dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Split Handler::PSGI in 2 : classic and router

Browse Source
This commit is contained in:
Xavier Guimard 2016-01-25 18:03:46 +00:00
parent 28d1450760
commit 2568201eca
7 changed files with 338 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lemonldap-ng-handler/MANIFEST
View File

@ -18,6 +18,8 @@ lib/Lemonldap/NG/Handler/Main/Logger.pm
lib/Lemonldap/NG/Handler/Menu.pm
lib/Lemonldap/NG/Handler/Proxy.pm
lib/Lemonldap/NG/Handler/PSGI.pm
lib/Lemonldap/NG/Handler/PSGI/Base.pm
lib/Lemonldap/NG/Handler/PSGI/Router.pm
lib/Lemonldap/NG/Handler/Reload.pm
lib/Lemonldap/NG/Handler/SharedConf.pm
lib/Lemonldap/NG/Handler/Specific/AuthBasic.pm

2
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API.pm
View File

@ -43,7 +43,7 @@ sub AUTOLOAD {
# - Apache (modperl1),
# - Nginx
$mode ||=
( caller(6) and ( caller(6) )[0] eq 'Lemonldap::NG::Handler::PSGI' )
( caller(6) and ( caller(6) )[0] =~ /Lemonldap::NG::Handler::PSGI/ )
? 'PSGI'
: $ENV{GATEWAY_INTERFACE} ? 'CGI'
: ( MP == 2 ) ? 'ApacheMP2'

