lemonldap-ng/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm

package Lemonldap::NG::Handler::Lib::DevOps;

use strict;
use Lemonldap::NG::Common::UserAgent;
use JSON qw(from_json);

our $VERSION = '2.1.0';
our $_ua;


sub ua {
    return $_ua if ($_ua);
    return $_ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->localConfig );
}

sub checkMaintenanceMode {
    my ( $class, $req ) = @_;
    my $vhost = $class->resolveAlias($req);
    $class->tsv->{lastVhostUpdate} //= {};
    $class->_loadVhostConfig( $req, $vhost )
      unless (
        $class->tsv->{defaultCondition}->{$vhost}
        and (
            time() - $class->tsv->{lastVhostUpdate}->{$vhost} <
            $class->checkTime )
      );

    return $class->Lemonldap::NG::Handler::Main::checkMaintenanceMode($req);
}

sub _loadVhostConfig {
    my ( $class, $req, $vhost ) = @_;
    my $json;
    if ( $class->tsv->{useSafeJail} ) {
        my $rUrl = $req->{env}->{RULES_URL}
          || ( (
                $class->localConfig->{loopBackUrl}
                || "http://127.0.0.1:" . $req->{env}->{SERVER_PORT}
            )
            . '/rules.json'
          );
        my $get = HTTP::Request->new( GET => $rUrl );
        $get->header( Host => $vhost );
        my $resp = $class->ua->request($get);
        if ( $resp->is_success ) {
            eval {
                $json = from_json( $resp->content, { allow_nonref => 1 } ); };
            if ($@) {
                $class->logger->error(
                    "Bad rules.json for $vhost, skipping ($@)");
            }
            else {
                $class->logger->info("Compiling rules.json for $vhost");
            }
        }
    }
    else {
        $class->logger->error(
q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..."
        );
    }
    $json->{rules} ||= { default => 1 };
    $json->{headers} //= { 'Auth-User' => '$uid' };

    # Removed forbidden session attributes
    foreach
      my $v ( split /\s+/, $class->tsv->{hiddenAttributes} )
    {
        foreach ( keys %{ $json->{headers} } ) {
            delete $json->{headers}->{$_}
              if $json->{headers}->{$_} eq '$' . $v;
        }
    }

    $class->logger->debug("DevOps handler called by $vhost");
    $class->locationRulesInit( undef, { $vhost => $json->{rules} } );
    $class->headersInit( undef,       { $vhost => $json->{headers} } );
    $class->tsv->{lastVhostUpdate}->{$vhost} = time;

    return;
}

1;