|
|
Returns user session datas. If empty (no protection), returns:
|
|
|
|
|
|
|
|
{ _whatToTrace => 'anonymous' }
|
|
|
|
|
|
|
|
But if page is protected by server (Auth-Basic,...), it will return:
|
|
|
|
|
|
|
|
{ _whatToTrace => $REMOTE_USER }
|
|
|
|
|
|
|
|
=head3 UserId
|
|
|
|
|
|
|
|
Returns user()->{'_whatToTrace'}.
|
|
|
|
|
|
|
|
=head3 group
|
|
|
|
|
|
|
|
Returns a list of groups to which user belongs.
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<http://lemonldap-ng.org/>, L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Handler>,
|
|
|
|
L<Plack>, L<PSGI>, L<Lemonldap::NG::Common::PSGI::Router>,
|
|
|
|
L<Lemonldap::NG::Common::PSGI::Request>, L<HTML::Template>,
|
|
|
|
|
|
|
|
=head1 AUTHORS
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
|
|
|
|
|
|
|
|
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
|
|
|
|
|
|
|
|
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=item Thomas Chemineau, E<lt>thomas.chemineau@gmail.comE<gt>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 BUG REPORT
|
|
|
|
|
|
|
|
Use OW2 system to report bug or ask for features:
|
|
|
|
L<http://jira.ow2.org>
|
|
|
|
|
|
|
|
=head1 DOWNLOAD
|
|
|
|
|
|
|
|
Lemonldap::NG is available at
|
|
|
|
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
|
|
|
|
|
|
|
|
=head1 COPYRIGHT AND LICENSE
|
|
|
|
|
|
|
|
=over
|
|
|
|
|
|
|
|
=item Copyright (C) 2015 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
|
|
any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program. If not, see L<http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
=cut
|