2017-02-22 07:35:19 +01:00
|
|
|
package Lemonldap::NG::Handler::Lib::DevOps;
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
use Lemonldap::NG::Common::UserAgent;
|
|
|
|
use JSON qw(from_json);
|
|
|
|
|
2021-09-20 16:00:52 +02:00
|
|
|
our $VERSION = '2.0.14';
|
2017-02-22 07:35:19 +01:00
|
|
|
our $_ua;
|
|
|
|
|
|
|
|
sub ua {
|
|
|
|
return $_ua if ($_ua);
|
|
|
|
return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
|
|
|
|
}
|
|
|
|
|
2020-11-02 12:29:25 +01:00
|
|
|
sub checkMaintenanceMode {
|
|
|
|
my ( $class, $req ) = @_;
|
|
|
|
my $vhost = $class->resolveAlias($req);
|
2017-02-22 07:35:19 +01:00
|
|
|
$class->tsv->{lastVhostUpdate} //= {};
|
2021-02-05 19:38:13 +01:00
|
|
|
$class->_loadVhostConfig( $req, $vhost )
|
|
|
|
unless (
|
2018-06-15 19:00:14 +02:00
|
|
|
$class->tsv->{defaultCondition}->{$vhost}
|
|
|
|
and (
|
|
|
|
time() - $class->tsv->{lastVhostUpdate}->{$vhost} <
|
2021-04-24 16:04:23 +02:00
|
|
|
$class->checkTime )
|
2021-02-05 19:38:13 +01:00
|
|
|
);
|
|
|
|
|
2020-11-02 12:29:25 +01:00
|
|
|
return $class->Lemonldap::NG::Handler::Main::checkMaintenanceMode($req);
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
|
|
|
|
2021-02-05 19:38:13 +01:00
|
|
|
sub _loadVhostConfig {
|
2017-03-28 23:07:49 +02:00
|
|
|
my ( $class, $req, $vhost ) = @_;
|
2021-09-20 21:27:31 +02:00
|
|
|
my ( $json, $rUrl, $rVhost );
|
2017-02-22 23:16:43 +01:00
|
|
|
if ( $class->tsv->{useSafeJail} ) {
|
2021-10-01 22:59:30 +02:00
|
|
|
if ( $req->env->{RULES_URL} || $class->tsv->{devOpsRulesUrl}->{$vhost} )
|
|
|
|
{
|
|
|
|
$rUrl = $req->{env}->{RULES_URL}
|
|
|
|
|| $class->tsv->{devOpsRulesUrl}->{$vhost};
|
|
|
|
$rVhost = ( $rUrl =~ m#^https?://([^/]*).*# )[0];
|
2021-09-20 16:00:52 +02:00
|
|
|
$rVhost =~ s/:\d+$//;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$rUrl =
|
|
|
|
( $class->localConfig->{loopBackUrl}
|
|
|
|
|| "http://127.0.0.1:" . $req->{env}->{SERVER_PORT} )
|
|
|
|
. '/rules.json';
|
|
|
|
$rVhost = $vhost;
|
|
|
|
}
|
2021-09-20 21:27:31 +02:00
|
|
|
|
2021-10-01 22:59:30 +02:00
|
|
|
$class->logger->debug("Try to retrieve rules file from $rUrl");
|
2018-05-08 10:04:08 +02:00
|
|
|
my $get = HTTP::Request->new( GET => $rUrl );
|
2021-09-20 21:27:31 +02:00
|
|
|
$class->logger->debug("Set Host header with $rVhost");
|
2021-09-20 16:00:52 +02:00
|
|
|
$get->header( Host => $rVhost );
|
2017-03-28 23:07:49 +02:00
|
|
|
my $resp = $class->ua->request($get);
|
2017-02-22 23:16:43 +01:00
|
|
|
if ( $resp->is_success ) {
|
2021-10-01 22:59:30 +02:00
|
|
|
$class->logger->debug('Response is success');
|
2022-02-16 17:43:29 +01:00
|
|
|
eval { $json = from_json( $resp->content, { allow_nonref => 1 } ); };
|
2017-02-22 23:16:43 +01:00
|
|
|
if ($@) {
|
2021-10-01 22:59:30 +02:00
|
|
|
$class->logger->debug('Bad json file received');
|
|
|
|
$class->logger->error(
|
|
|
|
"Bad rules file retrieved from $rUrl for $vhost, skipping ($@)"
|
2021-09-23 22:26:28 +02:00
|
|
|
);
|
2017-02-22 23:16:43 +01:00
|
|
|
}
|
2017-03-28 23:07:49 +02:00
|
|
|
else {
|
2021-10-01 22:59:30 +02:00
|
|
|
$class->logger->debug('Good json file received');
|
2021-09-23 22:26:28 +02:00
|
|
|
$class->logger->info(
|
2021-10-01 22:59:30 +02:00
|
|
|
"Compiling rules retrieved from $rUrl for $vhost");
|
2017-03-28 23:07:49 +02:00
|
|
|
}
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
2021-10-23 21:24:55 +02:00
|
|
|
else {
|
2021-11-18 21:49:46 +01:00
|
|
|
$class->logger->error(
|
|
|
|
"Unable to retrieve rules file from $rUrl -> "
|
2021-10-23 21:24:55 +02:00
|
|
|
. $resp->status_line );
|
|
|
|
$class->logger->info("Default rule and header are employed");
|
|
|
|
}
|
2017-02-22 07:35:19 +01:00
|
|
|
}
|
2017-02-22 23:16:43 +01:00
|
|
|
else {
|
|
|
|
$class->logger->error(
|
2021-09-20 21:27:31 +02:00
|
|
|
q"I refuse to compile 'rules.json' when useSafeJail isn't activated! Yes I know, I'm a coward..."
|
2017-02-22 23:16:43 +01:00
|
|
|
);
|
|
|
|
}
|
2017-02-22 07:35:19 +01:00
|
|
|
$json->{rules} ||= { default => 1 };
|
|
|
|
$json->{headers} //= { 'Auth-User' => '$uid' };
|
2021-02-05 19:38:13 +01:00
|
|
|
|
2021-11-18 21:49:46 +01:00
|
|
|
# Removed hidden session attributes
|
|
|
|
foreach my $v ( split /[,\s]+/, $class->tsv->{hiddenAttributes} ) {
|
2021-02-05 19:38:13 +01:00
|
|
|
foreach ( keys %{ $json->{headers} } ) {
|
|
|
|
delete $json->{headers}->{$_}
|
|
|
|
if $json->{headers}->{$_} eq '$' . $v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-02-12 19:22:24 +01:00
|
|
|
$class->logger->debug("DevOps handler called by $vhost");
|
2017-02-22 07:35:19 +01:00
|
|
|
$class->locationRulesInit( undef, { $vhost => $json->{rules} } );
|
2022-02-16 17:43:29 +01:00
|
|
|
$class->headersInit( undef, { $vhost => $json->{headers} } );
|
2017-02-22 09:12:55 +01:00
|
|
|
$class->tsv->{lastVhostUpdate}->{$vhost} = time;
|
2022-01-12 14:34:05 +01:00
|
|
|
$class->tsv->{https}->{$vhost} = uc $req->env->{HTTPS_REDIRECT} eq 'ON'
|
|
|
|
if exists $req->env->{HTTPS_REDIRECT};
|
|
|
|
$class->tsv->{port}->{$vhost} = $req->env->{PORT_REDIRECT}
|
|
|
|
if exists $req->env->{PORT_REDIRECT};
|
2021-02-05 19:38:13 +01:00
|
|
|
|
2017-02-22 07:35:19 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
1;
|