2017-02-11 08:47:22 +01:00
|
|
|
package Lemonldap::NG::Handler::Lib::PSGI;
|
2016-01-25 19:03:46 +01:00
|
|
|
|
2018-10-07 22:38:40 +02:00
|
|
|
#use 5.10.0;
|
2016-01-25 19:03:46 +01:00
|
|
|
use Mouse;
|
|
|
|
|
2016-03-17 23:19:44 +01:00
|
|
|
#use Lemonldap::NG::Handler::Main qw(:jailSharedVars);
|
|
|
|
|
|
|
|
our $VERSION = '2.0.0';
|
2016-01-25 19:03:46 +01:00
|
|
|
|
|
|
|
has protection => ( is => 'rw', isa => 'Str' );
|
2016-02-09 23:17:39 +01:00
|
|
|
has rule => ( is => 'rw', isa => 'Str' );
|
2016-03-17 23:19:44 +01:00
|
|
|
has api => ( is => 'rw', isa => 'Str' );
|
2016-01-25 19:03:46 +01:00
|
|
|
|
2016-01-30 13:26:14 +01:00
|
|
|
## @method boolean init($args)
|
|
|
|
# Initalize main handler
|
2016-01-25 19:03:46 +01:00
|
|
|
sub init {
|
|
|
|
my ( $self, $args ) = @_;
|
2017-02-13 12:58:39 +01:00
|
|
|
eval { $self->api->init($args) };
|
2016-04-04 10:39:26 +02:00
|
|
|
if ( $@ and not( $self->{protection} and $self->{protection} eq 'none' ) ) {
|
2016-01-25 19:03:46 +01:00
|
|
|
$self->error($@);
|
|
|
|
return 0;
|
|
|
|
}
|
2016-03-17 23:19:44 +01:00
|
|
|
unless ( $self->api->checkConf($self)
|
2016-01-25 19:03:46 +01:00
|
|
|
or $self->{protection} eq 'none' )
|
|
|
|
{
|
|
|
|
$self->error(
|
2016-07-25 11:49:55 +02:00
|
|
|
"Unable to protect this server ($Lemonldap::NG::Common::Conf::msg)"
|
|
|
|
);
|
2016-01-25 19:03:46 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2016-05-31 07:27:58 +02:00
|
|
|
eval { $self->portal( $self->api->tsv->{portal}->() ) };
|
2016-04-04 10:39:26 +02:00
|
|
|
my $rule =
|
|
|
|
$self->{protection} || $self->api->localConfig->{protection} || '';
|
2016-02-09 23:17:39 +01:00
|
|
|
$self->rule(
|
|
|
|
$rule eq 'authenticate' ? 1 : $rule eq 'manager' ? '' : $rule );
|
2016-01-25 19:03:46 +01:00
|
|
|
return 1;
|
2016-01-26 07:14:54 +01:00
|
|
|
}
|
2016-01-25 19:03:46 +01:00
|
|
|
|
2016-01-31 23:53:23 +01:00
|
|
|
## @methodi void _run()
|
2016-01-30 13:26:14 +01:00
|
|
|
# Check if protecton is activated then return a code ref that will launch
|
2016-02-11 07:00:35 +01:00
|
|
|
# _authAndTrace() if protection in on or handler() else
|
2016-01-31 23:53:23 +01:00
|
|
|
#@return code-ref
|
2016-01-25 19:03:46 +01:00
|
|
|
sub _run {
|
|
|
|
my $self = shift;
|
|
|
|
|
|
|
|
# Override _run() only if protection != 'none'
|
2016-03-17 23:19:44 +01:00
|
|
|
if ( !$self->rule or $self->rule ne 'none' ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('PSGI app is protected');
|
2016-01-25 19:03:46 +01:00
|
|
|
|
|
|
|
# Handle requests
|
|
|
|
# Developers, be careful: Only this part is executed at each request
|
|
|
|
return sub {
|
2016-01-26 07:14:54 +01:00
|
|
|
return $self->_authAndTrace(
|
|
|
|
Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
|
2016-01-25 19:03:46 +01:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('PSGI app is not protected');
|
2016-01-30 13:26:14 +01:00
|
|
|
|
|
|
|
# Check if main handler initialization has been done
|
2016-03-17 23:19:44 +01:00
|
|
|
unless ( $self->api->tsv ) {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('Checking conf');
|
2016-03-17 23:19:44 +01:00
|
|
|
eval { $self->api->checkConf() };
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error($@) if ($@);
|
