Apache2-Authen-OdinAuth
view release on metacpan or search on metacpan
lib/Apache2/Authen/OdinAuth.pm view on Meta::CPAN
$| = 1;
=head2 handler(request)
Main Apache mod_perl handler
=cut
sub handler {
#
# get URL
#
my $r = shift;
my $domain = $r->headers_in->{'Host'} || 'UNKNOWN-HOST';
my $path = $r->unparsed_uri;
my $host = hostname;
$ENV{OdinAuth_User} = '';
my $url = $domain . $path;
my $log = "OdinAuth :: $url";
init_config($r);
#########################################################
#
# 1) check we have a cookie secret
#
config->{'secret'} ||= 'nottherightsecret';
#########################################################
#
# 1) determine if we need to perform access control for this url
#
my $allow = 'none';
for my $obj (@{config->{'permissions'}}) {
if ($url =~ $obj->{url}) {
$allow = $obj->{who};
last;
}
}
$log .= " allow:$allow";
#########################################################
#
# 2) we might need auth - see if we have a valid cookie
#
my $cookie_is_invalid = 'by default';
my $cookie_user = '?';
my $cookie_roles = '_';
my $cookies = &parse_cookie_jar($r->headers_in->{'Cookie'});
my $cookie = $cookies->{config->{cookie}};
if ($cookie) {
my ( $user, $roles );
eval {
( $user, $roles ) =
Crypt::OdinAuth::check_cookie(
config->{secret},
$cookie,
$r->headers_in->{'User-Agent'});
};
if ( $@ ) {
$cookie_user = $user;
$cookie_roles = $roles;
chomp ( $cookie_is_invalid = $@ );
$log .= "(invalid cookie: $cookie_is_invalid)";
} else {
$cookie_is_invalid = undef;
$cookie_user = $user;
$cookie_roles = $roles;
$r->headers_in->set('OdinAuth-User', $cookie_user);
$r->headers_in->set('OdinAuth-Roles', $cookie_roles);
$ENV{OdinAuth_User} = $cookie_user;
$ENV{OdinAuth_Roles} = $cookie_roles;
$r->notes->add("OdinAuth_User" => $cookie_user);
$r->notes->add("OdinAuth_Roles" => $cookie_roles);
$log .= " (valid cookie: $cookie_user $cookie_roles)";
}
} else {
$log .= " (no cookie)";
}
$r->log->debug($log);
if ( $cookie_is_invalid ) {
$r->log->warn("Invalid cookie for $cookie_user($cookie_roles): $cookie_is_invalid");
}
#########################################################
#
# 3) exit now if we got an 'all'
#
if (ref $allow ne 'ARRAY') {
if ($allow eq 'all') {
return Apache2::Const::OK;
}
}
#########################################################
#
# 4) if we don't have a valid cookie, redirect to the auther
#
( run in 1.888 second using v1.01-cache-2.11-cpan-6aa56a78535 )