Bug 16520: Allow per-VirtualHost environment variables with Plack

[koha.git] / Koha / Middleware / SetEnv.pm

package Koha::Middleware::SetEnv;

# Copyright 2016 ByWater Solutions and the Koha Dev Team
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.

use Modern::Perl;

use parent qw(Plack::Middleware);

use Plack::Request;

=head1 NAME

Koha::Middleware::SetEnv - Plack middleware to allow SetEnv through proxied headers

=head1 SYNOPSIS

  builder {
      ...
      enable "Koha::Middleware::SetEnv";
      ...
  }


  SetEnv MEMCACHED_NAMESPACE "localhost:11211"
  RequestHeader add X-Koha-SetEnv "MEMCACHED_NAMESPACE localhost:11211"

=head1 DESCRIPTION

This module adds a Plack middleware to convert C<X-Koha-SetEnv> request headers to actual
environment variables.

This is needed because Plackified Koha is currently connected to Apache via an HTTP proxy, and
C<SetEnv>s are not passed through. Koha uses SetEnvs to pass memcached settings and per-virtualhost
styles, search limits and syspref overrides.

=head1 CAVEATS

Due to how HTTP headers are combined, if you want to set a value with an embedded comma, it must be
escaped:

  SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library"
  RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library"

=head1 NOTES

This system was designed to use a single header for reasons of security. We have no way of knowing
whether a given request header was set by Apache or the original client, so we have to clear any
relevant headers before Apache starts adding them. This is only really practical for a single header
name.

=cut

my $allowed_setenvs = qr/^(
    MEMCACHED_SERVERS |
    MEMCACHED_NAMESPACE |
    OVERRIDE_SYSPREF_(\w+) |
    OVERRIDE_SYSPREF_NAMES |
    OPAC_CSS_OVERRIDE |
    OPAC_SEARCH_LIMIT |
    OPAC_LIMIT_OVERRIDE
)\ /x;

sub call {
    my ( $self, $env ) = @_;
    my $req = Plack::Request->new($env);

    # First, we split the result only on unescaped commas.
    my @setenv_headers = split /(?<!\\),\s*/, $req->header('X-Koha-SetEnv') || '';

    # Then, these need to be mapped to key-value pairs, and commas removed.
    my %setenvs = map {
        # The syntax of this is a bit awkward because you can't use return inside a map (it
        # returns from the enclosing function).
        if (!/$allowed_setenvs/) {
            warn "Forbidden/incorrect X-Koha-SetEnv: $_";

            ();
        } else {
            my ( $key, $value ) = /(\w+) (.*)/;
            $value =~ s/\\,/,/g;

            ( $key, $value );
        }
    } @setenv_headers;

    # Finally, everything is shoved into the $env.
    $env = {
        %$env,
        %setenvs
    };

    # We also add the MEMCACHED_ settings to the actual environment, to make sure any early
    # initialization of Koha::Cache correctly sets up a memcached connection.
    foreach my $special_var ( qw( MEMCACHED_SERVERS MEMCACHED_NAMESPACE ) ) {
        $ENV{$special_var} = $setenvs{$special_var} if defined $setenvs{$special_var};
    }

    return $self->app->($env);
}

=head1 AUTHOR

Jesse Weaver, E<lt>jweaver@bywatersolutions.comE<gt>

=cut

1;