2016-01-25 19:03:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Handle unprotected requests
|
|
|
|
return sub {
|
2016-02-01 10:59:07 +01:00
|
|
|
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
|
2016-02-11 07:00:35 +01:00
|
|
|
my $res = $self->handler($req);
|
2016-04-04 22:39:22 +02:00
|
|
|
push @{ $res->[1] }, @{ $req->{respHeaders} };
|
2016-02-01 10:59:07 +01:00
|
|
|
return $res;
|
2016-01-25 19:03:46 +01:00
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-11 13:09:53 +01:00
|
|
|
sub status {
|
2016-10-25 22:38:29 +02:00
|
|
|
my ( $class, $args ) = @_;
|
|
|
|
$args //= {};
|
|
|
|
my $self = $class->new($args);
|
2017-08-18 15:07:59 +02:00
|
|
|
$self->init($args);
|
2016-02-11 13:09:53 +01:00
|
|
|
|
|
|
|
# Check if main handler initialization has been done
|
2017-08-18 15:07:59 +02:00
|
|
|
unless ( %{ $self->api->tsv } ) {
|
2016-03-17 23:19:44 +01:00
|
|
|
eval { $self->api->checkConf() };
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error($@) if ($@);
|
2016-02-11 13:09:53 +01:00
|
|
|
}
|
|
|
|
return sub {
|
2016-02-14 08:48:41 +01:00
|
|
|
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
|
2016-03-17 23:19:44 +01:00
|
|
|
$self->api->status($req);
|
2016-04-04 22:39:22 +02:00
|
|
|
return [ 200, [ @{ $req->{respHeaders} } ], [ $req->{respBody} ] ];
|
2016-02-11 13:09:53 +01:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2016-10-25 22:38:29 +02:00
|
|
|
sub reload {
|
|
|
|
my ( $class, $args ) = @_;
|
|
|
|
$args //= {};
|
|
|
|
my $self = $class->new($args);
|
2017-08-18 15:07:59 +02:00
|
|
|
$self->init($args);
|
2016-10-25 22:38:29 +02:00
|
|
|
|
|
|
|
# Check if main handler initialization has been done
|
2017-08-18 15:07:59 +02:00
|
|
|
unless ( %{ $self->api->tsv } ) {
|
2016-10-25 22:38:29 +02:00
|
|
|
eval { $self->api->checkConf() };
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->error($@) if ($@);
|
2016-10-25 22:38:29 +02:00
|
|
|
}
|
|
|
|
return sub {
|
|
|
|
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
|
|
|
|
$self->api->reload($req);
|
|
|
|
return [ 200, [ @{ $req->{respHeaders} } ], [ $req->{respBody} ] ];
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
2016-01-30 13:26:14 +01:00
|
|
|
## @method private PSGI-Response _authAndTrace($req)
|
2016-03-17 23:19:44 +01:00
|
|
|
# Launch $self->api::run() and then handler() if
|
2016-01-30 13:26:14 +01:00
|
|
|
# response is 200.
|
2016-01-26 07:14:54 +01:00
|
|
|
sub _authAndTrace {
|
2016-04-05 13:12:53 +02:00
|
|
|
my ( $self, $req, $noCall ) = @_;
|
2017-02-08 23:18:52 +01:00
|
|
|
|
|
|
|
# TODO: handle types
|
2017-02-11 17:19:25 +01:00
|
|
|
my $type = $self->api->checkType($req);
|
|
|
|
if ( my $t = $req->env->{VHOSTTYPE} ) {
|
|
|
|
$type = $t;
|
|
|
|
}
|
|
|
|
my $tmp = $self->api;
|
|
|
|
$tmp =~ s/::\w+$/::/;
|
|
|
|
$type = $tmp . $type;
|
|
|
|
eval "require $type";
|
|
|
|
die $@ if ($@);
|
2017-02-11 08:47:22 +01:00
|
|
|
my ( $res, $session ) = $type->run( $req, $self->{rule} );
|
|
|
|
$self->portal( $type->tsv->{portal}->() );
|
2016-08-02 15:52:29 +02:00
|
|
|
$req->userData($session) if ($session);
|
2016-01-26 07:14:54 +01:00
|
|
|
|
|
|
|
if ( $res < 300 ) {
|
2016-04-05 13:12:53 +02:00
|
|
|
if ($noCall) {
|
|
|
|
return [ $res, $req->{respHeaders}, [] ];
|
|
|
|
}
|
|
|
|
else {
|
2017-02-15 07:41:50 +01:00
