Rearrange Nginx files

Makefile

@@ -321,6 +321,11 @@ start_web_server:	all prepare_test_server
 	@if test "$(TESTWEBSERVER)" = "apache"; then \
 		LLNG_DEFAULTCONFFILE=`pwd`/e2e-tests/conf/lemonldap-ng.ini /usr/sbin/apache2 -d `pwd`/e2e-tests -f apache2.conf -k start; \
 	elif test "$(TESTWEBSERVER)" = "nginx"; then \
+		echo "Testing nginx conf"; \
+		$(NGINX) -t -p `pwd`/e2e-tests \
+			-g 'error_log '`pwd`'/e2e-tests/conf/nginx.log;' \
+			-c `pwd`/e2e-tests/nginx.conf \
+			2>&1 | grep -v 'Permission denied' || true; \
 		echo "Launching nginx"; \
 		$(NGINX) -p `pwd`/e2e-tests \
 			-g 'error_log '`pwd`'/e2e-tests/conf/nginx.log;' \
@@ -364,12 +369,10 @@ restart_web_server: start_web_server
 
 plackup:
 	@LLNG_DEFAULTCONFFILE=`pwd`/e2e-tests/conf/lemonldap-ng.ini \
-	/sbin/start-stop-daemon --start \
-		--pidfile e2e-tests/conf/plackup.pid \
-		-d `pwd` -b -m \
-		--exec /usr/bin/plackup -- \
-		-s FCGI \
+	plackup -s FCGI \
 		--listen e2e-tests/conf/llng.sock \
+		--daemonize --pid e2e-tests/conf/plackup.pid \
+		--nproc 1 --proc-title llng-fastcgi-server \
 		e2e-tests/llng.psgi
 
 #

_example/etc/handler-nginx.conf

@@ -25,7 +25,8 @@ server {
   # Client requests
   location / {
     auth_request /lmauth;
-    auth_request_set $lmlocation $upstream_http_x_location;
+    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
+    auth_request_set $lmlocation $upstream_http_location;
     error_page 401 $lmlocation;
     try_files $uri $uri/ =404;
 

debian/control

@@ -111,7 +111,7 @@ Package: liblemonldap-ng-handler-perl
 Architecture: all
 Depends: ${misc:Depends},
          ${perl:Depends},
-         libapache2-mod-perl2,
+         libapache2-mod-perl2 | nginx,
          liblemonldap-ng-common-perl (= ${binary:Version}),
          libmouse-perl,
          liburi-perl,

e2e-tests/llng.psgi

@@ -18,8 +18,8 @@ my %_apps;
 
 my %builder = (
     handler => sub {
-        require Lemonldap::NG::Handler::PSGI::Server;
-        return Lemonldap::NG::Handler::PSGI::Server->run( {} );
+        require Lemonldap::NG::Handler::Nginx;
+        return Lemonldap::NG::Handler::Nginx->run( {} );
     },
     manager => sub {
         require Lemonldap::NG::Manager;

lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI/Request.pm

@@ -119,6 +119,8 @@ has CONTENT_LENGTH => (
 );
 has error => ( is => 'rw', isa => 'Str', default => '' );
 
+has respHeaders => ( is => 'rw', isa => 'HashRef' );
+
 # JSON parser
 sub jsonBodyToObj {
     my $self = shift;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API.pm

@@ -43,8 +43,8 @@ sub AUTOLOAD {
     # - Nginx
     if ( !$mode or $func eq 'newRequest' ) {
         $mode =
-          ( ( caller(1) )[0] eq 'Lemonldap::NG::Handler::PSGI::Server' )
-          ? 'PSGI/Server'
+          ( ( caller(1) )[0] eq 'Lemonldap::NG::Handler::Nginx' )
+          ? 'Nginx'
           : (
             ( caller(0) )[0] =~ /^Lemonldap::NG::Handler::PSGI/
               or (
@@ -57,7 +57,7 @@ sub AUTOLOAD {
           : $ENV{GATEWAY_INTERFACE} ? 'CGI'
           : ( MP == 2 )             ? 'ApacheMP2'
           : ( MP == 1 )             ? 'ApacheMP1'
-          : $main::{'nginx::'}      ? 'Nginx'
+          : $main::{'nginx::'}      ? 'ExperimentalNginx'
           :                           'CGI';
         unless ( $INC{"Lemonldap/NG/Handler/API/$mode.pm"} ) {
             $mode =~ s#/#::#g;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm

