Commit 346111f2 authored by Xavier Guimard's avatar Xavier Guimard

Nginx in progress: now handler provides uid in logs (#583)

parent aa34a28b
......@@ -373,6 +373,7 @@ plackup:
--listen e2e-tests/conf/llng.sock \
--daemonize --pid e2e-tests/conf/plackup.pid \
--nproc 1 --proc-title llng-fastcgi-server \
--no-default-middleware \
e2e-tests/llng.psgi
#
......@@ -480,7 +481,7 @@ install_webserver_conf:
cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/*-nginx.conf $(RCONFDIR); \
cp -f _example/etc/*nginx*.conf $(RCONFDIR); \
fi
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
s#__PORTALDIR__#$(PORTALDIR)/#g; \
......@@ -893,7 +894,7 @@ default-diff:
@$(DIFF) --ignore-matching-lines='giveUpPrivileges' $(SRCMANAGERDIR)/scripts/lemonldap-ng-cli $(LMPREFIX)/bin/lemonldap-ng-cli ||true
test-diff:
for file in `find lemonldap-ng-*/lib -type f`; do \
@for file in `find lemonldap-ng-*/lib -type f`; do \
$(DIFF) $$file `echo $$file|sed -e s/lib/blib\\\/lib/`; \
done
......
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
......@@ -35,7 +35,6 @@ my %builder = (
sub {
my $type = $_[0]->{LLTYPE} || 'handler';
print STDERR Dumper($_[0]);use Data::Dumper;
return $_apps{$type}->(@_) if ( defined $_apps{$type} );
if ( defined $builder{$type} ) {
$_apps{$type} = $builder{$type}->();
......
......@@ -15,8 +15,9 @@ http {
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log conf/nginx.log;
error_log conf/nginx.log;
include conf/nginx-lmlog.conf;
access_log conf/nginx.log lm_combined;
error_log conf/nginx.log info;
gzip off;
include conf/*nginx.conf;
}
......@@ -57,7 +57,6 @@ t/35-Common-Crypto.t
t/36-Common-Regexp.t
t/40-Common-Session.t
t/99-pod.t
t/lmConf-1.js
tools/apache-session-mysql.sql
tools/lmConfig.CDBI.mysql
tools/lmConfig.RDBI.mysql
......
......@@ -119,7 +119,7 @@ has CONTENT_LENGTH => (
);
has error => ( is => 'rw', isa => 'Str', default => '' );
has respHeaders => ( is => 'rw', isa => 'HashRef' );
has respHeaders => ( is => 'rw', isa => 'HashRef', default => sub { {} } );
# JSON parser
sub jsonBodyToObj {
......
......@@ -9,14 +9,15 @@ lib/Lemonldap/NG/Handler/API.pm
lib/Lemonldap/NG/Handler/API/ApacheMP1.pm
lib/Lemonldap/NG/Handler/API/ApacheMP2.pm
lib/Lemonldap/NG/Handler/API/CGI.pm
lib/Lemonldap/NG/Handler/API/ExperimentalNginx.pm
lib/Lemonldap/NG/Handler/API/Nginx.pm
lib/Lemonldap/NG/Handler/API/PSGI.pm
lib/Lemonldap/NG/Handler/API/PSGI/Server.pm
lib/Lemonldap/NG/Handler/CGI.pm
lib/Lemonldap/NG/Handler/Main.pm
lib/Lemonldap/NG/Handler/Main/Jail.pm
lib/Lemonldap/NG/Handler/Main/Logger.pm
lib/Lemonldap/NG/Handler/Menu.pm
lib/Lemonldap/NG/Handler/Nginx.pm
lib/Lemonldap/NG/Handler/Proxy.pm
lib/Lemonldap/NG/Handler/PSGI.pm
lib/Lemonldap/NG/Handler/PSGI/Base.pm
......
......@@ -48,12 +48,11 @@ sub newRequest {
*lmLog = *Lemonldap::NG::Common::PSGI::lmLog;
## @method void set_user(string user)
# sets remote_user
# sets remote_user in response headers
# @param user string username
sub set_user {
my ( $class, $user ) = @_;
# TODO
$request->{respHeaders}->{'Lm-Remote-User'} = $user;
}
## @method string header_in(string header)
......