|
|
|
$self->logger->debug('User authenticated, calling handler()');
|
2016-04-05 13:12:53 +02:00
|
|
|
$res = $self->handler($req);
|
2018-05-22 12:22:52 +02:00
|
|
|
|
|
|
|
# Insert respHeaders in response only if not already set
|
|
|
|
my %hdr1 = @{ $res->[1] };
|
|
|
|
my %hdr2 = @{ $req->{respHeaders} };
|
|
|
|
foreach ( keys %hdr2 ) {
|
|
|
|
unless ( $hdr1{$_} and $hdr2{$_} eq $hdr1{$_} ) {
|
|
|
|
push @{ $res->[1] }, ( $_ => $hdr2{$_} );
|
|
|
|
}
|
|
|
|
}
|
2016-04-05 13:12:53 +02:00
|
|
|
}
|
2016-02-25 09:12:00 +01:00
|
|
|
return $res;
|
2016-01-26 07:14:54 +01:00
|
|
|
}
|
2016-12-16 17:21:20 +01:00
|
|
|
elsif ( $res < 400 ) {
|
|
|
|
return [ $res, $req->{respHeaders}, [] ];
|
|
|
|
}
|
2016-01-26 07:14:54 +01:00
|
|
|
else {
|
2016-04-04 22:39:22 +02:00
|
|
|
my %h = $req->{respHeaders} ? @{ $req->{respHeaders} } : ();
|
2018-12-15 20:31:05 +01:00
|
|
|
my $s = $type->tsv->{portal}->() . "/lmerror/$res";
|
2016-01-26 07:14:54 +01:00
|
|
|
$s =
|
|
|
|
'<html><head><title>Redirection</title></head><body>'
|
|
|
|
. qq{<script type="text/javascript">window.location='$s'</script>}
|
|
|
|
. '<h1>Please wait</h1>'
|
|
|
|
. qq{<p>An error occurs, you're going to be redirected to <a href="$s">$s</a>.</p>}
|
|
|
|
. '</body></html>';
|
|
|
|
$h{'Content-Type'} = 'text/html';
|
|
|
|
$h{'Content-Length'} = length $s;
|
|
|
|
return [ $res, [%h], [$s] ];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-25 19:03:46 +01:00
|
|
|
## @method hashRef user()
|
2018-07-05 22:56:16 +02:00
|
|
|
# @return hash of user data
|
2016-01-25 19:03:46 +01:00
|
|
|
sub user {
|
|
|
|
my ( $self, $req ) = @_;
|
2016-07-25 11:49:55 +02:00
|
|
|
return $req->userData
|
|
|
|
|| { $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
|
|
|
|| _whatToTrace => 'anonymous' };
|
2016-01-25 19:03:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
## @method string userId()
|
|
|
|
# @return user identifier to log
|
|
|
|
sub userId {
|
|
|
|
my ( $self, $req ) = @_;
|
2016-07-25 11:49:55 +02:00
|
|
|
return $req->userData->{ $Lemonldap::NG::Handler::Main::tsv->{whatToTrace}
|
|
|
|
|| '_whatToTrace' }
|
|
|
|
|| 'anonymous';
|
2016-01-25 19:03:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
## @method boolean group(string group)
|
|
|
|
# @param $group name of the Lemonldap::NG group to test
|
|
|
|
# @return boolean : true if user is in this group
|
|
|
|
sub group {
|
|
|
|
my ( $self, $req, $group ) = @_;
|
|
|
|
return () unless ( $req->userData->{groups} );
|
|
|
|
return ( $req->userData->{groups} =~ /\b$group\b/ );
|
|
|
|
}
|
|
|
|
|
|
|
|
## @method PSGI::Response sendError($req,$err,$code)
|
|
|
|
# Add user di to $err before calling Lemonldap::NG::Common::PSGI::sendError()
|
|
|
|
# @param $req Lemonldap::NG::Common::PSGI::Request
|
|
|
|
# @param $err String to push
|
|
|
|
# @code int HTTP error code (default to 500)
|
|
|
|
sub sendError {
|
|
|
|
my ( $self, $req, $err, $code ) = @_;
|
|
|
|
$err ||= $req->error;
|
2018-03-18 14:26:45 +01:00
|
|
|
$self->userLogger->warn( '[' . $self->userId($req) . "] $err" );
|
2016-01-25 19:03:46 +01:00
|
|
|
return $self->Lemonldap::NG::Common::PSGI::sendError( $req, $err, $code );
|
|
|
|
}
|
2016-01-30 13:26:14 +01:00
|
|
|
|
2016-01-25 19:03:46 +01:00
|
|
|
1;
|