+package Lemonldap::NG::Handler::API::Nginx;
+
+our $VERSION = '1.9.0';
+
+use constant FORBIDDEN         => 403;
+use constant HTTP_UNAUTHORIZED => 401;
+use constant REDIRECT          => 302;
+use constant OK                => 0;
+use constant DECLINED          => -1;
+use constant DONE              => -2;
+use constant SERVER_ERROR      => 500;
+use constant AUTH_REQUIRED     => 401;
+use constant MAINTENANCE       => 503;
+
+my $request;    # Nginx object for current request
+
+## @method void thread_share(string $variable)
+# not applicable with Nginx
+sub thread_share {
+}
+
+## @method void setServerSignature(string sign)
+# modifies web server signature
+# @param $sign String to add to server signature
+sub setServerSignature {
+    my ( $class, $sign ) = @_;
+
+    # TODO
+}
+
+sub newRequest {
+    my ( $class, $r ) = @_;
+    $request                  = $r;
+    $Lemonldap::NG::API::mode = 'Nginx';
+}
+
+## @method void lmLog(string $msg, string $level)
+# logs message $msg to Apache logs with loglevel $level
+# @param $msg string message to log
+# @param $level string loglevel
+sub lmLog {
+    my ( $class, $msg, $level ) = @_;
+
+    # TODO
+}
+
+## @method void set_user(string user)
+# sets remote_user
+# @param user string username
+sub set_user {
+    my ( $class, $user ) = @_;
+    $request->variable( 'lmremote_user', $user );
+}
+
+## @method string header_in(string header)
+# returns request header value
+# @param header string request header
+# @return request header value
+sub header_in {
+    my ( $class, $header ) = @_;
+    $header ||= $class;    # to use header_in as a method or as a function
+    return $request->header_in($header);
+}
+
+## @method void set_header_in(hash headers)
+# sets or modifies request headers
+# @param headers hash containing header names => header value
+sub set_header_in {
+    my ( $class, %headers ) = @_;
+    while ( my ( $h, $v ) = each %headers ) {
+        if ( $h =~ /cookie/i ) {
+
+            # TODO: check that variable $lmcookie is defined,
+            #       else warn that LL::NG cookie will not be removed
+            $request->variable( 'lmcookie', $v );
+        }
+        else {
+            # TODO: check that header is not yet set, else throw warning
+            #       or reject request if mode paranoid is set
+            # TODO: check that variable nginxName($h) is defined,
+            #       else warn that header will not be sent
+            $request->variable( nginxName($h), $v );
+        }
+    }
+}
+
+## @method void unset_header_in(array headers)
+# removes request headers
+# @param headers array with header names to remove
+sub unset_header_in {
+    my ( $class, @headers ) = @_;
+    foreach my $h1 (@headers) {
+
+        # TODO: check that header is not yet set, else throw warning
+        $request->variable( nginxName($h), '' );
+    }
+}
+
+## @method void set_header_out(hash headers)
+# sets response headers
+# @param headers hash containing header names => header value
+sub set_header_out {
+    my ( $class, %headers ) = @_;
+    while ( my ( $h, $v ) = each %headers ) {
+        if ( $h =~ /location/i ) {
+            $request->variable( 'lmlocation', $v );
+        }
+        else {
+            $request->header_out( $h, $v );
+        }
+    }
+}
+
+## @method string hostname()
+# returns host, as set by full URI or Host header
+# @return host string Host value
+sub hostname {
+    my $class = shift;
+    return $request->variable('host');
+}
+
+## @method string remote_ip
+# returns client IP address
+# @return IP_Addr string client IP
+sub remote_ip {
+    my $class = shift;
+    return $request->variable('remote_addr');
+}
+
+## @method boolean is_initial_req
+# returns true unless the current request is a subrequest
+# @return is_initial_req boolean
+sub is_initial_req {
+    my $class = shift;
+    return 1;
+}
+
+## @method string args(string args)
+# gets the query string
+# @return args string Query string
+sub args {
+    my $class = shift;
+    return $request->args();
+}
+
+## @method string uri
+# returns the path portion of the URI, normalized, i.e. :
+# * URL decoded (characters encoded as %XX are decoded,
+#   except ? in order not to merge path and query string)
+# * references to relative path components "." and ".." are resolved
+# * two or more adjacent slashes are merged into a single slash
+# @return path portion of the URI, normalized
+sub uri {
+    my $class = shift;
+    return $request->uri();
+}
+
+## @method string uri_with_args
+# returns the URI, with arguments and with path portion normalized
+# @return URI with normalized path portion
+sub uri_with_args {
+    my $class = shift;
+    return uri() . ( $request->args ? "?" . $request->args : "" );
+}
+
+## @method string unparsed_uri
+# returns the full original request URI, with arguments
+# @return full original request URI, with arguments
+sub unparsed_uri {
+    my $class = shift;
+    return $request->variable('request_uri');
+}
+
+## @method string get_server_port
+# returns the port the server is receiving the current request on
+# @return port string server port
+sub get_server_port {
+    my $class = shift;
+    return $request->variable('server_port');
+}
+
+## @method string method
+# returns the method the request is sent with
+# @return port string server port
+sub method {
+    my $class = shift;
+    return $request->request_method;
+}
+
+## @method void print(string data)
+# write data in HTTP response body
+# @param data Text to add in response body
+sub print {
+    my ( $class, $data ) = @_;
+    $request->print($data);
+}
+
+## @method void addToHtmlHead(string data)
+# add data at end of html head: not feasible with Nginx
+# @param data Text to add in html head
+sub addToHtmlHead {
+    my ( $class, $data ) = @_;
+
+    # TODO: throw error log
+}
+
+## @method void setPostParams(hashref $params)
+# add or modify parameters in POST request body: not feasible with Nginx
+# @param $params hashref containing name => value
+sub setPostParams {
+    my ( $class, $params ) = @_;
+
+    # TODO: throw error log
+}
+
+sub nginxName {
+    my $h = lc(shift);
+    $h =~ s/-/_/g;
+    return "lm_$h";
+}
+
+1;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/Nginx.pm

