From 346111f2e54ca9e2021c1ddaefcb8aa15d924efb Mon Sep 17 00:00:00 2001
From: Xavier Guimard <xavier.guimard@laposte.net>
Date: Sun, 31 Jan 2016 22:53:23 +0000
Subject: [PATCH] Nginx in progress: now handler provides uid in logs (#583)

---
 Makefile                                      |  5 ++--
 _example/etc/nginx-lmlog.conf                 |  3 +++
 e2e-tests/llng.psgi                           |  1 -
 e2e-tests/nginx.conf                          |  5 ++--
 lemonldap-ng-common/MANIFEST                  |  1 -
 .../lib/Lemonldap/NG/Common/PSGI/Request.pm   |  2 +-
 lemonldap-ng-handler/MANIFEST                 |  3 ++-
 .../lib/Lemonldap/NG/Handler/API/PSGI.pm      |  5 ++--
 .../lib/Lemonldap/NG/Handler/Nginx.pm         | 25 +++++++++++-------
 .../lib/Lemonldap/NG/Handler/PSGI.pm          | 16 ++++++++++--
 .../lib/Lemonldap/NG/Handler/PSGI/Base.pm     |  3 ++-
 .../lib/Lemonldap/NG/Handler/PSGI/Router.pm   | 13 ++++++++++
 .../lib/Lemonldap/NG/Handler/PSGI/Server.pm   | 26 ++++++++++++-------
 13 files changed, 76 insertions(+), 32 deletions(-)
 create mode 100644 _example/etc/nginx-lmlog.conf

diff --git a/Makefile b/Makefile
index efc6fc18d..cf30b1fce 100644
--- a/Makefile
+++ b/Makefile
@@ -373,6 +373,7 @@ plackup:
 		--listen e2e-tests/conf/llng.sock \
 		--daemonize --pid e2e-tests/conf/plackup.pid \
 		--nproc 1 --proc-title llng-fastcgi-server \
+		--no-default-middleware \
 		e2e-tests/llng.psgi
 
 #
@@ -480,7 +481,7 @@ install_webserver_conf:
 		cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
 		cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
 		cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
-		cp -f _example/etc/*-nginx.conf $(RCONFDIR); \
+		cp -f _example/etc/*nginx*.conf $(RCONFDIR); \
 	fi
 	@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
 			s#__PORTALDIR__#$(PORTALDIR)/#g; \
@@ -893,7 +894,7 @@ default-diff:
 	@$(DIFF) --ignore-matching-lines='giveUpPrivileges' $(SRCMANAGERDIR)/scripts/lemonldap-ng-cli $(LMPREFIX)/bin/lemonldap-ng-cli ||true
 
 test-diff:
-	for file in `find lemonldap-ng-*/lib -type f`; do \
+	@for file in `find lemonldap-ng-*/lib -type f`; do \
 		$(DIFF) $$file `echo $$file|sed -e s/lib/blib\\\/lib/`; \
 	done
 
diff --git a/_example/etc/nginx-lmlog.conf b/_example/etc/nginx-lmlog.conf
new file mode 100644
index 000000000..c41f25289
--- /dev/null
+++ b/_example/etc/nginx-lmlog.conf
@@ -0,0 +1,3 @@
+log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
+	'"$request" $status $body_bytes_sent '
+	'"$http_referer" "$http_user_agent"';
diff --git a/e2e-tests/llng.psgi b/e2e-tests/llng.psgi
index ed63e9cc7..14fbc858f 100644
--- a/e2e-tests/llng.psgi
+++ b/e2e-tests/llng.psgi
@@ -35,7 +35,6 @@ my %builder = (
 
