9b1a5cd640
It should also be noted that /etc/apache2/sites-enabled/{configuration file} should also contain: RequestHeader add X-Koha-SetEnv "TZ {timezone}" Where {timezone} is the desired instance timezone. Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
113 lines
3.1 KiB
Perl
113 lines
3.1 KiB
Perl
package Koha::Middleware::SetEnv;
|
|
|
|
# Copyright 2016 ByWater Solutions and the Koha Dev Team
|
|
#
|
|
# This file is part of Koha.
|
|
#
|
|
# Koha is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Koha is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Koha; if not, see <http://www.gnu.org/licenses>.
|
|
|
|
use Modern::Perl;
|
|
|
|
use parent qw(Plack::Middleware);
|
|
|
|
use Plack::Request;
|
|
|
|
=head1 NAME
|
|
|
|
Koha::Middleware::SetEnv - Plack middleware to allow SetEnv through proxied headers
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
builder {
|
|
...
|
|
enable "Koha::Middleware::SetEnv";
|
|
...
|
|
}
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This module adds a Plack middleware to convert C<X-Koha-SetEnv> request headers to actual
|
|
environment variables.
|
|
|
|
This is needed because Plackified Koha is currently connected to Apache via an HTTP proxy, and
|
|
C<SetEnv>s are not passed through. Koha uses SetEnvs to pass memcached settings and per-virtualhost
|
|
styles, search limits and syspref overrides.
|
|
|
|
=head1 CAVEATS
|
|
|
|
Due to how HTTP headers are combined, if you want to set a value with an embedded comma, it must be
|
|
escaped:
|
|
|
|
SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library"
|
|
RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library"
|
|
|
|
=head1 NOTES
|
|
|
|
This system was designed to use a single header for reasons of security. We have no way of knowing
|
|
whether a given request header was set by Apache or the original client, so we have to clear any
|
|
relevant headers before Apache starts adding them. This is only really practical for a single header
|
|
name.
|
|
|
|
=cut
|
|
|
|
my $allowed_setenvs = qr/^(
|
|
OVERRIDE_SYSPREF_(\w+) |
|
|
OVERRIDE_SYSPREF_NAMES |
|
|
OPAC_CSS_OVERRIDE |
|
|
OPAC_SEARCH_LIMIT |
|
|
OPAC_LIMIT_OVERRIDE |
|
|
TZ
|
|
)\ /x;
|
|
|
|
sub call {
|
|
my ( $self, $env ) = @_;
|
|
my $req = Plack::Request->new($env);
|
|
|
|
# First, we split the result only on unescaped commas.
|
|
my @setenv_headers = split /(?<!\\),\s*/, $req->header('X-Koha-SetEnv') || '';
|
|
|
|
# Then, these need to be mapped to key-value pairs, and commas removed.
|
|
my %setenvs = map {
|
|
# The syntax of this is a bit awkward because you can't use return inside a map (it
|
|
# returns from the enclosing function).
|
|
if (!/$allowed_setenvs/) {
|
|
warn "Forbidden/incorrect X-Koha-SetEnv: $_";
|
|
|
|
();
|
|
} else {
|
|
my ( $key, $value ) = /(\w+) (.*)/;
|
|
$value =~ s/\\,/,/g;
|
|
|
|
( $key, $value );
|
|
}
|
|
} @setenv_headers;
|
|
|
|
# Finally, everything is shoved into the $env.
|
|
$env = {
|
|
%$env,
|
|
%setenvs
|
|
};
|
|
|
|
return $self->app->($env);
|
|
}
|
|
|
|
=head1 AUTHOR
|
|
|
|
Jesse Weaver, E<lt>jweaver@bywatersolutions.comE<gt>
|
|
|
|
=cut
|
|
|
|
1;
|