 package Lemonldap::NG::Handler::API::Nginx;
 
+use strict;
 our $VERSION = '1.9.0';
 
-use constant FORBIDDEN         => 403;
-use constant HTTP_UNAUTHORIZED => 401;
-use constant REDIRECT          => 302;
-use constant OK                => 0;
-use constant DECLINED          => -1;
-use constant DONE              => -2;
-use constant SERVER_ERROR      => 500;
-use constant AUTH_REQUIRED     => 401;
-use constant MAINTENANCE       => 503;
+use base 'Lemonldap::NG::Handler::API::PSGI';
 
-my $request;    # Nginx object for current request
-
-## @method void thread_share(string $variable)
-# not applicable with Nginx
-sub thread_share {
-}
-
-## @method void setServerSignature(string sign)
-# modifies web server signature
-# @param $sign String to add to server signature
-sub setServerSignature {
-    my ( $class, $sign ) = @_;
-
-    # TODO
-}
-
-sub newRequest {
-    my ( $class, $r ) = @_;
-    $request                  = $r;
-    $Lemonldap::NG::API::mode = 'Nginx';
-}
-
-## @method void lmLog(string $msg, string $level)
-# logs message $msg to Apache logs with loglevel $level
-# @param $msg string message to log
-# @param $level string loglevel
-sub lmLog {
-    my ( $class, $msg, $level ) = @_;
-
-    # TODO
-}
-
-## @method void set_user(string user)
-# sets remote_user
-# @param user string username
-sub set_user {
-    my ( $class, $user ) = @_;
-    $request->variable( 'lmremote_user', $user );
-}
-
-## @method string header_in(string header)
-# returns request header value
-# @param header string request header
-# @return request header value
-sub header_in {
-    my ( $class, $header ) = @_;
-    $header ||= $class;    # to use header_in as a method or as a function
-    return $request->header_in($header);
-}
-
-## @method void set_header_in(hash headers)
-# sets or modifies request headers
-# @param headers hash containing header names => header value
-sub set_header_in {
-    my ( $class, %headers ) = @_;
-    while ( my ( $h, $v ) = each %headers ) {
-        if ( $h =~ /cookie/i ) {
-
-            # TODO: check that variable $lmcookie is defined,
-            #       else warn that LL::NG cookie will not be removed
-            $request->variable( 'lmcookie', $v );
-        }
-        else {
-            # TODO: check that header is not yet set, else throw warning
-            #       or reject request if mode paranoid is set
-            # TODO: check that variable nginxName($h) is defined,
-            #       else warn that header will not be sent
-            $request->variable( nginxName($h), $v );
-        }
-    }
-}
-
-## @method void unset_header_in(array headers)
-# removes request headers
-# @param headers array with header names to remove
-sub unset_header_in {
-    my ( $class, @headers ) = @_;
-    foreach my $h1 (@headers) {
-
-        # TODO: check that header is not yet set, else throw warning
-        $request->variable( nginxName($h), '' );
-    }
-}
-
-## @method void set_header_out(hash headers)
-# sets response headers
-# @param headers hash containing header names => header value
-sub set_header_out {
-    my ( $class, %headers ) = @_;
-    while ( my ( $h, $v ) = each %headers ) {
-        if ( $h =~ /location/i ) {
-            $request->variable( 'lmlocation', $v );
-        }
-        else {
-            $request->header_out( $h, $v );
-        }
-    }
-}
-
-## @method string hostname()
-# returns host, as set by full URI or Host header
-# @return host string Host value
-sub hostname {
-    my $class = shift;
-    return $request->variable('host');
-}
-
-## @method string remote_ip
-# returns client IP address
-# @return IP_Addr string client IP
-sub remote_ip {
-    my $class = shift;
-    return $request->variable('remote_addr');
-}
-
-## @method boolean is_initial_req
-# returns true unless the current request is a subrequest
-# @return is_initial_req boolean
-sub is_initial_req {
-    my $class = shift;
-    return 1;
-}
-
-## @method string args(string args)
-# gets the query string
-# @return args string Query string
-sub args {
-    my $class = shift;
-    return $request->args();
-}
-
-## @method string uri
-# returns the path portion of the URI, normalized, i.e. :
-# * URL decoded (characters encoded as %XX are decoded,
-#   except ? in order not to merge path and query string)
-# * references to relative path components "." and ".." are resolved
-# * two or more adjacent slashes are merged into a single slash
-# @return path portion of the URI, normalized
 sub uri {
-    my $class = shift;
-    return $request->uri();
-}
-
-## @method string uri_with_args
-# returns the URI, with arguments and with path portion normalized
-# @return URI with normalized path portion
-sub uri_with_args {
-    my $class = shift;
-    return uri() . ( $request->args ? "?" . $request->args : "" );
-}
-
-## @method string unparsed_uri
-# returns the full original request URI, with arguments
-# @return full original request URI, with arguments
-sub unparsed_uri {
-    my $class = shift;
-    return $request->variable('request_uri');
-}
-
-## @method string get_server_port
-# returns the port the server is receiving the current request on
-# @return port string server port
-sub get_server_port {
-    my $class = shift;
-    return $request->variable('server_port');
-}
-
-## @method string method
-# returns the method the request is sent with
-# @return port string server port
-sub method {
-    my $class = shift;
-    return $request->request_method;
-}
-
-## @method void print(string data)
-# write data in HTTP response body
-# @param data Text to add in response body
-sub print {
-    my ( $class, $data ) = @_;
-    $request->print($data);
-}
-
-## @method void addToHtmlHead(string data)
-# add data at end of html head: not feasible with Nginx
-# @param data Text to add in html head
-sub addToHtmlHead {
-    my ( $class, $data ) = @_;
-
-    # TODO: throw error log
-}
-
-## @method void setPostParams(hashref $params)
-# add or modify parameters in POST request body: not feasible with Nginx
-# @param $params hashref containing name => value
-sub setPostParams {
-    my ( $class, $params ) = @_;
-
-    # TODO: throw error log
-}
-
-sub nginxName {
-    my $h = lc(shift);
-    $h =~ s/-/_/g;
-    return "lm_$h";
+    return $Lemonldap::NG::Handler::API::PSGI::request->original_uri;
 }
 
