1 |
package proxy_impl; |
2 |
|
3 |
use overload; |
4 |
|
5 |
sub uriregex { |
6 |
overload::constant qr => sub { |
7 |
local $_ = shift; |
8 |
|
9 |
s/\./\\./g; |
10 |
s/ยท/./g; |
11 |
s/\*\*/.*/g; |
12 |
|
13 |
$_ |
14 |
}; |
15 |
} |
16 |
|
17 |
BEGIN { uriregex } |
18 |
|
19 |
use Apache2::Const -compile => qw( |
20 |
OK DECLINED DONE NOT_FOUND SERVER_ERROR AUTH_REQUIRED FORBIDDEN |
21 |
PROXYREQ_REVERSE |
22 |
); |
23 |
use Apache2::RequestUtil (); |
24 |
use Apache2::RequestRec (); |
25 |
use Apache2::Connection (); |
26 |
use Apache2::Util (); |
27 |
use Apache2::URI (); |
28 |
|
29 |
use APR::Const -compile => qw( |
30 |
FILETYPE_DIR FINFO_NORM |
31 |
); |
32 |
use APR::Error (); |
33 |
use APR::Finfo (); |
34 |
|
35 |
use common::sense; |
36 |
|
37 |
# per-request values, cached here for performance, use them |
38 |
our $req; # Apache2::RquestRec |
39 |
our $host; # $req->hostname |
40 |
our $uri; # $req->uri, already resolved .. and protects against %xx, hopefully |
41 |
our $ip; # $req->connection->client_ip, alternative ->useragent_ip |
42 |
|
43 |
# finish immediately with given status |
44 |
sub status($) { |
45 |
die \(my $status = shift); |
46 |
} |
47 |
|
48 |
#sub escape_path($) { |
49 |
# Apache2::Util::escape_path shift, $req->pool |
50 |
#} |
51 |
|
52 |
# escapes everything not allowed in a url hpath |
53 |
sub pesc($) { |
54 |
local $_ = shift; |
55 |
|
56 |
s/([^A-Za-z0-9\$\-_.+!*'(),;?&=]\/)/sprintf "%02x", ord $1/ge; |
57 |
|
58 |
$_ |
59 |
} |
60 |
|
61 |
# external redirect with status code |
62 |
sub redirect($$) { |
63 |
my ($status, $location) = @_; |
64 |
|
65 |
# $location =~ s,^(http://[^/:]+)/,$1:34567/,;#d# |
66 |
|
67 |
$req->headers_out->set (Location => $location); |
68 |
status $status; |
69 |
} |
70 |
|
71 |
# permanent external redirect |
72 |
sub rperm($) { |
73 |
redirect 301, shift |
74 |
} |
75 |
|
76 |
# temporary redirect, could be internal, but never is |
77 |
sub rtemp($) { |
78 |
redirect 302, shift |
79 |
} |
80 |
|
81 |
# serve some path, do not call directly |
82 |
sub _rpathname($) { |
83 |
my $path = shift; |
84 |
|
85 |
my $finfo = eval { APR::Finfo::stat $path, APR::Const::FINFO_NORM, $req->pool } |
86 |
or status Apache2::Const::NOT_FOUND; |
87 |
|
88 |
# let mod_dir, mod_autoindex and the default-handler handle this |
89 |
$req->filename ($path); |
90 |
$req->finfo ($finfo); |
91 |
# warn "serve <$path,",$req->handler,">\n";#d# |
92 |
status Apache2::Const::OK; |
93 |
} |
94 |
|
95 |
# serve a regular file from disk |
96 |
sub rfile($) { |
97 |
$req->handler ("default-handler"); |
98 |
&_rpathname |
99 |
} |
100 |
|
101 |
# serve a directory from disk |
102 |
sub rdir($) { |
103 |
my $path = shift; |
104 |
|
105 |
if ($req->uri !~ m,/$,) { |
106 |
# redirect dir to dir/ |
107 |
rperm $req->construct_url (pesc $req->uri . "/"); |
108 |
|
109 |
} elsif (-e "$path/index.html") { |
110 |
# mod_dir emulation, display index.html if any |
111 |
$req->content_type ("text/html"); |
112 |
rfile "$path/index.html"; |
113 |
} elsif (-e "$path/index.xhtml") { |
114 |
$req->content_type ("text/html"); # we assume to follow the compatibility guidelines |
115 |
rfile "$path/index.xhtml"; |
116 |
|
117 |
} else { |
118 |
# let mod_autoindex handle it later |
119 |
$req->handler ("httpd/unix-directory"); |
120 |
_rpathname $path; |
