Add regexp capture feature in rules (#321)
This commit is contained in:
parent
6453a04a55
commit
aa2fa22074
|
@ -572,9 +572,10 @@ sub substitute {
|
|||
$expr =~ s/\$ip\b/\$ENV{REMOTE_ADDR}/sg;
|
||||
|
||||
# substitute vars with session data, excepts special vars $_ and $\d+
|
||||
$expr =~ s/\$(?!(?:ENV|env)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
|
||||
$expr =~ s/\$(?!(?:ENV|env|_rulematch)\b)(_\w+|[a-zA-Z]\w*)/\$s->{$1}/sg;
|
||||
$expr =~ s/\$ENV\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\$env->\{/\$r->{env}->\{/g;
|
||||
$expr =~ s/\$_rulematch\[/\$m->\[/g;
|
||||
|
||||
return $expr;
|
||||
}
|
||||
|
@ -582,7 +583,7 @@ sub substitute {
|
|||
sub buildSub {
|
||||
my ( $class, $val ) = @_;
|
||||
my $res =
|
||||
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s)=\@_;return($val)}");
|
||||
$class->tsv->{jail}->jail_reval("sub{my (\$r,\$s,\$m)=\@_;return($val)}");
|
||||
unless ($res) {
|
||||
$class->logger->error( $class->tsv->{jail}->error );
|
||||
}
|
||||
|
|
|
@ -284,11 +284,12 @@ sub grant {
|
|||
)
|
||||
{
|
||||
if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
|
||||
my $match = [ undef, @{^CAPTURE} ] || [];
|
||||
$class->logger->debug( 'Regexp "'
|
||||
. $class->tsv->{locationConditionText}->{$vhost}->[$i]
|
||||
. '" match' );
|
||||
return $class->tsv->{locationCondition}->{$vhost}->[$i]
|
||||
->( $req, $session );
|
||||
->( $req, $session, $match );
|
||||
}
|
||||
}
|
||||
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
|
||||
|
@ -298,7 +299,7 @@ sub grant {
|
|||
return 0;
|
||||
}
|
||||
$class->logger->debug("$vhost: Apply default rule");
|
||||
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session );
|
||||
return $class->tsv->{defaultCondition}->{$vhost}->( $req, $session, [] );
|
||||
}
|
||||
|
||||
## @rmethod protected int forbidden(string uri)
|
||||
|
|
|
@ -37,6 +37,12 @@ ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
|||
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/user_dwho/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Regexp query' );
|
||||
ok( $res->[0] == 200, 'Code is 200' ) or explain( $res, 200 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Denied query
|
||||
ok( $res = $client->_get( '/deny', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Denied query' );
|
||||
|
@ -44,6 +50,12 @@ ok( $res->[0] == 403, 'Code is 403' ) or explain( $res->[0], 403 );
|
|||
|
||||
count(2);
|
||||
|
||||
ok( $res = $client->_get( '/user_rtyler/', undef, undef, "lemonldap=$sessionId" ),
|
||||
'Regexp deny query' );
|
||||
ok( $res->[0] == 403, 'Code is 403' ) or explain( $res, 403 );
|
||||
|
||||
count(2);
|
||||
|
||||
# Bad cookie
|
||||
ok(
|
||||
$res = $client->_get(
|
||||
|
|
|
@ -43,6 +43,7 @@
|
|||
"test1.example.com": {
|
||||
"^/logout": "logout_sso",
|
||||
"^/deny": "deny",
|
||||
"^/user_(\\w+)/": "$uid eq $_rulematch[1]",
|
||||
"default": "accept"
|
||||
},
|
||||
"test2.example.com": {
|
||||
|
|
Loading…
Reference in New Issue