166
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm
View File

@ -2,152 +2,16 @@ package Lemonldap::NG::Handler::PSGI;
use 5.10.0;
use Mouse;
use Lemonldap::NG::Handler::SharedConf qw(:tsv :variables :jailSharedVars);
extends 'Lemonldap::NG::Common::PSGI::Router';
extends 'Lemonldap::NG::Handler::PSGI::Base',
'Lemonldap::NG::Common::PSGI';
our $VERSION = '1.9.0';
has protection => ( is => 'rw', isa => 'Str' );
sub init {
my ( $self, $args ) = @_;
my $tmp = $self->SUPER::init($args);
return 0 unless($tmp);
eval { Lemonldap::NG::Handler::SharedConf->init($self) };
if ( $@ and not $self->{protection} eq 'none' ) {
$self->error($@);
return 0;
}
unless ( Lemonldap::NG::Handler::SharedConf->checkConf($self)
or $self->{protection} eq 'none' )
{
$self->error(
"Unable to protect this app ($Lemonldap::NG::Common::Conf::msg)");
return 0;
}
return 1;
};
sub _run {
my $self = shift;
# Override _run() only if protection != 'none'
my $rule = $self->{protection} || $localConfig->{protection};
if ( $rule ne 'none' ) {
$self->lmLog( 'PSGI app is protected', 'debug' );
$rule =
$rule eq "authenticate" ? "accept" : $rule eq "manager" ? "" : $rule;
# Handle requests
# Developers, be careful: Only this part is executed at each request
return sub {
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
Lemonldap::NG::Handler::API->newRequest($req);
my $res = Lemonldap::NG::Handler::SharedConf->run($rule);
$req->userData($datas) if ($datas);
if ( $res < 300 ) {
$self->lmLog( 'User authenticated, calling router()', 'debug' );
return $self->router($req);
}
# Ajax hook: Ajax requests can not understand 30x responses. This
# is not really HTTP compliant but nothing in this
# protocol can do this. Our javascripts understand that
# they have to prompt user with the URL
elsif (
$req->accept =~ m|application/json|
or ( $req->contentType
and $req->contentType =~ m|application/json| )
)
{
$self->lmLog( 'Ajax request detected', 'debug' );
if ( $res == 302 or $res == 303 ) {
$self->lmLog( 'Rewrite redirection to 401 response',
'debug' );
return [
401,
[ Authorization => $req->{respHeaders}->{Location} ],
['']
];
}
else {
$self->lmLog(
"Lemonldap::NG::Handler::SharedConf::run() returns $res",
'debug'
);
return [
$res, [ 'Content-Type', 'application/json' ],
[qq({"error":"$res"})]
];
}
}
# Non Ajax requests may be redirected to portal
else {
my %h = $req->{respHeaders} ? %{ $req->{respHeaders} } : ();
my $s = $tsv->{portal}->() . "?lmError=$res";
$s =
'<html><head><title>Redirection</title></head><body>'
. qq{<script type="text/javascript">window.location='$s'</script>}
. '<h1>Please wait</h1>'
. qq{<p>An error occurs, you're going to be redirected to <a href="$s">$s</a>.</p>}
. '</body></html>';
$h{'Content-Type'} = 'text/html';
$h{'Content-Length'} = length $s;
return [ $res, [%h], [$s] ];
}
};
}
else {
$self->lmLog( 'PSGI app is not protected', 'debug' );
unless (%$tsv) {
$self->lmLog( 'Checking conf', 'debug' );
eval { Lemonldap::NG::Handler::SharedConf->checkConf() };
$self->lmLog( $@, 'error' ) if ($@);
}
# Handle unprotected requests
return sub {
$self->router( Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
};
}
}
## @method hashRef user()
# @return hash of user datas
sub user {
my ( $self, $req ) = @_;
return $req->userData || { _whatToTrace => 'anonymous' };
}
## @method string userId()
# @return user identifier to log
sub userId {
my ( $self, $req ) = @_;
return $req->userData->{_whatToTrace} || 'anonymous';
}
## @method boolean group(string group)
# @param $group name of the Lemonldap::NG group to test
# @return boolean : true if user is in this group
sub group {
my ( $self, $req, $group ) = @_;
return () unless ( $req->userData->{groups} );
return ( $req->userData->{groups} =~ /\b$group\b/ );
}
## @method PSGI::Response sendError($req,$err,$code)
# Add user di to $err before calling Lemonldap::NG::Common::PSGI::sendError()
# @param $req Lemonldap::NG::Common::PSGI::Request
# @param $err String to push
# @code int HTTP error code (default to 500)
sub sendError {
my ( $self, $req, $err, $code ) = @_;
$err ||= $req->error;
$err = '[' . $self->userId($req) . "] $err";
return $self->SUPER::sendError( $req, $err, $code );
my $tmp = $_[0]->Lemonldap::NG::Common::PSGI::init( $_[1] )
and $_[0]->Lemonldap::NG::Handler::PSGI::Base::init( $_[1] );
return $tmp;
}
1;
@ -157,8 +21,7 @@ __END__
=encoding utf8
Lemonldap::NG::Handler::PSGI - Base library for protected REST APIs of
Lemonldap::NG.
Lemonldap::NG::Handler::PSGI - Base library for protected PSGI applications.
=head1 SYNOPSIS
@ -170,26 +33,17 @@ Lemonldap::NG.
my ($self,$args) = @_;
$self->protection('manager');
# See Lemonldap::NG::Common::PSGI for more
# Declare REST routes (could be HTML templates or methods)
$self->addRoute ( 'index.html', undef, ['GET'] )
->addRoute ( books => { ':book' => 'booksMethod' }, ['GET', 'POST'] );
# Default route (ie: PATH_INFO == '/')
$self->defaultRoute('index.html');
...
# Return a boolean. If false, then error message has to be stored in
# $self->error
return 1;
}
sub booksMethod {
my ( $self, $req, @otherPathInfo ) = @_;
sub router {
my ( $self, $req ) = @_;
# Will be called only if authorisated
my $userId = $self->userId;
my $book = $req->params('book');
my $method = $req->method;
...
$self->sendJSONresponse(...);
}

149
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Base.pm Normal file
View File