 sub {
     my $type = $_[0]->{LLTYPE} || 'handler';
-    print STDERR Dumper($_[0]);use Data::Dumper;
     return $_apps{$type}->(@_) if ( defined $_apps{$type} );
     if ( defined $builder{$type} ) {
         $_apps{$type} = $builder{$type}->();
diff --git a/e2e-tests/nginx.conf b/e2e-tests/nginx.conf
index 68343f2d4..96287239c 100644
--- a/e2e-tests/nginx.conf
+++ b/e2e-tests/nginx.conf
@@ -15,8 +15,9 @@ http {
 	types_hash_max_size 2048;
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
-	access_log conf/nginx.log;
-	error_log  conf/nginx.log;
+	include conf/nginx-lmlog.conf;
+	access_log conf/nginx.log lm_combined;
+	error_log  conf/nginx.log info;
 	gzip off;
 	include conf/*nginx.conf;
 }
diff --git a/lemonldap-ng-common/MANIFEST b/lemonldap-ng-common/MANIFEST
index 9ebea109c..c0d140c40 100644
--- a/lemonldap-ng-common/MANIFEST
+++ b/lemonldap-ng-common/MANIFEST
@@ -57,7 +57,6 @@ t/35-Common-Crypto.t
 t/36-Common-Regexp.t
 t/40-Common-Session.t
 t/99-pod.t
-t/lmConf-1.js
 tools/apache-session-mysql.sql
 tools/lmConfig.CDBI.mysql
 tools/lmConfig.RDBI.mysql
diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
index 62beeb42b..20b88ec8c 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm
@@ -119,7 +119,7 @@ has CONTENT_LENGTH => (
 );
 has error => ( is => 'rw', isa => 'Str', default => '' );
 
-has respHeaders => ( is => 'rw', isa => 'HashRef' );
+has respHeaders => ( is => 'rw', isa => 'HashRef', default => sub { {} } );
 
 # JSON parser
 sub jsonBodyToObj {
diff --git a/lemonldap-ng-handler/MANIFEST b/lemonldap-ng-handler/MANIFEST
index 3ccd6bfbc..cc7880510 100644
--- a/lemonldap-ng-handler/MANIFEST
+++ b/lemonldap-ng-handler/MANIFEST
@@ -9,14 +9,15 @@ lib/Lemonldap/NG/Handler/API.pm
 lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
 lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
 lib/Lemonldap/NG/Handler/API/CGI.pm
+lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
 lib/Lemonldap/NG/Handler/API/Nginx.pm
 lib/Lemonldap/NG/Handler/API/PSGI.pm
-lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
 lib/Lemonldap/NG/Handler/CGI.pm
 lib/Lemonldap/NG/Handler/Main.pm
 lib/Lemonldap/NG/Handler/Main/Jail.pm
 lib/Lemonldap/NG/Handler/Main/Logger.pm
 lib/Lemonldap/NG/Handler/Menu.pm
+lib/Lemonldap/NG/Handler/Nginx.pm
 lib/Lemonldap/NG/Handler/Proxy.pm
 lib/Lemonldap/NG/Handler/PSGI.pm
 lib/Lemonldap/NG/Handler/PSGI/Base.pm
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI.pm
index 7e13b5d13..9a9233376 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI.pm
@@ -48,12 +48,11 @@ sub newRequest {
 *lmLog = *Lemonldap::NG::Common::PSGI::lmLog;
 
 ## @method void set_user(string user)
-# sets remote_user
+# sets remote_user in response headers
 # @param user string username
 sub set_user {
     my ( $class, $user ) = @_;
-
-    # TODO
+    $request->{respHeaders}->{'Lm-Remote-User'} = $user;
 }
 
 ## @method string header_in(string header)
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm
index d88361c54..0f5050e27 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm
@@ -8,7 +8,7 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
 
 extends 'Lemonldap::NG::Handler::PSGI';
 
-## @method Code-Ref _run()
+## @method void _run()
 # Return a subroutine that call _authAndTrace() and tranform redirection
 # response code from 302 to 401 (not authenticated) ones. This is required
 # because Nginx "auth_request" parameter does not accept it. The Nginx
@@ -24,7 +24,7 @@ sub _run {
         my $req = $_[0];
         $self->lmLog( 'New request', 'debug' );
         my $res = $self->_authAndTrace(
-            Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
+            Lemonldap::NG::Common::PSGI::Request->new($req) );
 