121 |
} |
122 |
} |
123 |
|
124 |
# like rpath, but assumes caller already stat'ed |
125 |
sub rpath_nostat { |
126 |
-d _ ? &rdir : &rfile |
127 |
} |
128 |
|
129 |
# serve a generic path, can be dir or file |
130 |
sub rpath($) { |
131 |
stat $_[0]; |
132 |
&rpath_nostat |
133 |
} |
134 |
|
135 |
# run a cgi script, first argument is script uri |
136 |
sub rcgi($$) { |
137 |
my ($name, $path) = @_; |
138 |
|
139 |
(substr $uri, 0, length $name) eq $name |
140 |
or status 500; |
141 |
|
142 |
$req->path_info (substr $uri, length $name); |
143 |
|
144 |
$req->handler ("cgi-script"); |
145 |
$req->notes->set ("alias-forced-type" => "cgi-script"); # leave a note for mod_cgi, so it ignores missing ExecCGI |
146 |
_rpathname $path; |
147 |
} |
148 |
|
149 |
# reverse proxy |
150 |
# path is local root uri |
151 |
# target is target root url |
152 |
# suffix is appended to target url |
153 |
sub rproxy($$$@) { |
154 |
my ($path, $target, $suffix, @lines) = @_; |
155 |
|
156 |
$req->proxyreq (Apache2::Const::PROXYREQ_REVERSE); |
157 |
$req->uri ($path); |
158 |
$req->filename ("proxy:$target$suffix"); |
159 |
$req->handler ("proxy-server"); |
160 |
$req->subprocess_env->set ("proxy-sendchunked", 1); |
161 |
#$notes->set ("proxy-nocanon", 1); |
162 |
#$env->set ("proxy-initial-not-pooled", 1); |
163 |
|
164 |
# disable compression, see http://www.apachetutor.org/admin/reverseproxies |
165 |
# $req->headers_in->unset ("accept-encoding"); |
166 |
# alternatively recompress, SetOutputFilter INFLATE;DEFLATE |
167 |
|
168 |
(my $cpath = $path) =~ s/([^A-Za-z0-9\/.\-_])/sprintf "\\x%02x", ord $1/ge; |
169 |
|
170 |
push @lines, ( |
171 |
"ProxyPassReverse /", |
172 |
"ProxyHTMLEnable on", |
173 |
"ProxyHTMLURLMap $target $cpath", |
174 |
"ProxyHTMLURLMap / $cpath/", |
175 |
); |
176 |
|
177 |
# warn "PROXY<$path,$target,$suffix>\n";#d# |
178 |
# warn map "$_\n",@lines; |
179 |
|
180 |
$req->add_config (\@lines, ~0, $path); |
181 |
|
182 |
status Apache2::Const::OK; |
183 |
} |
184 |
|
185 |
my $rules; |
186 |
|
187 |
sub load_rules { |
188 |
open my $fh, "<:raw", Apache2::ServerUtil::server_root . "/rules" |
189 |
or die Apache2::ServerUtil::server_root . "/rules: $!"; |
190 |
local $/; |
191 |
|
192 |
$rules = <$fh>; |
193 |
|
194 |
$rules = eval "BEGIN { uriregex }\nsub {\n#line 0 'rules'\n$rules\n}" |
195 |
or die $@; |
196 |
|
197 |
warn "proxy rules successfully loaded.\n"; |
198 |
|
199 |
Apache2::Const::OK |
200 |
} |
201 |
|
202 |
sub map_to_storage { |
203 |
local $req = shift; |
204 |
local ($host, $uri, $ip) = ($req->hostname, $req->uri, $req->connection->client_ip); |
205 |
|
206 |
eval { |
207 |
# the uri is pre-parsed and "protected" by apache |
208 |
# the hostname is lowercased but otherwise completely unchecked, |
209 |
# so better be safe than sorry |
210 |
$host =~ /^[A-Za-z0-9\-.]+$/ |
211 |
or status 404; |
212 |
|
213 |
# must have at least one dot |
214 |
$host =~ /./ |
215 |
or status 404; |
216 |
|
217 |
local $_ = "$host$uri"; |
218 |
$rules->($req); |
219 |
}; |
220 |
|
221 |
if ($@) { |
222 |
if (SCALAR:: eq ref $@) { |
223 |
return ${$@}; |
224 |
} else { |
225 |
die; |
226 |
} |
227 |
} |
228 |
|
229 |
Apache2::Const::NOT_FOUND |
230 |
} |
231 |
|
232 |
load_rules; |
233 |
|
234 |
warn "proxy loaded and iniitalised.\n"; |
235 |
|
236 |
1 |
237 |
|