@ -0,0 +1,149 @@
package Lemonldap::NG::Handler::PSGI::Base;
use 5.10.0;
use Mouse;
use Lemonldap::NG::Handler::SharedConf qw(:tsv :variables :jailSharedVars);
our $VERSION = '1.9.0';
has protection => ( is => 'rw', isa => 'Str' );
sub init {
my ( $self, $args ) = @_;
eval { Lemonldap::NG::Handler::SharedConf->init($self) };
if ( $@ and not $self->{protection} eq 'none' ) {
$self->error($@);
return 0;
}
unless ( Lemonldap::NG::Handler::SharedConf->checkConf($self)
or $self->{protection} eq 'none' )
{
$self->error(
"Unable to protect this app ($Lemonldap::NG::Common::Conf::msg)");
return 0;
}
return 1;
};
sub _run {
my $self = shift;
# Override _run() only if protection != 'none'
my $rule = $self->{protection} || $localConfig->{protection};
if ( $rule ne 'none' ) {
$self->lmLog( 'PSGI app is protected', 'debug' );
$rule =
$rule eq "authenticate" ? "accept" : $rule eq "manager" ? "" : $rule;
# Handle requests
# Developers, be careful: Only this part is executed at each request
return sub {
my $req = Lemonldap::NG::Common::PSGI::Request->new( $_[0] );
Lemonldap::NG::Handler::API->newRequest($req);
my $res = Lemonldap::NG::Handler::SharedConf->run($rule);
$req->userData($datas) if ($datas);
if ( $res < 300 ) {
$self->lmLog( 'User authenticated, calling router()', 'debug' );
return $self->router($req);
}
# Ajax hook: Ajax requests can not understand 30x responses. This
# is not really HTTP compliant but nothing in this
# protocol can do this. Our javascripts understand that
# they have to prompt user with the URL
elsif (
$req->accept =~ m|application/json|
or ( $req->contentType
and $req->contentType =~ m|application/json| )
)
{
$self->lmLog( 'Ajax request detected', 'debug' );
if ( $res == 302 or $res == 303 ) {
$self->lmLog( 'Rewrite redirection to 401 response',
'debug' );
return [
401,
[ Authorization => $req->{respHeaders}->{Location} ],
['']
];
}
else {
$self->lmLog(
"Lemonldap::NG::Handler::SharedConf::run() returns $res",
'debug'
);
return [
$res, [ 'Content-Type', 'application/json' ],
[qq({"error":"$res"})]
];
}
}
# Non Ajax requests may be redirected to portal
else {
my %h = $req->{respHeaders} ? %{ $req->{respHeaders} } : ();
my $s = $tsv->{portal}->() . "?lmError=$res";
$s =
'<html><head><title>Redirection</title></head><body>'
. qq{<script type="text/javascript">window.location='$s'</script>}
. '<h1>Please wait</h1>'
. qq{<p>An error occurs, you're going to be redirected to <a href="$s">$s</a>.</p>}
. '</body></html>';
$h{'Content-Type'} = 'text/html';
$h{'Content-Length'} = length $s;
return [ $res, [%h], [$s] ];
}
};
}
else {
$self->lmLog( 'PSGI app is not protected', 'debug' );
unless (%$tsv) {
$self->lmLog( 'Checking conf', 'debug' );
eval { Lemonldap::NG::Handler::SharedConf->checkConf() };
$self->lmLog( $@, 'error' ) if ($@);
}
# Handle unprotected requests
return sub {
$self->router( Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
};
}
}
## @method hashRef user()
# @return hash of user datas
sub user {
my ( $self, $req ) = @_;
return $req->userData || { _whatToTrace => 'anonymous' };
}
## @method string userId()
# @return user identifier to log
sub userId {
my ( $self, $req ) = @_;
return $req->userData->{_whatToTrace} || 'anonymous';
}
## @method boolean group(string group)
# @param $group name of the Lemonldap::NG group to test
# @return boolean : true if user is in this group
sub group {
my ( $self, $req, $group ) = @_;
return () unless ( $req->userData->{groups} );
return ( $req->userData->{groups} =~ /\b$group\b/ );
}
## @method PSGI::Response sendError($req,$err,$code)
# Add user di to $err before calling Lemonldap::NG::Common::PSGI::sendError()
# @param $req Lemonldap::NG::Common::PSGI::Request
# @param $err String to push
# @code int HTTP error code (default to 500)
sub sendError {
my ( $self, $req, $err, $code ) = @_;
$err ||= $req->error;
$err = '[' . $self->userId($req) . "] $err";
return $self->Lemonldap::NG::Common::PSGI::sendError( $req, $err, $code );
}
1;