         # Transform 302 responses in 401 since Nginx refuse it
         if ( $res->[0] == 302 or $res->[0] == 303 ) {
@@ -50,21 +50,28 @@ sub _run {
 #    # OR
 #    #fastcgi_param $fheadername1 $headervalue1;
 #
-# It add also a header called Lm-Remote-User set to whatToTrace value that can
-# be used in Nginx virtualhost configuration to insert user id in logs
+# LLNG::Handler::API::PSGI add also a header called Lm-Remote-User set to
+# whatToTrace value that can be used in Nginx virtualhost configuration to
+# insert user id in logs
 #
 #    auth_request_set $llremoteuser $upstream_http_lm_remote_user
 #
 #@param $req Lemonldap::NG::Common::PSGI::Request
 sub router {
     my ( $self, $req ) = @_;
-    my $hdrs = $req->{respHeaders} || {};
-    my @convertedHdrs =
-      [ 'Lm-Remote-User', $self->userId, 'Content-Length', 0 ];
+    my $hdrs = $req->{respHeaders};
+    $req->{respHeaders} = {};
+    my @convertedHdrs = ( 'Content-Length', 0 );
     my $i = 0;
     foreach my $k ( keys %$hdrs ) {
-        $i++;
-        push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $hdrs->{$k};
+        if ( $k eq 'Lm-Remote-User' ) {
+            push @convertedHdrs, $k, $hdrs->{$k};
+        }
+        else {
+            $i++;
+            push @convertedHdrs, "Headername$i", $k, "Headervalue$i",
+              $hdrs->{$k};
+        }
     }
     return [ 200, \@convertedHdrs, [] ];
 }
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm
index a62b0329b..5b639d08e 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI.pm
@@ -3,8 +3,7 @@ package Lemonldap::NG::Handler::PSGI;
 use 5.10.0;
 use Mouse;
 
-extends 'Lemonldap::NG::Handler::PSGI::Base',
-  'Lemonldap::NG::Common::PSGI';
+extends 'Lemonldap::NG::Handler::PSGI::Base', 'Lemonldap::NG::Common::PSGI';
 
 our $VERSION = '1.9.0';
 
@@ -14,6 +13,19 @@ sub init {
     return $tmp;
 }
 
+## @method void _run()
+# Return subroutine that add headers stored in $req->{respHeaders} in
+# response returned by router()
+#
+sub _run {
+    my ($self) = @_;
+    return sub {
+        my $res = $self->router( $_[0] );
+        push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
+        return $res;
+    };
+}
+
 1;
 __END__
 
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Base.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Base.pm
index b3e9d4908..539011222 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Base.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Base.pm
@@ -27,9 +27,10 @@ sub init {
     return 1;
 }
 
-## @methodi CODE-ref _run
+## @methodi void _run()
 # Check if protecton is activated then return a code ref that will launch
 # _authAndTrace() if protection in on or router() else
+#@return code-ref
 sub _run {
     my $self = shift;
 
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Router.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Router.pm
index e2085de10..34339c1b0 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Router.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Router.pm
@@ -14,6 +14,19 @@ sub init {
     return $tmp;
 }
 
+## @method void _run()
+# Return subroutine that add headers stored in $req->{respHeaders} in
+# response returned by router()
+#
+sub _run {
+    my ($self) = @_;
+    return sub {
+        my $res = $self->router( $_[0] );
+        push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
+        return $res;
+    };
+}
+
 1;
 __END__
 
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Server.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Server.pm
index 10070e939..8d6dafe2a 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Server.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Server.pm
@@ -6,18 +6,26 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
 
 extends 'Lemonldap::NG::Handler::PSGI';
 
-## @method PSGI-Response router($res)
+## @method void _run()
+# Return subroutine that add headers stored in $req->{respHeaders} in
+# response returned by router()
+#
+sub _run {
+    my ($self) = @_;
+    return sub {
+        my $res = $self->router( $_[0] );
+        push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
+        return $res;
+    };
+}
+
+## @method PSGI-Response router($req)
 # If PSGI is used as an authentication FastCGI only, this method will be
-# called for authenticated users and will set headers in response without
-# content.
+# called for authenticated users and returns only 200. Headers are set by
+# Lemonldap::NG::Handler::PSGI.
 # @param $req Lemonldap::NG::Common::PSGI::Request
 sub router {
-    my ( $self, $req ) = @_;
-    my $hdrs = $req->{respHeaders} || {};
-    return [
-        200, [ 'Lm-Remote-User', $self->userId, 'Content-Length', 0, %$hdrs ],
-        []
-    ];
+    return [ 200, [ 'Content-Length', 0 ], [] ];
 }
 
 1;