diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm index a14839272d2a57d5bb413f5ce16529a54f912cdd..25846e3e8f2f2ca2a95233d2ad4f49b4e5cef870 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/PSGI.pm @@ -238,9 +238,11 @@ sub sendRawHtml { sub abort { my ( $self, $err ) = @_; eval { $self->logger->error($err) }; - return sub { - $self->sendError( $self->newRequest( $_[0] ), $err, 500 ); - }; + return $self->psgiAdapter( + sub { + $self->sendError( $_[0], $err, 500 ); + } + ); } sub _mustBeDefined { @@ -335,16 +337,6 @@ sub sendHtml { # Main method # ############### -sub newRequest { - my ( $self, $env ) = @_; - my $req = Lemonldap::NG::Common::PSGI::Request->new($env); - $self->logger->info( "New request " - . ref($self) . " " - . $req->method . " " - . $req->request_uri ); - return $req; -} - sub run { my ( $self, $args ) = @_; $args //= {}; @@ -357,13 +349,27 @@ sub run { sub _run { my $self = shift; + return $self->psgiAdapter( + sub { + $self->handler( $_[0] ); + } + ); +} + +# This method turns a sub that takes a Lemonldap::NG::Common::PSGI::Request +# obect and returns a PSGI response into a proper PSGI method. +sub psgiAdapter { + my ( $self, $sub ) = @_; return sub { - $self->_logAndHandle( $self->newRequest( $_[0] ) ); - }; + my $env = shift; + my $req = Lemonldap::NG::Common::PSGI::Request->new($env); + return $self->logAndRun( $req, $sub ); + } } -sub _logAndHandle { - my ( $self, $req ) = @_; +# This method sets up LemonLDAP::NG logging for the current request +sub logAndRun { + my ( $self, $req, $sub ) = @_; # register the request object to the logging system if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) { @@ -374,8 +380,12 @@ sub _logAndHandle { $self->userLogger->setRequestObj($req); } - # Call the handler - my $res = $self->handler($req); + $self->logger->info( "New request " + . ref($self) . " " + . $req->method . " " + . $req->request_uri ); + + my $res = $sub->($req); # Clear the logging system before the next request if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) { diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm index f1f7c474a3429e72d4ed877c618f3c7f8e1c8a42..cec3b7f4aac38e6f2a4927fd514b6c000aeee019 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/PSGI.pm @@ -38,7 +38,7 @@ sub init { ## @methodi void _run() # Check if protecton is activated then return a code ref that will launch -# _logAuthTrace() if protection in on or handler() else +# _authAndTrace() if protection in on or handler() else #@return code-ref sub _run { my $self = shift; @@ -49,9 +49,11 @@ sub _run { # Handle requests # Developers, be careful: Only this part is executed at each request - return sub { - return $self->_logAuthTrace( $self->newRequest( $_[0] ) ); - }; + return $self->psgiAdapter( + sub { + return $self->_authAndTrace( $_[0] ); + } + ); } else { @@ -65,12 +67,14 @@ sub _run { } # Handle unprotected requests - return sub { - my $req = $self->newRequest( $_[0] ); - my $res = $self->_logAndHandle($req); - push @{ $res->[1] }, $req->spliceHdrs; - return $res; - }; + return $self->psgiAdapter( + sub { + my $req = $_[0]; + my $res = $self->handler($req); + push @{ $res->[1] }, $req->spliceHdrs; + return $res; + } + ); } } @@ -85,11 +89,13 @@ sub status { eval { $self->api->checkConf() }; $self->logger->error($@) if ($@); } - return sub { - my $req = $self->newRequest( $_[0] ); - $self->api->status($req); - return [ 200, [ $req->spliceHdrs ], [ $req->{respBody} ] ]; - }; + return $self->psgiAdapter( + sub { + my $req = $_[0]; + $self->api->status($req); + return [ 200, [ $req->spliceHdrs ], [ $req->{respBody} ] ]; + } + ); } sub reload { @@ -103,39 +109,13 @@ sub reload { eval { $self->api->checkConf() }; $self->logger->error($@) if ($@); } - return sub { - my $req = $self->newRequest( $_[0] ); - $self->api->reload($req); - return [ 200, [ $req->spliceHdrs ], [ $req->{respBody} ] ]; - }; -} - -sub _logAuthTrace { - my ( $self, $req, $noCall ) = @_; - - # register the request object to the logging system - if ( ref( $self->logger ) and $self->logger->can('setRequestObj') ) { - $self->logger->setRequestObj($req); - } - if ( ref( $self->userLogger ) and $self->userLogger->can('setRequestObj') ) - { - $self->userLogger->setRequestObj($req); - } - - # Call the handler - my $res = $self->_authAndTrace( $req, $noCall ); - - # Clear the logging system before the next request - if ( ref( $self->logger ) and $self->logger->can('clearRequestObj') ) { - $self->logger->clearRequestObj($req); - } - if ( ref( $self->userLogger ) - and $self->userLogger->can('clearRequestObj') ) - { - $self->userLogger->clearRequestObj($req); - } - - return $res; + return $self->psgiAdapter( + sub { + my $req = $_[0]; + $self->api->reload($req); + return [ 200, [ $req->spliceHdrs ], [ $req->{respBody} ] ]; + } + ); } ## @method private PSGI-Response _authAndTrace($req) @@ -165,7 +145,7 @@ sub _authAndTrace { } else { $self->logger->debug('User authenticated, calling handler()'); - $res = $self->_logAndHandle($req); + $res = $self->handler($req); push @{ $res->[1] }, $req->spliceHdrs; return $res; } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm index 393fa55f620d7f3b215648c038e2f323bf61d650..dc75f83318b955399ac6bdc08a03ebf135197425 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/PSGI/Try.pm @@ -83,30 +83,32 @@ sub defaultUnauthRoute { sub _run { my $self = shift; - return sub { - my $req = $self->newRequest( $_[0] ); - my $res = $self->_logAuthTrace( $req, 1 ); - if ( $res->[0] < 300 ) { - $self->routes( $self->authRoutes ); - $req->userData( $self->api->data ); - $req->respHeaders( $res->[1] ); - } - elsif ( $res->[0] != 403 and not $req->data->{noTry} ) { - - # Unset headers (handler adds a Location header) - $self->logger->debug( - "User not authenticated, Try in use, cancel redirection"); - $req->userData( {} ); - $req->respHeaders( [] ); - $self->routes( $self->unAuthRoutes ); - } - else { + return $self->psgiAdapter( + sub { + my $req = $_[0]; + my $res = $self->_authAndTrace( $req, 1 ); + if ( $res->[0] < 300 ) { + $self->routes( $self->authRoutes ); + $req->userData( $self->api->data ); + $req->respHeaders( $res->[1] ); + } + elsif ( $res->[0] != 403 and not $req->data->{noTry} ) { + + # Unset headers (handler adds a Location header) + $self->logger->debug( + "User not authenticated, Try in use, cancel redirection"); + $req->userData( {} ); + $req->respHeaders( [] ); + $self->routes( $self->unAuthRoutes ); + } + else { + return $res; + } + $res = $self->handler($req); + push @{ $res->[1] }, $req->spliceHdrs; return $res; } - $res = $self->_logAndHandle($req); - push @{ $res->[1] }, $req->spliceHdrs; - return $res; - }; + ); } diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server.pm index dfc4392468504e6f25d5e7d9c8035c647492644a..4a8fcc8f41cde273c461b8e1ec07cc338c35adea 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server.pm @@ -23,13 +23,15 @@ sub init { # sub _run { my ($self) = @_; - return sub { - my $req = $self->newRequest( $_[0] ); - my $res = $self->_logAuthTrace($req); - push @{ $res->[1] }, $req->spliceHdrs, - Cookie => ( $req->{Cookie} // '' ); - return $res; - }; + return $self->psgiAdapter( + sub { + my $req = $_[0]; + my $res = $self->_authAndTrace($req); + push @{ $res->[1] }, $req->spliceHdrs, + Cookie => ( $req->{Cookie} // '' ); + return $res; + } + ); } ## @method PSGI-Response handler($req) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm index e059f3a677939a6b2d41b2a319ed81cbd4b108a4..bb5571fa8189d0da307c16fb67452445c8103f0f 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Nginx.pm @@ -17,7 +17,7 @@ sub init { } ## @method void _run() -# Return a subroutine that call _logAuthTrace() and tranform redirection +# Return a subroutine that call _authAndTrace() and tranform redirection # response code from 302 to 401 (not authenticated) ones. This is required # because Nginx "auth_request" parameter does not accept it. The Nginx # configuration file should transform them back to 302 using: @@ -28,16 +28,18 @@ sub init { #@return subroutine that will be called to manage FastCGI queries sub _run { my $self = shift; - return sub { - my $env = $_[0]; - my $res = $self->_logAuthTrace( $self->newRequest($env) ); + return $self->psgiAdapter( + sub { + my $req = $_[0]; + my $res = $self->_authAndTrace($req); - # Transform 302 responses in 401 since Nginx refuse it - if ( $res->[0] == 302 or $res->[0] == 303 ) { - $res->[0] = 401; + # Transform 302 responses in 401 since Nginx refuse it + if ( $res->[0] == 302 or $res->[0] == 303 ) { + $res->[0] = 401; + } + return $res; } - return $res; - }; + ); } ## @method PSGI-Response handler() diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Traefik.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Traefik.pm index 415ba5a0c92726584356bbf31f74abd6a00807fd..4edbafa6528e9e358c4131685567a220410ea359 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Traefik.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Server/Traefik.pm @@ -16,11 +16,21 @@ sub init { sub _run { my $self = shift; + + # Create regular _authAndTrace PSGI app + my $app = $self->psgiAdapter( + sub { + my $req = $_[0]; + return $self->_authAndTrace($req); + } + ); + + # Middleware to set correct values for Traefik return sub { my $env = $_[0]; $env->{HTTP_HOST} = $env->{HTTP_X_FORWARDED_HOST}; $env->{REQUEST_URI} = $env->{HTTP_X_FORWARDED_URI}; - return $self->_logAuthTrace( $self->newRequest($env) ); + return $app->($env); } }