line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Plack::Middleware::Access; |
2
|
|
|
|
|
|
|
#ABSTRACT: Restrict access depending on remote ip or other parameters |
3
|
|
|
|
|
|
|
$Plack::Middleware::Access::VERSION = '0.4'; |
4
|
2
|
|
|
2
|
|
1705
|
use strict; |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
71
|
|
5
|
2
|
|
|
2
|
|
11
|
use warnings; |
|
2
|
|
|
|
|
4
|
|
|
2
|
|
|
|
|
68
|
|
6
|
|
|
|
|
|
|
|
7
|
2
|
|
|
2
|
|
869
|
use parent qw(Plack::Middleware); |
|
2
|
|
|
|
|
324
|
|
|
2
|
|
|
|
|
13
|
|
8
|
|
|
|
|
|
|
|
9
|
2
|
|
|
2
|
|
16192
|
use Plack::Util::Accessor qw(rules deny_page); |
|
2
|
|
|
|
|
587
|
|
|
2
|
|
|
|
|
14
|
|
10
|
|
|
|
|
|
|
|
11
|
2
|
|
|
2
|
|
106
|
use Carp qw(croak); |
|
2
|
|
|
|
|
2
|
|
|
2
|
|
|
|
|
111
|
|
12
|
2
|
|
|
2
|
|
2198
|
use Net::IP; |
|
2
|
|
|
|
|
97598
|
|
|
2
|
|
|
|
|
1775
|
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
sub prepare_app { |
15
|
9
|
|
|
9
|
1
|
5800
|
my $self = shift; |
16
|
|
|
|
|
|
|
|
17
|
9
|
100
|
|
|
|
29
|
if (!ref $self->deny_page) { |
|
|
50
|
|
|
|
|
|
18
|
8
|
100
|
|
|
|
128
|
my $msg = defined $self->deny_page ? |
19
|
|
|
|
|
|
|
$self->deny_page : 'Forbidden'; |
20
|
|
|
|
|
|
|
$self->deny_page(sub { |
21
|
5
|
|
|
5
|
|
56
|
[403, [ 'Content-Type' =>'text/plain', |
22
|
|
|
|
|
|
|
'Content-Length' => length $msg ], [ $msg ] ]; |
23
|
8
|
|
|
|
|
64
|
}); |
24
|
|
|
|
|
|
|
} elsif (ref $self->deny_page ne 'CODE') { |
25
|
0
|
|
|
|
|
0
|
croak "deny_page must be a CODEREF"; |
26
|
|
|
|
|
|
|
} |
27
|
|
|
|
|
|
|
|
28
|
9
|
100
|
|
|
|
68
|
if (!defined($self->rules)) { |
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
29
|
1
|
|
|
|
|
8
|
$self->rules([]); |
30
|
8
|
|
|
|
|
75
|
} elsif( ref($self->rules) ne 'ARRAY' ) { |
31
|
0
|
|
|
|
|
0
|
croak "rules must be an ARRAYREF"; |
32
|
|
|
|
|
|
|
} elsif (@{ $self->rules } % 2 != 0) { |
33
|
0
|
|
|
|
|
0
|
croak "rules must contain an even number of params"; |
34
|
|
|
|
|
|
|
} |
35
|
|
|
|
|
|
|
|
36
|
9
|
|
|
|
|
54
|
my @rules = (); |
37
|
|
|
|
|
|
|
|
38
|
9
|
|
|
|
|
14
|
foreach (my $i = 0; $i < @{ $self->rules }; $i += 2) { |
|
21
|
|
|
|
|
47
|
|
39
|
12
|
|
|
|
|
66
|
my $allowing = $self->rules->[$i]; |
40
|
12
|
|
|
|
|
58
|
my $rule = $self->rules->[$i + 1]; |
41
|
|
|
|
|
|
|
|
42
|
12
|
50
|
|
|
|
82
|
if ($allowing !~ /^(allow|deny)$/) { |
43
|
0
|
|
|
|
|
0
|
croak "first argument of each rule must be 'allow' or 'deny'"; |
44
|
|
|
|
|
|
|
} |
45
|
|
|
|
|
|
|
|
46
|
12
|
50
|
|
|
|
21
|
if (!defined($rule)) { |
47
|
0
|
|
|
|
|
