couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject [01/11] chttpd commit: updated refs/heads/master to 238b8c4
Date Wed, 12 Aug 2015 15:54:25 GMT
Repository: couchdb-chttpd
Updated Branches:
  refs/heads/master a66b901e6 -> 238b8c482


Introduce `chttpd_auth:authenticate` hook


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/90f1aa75
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/90f1aa75
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/90f1aa75

Branch: refs/heads/master
Commit: 90f1aa751147f35f823cb33bb53495788c497e05
Parents: a66b901
Author: ILYA Khlopotov <iilyak@ca.ibm.com>
Authored: Wed Jul 29 09:40:23 2015 -0700
Committer: ILYA Khlopotov <iilyak@ca.ibm.com>
Committed: Tue Aug 11 08:27:51 2015 -0700

----------------------------------------------------------------------
 src/chttpd.erl      | 44 +++++++++++++++++++++--------------------
 src/chttpd_auth.erl | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
 src/chttpd_sup.erl  | 10 +++++++++-
 3 files changed, 83 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/90f1aa75/src/chttpd.erl
----------------------------------------------------------------------
diff --git a/src/chttpd.erl b/src/chttpd.erl
index 22d0656..b6b30de 100644
--- a/src/chttpd.erl
+++ b/src/chttpd.erl
@@ -27,6 +27,8 @@
     send_method_not_allowed/2, send_error/2, send_error/4, send_redirect/2,
     send_chunked_error/2, send_json/2,send_json/3,send_json/4]).
 
+-export([authenticate_request/3]).
+
 -export([start_delayed_json_response/2, start_delayed_json_response/3,
     start_delayed_json_response/4,
     start_delayed_chunked_response/3, start_delayed_chunked_response/4,
@@ -143,11 +145,6 @@ handle_request_int(MochiReq) ->
         ok = mochiweb_socket:setopts(MochiReq:get(socket), SocketOpts)
     end,
 
-    AuthenticationFuns = [
-        fun chttpd_auth:cookie_authentication_handler/1,
-        fun chttpd_auth:default_authentication_handler/1
-    ],
-
     % for the path, use the raw path with the query string and fragment
     % removed, but URL quoting left intact
     RawUri = MochiReq:get(raw_path),
@@ -215,7 +212,7 @@ handle_request_int(MochiReq) ->
         check_request_uri_length(RawUri),
         case chttpd_cors:maybe_handle_preflight_request(HttpReq) of
         not_preflight ->
-            case authenticate_request(HttpReq, AuthenticationFuns) of
+            case chttpd_auth:authenticate(HttpReq, fun authenticate_request/1) of
             #httpd{} = Req ->
                 HandlerFun = chttpd_handlers:url_handler(
                     HandlerKey, fun chttpd_db:handle_request/1),
@@ -346,28 +343,33 @@ make_uri(Req, Raw) ->
     {[{<<"url">>,Url}, {<<"headers">>,{Headers}}]}.
 %%% end hack
 
+authenticate_request(Req) ->
+    AuthenticationFuns = [
+        {<<"cookie">>, fun chttpd_auth:cookie_authentication_handler/1},
+        {<<"default">>, fun chttpd_auth:default_authentication_handler/1},
+        {<<"local">>, fun chttpd_auth:party_mode_handler/1} %% should be last
+    ],
+    authenticate_request(Req, chttpd_auth_cache, AuthenticationFuns).
+
+authenticate_request(#httpd{} = Req0, AuthModule, AuthFuns) ->
+    Req = Req0#httpd{
+        auth_module = AuthModule,
+        authentication_handlers = AuthFuns},
+    authenticate_request(Req, AuthFuns).
 
 % Try authentication handlers in order until one returns a result
 authenticate_request(#httpd{user_ctx=#user_ctx{}} = Req, _AuthFuns) ->
     Req;
-authenticate_request(#httpd{} = Req, [AuthFun|Rest]) ->
-    authenticate_request(AuthFun(Req), Rest);
-authenticate_request(#httpd{} = Req, []) ->
-    case config:get("chttpd", "require_valid_user", "false") of
-    "true" ->
-        throw({unauthorized, <<"Authentication required.">>});
-    "false" ->
-        case config:get("admins") of
-        [] ->
-            Ctx = #user_ctx{roles=[<<"_reader">>, <<"_writer">>,
<<"_admin">>]},
-            Req#httpd{user_ctx = Ctx};
-        _ ->
-            Req#httpd{user_ctx=#user_ctx{}}
-        end
-    end;
+authenticate_request(#httpd{} = Req, [{Name, AuthFun}|Rest]) ->
+    authenticate_request(maybe_set_handler(AuthFun(Req), Name), Rest);
 authenticate_request(Response, _AuthFuns) ->
     Response.
 
