Nginx in progress: now handler provides uid in logs (#583)
This commit is contained in:
parent
aa34a28bd3
commit
346111f2e5
5
Makefile
5
Makefile
|
@ -373,6 +373,7 @@ plackup:
|
||||||
--listen e2e-tests/conf/llng.sock \
|
--listen e2e-tests/conf/llng.sock \
|
||||||
--daemonize --pid e2e-tests/conf/plackup.pid \
|
--daemonize --pid e2e-tests/conf/plackup.pid \
|
||||||
--nproc 1 --proc-title llng-fastcgi-server \
|
--nproc 1 --proc-title llng-fastcgi-server \
|
||||||
|
--no-default-middleware \
|
||||||
e2e-tests/llng.psgi
|
e2e-tests/llng.psgi
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -480,7 +481,7 @@ install_webserver_conf:
|
||||||
cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||||
cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||||
cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
|
||||||
cp -f _example/etc/*-nginx.conf $(RCONFDIR); \
|
cp -f _example/etc/*nginx*.conf $(RCONFDIR); \
|
||||||
fi
|
fi
|
||||||
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
|
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
|
||||||
s#__PORTALDIR__#$(PORTALDIR)/#g; \
|
s#__PORTALDIR__#$(PORTALDIR)/#g; \
|
||||||
|
@ -893,7 +894,7 @@ default-diff:
|
||||||
@$(DIFF) --ignore-matching-lines='giveUpPrivileges' $(SRCMANAGERDIR)/scripts/lemonldap-ng-cli $(LMPREFIX)/bin/lemonldap-ng-cli ||true
|
@$(DIFF) --ignore-matching-lines='giveUpPrivileges' $(SRCMANAGERDIR)/scripts/lemonldap-ng-cli $(LMPREFIX)/bin/lemonldap-ng-cli ||true
|
||||||
|
|
||||||
test-diff:
|
test-diff:
|
||||||
for file in `find lemonldap-ng-*/lib -type f`; do \
|
@for file in `find lemonldap-ng-*/lib -type f`; do \
|
||||||
$(DIFF) $$file `echo $$file|sed -e s/lib/blib\\\/lib/`; \
|
$(DIFF) $$file `echo $$file|sed -e s/lib/blib\\\/lib/`; \
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|
3
_example/etc/nginx-lmlog.conf
Normal file
3
_example/etc/nginx-lmlog.conf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
|
||||||
|
'"$request" $status $body_bytes_sent '
|
||||||
|
'"$http_referer" "$http_user_agent"';
|
|
@ -35,7 +35,6 @@ my %builder = (
|
||||||
|
|
||||||
sub {
|
sub {
|
||||||
my $type = $_[0]->{LLTYPE} || 'handler';
|
my $type = $_[0]->{LLTYPE} || 'handler';
|
||||||
print STDERR Dumper($_[0]);use Data::Dumper;
|
|
||||||
return $_apps{$type}->(@_) if ( defined $_apps{$type} );
|
return $_apps{$type}->(@_) if ( defined $_apps{$type} );
|
||||||
if ( defined $builder{$type} ) {
|
if ( defined $builder{$type} ) {
|
||||||
$_apps{$type} = $builder{$type}->();
|
$_apps{$type} = $builder{$type}->();
|
||||||
|
|
|
@ -15,8 +15,9 @@ http {
|
||||||
types_hash_max_size 2048;
|
types_hash_max_size 2048;
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
access_log conf/nginx.log;
|
include conf/nginx-lmlog.conf;
|
||||||
error_log conf/nginx.log;
|
access_log conf/nginx.log lm_combined;
|
||||||
|
error_log conf/nginx.log info;
|
||||||
gzip off;
|
gzip off;
|
||||||
include conf/*nginx.conf;
|
include conf/*nginx.conf;
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,7 +57,6 @@ t/35-Common-Crypto.t
|
||||||
t/36-Common-Regexp.t
|
t/36-Common-Regexp.t
|
||||||
t/40-Common-Session.t
|
t/40-Common-Session.t
|
||||||
t/99-pod.t
|
t/99-pod.t
|
||||||
t/lmConf-1.js
|
|
||||||
tools/apache-session-mysql.sql
|
tools/apache-session-mysql.sql
|
||||||
tools/lmConfig.CDBI.mysql
|
tools/lmConfig.CDBI.mysql
|
||||||
tools/lmConfig.RDBI.mysql
|
tools/lmConfig.RDBI.mysql
|
||||||
|
|
|
@ -119,7 +119,7 @@ has CONTENT_LENGTH => (
|
||||||
);
|
);
|
||||||
has error => ( is => 'rw', isa => 'Str', default => '' );
|
has error => ( is => 'rw', isa => 'Str', default => '' );
|
||||||
|
|
||||||
has respHeaders => ( is => 'rw', isa => 'HashRef' );
|
has respHeaders => ( is => 'rw', isa => 'HashRef', default => sub { {} } );
|
||||||
|
|
||||||
# JSON parser
|
# JSON parser
|
||||||
sub jsonBodyToObj {
|
sub jsonBodyToObj {
|
||||||
|
|
|
@ -9,14 +9,15 @@ lib/Lemonldap/NG/Handler/API.pm
|
||||||
lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
|
lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
|
||||||
lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
|
lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