0
|
croak "rule argument must be defined"; |
48
|
|
|
|
|
|
|
} |
49
|
|
|
|
|
|
|
|
50
|
12
|
100
|
|
|
|
30
|
$allowing = ($allowing eq 'allow') ? 1 : 0; |
51
|
12
|
|
|
|
|
15
|
my $check = $rule; |
52
|
|
|
|
|
|
|
|
53
|
12
|
100
|
|
|
|
51
|
if ($rule eq 'all') { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
54
|
3
|
|
|
1
|
|
32
|
$check = sub { 1 }; |
|
1
|
|
|
|
|
3
|
|
55
|
|
|
|
|
|
|
} elsif ($rule =~ /[A-Z]$/i) { |
56
|
|
|
|
|
|
|
$check = sub { |
57
|
2
|
|
|
2
|
|
4
|
my $host = $_[0]->{REMOTE_HOST}; |
58
|
2
|
50
|
|
|
|
5
|
return unless defined $host; # skip rule |
59
|
2
|
|
|
|
|
81
|
return $host =~ qr/^(.*\.)?\Q${rule}\E$/; |
60
|
2
|
|
|
|
|
5
|
}; |
61
|
|
|
|
|
|
|
} elsif ( ref($rule) ne 'CODE' ) { |
62
|
5
|
50
|
|
|
|
24
|
my $netip = Net::IP->new($rule) or |
63
|
|
|
|
|
|
|
die "not supported type of rule argument [$rule] or bad ip: " . Net::IP::Error(); |
64
|
|
|
|
|
|
|
$check = sub { |
65
|
4
|
|
|
4
|
|
9
|
my $addr = $_[0]->{REMOTE_ADDR}; |
66
|
4
|
|
|
|
|
3
|
my $ip; |
67
|
4
|
50
|
33
|
|
|
31
|
if (defined($addr) && ($ip = Net::IP->new($addr))) { |
68
|
4
|
|
|
|
|
1624
|
my $overlaps = $netip->overlaps($ip); |
69
|
4
|
|
33
|
|
|
149
|
return $overlaps == $IP_B_IN_A_OVERLAP || $overlaps == $IP_IDENTICAL; |
70
|
|
|
|
|
|
|
} else { |
71
|
0
|
|
|
|
|
0
|
return undef; |
72
|
|
|
|
|
|
|
} |
73
|
5
|
|
|
|
|
2367
|
}; |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
12
|
|
|
|
|
36
|
push @rules, [ $check => $allowing ]; |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
9
|
|
|
|
|
78
|
$self->rules(\@rules); |
80
|
|
|
|
|
|
|
} |
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
sub allow { |
83
|
9
|
|
|
9
|
1
|
11
|
my ($self, $env) = @_; |
84
|
|
|
|
|
|
|
|
85
|
9
|
|
|
|
|
10
|
foreach my $rule (@{ $self->rules }) { |
|
9
|
|
|
|
|
23
|
|
86
|
9
|
|
|
|
|
38
|
my ($check, $allow) = @{$rule}; |
|
9
|
|
|
|
|
16
|
|
87
|
9
|
|
|
|
|
21
|
my $result = $check->($env); |
88
|
9
|
100
|
66
|
|
|
65
|
if (defined $result && $result) { |
89
|
8
|
|
|
|
|
42
|
return $allow; |
90
|
|
|
|
|
|
|
} |
91
|
|
|
|
|
|
|
} |
92
|
|
|
|
|
|
|
|
93
|
1
|
|
|
|
|
96
|
return 1; |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
sub call { |
97
|
9
|
|
|
9
|
1
|
431301
|
my ($self, $env) = @_; |
98
|
|
|
|
|
|
|
|
99
|
9
|
100
|
|
|
|
24
|
return $self->allow($env) |
100
|
|
|
|
|
|
|
? $self->app->($env) : $self->deny_page->($env); |
101
|
|
|
|
|
|
|
} |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
1; |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
__END__ |