Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:selfmadeapplication [2017/08/28 10:19]
coudot [Perl auto-protected CGI]
documentation:latest:selfmadeapplication [2019/04/23 10:06] (current)
Line 31: Line 31:
 ===== Perl auto-protected CGI ===== ===== Perl auto-protected CGI =====
  
-Using this feature, you don't have to use virtual host protection: protection is embedded in Lemonldap::NG::Handler::CGI.+LL::NG now uses FastCGI instead of CGI, but you still can write your own protected ​CGI.
  
-The protection parameter must be set when calling the new() method: +First create a PSGI module based on Lemonldap::NG::Handler:
-  * ''​none''​no protection +
-  * ''​authenticate''​check authentication but do not manage authorization +
-  * ''​manager'':​ rely on virtual host configuration in Manager +
-  * ''​rule:​ xxx'':​ apply a specific rule  +
- +
-Example: +
-  * Code to replace:+
 <code perl> <code perl>
-my $cgi new CGI+package My::PSGI; 
-...+   
 +use base "​Lemonldap::​NG::​Handler::​PSGI";​ # or Lemonldap::​NG::​Handler::​PSGI::​OAuth2,​ etc… 
 +   
 +sub init { 
 +    ​my ($self,​$args) ​@_
 +    ​$self->​protection('​manager'​);​ 
 +    $self->​SUPER::​init($args) or return 0; 
 +    $self->​staticPrefix("/​static"​);​ 
 +    $self->​templateDir("/​usr/​share/​lemonldap-ng/​portal/​templates"​);​ 
 +    # See Lemonldap::​NG::​Common::​PSGI for more 
 +    #... 
 +    # Return a boolean. If false, then error message has to be stored in 
 +    # $self->​error 
 +    return 1; 
 +
 +   
 +sub handler { 
 +    my ( $self, $req ) = @_; 
 + 
 +    # Will be called only if authorisated 
 +    my $userId = $self->​userId($req);​ 
 +    #... 
 +     
 +    # Return JSON 
 +    # $self->​sendJSONresponse(...);​ 
 +     
 +    # or Return HTML 
 +    $self->​sendHtml($req,​ "​myskin/​mytemplate",​ ( params => { '​userId'​ => $userId }) ); 
 +}
 </​code>​ </​code>​
-  * New code:+ 
 +They create a FCGI script like this:
 <code perl> <code perl>
-my $cgi = Lemonldap::NG::Handler::CGI->new ({ protection => '​authenticate'​ }); +#​!/​usr/​bin/​env perl 
-$cgi->​authenticate();​ +  
-$cgi->​authorize();​ +use My::PSGI; 
-... +use Plack::Handler::FCGI;
-</​code>​ +
-Then you can access to user datas +
-<code perl> +
-# Get attributes (or macros) +
-my $cn = $cgi->​user->​{cn}+
  
-# Test if user is member of a Lemonldap::NG group (or LDAP mapped group) +Plack::Handler::​FCGI->​new->​runMy::PSGI->run() );
-if( $cgi->group('​admin'​) ) +
-  # special html code for admins +
-+
-else { +
-  # another HTML code +
-}+
 </​code>​ </​code>​
 +
 +See our LLNG Nginx/​Apache configurations to see how to launch it or read [[https://​plackperl.org/​|PSGI/​Plack documentation]].
 +
 +The protection parameter must be set when calling the init() method:
 +  * ''​none'':​ no protection
 +  * ''​authenticate'':​ check authentication but do not manage authorization
 +  * ''​manager'':​ rely on virtual host configuration in Manager
 +  * ''​rule:​ xxx'':​ apply a specific rule 
 +