|
||||||
lib/Lemonldap/NG/Handler/API/CGI.pm
|
lib/Lemonldap/NG/Handler/API/CGI.pm
|
||||||
|
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
|
||||||
lib/Lemonldap/NG/Handler/API/Nginx.pm
|
lib/Lemonldap/NG/Handler/API/Nginx.pm
|
||||||
lib/Lemonldap/NG/Handler/API/PSGI.pm
|
lib/Lemonldap/NG/Handler/API/PSGI.pm
|
||||||
lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
|
|
||||||
lib/Lemonldap/NG/Handler/CGI.pm
|
lib/Lemonldap/NG/Handler/CGI.pm
|
||||||
lib/Lemonldap/NG/Handler/Main.pm
|
lib/Lemonldap/NG/Handler/Main.pm
|
||||||
lib/Lemonldap/NG/Handler/Main/Jail.pm
|
lib/Lemonldap/NG/Handler/Main/Jail.pm
|
||||||
lib/Lemonldap/NG/Handler/Main/Logger.pm
|
lib/Lemonldap/NG/Handler/Main/Logger.pm
|
||||||
lib/Lemonldap/NG/Handler/Menu.pm
|
lib/Lemonldap/NG/Handler/Menu.pm
|
||||||
|
lib/Lemonldap/NG/Handler/Nginx.pm
|
||||||
lib/Lemonldap/NG/Handler/Proxy.pm
|
lib/Lemonldap/NG/Handler/Proxy.pm
|
||||||
lib/Lemonldap/NG/Handler/PSGI.pm
|
lib/Lemonldap/NG/Handler/PSGI.pm
|
||||||
lib/Lemonldap/NG/Handler/PSGI/Base.pm
|
lib/Lemonldap/NG/Handler/PSGI/Base.pm
|
||||||
|
|
|
@ -48,12 +48,11 @@ sub newRequest {
|
||||||
*lmLog = *Lemonldap::NG::Common::PSGI::lmLog;
|
*lmLog = *Lemonldap::NG::Common::PSGI::lmLog;
|
||||||
|
|
||||||
## @method void set_user(string user)
|
## @method void set_user(string user)
|
||||||
# sets remote_user
|
# sets remote_user in response headers
|
||||||
# @param user string username
|
# @param user string username
|
||||||
sub set_user {
|
sub set_user {
|
||||||
my ( $class, $user ) = @_;
|
my ( $class, $user ) = @_;
|
||||||
|
$request->{respHeaders}->{'Lm-Remote-User'} = $user;
|
||||||
# TODO
|
|
||||||
}
|
}
|
||||||
|
|
||||||
## @method string header_in(string header)
|
## @method string header_in(string header)
|
||||||
|
|
|
@ -8,7 +8,7 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Handler::PSGI';
|
extends 'Lemonldap::NG::Handler::PSGI';
|
||||||
|
|
||||||
## @method Code-Ref _run()
|
## @method void _run()
|
||||||
# Return a subroutine that call _authAndTrace() and tranform redirection
|
# Return a subroutine that call _authAndTrace() and tranform redirection
|
||||||
# response code from 302 to 401 (not authenticated) ones. This is required
|
# response code from 302 to 401 (not authenticated) ones. This is required
|
||||||
# because Nginx "auth_request" parameter does not accept it. The Nginx
|
# because Nginx "auth_request" parameter does not accept it. The Nginx
|
||||||
|
@ -24,7 +24,7 @@ sub _run {
|
||||||
my $req = $_[0];
|
my $req = $_[0];
|
||||||
$self->lmLog( 'New request', 'debug' );
|
$self->lmLog( 'New request', 'debug' );
|
||||||
my $res = $self->_authAndTrace(
|
my $res = $self->_authAndTrace(
|
||||||
Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
|
Lemonldap::NG::Common::PSGI::Request->new($req) );
|
||||||
|
|
||||||
# Transform 302 responses in 401 since Nginx refuse it
|
# Transform 302 responses in 401 since Nginx refuse it
|
||||||
if ( $res->[0] == 302 or $res->[0] == 303 ) {
|
if ( $res->[0] == 302 or $res->[0] == 303 ) {
|
||||||
|
@ -50,21 +50,28 @@ sub _run {
|
||||||
# # OR
|
# # OR
|
||||||
# #fastcgi_param $fheadername1 $headervalue1;
|
# #fastcgi_param $fheadername1 $headervalue1;
|
||||||
#
|
#
|
||||||
# It add also a header called Lm-Remote-User set to whatToTrace value that can
|
# LLNG::Handler::API::PSGI add also a header called Lm-Remote-User set to
|
||||||
# be used in Nginx virtualhost configuration to insert user id in logs
|
# whatToTrace value that can be used in Nginx virtualhost configuration to
|
||||||
|
# insert user id in logs
|
||||||
#
|
#
|
||||||
# auth_request_set $llremoteuser $upstream_http_lm_remote_user
|
# auth_request_set $llremoteuser $upstream_http_lm_remote_user
|
||||||
#
|
#
|
||||||
#@param $req Lemonldap::NG::Common::PSGI::Request
|
#@param $req Lemonldap::NG::Common::PSGI::Request
|
||||||
sub router {
|
sub router {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
my $hdrs = $req->{respHeaders} || {};
|
my $hdrs = $req->{respHeaders};
|
||||||
my @convertedHdrs =
|
$req->{respHeaders} = {};
|
||||||
[ 'Lm-Remote-User', $self->userId, 'Content-Length', 0 ];