+maybe_set_handler(#httpd{user_ctx=#user_ctx{} = UserCtx} = Req, Name) ->
+    Req#httpd{user_ctx = UserCtx#user_ctx{handler = Name}};
+maybe_set_handler(Else, _) ->
+    Else.
+
 increment_method_stats(Method) ->
     couch_stats:increment_counter([couchdb, httpd_request_methods, Method]).
 

http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/90f1aa75/src/chttpd_auth.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_auth.erl b/src/chttpd_auth.erl
index 1046538..7a45399 100644
--- a/src/chttpd_auth.erl
+++ b/src/chttpd_auth.erl
@@ -12,15 +12,66 @@
 
 -module(chttpd_auth).
 
+-export([authenticate/2]).
+
 -export([default_authentication_handler/1]).
 -export([cookie_authentication_handler/1]).
+-export([party_mode_handler/1]).
+
 -export([handle_session_req/1]).
 
+-include_lib("couch/include/couch_db.hrl").
+
+-define(SERVICE_ID, chttpd_auth).
+
+
+%% ------------------------------------------------------------------
+%% API Function Definitions
+%% ------------------------------------------------------------------
+
+authenticate(HttpReq, Default) ->
+    maybe_handle(authenticate, [HttpReq], Default).
+
+
+%% ------------------------------------------------------------------
+%% Default callbacks
+%% ------------------------------------------------------------------
+
 default_authentication_handler(Req) ->
     couch_httpd_auth:default_authentication_handler(Req, chttpd_auth_cache).
 
 cookie_authentication_handler(Req) ->
     couch_httpd_auth:cookie_authentication_handler(Req, chttpd_auth_cache).
 
+party_mode_handler(Req) ->
+    case config:get("chttpd", "require_valid_user", "false") of
+    "true" ->
+        throw({unauthorized, <<"Authentication required.">>});
+    "false" ->
+        case config:get("admins") of
+        [] ->
+            Ctx = #user_ctx{roles=[<<"_reader">>, <<"_writer">>,
<<"_admin">>]},
+            Req#httpd{user_ctx = Ctx};
+        _ ->
+            Req#httpd{user_ctx=#user_ctx{}}
+        end
+    end.
+
 handle_session_req(Req) ->
     couch_httpd_auth:handle_session_req(Req, chttpd_auth_cache).
+
+
+%% ------------------------------------------------------------------
+%% Internal Function Definitions
+%% ------------------------------------------------------------------
+
+maybe_handle(Func, Args, Default) ->
+    Handle = couch_epi:get_handle(?SERVICE_ID),
+    case couch_epi:apply(Handle, ?SERVICE_ID, Func, Args, [ignore_providers]) of
+        [] when is_function(Default) ->
+            apply(Default, Args);
+        [] ->
+            Default;
+        [Result] ->
+            Result
+    end.

http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/90f1aa75/src/chttpd_sup.erl
----------------------------------------------------------------------
diff --git a/src/chttpd_sup.erl b/src/chttpd_sup.erl
index a4851e2..62d00eb 100644
--- a/src/chttpd_sup.erl
+++ b/src/chttpd_sup.erl
@@ -26,7 +26,7 @@ init([]) ->
     chttpd_config_listener:subscribe(),
     {ok, {{one_for_one, 3, 10}, [
         ?CHILD(chttpd, worker),
-        ?CHILD(chttpd_auth_cache, worker),
+        ?CHILD(auth_cache_handler(), worker),
         chttpd_handlers:provider(chttpd, chttpd_httpd_handlers),
         {chttpd_auth_cache_lru,
 	 {ets_lru, start_link, [chttpd_auth_cache_lru, lru_opts()]},
@@ -52,3 +52,11 @@ lru_opts() ->
         _ ->
             []
     end.
+
+auth_cache_handler() ->
+    case application:get_env(chttpd, auth_cache) of
+        {ok, Module} ->
+            Module;
+        _ ->
+            chttpd_auth_cache
+    end.


Mime
View raw message