Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/Koha/Middleware/SetEnv.pm
Mark Tompsett 9b1a5cd640 Bug 18674: Allow TZ SetEnv for plack 
It should also be noted that
    /etc/apache2/sites-enabled/{configuration file}
should also contain:
    RequestHeader add X-Koha-SetEnv "TZ {timezone}"
Where {timezone} is the desired instance timezone.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-04-11 16:44:14 -03:00

113 lines
3.1 KiB
Perl
Raw Blame History

package Koha::Middleware::SetEnv;
# Copyright 2016 ByWater Solutions and the Koha Dev Team
#
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use parent qw(Plack::Middleware);
use Plack::Request;
=head1 NAME
Koha::Middleware::SetEnv - Plack middleware to allow SetEnv through proxied headers
=head1 SYNOPSIS
builder {
...
enable "Koha::Middleware::SetEnv";
...
}
=head1 DESCRIPTION
This module adds a Plack middleware to convert C<X-Koha-SetEnv> request headers to actual
environment variables.
This is needed because Plackified Koha is currently connected to Apache via an HTTP proxy, and
C<SetEnv>s are not passed through. Koha uses SetEnvs to pass memcached settings and per-virtualhost
styles, search limits and syspref overrides.
=head1 CAVEATS
Due to how HTTP headers are combined, if you want to set a value with an embedded comma, it must be
escaped:
SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library"
RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library"
=head1 NOTES
This system was designed to use a single header for reasons of security. We have no way of knowing
whether a given request header was set by Apache or the original client, so we have to clear any
relevant headers before Apache starts adding them. This is only really practical for a single header
name.
=cut
my $allowed_setenvs = qr/^(
OVERRIDE_SYSPREF_(\w+) |
OVERRIDE_SYSPREF_NAMES |
OPAC_CSS_OVERRIDE |
OPAC_SEARCH_LIMIT |
OPAC_LIMIT_OVERRIDE |
TZ
)\ /x;
sub call {
my ( $self, $env ) = @_;
my $req = Plack::Request->new($env);
# First, we split the result only on unescaped commas.
my @setenv_headers = split /(?<!\\),\s*/, $req->header('X-Koha-SetEnv') || '';
# Then, these need to be mapped to key-value pairs, and commas removed.
my %setenvs = map {
# The syntax of this is a bit awkward because you can't use return inside a map (it
# returns from the enclosing function).
if (!/$allowed_setenvs/) {
warn "Forbidden/incorrect X-Koha-SetEnv: $_";
();
} else {
my ( $key, $value ) = /(\w+) (.*)/;
$value =~ s/\\,/,/g;
( $key, $value );
}
} @setenv_headers;
# Finally, everything is shoved into the $env.
$env = {
%$env,
%setenvs
};
return $self->app->($env);
}
=head1 AUTHOR
Jesse Weaver, E<lt>jweaver@bywatersolutions.comE<gt>
=cut
1;
View git blame Copy permalink