Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/debian/templates/plack.psgi
Nick Clemens edc5caf976
Bug 37056: Mount a new intranet_svc api to avoid redirects 
When an unauthorized call to svc is made, we use the ErrorDocument middleware to respond with an HTML
page. The API doens't do this, it simply returns its status. We should mount the svc as its own app to avoid
the redirect to HTML for unauthorized responses

To test:
1 - Create a report
2 - Add to IntranetUserJs:
    $(document).ready(function() {
      // Your report ID
      var reportId = '492';

      // Fetch the report
      $.get('/cgi-bin/koha/svc/report?id=' + reportId, function(data) {
        console.log('Kaboom');
      });
    });
3 - Log out
4 - Attempt to login
5 - KO
6 - Apply patch
7 - Reset all (or copy the necessary changes to your plack/apache files)
8 - Generate report and update user js again
8 - Logout, login
9 - Success!

Signed-off-by: Brendan Lawlor <blawlor@clamsnet.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
2024-07-02 17:20:37 +02:00

139 lines
4.3 KiB
Perl
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/perl
# This file is part of Koha.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
use Modern::Perl;
use Plack::Builder;
use Plack::App::CGIBin;
use Plack::App::Directory;
use Plack::App::URLMap;
use Plack::Request;
use Mojo::Server::PSGI;
# Pre-load libraries
use C4::Koha;
use C4::Languages;
use C4::Letters;
use C4::Members;
use C4::XSLT;
use Koha::Caches;
use Koha::Cache::Memory::Lite;
use Koha::Database;
use Koha::DateUtils;
use Koha::Logger;
use Log::Log4perl;
use CGI qw(-utf8 ); # we will loose -utf8 under plack, otherwise
{
no warnings 'redefine';
my $old_new = \&CGI::new;
*CGI::new = sub {
my $q = $old_new->( @_ );
$CGI::PARAM_UTF8 = 1;
Koha::Caches->flush_L1_caches();
Koha::Cache::Memory::Lite->flush();
return $q;
};
}
my $home = $ENV{KOHA_HOME};
my $intranet = Plack::App::CGIBin->new(
root => $ENV{DEV_INSTALL}? $home: "$home/intranet/cgi-bin"
)->to_app;
my $intranet_svc = Plack::App::CGIBin->new(
root => $ENV{DEV_INSTALL}? "$home/svc": "$home/intranet/cgi-bin/svc"
)->to_app;
my $opac = Plack::App::CGIBin->new(
root => $ENV{DEV_INSTALL}? "$home/opac": "$home/opac/cgi-bin/opac"
)->to_app;
my $apiv1 = builder {
my $server = Mojo::Server::PSGI->new;
$server->load_app("$home/api/v1/app.pl");
$server->to_psgi_app;
};
Koha::Logger->_init;
builder {
enable "ReverseProxy";
enable "Plack::Middleware::Static";
# + is required so Plack doesn't try to prefix Plack::Middleware::
enable "+Koha::Middleware::UserEnv";
enable "+Koha::Middleware::SetEnv";
enable "+Koha::Middleware::RealIP";
mount '/opac' => builder {
#NOTE: it is important that these are relative links
enable 'ErrorDocument',
400 => 'errors/400.pl',
401 => 'errors/401.pl',
402 => 'errors/402.pl',
403 => 'errors/403.pl',
404 => 'errors/404.pl',
500 => 'errors/500.pl',
subrequest => 1;
#NOTE: Without this middleware to catch fatal errors, ErrorDocument won't be able to render a 500 document
#NOTE: This middleware must be closer to the PSGI app than ErrorDocument
enable "HTTPExceptions";
if ( Log::Log4perl->get_logger('plack-opac')->has_appenders ){
enable 'Log4perl', category => 'plack-opac';
enable 'LogWarn';
}
enable "+Koha::Middleware::CSRF";
$opac;
};
mount '/intranet' => builder {
#NOTE: it is important that these are relative links
enable 'ErrorDocument',
400 => 'errors/400.pl',
401 => 'errors/401.pl',
402 => 'errors/402.pl',
403 => 'errors/403.pl',
404 => 'errors/404.pl',
500 => 'errors/500.pl',
subrequest => 1;
#NOTE: Without this middleware to catch fatal errors, ErrorDocument won't be able to render a 500 document
#NOTE: This middleware must be closer to the PSGI app than ErrorDocument
enable "HTTPExceptions";
if ( Log::Log4perl->get_logger('plack-intranet')->has_appenders ){
enable 'Log4perl', category => 'plack-intranet';
enable 'LogWarn';
}
enable "+Koha::Middleware::CSRF";
$intranet;
};
mount '/intranet_svc' => builder {
if ( Log::Log4perl->get_logger('plack-intranet')->has_appenders ){
enable 'Log4perl', category => 'plack-intranet';
enable 'LogWarn';
}
enable "+Koha::Middleware::CSRF";
$intranet_svc;
};
mount '/api/v1/app.pl' => builder {
if ( Log::Log4perl->get_logger('plack-api')->has_appenders ){
enable 'Log4perl', category => 'plack-api';
enable 'LogWarn';
}
$apiv1;
};
};
View git blame Copy permalink