Add a specific vhost for API (#2033, #2034)

Makefile

@@ -428,6 +428,7 @@ prepare_test_server:
 		ETCDEFAULTDIR=`pwd`/e2e-tests/conf/def
 	#@cp -f e2e-tests/index.* e2e-tests/conf/
 	@cp -f $(SRCMANAGERDIR)/site/htdocs/manager* e2e-tests/conf/manager
+	@cp -f $(SRCMANAGERDIR)/site/htdocs/api* e2e-tests/conf/manager
 	@cp -f $(SRCPORTALDIR)/site/htdocs/index* e2e-tests/conf/portal
 	@cp e2e-tests/persistent/5efe8af397fc3577e05b483aca964f1b e2e-tests/conf/persistents
 	@cp e2e-tests/saml-sp.xml e2e-tests/conf/site/saml-sp.xml

_example/etc/manager-apache2.4.conf

@@ -99,3 +99,76 @@
     # Uncomment this if site if you use SSL only
     #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
+
+# API virtual host (manager.__DNSDOMAIN__)
+<VirtualHost __VHOSTLISTEN__>
+    ServerName api.__DNSDOMAIN__
+    LogLevel notice
+    # See above to set LLNG user id in Apache logs
+    #CustomLog __APACHELOGDIR__/manager.log llng
+    #ErrorLog __APACHELOGDIR__/lm_err.log
+
+    # Uncomment this if you are running behind a reverse proxy and want
+    # LemonLDAP::NG to see the real IP address of the end user
+    # Adjust the settings to match the IP address of your reverse proxy
+    # and the header containing the original IP address
+    #
+    #RemoteIPHeader X-Forwarded-For
+    #RemoteIPInternalProxy 127.0.0.1
+
+
+    # FASTCGI CONFIGURATION
+    # ---------------------
+
+    # 1) URI management
+    RewriteEngine on
+
+    # For performances, you can delete the previous RewriteRule line after
+    # puttings html files: simply put the HTML results of differents modules
+    # (configuration, sessions, notifications) as manager.html, sessions.html,
+    # notifications.html and uncomment the 2 following lines:
+    # DirectoryIndex manager.html
+    # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+    # REST URLs
+    RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+    RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+    # 2) FastCGI engine
+
+    # You can choose any FastCGI system. Here is an example using mod_fcgid
+    # mod_fcgid configuration
+    FcgidMaxRequestLen 2000000
+    <Files *.fcgi>
+        SetHandler fcgid-script
+        Options +ExecCGI
+        header unset Lm-Remote-User
+    </Files>
+
+    # If you want to use mod_fastcgi, replace lines below by:
+    #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+    # GLOBAL CONFIGURATION
+    # --------------------
+
+    DocumentRoot __MANAGERSITEDIR__
+
+    <Location />
+        Require all granted
+
+        <IfModule mod_deflate.c>
+            AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+            SetOutputFilter DEFLATE
+            BrowserMatch ^Mozilla/4 gzip-only-text/html
+            BrowserMatch ^Mozilla/4\.0[678] no-gzip
+            BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+            SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        </IfModule>
+        <IfModule mod_headers.c>
+            Header append Vary User-Agent env=!dont-vary
+        </IfModule>
+    </Location>
+
+    # Uncomment this if site if you use SSL only
+    #Header set Strict-Transport-Security "max-age=15768000"
+</VirtualHost>

_example/etc/manager-apache2.X.conf

@@ -118,3 +118,83 @@
     # Uncomment this if site if you use SSL only
     #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
+
+# API virtual host (manager.__DNSDOMAIN__)
+<VirtualHost __VHOSTLISTEN__>
+    ServerName api.__DNSDOMAIN__
+    LogLevel notice
+    # See above to set LLNG user id in Apache logs
+    #CustomLog __APACHELOGDIR__/manager.log llng
+    #ErrorLog __APACHELOGDIR__/lm_err.log
+
+    # Uncomment this if you are running behind a reverse proxy and want
+    # LemonLDAP::NG to see the real IP address of the end user
+    # Adjust the settings to match the IP address of your reverse proxy
+    # and the header containing the original IP address
+    #
+    #RemoteIPHeader X-Forwarded-For
+    #RemoteIPInternalProxy 127.0.0.1
+
+
+    # FASTCGI CONFIGURATION
+    # ---------------------
+
+    # 1) URI management
+    RewriteEngine on
+
+    # For performances, you can delete the previous RewriteRule line after
+    # puttings html files: simply put the HTML results of differents modules
+    # (configuration, sessions, notifications) as manager.html, sessions.html,
+    # notifications.html and uncomment the 2 following lines:
+    # DirectoryIndex manager.html
+    # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+    # REST URLs
+    RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+    RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+    # 2) FastCGI engine
+
+    # You can choose any FastCGI system. Here is an example using mod_fcgid
+    # mod_fcgid configuration
+    FcgidMaxRequestLen 2000000
+    <Files *.fcgi>
+        SetHandler fcgid-script
+        Options +ExecCGI
+        header unset Lm-Remote-User
+    </Files>
+
+    # If you want to use mod_fastcgi, replace lines below by:
+    #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+    # GLOBAL CONFIGURATION
+    # --------------------
+
+    DocumentRoot __MANAGERSITEDIR__
+
+    <Location />
+        <IfVersion >= 2.3>
+            Require all granted
+        </IfVersion>
+        <IfVersion < 2.3>
+            Order Deny,Allow
+            Allow from all
+        </IfVersion>
+        Options +FollowSymLinks
+
+        <IfModule mod_deflate.c>
+            AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+            SetOutputFilter DEFLATE
+            BrowserMatch ^Mozilla/4 gzip-only-text/html
+            BrowserMatch ^Mozilla/4\.0[678] no-gzip
+            BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+            SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        </IfModule>
+        <IfModule mod_headers.c>
+            Header append Vary User-Agent env=!dont-vary
+        </IfModule>
+    </Location>
+
+    # Uncomment this if site if you use SSL only
+    #Header set Strict-Transport-Security "max-age=15768000"
+</VirtualHost>

