File Coverage

blib/lib/Mojolicious/Plugin/PlugAuthLite.pm

Criterion	Covered	Total	%
statement	48	50	96.0
branch	10	14	71.4
condition	10	13	76.9
subroutine	9	10	90.0
pod	1	1	100.0
total	78	88	88.6

line	stmt	bran	cond	sub	pod	time	code
1							package Mojolicious::Plugin::PlugAuthLite;
2
3	10			10		4143	use Mojo::Base qw( Mojolicious::Plugin );
	10					27
	10					82
4	10			10		2081	use Mojo::ByteStream qw( b );
	10					24
	10					483
5	10			10		213	use 5.010001;
	10					35
6
7							# ABSTRACT: Add a minimal PlugAuth server to your Mojolicious application.
8							our $VERSION = '0.36_01'; # TRIAL VERSION
9							$VERSION = eval $VERSION;
10
11
12							sub register
13							{
14	9			9	1	416	my($self, $app, $conf) = @_;
15
16	9		100	2		52	my $cb_auth = $conf->{auth} // sub { 0 };
	2					9
17	9		100	1		52	my $cb_authz = $conf->{authz} // sub { 1 };
	1					5
18	9		100	0		53	my $cb_host = $conf->{host} // sub { 0 };
	0					0
19	9		50			59	my $realm = $conf->{realm} // 'PlugAuthLite';
20	9		66			83	my $base_url = $conf->{url} // $conf->{uri} // '';
			50
21
22							$app->routes->get("$base_url/auth" => sub {
23	14			14		507793	my $self = shift;
24	14					57	eval {
25	14					82	my $auth_header = $self->req->headers->authorization;
26	14	100				543	unless($auth_header)
27							{
28	5					33	$self->res->headers->www_authenticate("Basic \"$realm\"");
29	5					178	$self->render(text => 'please authenticate', status => 401);
30	5					2358	return;
31							}
32	9					66	my ($method,$str) = split / /,$auth_header;
33	9					90	my ($user,$pw) = split /:/, b($str)->b64_decode;
34	9	100				397	if($cb_auth->($user, $pw))
35							{
36	4					67	$self->render(text => 'ok', status => 200);
37							}
38							else
39							{
40	5					60	$self->render(text => 'not ok', status => 403);
41							}
42							};
43	14	50				4939	$self->render(text => 'not ok', status => 503) if $@;
44	9					107	})->name('plugauth_auth');
45
46							$app->routes->get("$base_url/authz/user/#user/#action/(*resource)" => { resource => '/' } => sub {
47	6			6		215793	my $self = shift;
48	6					19	eval {
49	6					18	my($user, $resource, $action) = map { $self->stash($_) } qw( user resource action );
	18					170
50	6					98	$resource =~ s{^/?}{/};
51	6	100				40	if($cb_authz->($user, $action, $resource))
52							{
53	4					2501	$self->render(text => 'ok', status => 200);
54							}
55							else
56							{
57	2					1875	$self->render(text => 'not ok', status => 403);
58							}
59							};
60	6	50				2471	$self->render(text => 'not ok', status => 503) if $@;
61	9					3727	})->name('plugauth_authz');
62
63							$app->routes->get("$base_url/host/#host/:tag" => sub {
64	2			2		68175	my $self = shift;
65	2					9	eval {
66	2					11	my ($host,$tag) = map $self->stash($_), qw/host tag/;
67	2	50				51	if ($cb_host->($host,$tag)) {
68	0					0	return $self->render(text => 'ok', status => 200);
69							}
70	2					14	return $self->render(text => 'not ok', status => 403);
71							};
72	2	50				994	$self->render(text => 'not ok', status => 503) if $@;
73	9					4049	})->name('plugauth_host');
74
75	9					2772	return;
76							}
77
78							1;
79
80							__END__
81
82							=pod
83
84							=encoding UTF-8
85
86							=head1 NAME
87
88							Mojolicious::Plugin::PlugAuthLite - Add a minimal PlugAuth server to your Mojolicious application.
89
90							=head1 VERSION
91
92							version 0.36_01
93
94							=head1 SYNOPSIS
95
96							use Mojolicious::Lite
97
98							plugin 'plug_auth_lite',
99							auth => sub {
100							my($user, $pass) = @_;
101							if($user eq 'optimus' && $pass eq 'matrix')
102							{ return 1; }
103							else
104							{ return 0; }
105							},
106							authz => sub {
107							my($user, $action, $resource) = @_;
108							if($user eq 'optimus && $action eq 'open' && $resource =~ m{^/matrix})
109							{ return 1 }
110							else
111							{ return 0 }
112							};
113
114							=head1 DESCRIPTION
115
116							This plugin provides a very minimal but customizable L<PlugAuth> server which can