......@@ -8,7 +8,7 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
extends 'Lemonldap::NG::Handler::PSGI';
## @method Code-Ref _run()
## @method void _run()
# Return a subroutine that call _authAndTrace() and tranform redirection
# response code from 302 to 401 (not authenticated) ones. This is required
# because Nginx "auth_request" parameter does not accept it. The Nginx
......@@ -24,7 +24,7 @@ sub _run {
my $req = $_[0];
$self->lmLog( 'New request', 'debug' );
my $res = $self->_authAndTrace(
Lemonldap::NG::Common::PSGI::Request->new( $_[0] ) );
Lemonldap::NG::Common::PSGI::Request->new($req) );
# Transform 302 responses in 401 since Nginx refuse it
if ( $res->[0] == 302 or $res->[0] == 303 ) {
......@@ -50,21 +50,28 @@ sub _run {
# # OR
# #fastcgi_param $fheadername1 $headervalue1;
#
# It add also a header called Lm-Remote-User set to whatToTrace value that can
# be used in Nginx virtualhost configuration to insert user id in logs
# LLNG::Handler::API::PSGI add also a header called Lm-Remote-User set to
# whatToTrace value that can be used in Nginx virtualhost configuration to
# insert user id in logs
#
# auth_request_set $llremoteuser $upstream_http_lm_remote_user
#
#@param $req Lemonldap::NG::Common::PSGI::Request
sub router {
my ( $self, $req ) = @_;
my $hdrs = $req->{respHeaders} || {};
my @convertedHdrs =
[ 'Lm-Remote-User', $self->userId, 'Content-Length', 0 ];
my $hdrs = $req->{respHeaders};
$req->{respHeaders} = {};
my @convertedHdrs = ( 'Content-Length', 0 );
my $i = 0;
foreach my $k ( keys %$hdrs ) {
$i++;
push @convertedHdrs, "Headername$i", $k, "Headervalue$i", $hdrs->{$k};
if ( $k eq 'Lm-Remote-User' ) {
push @convertedHdrs, $k, $hdrs->{$k};
}
else {
$i++;
push @convertedHdrs, "Headername$i", $k, "Headervalue$i",
$hdrs->{$k};
}
}
return [ 200, \@convertedHdrs, [] ];
}
......
......@@ -3,8 +3,7 @@ package Lemonldap::NG::Handler::PSGI;
use 5.10.0;
use Mouse;
extends 'Lemonldap::NG::Handler::PSGI::Base',
'Lemonldap::NG::Common::PSGI';
extends 'Lemonldap::NG::Handler::PSGI::Base', 'Lemonldap::NG::Common::PSGI';
our $VERSION = '1.9.0';
......@@ -14,6 +13,19 @@ sub init {
return $tmp;
}
## @method void _run()
# Return subroutine that add headers stored in $req->{respHeaders} in
# response returned by router()
#
sub _run {
my ($self) = @_;
return sub {
my $res = $self->router( $_[0] );
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
return $res;
};
}
1;
__END__
......
......@@ -27,9 +27,10 @@ sub init {
return 1;
}
## @methodi CODE-ref _run
## @methodi void _run()
# Check if protecton is activated then return a code ref that will launch
# _authAndTrace() if protection in on or router() else
#@return code-ref
sub _run {
my $self = shift;
......
......@@ -14,6 +14,19 @@ sub init {
return $tmp;
}
## @method void _run()
# Return subroutine that add headers stored in $req->{respHeaders} in
# response returned by router()
#
sub _run {
my ($self) = @_;
return sub {
my $res = $self->router( $_[0] );
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
return $res;
};
}
1;
__END__
......
......@@ -6,18 +6,26 @@ use Lemonldap::NG::Handler::SharedConf qw(:tsv);
extends 'Lemonldap::NG::Handler::PSGI';
## @method PSGI-Response router($res)
## @method void _run()
# Return subroutine that add headers stored in $req->{respHeaders} in
# response returned by router()
#
sub _run {
my ($self) = @_;
return sub {
my $res = $self->router( $_[0] );
push @{ $res->[1] }, %{ $_[0]->{respHeaders} };
return $res;
};
}
## @method PSGI-Response router($req)
# If PSGI is used as an authentication FastCGI only, this method will be
# called for authenticated users and will set headers in response without
# content.
# called for authenticated users and returns only 200. Headers are set by
# Lemonldap::NG::Handler::PSGI.
# @param $req Lemonldap::NG::Common::PSGI::Request
sub router {
my ( $self, $req ) = @_;
my $hdrs = $req->{respHeaders} || {};
return [
200, [ 'Lm-Remote-User', $self->userId, 'Content-Length', 0, %$hdrs ],
[]
];
return [ 200, [ 'Content-Length', 0 ], [] ];
}
1;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment