Support Traefik forwardAuth
This commit is contained in:
parent
9834e182f5
commit
7bd5b219b0
|
@ -12,6 +12,21 @@ use MIME::Base64;
|
||||||
use URI::Escape;
|
use URI::Escape;
|
||||||
use Lemonldap::NG::Common::Session;
|
use Lemonldap::NG::Common::Session;
|
||||||
|
|
||||||
|
$ENV{LLNG_HANDLER_ENGINE} ||= 'nginx';
|
||||||
|
|
||||||
|
our $reqVar = {
|
||||||
|
# Depending on the web engine using the handler, variables where the original
|
||||||
|
# host and requested URI can vary. This hashref set the variables for the supported web engine.
|
||||||
|
nginx => {
|
||||||
|
Host => 'HTTP_HOST',
|
||||||
|
Uri => 'REQUEST_URI'
|
||||||
|
},
|
||||||
|
traefik => {
|
||||||
|
Host => 'HTTP_X_FORWARDED_HOST',
|
||||||
|
Uri => 'HTTP_X_FORWARDED_URI'
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
# Methods that must be overloaded
|
# Methods that must be overloaded
|
||||||
|
|
||||||
sub handler {
|
sub handler {
|
||||||
|
@ -123,7 +138,7 @@ sub run {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Authentication process
|
# Authentication process
|
||||||
my $uri = $req->{env}->{REQUEST_URI};
|
my $uri = $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Uri} };
|
||||||
my ($cond);
|
my ($cond);
|
||||||
|
|
||||||
( $cond, $protection ) = $class->conditionSub($rule) if ($rule);
|
( $cond, $protection ) = $class->conditionSub($rule) if ($rule);
|
||||||
|
@ -245,7 +260,7 @@ sub run {
|
||||||
|
|
||||||
# if the cookie was fetched, a log is sent by retrieveSession()
|
# if the cookie was fetched, a log is sent by retrieveSession()
|
||||||
$class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' );
|
$class->updateStatus( $req, $id ? 'EXPIRED' : 'REDIRECT' );
|
||||||
return $class->goToPortal( $req, $req->{env}->{REQUEST_URI} );
|
return $class->goToPortal( $req, $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Uri} } );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -270,10 +285,10 @@ sub updateStatus {
|
||||||
my ( $class, $req, $action, $user, $url ) = @_;
|
my ( $class, $req, $action, $user, $url ) = @_;
|
||||||
my $statusPipe = $class->tsv->{statusPipe} or return;
|
my $statusPipe = $class->tsv->{statusPipe} or return;
|
||||||
$user ||= $req->{env}->{REMOTE_ADDR};
|
$user ||= $req->{env}->{REMOTE_ADDR};
|
||||||
$url ||= $req->{env}->{REQUEST_URI};
|
$url ||= $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Uri} };
|
||||||
eval {
|
eval {
|
||||||
$statusPipe->print(
|
$statusPipe->print(
|
||||||
"$user => " . $req->{env}->{HTTP_HOST} . "$url $action\n" );
|
"$user => " . $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Host} } . "$url $action\n" );
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -397,7 +412,7 @@ sub grant {
|
||||||
# @return Constant $class->FORBIDDEN
|
# @return Constant $class->FORBIDDEN
|
||||||
sub forbidden {
|
sub forbidden {
|
||||||
my ( $class, $req, $session, $vhost ) = @_;
|
my ( $class, $req, $session, $vhost ) = @_;
|
||||||
my $uri = $req->{env}->{REQUEST_URI};
|
my $uri = $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Uri} };
|
||||||
my $portal = $class->tsv->{portal}->();
|
my $portal = $class->tsv->{portal}->();
|
||||||
$portal = ( $portal =~ m#^https?://([^/]*).*# )[0];
|
$portal = ( $portal =~ m#^https?://([^/]*).*# )[0];
|
||||||
$portal =~ s/:\d+$//;
|
$portal =~ s/:\d+$//;
|
||||||
|
@ -688,7 +703,7 @@ sub _isHttps {
|
||||||
# @return URL
|
# @return URL
|
||||||
sub _buildUrl {
|
sub _buildUrl {
|
||||||
my ( $class, $req, $s ) = @_;
