package Koha::Middleware::SetEnv; # Copyright 2016 ByWater Solutions and the Koha Dev Team # # This file is part of Koha. # # Koha is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # Koha is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Koha; if not, see . use Modern::Perl; use parent qw(Plack::Middleware); use Plack::Request; =head1 NAME Koha::Middleware::SetEnv - Plack middleware to allow SetEnv through proxied headers =head1 SYNOPSIS builder { ... enable "Koha::Middleware::SetEnv"; ... } =head1 DESCRIPTION This module adds a Plack middleware to convert C request headers to actual environment variables. This is needed because Plackified Koha is currently connected to Apache via an HTTP proxy, and Cs are not passed through. Koha uses SetEnvs to pass memcached settings and per-virtualhost styles, search limits and syspref overrides. =head1 CAVEATS Due to how HTTP headers are combined, if you want to set a value with an embedded comma, it must be escaped: SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library" RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library" =head1 NOTES This system was designed to use a single header for reasons of security. We have no way of knowing whether a given request header was set by Apache or the original client, so we have to clear any relevant headers before Apache starts adding them. This is only really practical for a single header name. =cut my $allowed_setenvs = qr/^( OVERRIDE_SYSPREF_(\w+) | OVERRIDE_SYSPREF_NAMES | OPAC_CSS_OVERRIDE | OPAC_SEARCH_LIMIT | OPAC_LIMIT_OVERRIDE | TZ )\ /x; sub call { my ( $self, $env ) = @_; my $req = Plack::Request->new($env); # First, we split the result only on unescaped commas. my @setenv_headers = split /(?header('X-Koha-SetEnv') || ''; # Then, these need to be mapped to key-value pairs, and commas removed. my %setenvs = map { # The syntax of this is a bit awkward because you can't use return inside a map (it # returns from the enclosing function). if (!/$allowed_setenvs/) { warn "Forbidden/incorrect X-Koha-SetEnv: $_"; (); } else { my ( $key, $value ) = /(\w+) (.*)/; $value =~ s/\\,/,/g; ( $key, $value ); } } @setenv_headers; # Finally, everything is shoved into the $env. $env = { %$env, %setenvs }; return $self->app->($env); } =head1 AUTHOR Jesse Weaver, Ejweaver@bywatersolutions.comE =cut 1;