 1;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI.pm

@@ -30,6 +30,10 @@ sub thread_share {
     # nothing to do in PSGI
 }
 
+## @method void newRequest($r)
+# Store request in global $request variable
+#
+#@param $r Lemonldap::NG::Common::PSGI::Request
 sub newRequest {
     my ( $class, $r ) = @_;
     $request                  = $r;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/API/PSGI/Server.pm

-package Lemonldap::NG::Handler::API::PSGI::Server;
-
-use strict;
-our $VERSION = '1.9.0';
-
-use base 'Lemonldap::NG::Handler::API::PSGI';
-
-sub uri {
-    return $Lemonldap::NG::Handler::API::PSGI::request->original_uri;
-}
-
-1;

lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Nginx.pm

+# PSGI authentication package written for Nginx. It replace
+# Lemonldap::NG::Handler::PSGI::Server to manage Nginx behaviour
+package Lemonldap::NG::Handler::Nginx;
+
+use strict;
+use Mouse;
+use Lemonldap::NG::Handler::SharedConf qw(:tsv);
+
+extends 'Lemonldap::NG::Handler::PSGI';
+
+## @method Code-Ref _run()
+# Return a subroutine that call _authAndTrace() and tranform redirection
+# response code from 302 to 401 (not authenticated) ones. This is required
+# because Nginx "auth_request" parameter does not accept it. The Nginx
+# configuration file should transform them back to 302 using:
+#
+#   auth_request_set $lmlocation $upstream_http_location;
+#   error_page 401 $lmlocation;
+#
+#@return subroutine that will be called to manage FastCGI queries
+sub _run {
+    my $self = shift;
+    return sub {
+        my $req = $_[0];
+        $self->lmLog( 'New request', 'debug' );
+        my $res = $self->_authAndTrace(
+            Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
+
+        # Transform 302 responses in 401 since Nginx refuse it
+        if ( $res->[0] == 302 or $res->[0] == 303 ) {
+            $res->[0] = 401;
+        }
+
+        # TODO: transform headers in $res->[1]