_example/etc/manager-apache2.conf

@@ -102,3 +102,77 @@
     # Uncomment this if site if you use SSL only
     #Header set Strict-Transport-Security "max-age=15768000"
 </VirtualHost>
+
+# API virtual host (api.__DNSDOMAIN__)
+<VirtualHost __VHOSTLISTEN__>
+    ServerName api.__DNSDOMAIN__
+    LogLevel notice
+    # See above to set LLNG user id in Apache logs
+    #CustomLog __APACHELOGDIR__/manager.log llng
+    #ErrorLog __APACHELOGDIR__/lm_err.log
+
+    # Uncomment this if you are running behind a reverse proxy and want
+    # LemonLDAP::NG to see the real IP address of the end user
+    # Adjust the settings to match the IP address of your reverse proxy
+    # and the header containing the original IP address
+    #
+    #RemoteIPHeader X-Forwarded-For
+    #RemoteIPInternalProxy 127.0.0.1
+
+
+    # FASTCGI CONFIGURATION
+    # ---------------------
+
+    # 1) URI management
+    RewriteEngine on
+
+    # For performances, you can delete the previous RewriteRule line after
+    # puttings html files: simply put the HTML results of differents modules
+    # (configuration, sessions, notifications) as manager.html, sessions.html,
+    # notifications.html and uncomment the 2 following lines:
+    # DirectoryIndex manager.html
+    # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+    # REST URLs
+    RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+    RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
+
+    # 2) FastCGI engine
+
+    # You can choose any FastCGI system. Here is an example using mod_fcgid
+    # mod_fcgid configuration
+    FcgidMaxRequestLen 2000000
+    <Files *.fcgi>
+        SetHandler fcgid-script
+        Options +ExecCGI
+        header unset Lm-Remote-User
+    </Files>
+
+    # If you want to use mod_fastcgi, replace lines below by:
+    #FastCgiServer __MANAGERSITEDIR__/manager.fcgi
+
+    # GLOBAL CONFIGURATION
+    # --------------------
+
+    DocumentRoot __MANAGERSITEDIR__
+
+    <Location />
+        Order Deny,Allow
+       Allow from all
+
+        <IfModule mod_deflate.c>
+            AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+            SetOutputFilter DEFLATE
+            BrowserMatch ^Mozilla/4 gzip-only-text/html
+            BrowserMatch ^Mozilla/4\.0[678] no-gzip
+            BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+            SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+        </IfModule>
+        <IfModule mod_headers.c>
+            Header append Vary User-Agent env=!dont-vary
+        </IfModule>
+    </Location>
+
+    # Uncomment this if site if you use SSL only
+    #Header set Strict-Transport-Security "max-age=15768000"
+</VirtualHost>

lemonldap-ng-manager/MANIFEST

@@ -7,6 +7,9 @@ eg/manager.psgi
 KINEMATIC.md
 lib/Lemonldap/NG/Manager.pm
 lib/Lemonldap/NG/Manager/2ndFA.pm
+lib/Lemonldap/NG/Manager/Api.pm
+lib/Lemonldap/NG/Manager/Api/2F.pm
+lib/Lemonldap/NG/Manager/Api/Providers.pm
 lib/Lemonldap/NG/Manager/Attributes.pm
 lib/Lemonldap/NG/Manager/Build.pm
 lib/Lemonldap/NG/Manager/Build/Attributes.pm
@@ -40,6 +43,7 @@ site/coffee/notifications.coffee
 site/coffee/sessions.coffee
 site/coffee/viewDiff.coffee
 site/coffee/viewer.coffee
+site/htdocs/api.fcgi
 site/htdocs/manager.fcgi
 site/htdocs/manager.psgi
 site/htdocs/static/bwr/angular-animate/angular-animate.js
@@ -213,6 +217,7 @@ site/templates/viewDiff.tpl
 site/templates/viewer.tpl
 t/02-HTML-template.t
 t/03-HTML-forms.t
+t/04-hello-api.t
 t/05-rest-api.t
 t/06-rest-api.t
 t/07-utf8.t

lemonldap-ng-manager/site/htdocs/api.fcgi

@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+
+use Plack::Handler::FCGI;
+use Lemonldap::NG::Manager;
+
+# Roll your own
+my $server = Plack::Handler::FCGI->new();
+$server->run(
+    Lemonldap::NG::Manager->run(
+        { enabledModules => "api", protection => "none" }
+    )
+);