|
my @convertedHdrs = ( 'Content-Length', 0 );
|
||||||
my $i = 0;
|
my $i = 0;
|
||||||
foreach my $k ( keys %$hdrs ) {
|
foreach my $k ( keys %$hdrs ) {
|
||||||
$i++;
|
if ( $k eq 'Lm-Remote-User' ) {
|
||||||
push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $hdrs->{$k};
|
push @convertedHdrs, $k, $hdrs->{$k};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$i++;
|
||||||
|
push @convertedHdrs, "Headername$i", $k, "Headervalue$i",
|
||||||
|
$hdrs->{$k};
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return [ 200, \@convertedHdrs, [] ];
|
return [ 200, \@convertedHdrs, [] ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,8 +3,7 @@ package Lemonldap::NG::Handler::PSGI;
|
||||||
use 5.10.0;
|
use 5.10.0;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Handler::PSGI::Base',
|
extends 'Lemonldap::NG::Handler::PSGI::Base', 'Lemonldap::NG::Common::PSGI';
|
||||||
'Lemonldap::NG::Common::PSGI';
|
|
||||||
|
|
||||||
our $VERSION = '1.9.0';
|
our $VERSION = '1.9.0';
|
||||||
|
|
||||||
|
@ -14,6 +13,19 @@ sub init {
|
||||||
return $tmp;
|
return $tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method void _run()
|
||||||
|
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||||
|
# response returned by router()
|
||||||
|
#
|
||||||
|
sub _run {
|
||||||
|
my ($self) = @_;
|
||||||
|
return sub {
|
||||||
|
my $res = $self->router( $_[0] );
|
||||||
|
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||||
|
return $res;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
__END__
|
__END__
|
||||||
|
|
||||||
|
|
|
@ -27,9 +27,10 @@ sub init {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
## @methodi CODE-ref _run
|
## @methodi void _run()
|
||||||
# Check if protecton is activated then return a code ref that will launch
|
# Check if protecton is activated then return a code ref that will launch
|
||||||
# _authAndTrace() if protection in on or router() else
|
# _authAndTrace() if protection in on or router() else
|
||||||
|
#@return code-ref
|
||||||
sub _run {
|
sub _run {
|
||||||
my $self = shift;
|
my $self = shift;
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,19 @@ sub init {
|
||||||
return $tmp;
|
return $tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## @method void _run()
|
||||||
|
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||||
|
# response returned by router()
|
||||||
|
#
|
||||||
|
sub _run {
|
||||||
|
my ($self) = @_;
|
||||||
|
return sub {
|
||||||
|
my $res = $self->router( $_[0] );
|
||||||
|
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||||
|
return $res;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
__END__
|
__END__
|
||||||
|
|
||||||
|
|
|
@ -6,18 +6,26 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Handler::PSGI';
|
extends 'Lemonldap::NG::Handler::PSGI';
|
||||||
|
|
||||||
## @method PSGI-Response router($res)
|
## @method void _run()
|
||||||
|
# Return subroutine that add headers stored in $req->{respHeaders} in
|
||||||
|
# response returned by router()
|
||||||
|
#
|
||||||
|
sub _run {
|
||||||
|
my ($self) = @_;
|
||||||
|
return sub {
|
||||||
|
my $res = $self->router( $_[0] );
|
||||||
|
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
|
||||||
|
return $res;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
## @method PSGI-Response router($req)
|
||||||
# If PSGI is used as an authentication FastCGI only, this method will be
|
# If PSGI is used as an authentication FastCGI only, this method will be
|
||||||
# called for authenticated users and will set headers in response without
|
# called for authenticated users and returns only 200. Headers are set by
|
||||||
# content.
|
# Lemonldap::NG::Handler::PSGI.
|
||||||
# @param $req Lemonldap::NG::Common::PSGI::Request
|
# @param $req Lemonldap::NG::Common::PSGI::Request
|
||||||
sub router {
|
sub router {
|
||||||
my ( $self, $req ) = @_;
|
return [ 200, [ 'Content-Length', 0 ], [] ];
|
||||||
my $hdrs = $req->{respHeaders} || {};
|
|
||||||
return [
|
|
||||||
200, [ 'Lm-Remote-User', $self->userId, 'Content-Length', 0, %$hdrs ],
|
|
||||||
[]
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user