Nginx in progress: now handler provides uid in logs (#583)
This commit is contained in:
parent
aa34a28bd3
commit
346111f2e5
5
Makefile
5
Makefile
|
@ -373,6 +373,7 @@ plackup:
|
|||
--listen e2e-tests/conf/llng.sock \
|
||||
--daemonize --pid e2e-tests/conf/plackup.pid \
|
||||
--nproc 1 --proc-title llng-fastcgi-server \
|
||||
--no-default-middleware \
|
||||
e2e-tests/llng.psgi
|
||||
|
||||
#
|
||||
|
@ -480,7 +481,7 @@ install_webserver_conf:
|
|||
cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||
cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||
cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||
cp -f _example/etc/*-nginx.conf $(RCONFDIR); \
|
||||
cp -f _example/etc/*nginx*.conf $(RCONFDIR); \
|
||||
fi
|
||||
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
|
||||
s#__PORTALDIR__#$(PORTALDIR)/#g; \
|
||||
|
@ -893,7 +894,7 @@ default-diff:
|
|||
@$(DIFF) --ignore-matching-lines='giveUpPrivileges' $(SRCMANAGERDIR)/scripts/lemonldap-ng-cli $(LMPREFIX)/bin/lemonldap-ng-cli ||true
|
||||
|
||||
test-diff:
|
||||
for file in `find lemonldap-ng-*/lib -type f`; do \
|
||||
@for file in `find lemonldap-ng-*/lib -type f`; do \
|
||||
$(DIFF) $$file `echo $$file|sed -e s/lib/blib\\\/lib/`; \
|
||||
done
|
||||
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
|
||||
'"$request" $status $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
|
@ -35,7 +35,6 @@ my %builder = (
|
|||
|
||||
sub {
|
||||
my $type = $_[0]->{LLTYPE} || 'handler';
|
||||
print STDERR Dumper($_[0]);use Data::Dumper;
|
||||
return $_apps{$type}->(@_) if ( defined $_apps{$type} );
|
||||
if ( defined $builder{$type} ) {
|
||||
$_apps{$type} = $builder{$type}->();
|
||||
|
|
|
@ -15,8 +15,9 @@ http {
|
|||
types_hash_max_size 2048;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
access_log conf/nginx.log;
|
||||
error_log conf/nginx.log;
|
||||
include conf/nginx-lmlog.conf;
|
||||
access_log conf/nginx.log lm_combined;
|
||||
error_log conf/nginx.log info;
|
||||
gzip off;
|
||||
include conf/*nginx.conf;
|
||||
}
|
||||
|
|
|
@ -57,7 +57,6 @@ t/35-Common-Crypto.t
|
|||
t/36-Common-Regexp.t
|
||||
t/40-Common-Session.t
|
||||
t/99-pod.t
|
||||
t/lmConf-1.js
|
||||
tools/apache-session-mysql.sql
|
||||
tools/lmConfig.CDBI.mysql
|
||||
tools/lmConfig.RDBI.mysql
|
||||
|
|
|
@ -119,7 +119,7 @@ has CONTENT_LENGTH => (
|
|||
);
|
||||
has error => ( is => 'rw', isa => 'Str', default => '' );
|
||||
|
||||
has respHeaders => ( is => 'rw', isa => 'HashRef' );
|
||||
has respHeaders => ( is => 'rw', isa => 'HashRef', default => sub { {} } );
|
||||
|
||||
# JSON parser
|
||||
sub jsonBodyToObj {
|
||||
|
|
|
@ -9,14 +9,15 @@ lib/Lemonldap/NG/Handler/API.pm
|
|||
lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
|
||||
lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
|
||||
lib/Lemonldap/NG/Handler/API/CGI.pm
|
||||
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
|
||||
lib/Lemonldap/NG/Handler/API/Nginx.pm
|
||||
lib/Lemonldap/NG/Handler/API/PSGI.pm
|
||||
lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
|
||||
lib/Lemonldap/NG/Handler/CGI.pm
|
||||
lib/Lemonldap/NG/Handler/Main.pm
|
||||
lib/Lemonldap/NG/Handler/Main/Jail.pm
|
||||
lib/Lemonldap/NG/Handler/Main/Logger.pm
|
||||
lib/Lemonldap/NG/Handler/Menu.pm
|
||||
lib/Lemonldap/NG/Handler/Nginx.pm
|
||||
lib/Lemonldap/NG/Handler/Proxy.pm
|
||||
lib/Lemonldap/NG/Handler/PSGI.pm
|
||||
lib/Lemonldap/NG/Handler/PSGI/Base.pm
|
||||
|
|
|
@ -48,12 +48,11 @@ sub newRequest {
|
|||
*lmLog = *Lemonldap::NG::Common::PSGI::lmLog;
|
||||
|
||||
## @method void set_user(string user)
|
||||
# sets remote_user
|
||||
# sets remote_user in response headers
|
||||
# @param user string username
|
||||
sub set_user {
|
||||
my ( $class, $user ) = @_;
|
||||
|
||||
# TODO
|
||||
$request->{respHeaders}->{'Lm-Remote-User'} = $user;
|
||||
}
|
||||
|
||||
## @method string header_in(string header)
|
||||
|
|
|
@ -8,7 +8,7 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
|
|||
|
||||
extends 'Lemonldap::NG::Handler::PSGI';
|
||||
|
||||
## @method Code-Ref _run()
|
||||
## @method void _run()
|
||||
# Return a subroutine that call _authAndTrace() and tranform redirection
|
||||
# response code from 302 to 401 (not authenticated) ones. This is required
|
||||
# because Nginx "auth_request" parameter does not accept it. The Nginx
|
||||
|
@ -24,7 +24,7 @@ sub _run {
|
|||
my $req = $_[0];
|
||||
$self->lmLog( 'New request', 'debug' );