169
lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Router.pm Normal file
View File

@ -0,0 +1,169 @@
package Lemonldap::NG::Handler::PSGI::Router;
use 5.10.0;
use Mouse;
extends 'Lemonldap::NG::Handler::PSGI::Base',
'Lemonldap::NG::Common::PSGI::Router';
our $VERSION = '1.9.0';
sub init {
my $tmp = $_[0]->Lemonldap::NG::Common::PSGI::Router::init( $_[1] )
and $_[0]->Lemonldap::NG::Handler::PSGI::Base::init( $_[1] );
return $tmp;
}
1;
__END__
=head1 NAME
=encoding utf8
Lemonldap::NG::Handler::PSGI::Router - Base library for protected REST APIs of
Lemonldap::NG.
=head1 SYNOPSIS
package My::PSGI;
use base Lemonldap::NG::Handler::PSGI::Router;
sub init {
my ($self,$args) = @_;
$self->protection('manager');
# See Lemonldap::NG::Common::PSGI::Router for more
# Declare REST routes (could be HTML templates or methods)
$self->addRoute ( 'index.html', undef, ['GET'] )
->addRoute ( books => { ':book' => 'booksMethod' }, ['GET', 'POST'] );
# Default route (ie: PATH_INFO == '/')
$self->defaultRoute('index.html');
# Return a boolean. If false, then error message has to be stored in
# $self->error
return 1;
}
sub booksMethod {
my ( $self, $req, @otherPathInfo ) = @_;
# Will be called only if authorisated
my $userId = $self->userId;
my $book = $req->params('book');
my $method = $req->method;
...
$self->sendJSONresponse(...);
}
This package could then be called as a CGI, using FastCGI,...
#!/usr/bin/env perl
use My::PSGI;
use Plack::Handler::FCGI; # or Plack::Handler::CGI
Plack::Handler::FCGI->new->run( My::PSGI->run() );
=head1 DESCRIPTION
This package provides base class for Lemonldap::NG protected REST API.
=head1 METHODS
See L<Lemonldap::NG::Common::PSGI> for logging methods, content sending,...
=head2 Accessors
See L<Lemonldap::NG::Common::PSGI::Router> for inherited accessors.
=head3 protection
Level of protection. It can be one of:
=over
=item 'none': no protection
=item 'authenticate': all authenticated users are granted
=item 'manager': access is granted following Lemonldap::NG rules
=back
=head2 Running methods
=head3 user
Returns user session datas. If empty (no protection), returns:
{ _whatToTrace => 'anonymous' }
But if page is protected by server (Auth-Basic,...), it will return:
{ _whatToTrace => $REMOTE_USER }
=head3 UserId
Returns user()->{'_whatToTrace'}.
=head3 group
Returns a list of groups to which user belongs.
=head1 SEE ALSO
L<http://lemonldap-ng.org/>, L<Lemonldap::NG::Portal>, L<Lemonldap::NG::Handler>,
L<Plack>, L<PSGI>, L<Lemonldap::NG::Common::PSGI::Router>,
L<Lemonldap::NG::Common::PSGI::Request>, L<HTML::Template>,
=head1 AUTHORS
=over
=item Clement Oudot, E<lt>clem.oudot@gmail.comE<gt>
=item François-Xavier Deltombe, E<lt>fxdeltombe@gmail.com.E<gt>
=item Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Thomas Chemineau, E<lt>thomas.chemineau@gmail.comE<gt>
=back
=head1 BUG REPORT
Use OW2 system to report bug or ask for features:
L<http://jira.ow2.org>
=head1 DOWNLOAD
Lemonldap::NG is available at
L<http://forge.objectweb.org/project/showfiles.php?group_id=274>
=head1 COPYRIGHT AND LICENSE
=over
=item Copyright (C) 2015-2016 by Xavier Guimard, E<lt>x.guimard@free.frE<gt>
=item Copyright (C) 2015-2016 by Clément Oudot, E<lt>clem.oudot@gmail.comE<gt>
=back
This library is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see L<http://www.gnu.org/licenses/>.
=cut