117							be included with your L<Mojolicious> application for L<Clustericious> applications
118							to authenticate against. If you do not need specialized plugins for LDAP or DBI,
119							and if you do not need the user/group/resource management provided by a the full
120							featured L<PlugAuth> server then this plugin may be for you.
121
122							The script L<plugauthlite> included with this distribution provides PlugAuth
123							style authentication (but not authorization) using a simple Apache style password
124							file.
125
126							=head1 CONFIGURATION
127
128							=head2 auth
129
130							Subroutine which checks the authentication of a user. It is passed two arguments,
131							the username and the password. If they are authentic this call back should return
132							1. Otherwise it should return 0.
133
134							=head2 authz
135
136							Subroutine which checks the authorization of a user. It is passwd three arguments,
137							the username, action (usually a verb) and resource (usually the path part of a URL).
138							If the user is authorized for the action on that resource the call back should return
139							1. Otherwise it should return 0.
140
141							=head2 url
142
143							The prefix to prepend to the standard PlugAuth API routes. Usually the authentication
144							route is /auth and the authorization route is /authz, but if the PlugAuth.conf client
145							configuration is set to http://example.com/foo the client expects the authentication
146							route to be /foo/auth and the authorization route to be /foo/authz. In this case you
147							would set this configuration item to '/foo'.
148
149							=head2 realm
150
151							The realm to use for HTTP Basic authentication. The default is PlugAuthLite.
152
153							=head1 ROUTES
154
155							=head2 GET /auth
156
157							=over 4
158
159							=item * if username and password provided using BASIC authentication and are correct
160
161							Return 200 ok
162
163							=item * if username and password provided using BASIC authentication but are not correct
164
165							Return 403 not ok
166
167							=item * if username and password are not provided using BASIC authentication
168
169							Return 401 please authenticate
170
171							=back
172
173							=head2 GET /authz/user/#user/#action/(*resource)
174
175							=over 4
176
177							=item * if the given user (#user) is permitted to perform the given action (#action) on the given resource (*resource)
178
179							Return 200 ok
180
181							=item * otherwise
182
183							return 403 not ok
184
185							=back
186
187							=head1 METHODS
188
189							=head2 register
190
191							This method adds the routes to your application required to implement the PlugAuth
192							API.
193
194							=head1 LIMITATIONS
195
196							This implementation of the PlugAuth protocol does not support these features provided
197							by the full fledged L<PlugAuth> server:
198
199							=over 4
200
201							=item *
202
203							Groups
204
205							=item *
206
207							Management API for creating/removing/modifying users/groups/resources
208
209							=item *
210
211							Standard Clustericious routes like "/version" and "/status"
212
213							=item *
214
215							Clustericious configuration file (~/etc/PlugAuth.conf)
216
217							=item *
218
219							Support for L<PlugAuth> plugins (L<PlugAuth::Plugin>).
220
221							=item *
222
223							Probably many others.
224
225							=back
226
227							=head1 SEE ALSO
228
229							L<plugauthlite>,
230							L<PlugAuth::Lite>,
231							L<PlugAuth>
232
233							=head1 AUTHOR
234
235							Graham Ollis <plicease@cpan.org>
236
237							=head1 COPYRIGHT AND LICENSE
238
239							This software is copyright (c) 2013 by Graham Ollis.
240
241							This is free software; you can redistribute it and/or modify it under
242							the same terms as the Perl 5 programming language system itself.
243
244							=cut