|
||||
my $res = $self->_authAndTrace(
|
||||
Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
|
||||
Lemonldap::NG::Common::PSGI::Request->new($req) );
|
||||
|
||||
# Transform 302 responses in 401 since Nginx refuse it
|
||||
if ( $res->[0] == 302 or $res->[0] == 303 ) {
|
||||
|
@ -50,21 +50,28 @@ sub _run {
|
|||
# # OR
|
||||
# #fastcgi_param $fheadername1 $headervalue1;
|
||||
#
|
||||
# It add also a header called Lm-Remote-User set to whatToTrace value that can
|
||||
# be used in Nginx virtualhost configuration to insert user id in logs
|
||||
# LLNG::Handler::API::PSGI add also a header called Lm-Remote-User set to
|
||||
# whatToTrace value that can be used in Nginx virtualhost configuration to
|
||||
# insert user id in logs
|
||||
#
|
||||
# auth_request_set $llremoteuser $upstream_http_lm_remote_user
|
||||
#
|
||||
#@param $req Lemonldap::NG::Common::PSGI::Request
|
||||
sub router {
|
||||
my ( $self, $req ) = @_;
|
||||
my $hdrs = $req->{respHeaders} || {};
|
||||
my @convertedHdrs =
|
||||
[ 'Lm-Remote-User', $self->userId, 'Content-Length', 0 ];
|
||||
my $hdrs = $req->{respHeaders};
|
||||
$req->{respHeaders} = {};
|
||||
my @convertedHdrs = ( 'Content-Length', 0 );
|
||||
my $i = 0;
|
||||
foreach my $k ( keys %$hdrs ) {
|
||||
$i++;
|
||||
push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $hdrs->{$k};
|
||||
if ( $k eq 'Lm-Remote-User' ) {
|
||||
push @convertedHdrs, $k, $hdrs->{$k};
|
||||
}
|
||||
else {
|
||||
$i++;
|
||||
push @convertedHdrs, "Headername$i", $k, "Headervalue$i",
|
||||
$hdrs->{$k};
|
||||
}
|
||||
}
|
||||
return [ 200, \@convertedHdrs, [] ];
|
||||
}
|
||||
|
|
|
@ -3,8 +3,7 @@ package Lemonldap::NG::Handler::PSGI;
|
|||
use 5.10.0;
|
||||
use Mouse;
|
||||
|
||||
extends 'Lemonldap::NG::Handler::PSGI::Base',
|
||||
'Lemonldap::NG::Common::PSGI';
|
||||
extends 'Lemonldap::NG::Handler::PSGI::Base', 'Lemonldap::NG::Common::PSGI';
|
||||
|
||||
our $VERSION = '1.9.0';
|
||||
|
||||
|
@ -14,6 +13,19 @@ sub init {
|
|||
return $tmp;
|
||||
}
|
||||
|
||||
## @method void _run()
|
||||
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||
# response returned by router()
|
||||
#
|
||||
sub _run {
|
||||
my ($self) = @_;
|
||||
return sub {
|
||||
my $res = $self->router( $_[0] );
|
||||
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||
return $res;
|
||||
};
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
|
|
|
@ -27,9 +27,10 @@ sub init {
|
|||
return 1;
|
||||
}
|
||||
|
||||
## @methodi CODE-ref _run
|
||||
## @methodi void _run()
|
||||
# Check if protecton is activated then return a code ref that will launch
|
||||
# _authAndTrace() if protection in on or router() else
|
||||
#@return code-ref
|
||||
sub _run {
|
||||
my $self = shift;
|
||||
|
||||
|
|
|
@ -14,6 +14,19 @@ sub init {
|
|||
return $tmp;
|
||||
}
|
||||
|
||||
## @method void _run()
|
||||
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||
# response returned by router()
|
||||
#
|
||||
sub _run {
|
||||
my ($self) = @_;
|
||||
return sub {
|
||||
my $res = $self->router( $_[0] );
|
||||
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||
return $res;
|
||||
};
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
|
|
|
@ -6,18 +6,26 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
|
|||
|
||||
extends 'Lemonldap::NG::Handler::PSGI';
|
||||
|
||||
## @method PSGI-Response router($res)
|
||||
## @method void _run()
|
||||
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||
# response returned by router()
|
||||
#
|
||||
sub _run {
|
||||
my ($self) = @_;
|
||||
return sub {
|
||||
my $res = $self->router( $_[0] );
|
||||
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||
return $res;
|
||||
};
|
||||
}
|
||||
|
||||
## @method PSGI-Response router($req)
|
||||
# If PSGI is used as an authentication FastCGI only, this method will be
|
||||
# called for authenticated users and will set headers in response without
|
||||
# content.
|
||||
# called for authenticated users and returns only 200. Headers are set by
|
||||
# Lemonldap::NG::Handler::PSGI.
|
||||
# @param $req Lemonldap::NG::Common::PSGI::Request
|
||||
sub router {
|
||||
my ( $self, $req ) = @_;
|
||||
my $hdrs = $req->{respHeaders} || {};
|
||||
return [
|
||||
200, [ 'Lm-Remote-User', $self->userId, 'Content-Length', 0, %$hdrs ],
|
||||
[]
|
||||
];
|
||||
return [ 200, [ 'Content-Length', 0 ], [] ];
|
||||
}
|
||||
|
||||
1;
|
||||
|
|
Loading…
Reference in New Issue