12
lemonldap-ng-manager/lib/Lemonldap/NG/Manager.pm
View File

@ -17,7 +17,7 @@ our $VERSION = '1.9.0';
use Lemonldap::NG::Common::Conf::Constants;
use Lemonldap::NG::Common::PSGI::Constants;
extends 'Lemonldap::NG::Handler::PSGI', 'Lemonldap::NG::Manager::Lib';
extends 'Lemonldap::NG::Manager::Lib', 'Lemonldap::NG::Handler::PSGI::Router';
## @method boolean init($args)
# Launch initialization method
@ -35,7 +35,7 @@ sub init {
foreach ( keys %$localconf );
}
return 0 unless ( $self->SUPER::init($args) );
return 0 unless ( $self->Lemonldap::NG::Handler::PSGI::Router::init($args) );
# TODO: manage errors
unless ( -r $self->{templateDir} ) {
@ -48,7 +48,7 @@ sub init {
my @enabledModules =
map { push @links, $_; "Lemonldap::NG::Manager::" . ucfirst($_) }
split( /[,\s]+/, $self->{enabledModules} );
extends 'Lemonldap::NG::Handler::PSGI', @enabledModules;
extends 'Lemonldap::NG::Handler::PSGI::Router', @enabledModules;
my @working;
for ( my $i = 0 ; $i < @enabledModules ; $i++ ) {
my $mod = $enabledModules[$i];
@ -130,7 +130,7 @@ written in Javascript, using AngularJS framework and can be found in `site`
directory. The REST API is described in REST-API.md file given in source tree.
Lemonldap::NG Manager uses L<Plack> to be compatible with CGI, FastCGI,... It
inherits of L<Lemonldap::NG::Handler::PSGI>
inherits of L<Lemonldap::NG::Handler::PSGI::Router>
=head1 ORGANIZATION
@ -196,7 +196,7 @@ you can also fix them in $opts hash ref passed as argument to run() or new()).
[manager]
;protection: choose one of none, authenticate, manager as explain in
; Lemonldap::NG::Handler::PSGI doc.
; Lemonldap::NG::Handler::PSGI::Router doc.
protection = manager
;enabledModules: Modules to display. Default to `conf, sessions, notifications`
@ -219,7 +219,7 @@ you can also fix them in $opts hash ref passed as argument to run() or new()).
=head1 SEE ALSO
L<Lemonldap::NG::Handler>, L<Lemonldap::NG::Portal>, L<Plack>, L<PSGI>,
L<Lemonldap::NG::Handler::Router>, L<Lemonldap::NG::Portal>, L<Plack>, L<PSGI>,
L<Lemonldap::NG::Manager::Conf>, L<Lemonldap::NG::Manager::Sessions>,
L<Lemonldap::NG::Manager::Notifications>
L<http://lemonldap-ng.org/>

1
lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
View File

@ -2,6 +2,7 @@ package Lemonldap::NG::Manager::Sessions;
use 5.10.0;
use utf8;
use strict;
use Mouse;
use Lemonldap::NG::Common::Session;