|
my ( $class, $req, $s ) = @_;
|
||||||
my $realvhost = $req->{env}->{HTTP_HOST};
|
my $realvhost = $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Host} };
|
||||||
my $vhost = $class->resolveAlias($req);
|
my $vhost = $class->resolveAlias($req);
|
||||||
my $_https = $class->_isHttps( $req, $vhost );
|
my $_https = $class->_isHttps( $req, $vhost );
|
||||||
my $portString = $class->_getPort( $req, $vhost );
|
my $portString = $class->_getPort( $req, $vhost );
|
||||||
|
@ -782,7 +797,7 @@ sub cleanHeaders {
|
||||||
# returns vhost whose current hostname is an alias
|
# returns vhost whose current hostname is an alias
|
||||||
sub resolveAlias {
|
sub resolveAlias {
|
||||||
my ( $class, $req ) = @_;
|
my ( $class, $req ) = @_;
|
||||||
my $vhost = ref $req ? $req->{env}->{HTTP_HOST} : $req;
|
my $vhost = ref $req ? $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Host} } : $req;
|
||||||
|
|
||||||
$vhost =~ s/:\d+//;
|
$vhost =~ s/:\d+//;
|
||||||
return $class->tsv->{vhostAlias}->{$vhost}
|
return $class->tsv->{vhostAlias}->{$vhost}
|
||||||
|
@ -806,7 +821,7 @@ sub abort {
|
||||||
|
|
||||||
# If abort is called without a valid request, fall to die
|
# If abort is called without a valid request, fall to die
|
||||||
eval {
|
eval {
|
||||||
my $uri = $req->{env}->{REQUEST_URI};
|
my $uri = $req->{env}->{ $reqVar->{ $ENV{LLNG_HANDLER_ENGINE} }->{Uri} };
|
||||||
|
|
||||||
$class->logger->error($msg);
|
$class->logger->error($msg);
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,8 @@ use Lemonldap::NG::Handler::Server::Main;
|
||||||
|
|
||||||
our $VERSION = '2.1.0';
|
our $VERSION = '2.1.0';
|
||||||
|
|
||||||
|
$ENV{LLNG_HANDLER_ENGINE} ||= 'nginx';
|
||||||
|
|
||||||
extends 'Lemonldap::NG::Handler::PSGI';
|
extends 'Lemonldap::NG::Handler::PSGI';
|
||||||
|
|
||||||
sub init {
|
sub init {
|
||||||
|
@ -35,7 +37,7 @@ sub _run {
|
||||||
Lemonldap::NG::Common::PSGI::Request->new($req) );
|
Lemonldap::NG::Common::PSGI::Request->new($req) );
|
||||||
|
|
||||||
# Transform 302 responses in 401 since Nginx refuse it
|
# Transform 302 responses in 401 since Nginx refuse it
|
||||||
if ( $res->[0] == 302 or $res->[0] == 303 ) {
|
if ( ( $res->[0] == 302 or $res->[0] == 303 ) and $ENV{LLNG_HANDLER_ENGINE} eq 'nginx' ) {
|
||||||
$res->[0] = 401;
|
$res->[0] = 401;
|
||||||
}
|
}
|
||||||
return $res;
|
return $res;
|
||||||
|
@ -69,14 +71,16 @@ sub handler {
|
||||||
my @convertedHdrs =
|
my @convertedHdrs =
|
||||||
( 'Content-Length' => 0, Cookie => ( $req->env->{HTTP_COOKIE} // '' ) );
|
( 'Content-Length' => 0, Cookie => ( $req->env->{HTTP_COOKIE} // '' ) );
|
||||||
my $i = 0;
|
my $i = 0;
|
||||||
while ( my ( $k, $v ) = splice( @{ $req->{respHeaders} }, 0, 2 ) ) {
|
if ( $ENV{LLNG_HANDLER_ENGINE} eq 'nginx' ) {
|
||||||
if ( $k =~ /^(?:Deleteheader\d+|Lm-Remote-(?:User|Custom)|Cookie)$/ ) {
|
while ( my ( $k, $v ) = splice( @{ $req->{respHeaders} }, 0, 2 ) ) {
|
||||||
push @convertedHdrs, $k, $v;
|
if ( $k =~ /^(?:Deleteheader\d+|Lm-Remote-(?:User|Custom)|Cookie)$/ ) {
|
||||||
}
|
push @convertedHdrs, $k, $v;
|
||||||
else {
|
}
|
||||||
$i++;
|
else {
|
||||||
push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $v, $k,
|
$i++;
|
||||||
$v;
|
push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $v, $k,
|
||||||
|
$v;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return [ 200, \@convertedHdrs, [] ];
|
return [ 200, \@convertedHdrs, [] ];
|
||||||
|
|
Loading…
Reference in New Issue