2017-02-22 07:35:19 +01:00
|
|
|
package Lemonldap::NG::Handler::Lib::DevOps;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Common::UserAgent;
|
|
|
|
use JSON qw(from_json);
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
|
|
|
|
|
|
|
our $_ua;
|
|
|
|
|
|
|
|
our $time;
|
|
|
|
|
|
|
|
sub ua {
|
|
|
|
return $_ua if ($_ua);
|
|
|
|
return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
|
|
|
|
}
|
|
|
|
|
|
|
|
sub grant {
|
2017-03-28 23:07:49 +02:00
|
|
|
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
|
|
|
|
$vhost ||= $class->resolveAlias($req);
|
2017-02-22 07:35:19 +01:00
|
|
|
$class->tsv->{lastVhostUpdate} //= {};
|
2018-06-15 19:00:14 +02:00
|
|
|
unless (
|
|
|
|
$class->tsv->{defaultCondition}->{$vhost}
|
|
|
|
and (
|
|
|
|
time() - $class->tsv->{lastVhostUpdate}->{$vhost} <
|
|
|
|
$class->tsv->{checkTime} )
|
|
|
|
)
|
2017-02-22 07:35:19 +01:00
|
|
|
{
|
2017-03-28 23:07:49 +02:00
|
|
|
$class->loadVhostConfig( $req, $vhost );
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
2017-03-28 23:07:49 +02:00
|
|
|
return $class->Lemonldap::NG::Handler::Main::grant( $req, $session, $uri,
|
|
|
|
$cond, $vhost );
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
sub loadVhostConfig {
|
2017-03-28 23:07:49 +02:00
|
|
|
my ( $class, $req, $vhost ) = @_;
|
2017-02-22 07:35:19 +01:00
|
|
|
my $json;
|
2017-02-22 23:16:43 +01:00
|
|
|
if ( $class->tsv->{useSafeJail} ) {
|
2018-05-08 10:04:08 +02:00
|
|
|
my $rUrl = $req->{env}->{RULES_URL}
|
|
|
|
|| (
|
|
|
|
(
|
|
|
|
$class->localConfig->{loopBackUrl}
|
|
|
|
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT}
|
|
|
|
)
|
|
|
|
. '/rules.json'
|
|
|
|
);
|
|
|
|
my $get = HTTP::Request->new( GET => $rUrl );
|
2017-03-28 23:07:49 +02:00
|
|
|
$get->header( Host => $vhost );
|
|
|
|
my $resp = $class->ua->request($get);
|
2017-02-22 23:16:43 +01:00
|
|
|
if ( $resp->is_success ) {
|
2018-05-08 10:04:08 +02:00
|
|
|
eval {
|
|
|
|
$json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
2017-02-22 23:16:43 +01:00
|
|
|
if ($@) {
|
|
|
|
$class->logger->error(
|
|
|
|
"Bad rules.json for $vhost, skipping ($@)");
|
|
|
|
}
|
2017-03-28 23:07:49 +02:00
|
|
|
else {
|
|
|
|
$class->logger->info("Compiling rules.json for $vhost");
|
|
|
|
}
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
|
|
|
}
|
2017-02-22 23:16:43 +01:00
|
|
|
else {
|
|
|
|
$class->logger->error(
|
|
|
|
q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
|
|
|
);
|
|
|
|
}
|
2017-02-22 07:35:19 +01:00
|
|
|
$json->{rules} ||= { default => 1 };
|
|
|
|
$json->{headers} //= { 'Auth-User' => '$uid' };
|
|
|
|
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
|
|
|
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
2017-02-22 09:12:55 +01:00
|
|
|
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
2017-02-22 07:35:19 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|