]> iEval git - gruntmaster-page.git/blob - app.psgi
64e3f289cbd6ae69fa5cf61137f760815e99a7d1
[gruntmaster-page.git] / app.psgi
1 #!/usr/bin/perl -w
2 use v5.14;
3
4 use Apache2::Authen::Passphrase qw/pwcheck/;
5 use Apache2::AuthzCaps qw/hascaps/;
6 use Gruntmaster::Data;
7 use Plack::App::Gruntmaster;
8 use Plack::Builder;
9 use Plack::Request;
10 use Digest::SHA qw/sha256/;
11 use Log::Log4perl;
12
13 use constant ACCESSLOG_FORMAT => '%{X-Forwarded-For}i|%h %u "%r" %>s %b "%{Referer}i" "%{User-agent}i"';
14
15 $Apache2::AuthzCaps::rootdir = $Apache2::Authen::Passphrase::rootdir;
16 my $word = qr,(\w+),a;
17
18 sub debug {
19 local $Log::Log4perl::caller_depth = $Log::Log4perl::caller_depth + 1;
20 $_[0]->{'psgix.logger'}->({qw/level debug message/ => $_[1]})
21 }
22
23 sub some_auth_required {
24 my $r = Plack::Request->new($_[0]);
25 return 1 if $_[0]->{'gruntmaster.reqadmin'} || $r->path eq '/action/passwd' || $r->path =~ m,/pb/$word/submit$,;
26 0
27 }
28
29 sub admin_required {
30 local $_ = $_[0];
31 return 1 if m,^/pb/$word, && problem_private $1;
32 return 1 if m,^/log/(?:job|src)/$word, && job_private $1;
33 return 1 if m,^/ct/$word/(?:pb|log), && time < contest_start $1;
34 return 1 if m,^/ct/$word/log/src, && time < contest_end $1;
35 0
36 }
37
38 sub require_admin {
39 my $app = $_[0];
40 sub {
41 *__ANON__ = "require_admin_middleware";
42 my $env = $_[0];
43 my $r = Plack::Request->new($env);
44 $env->{'gruntmaster.reqadmin'} = 1 if admin_required $r->path;
45 $app->($env)
46 }
47 }
48
49 my %authen_cache;
50
51 sub authenticate {
52 my ($user, $pass, $env) = @_;
53 my $cache_key = sha256 "$user:$pass";
54 my $time = $authen_cache{$cache_key} // 0;
55 if ($time >= time - 300) {
56 return 1;
57 } else {
58 delete $authen_cache{$cache_key};
59 }
60
61 return unless eval {
62 pwcheck $user, $pass;
63 1
64 };
65 $authen_cache{$cache_key} = time;
66
67 return if $env->{'gruntmaster.reqadmin'} && !hascaps $user, 'gmadm';
68 1
69 }
70
71 Log::Log4perl->init('log.conf');
72 my $access_logger = Log::Log4perl->get_logger('access');
73
74 builder {
75 enable 'AccessLog', format => ACCESSLOG_FORMAT, logger => sub { $access_logger->info(@_) };
76 enable 'ContentLength';
77 enable_if { $_[0]->{PATH_INFO} =~ qr,^/static/,} Header => set => ['Cache-Control', 'public, max-age=604800'];
78 enable 'Static', path => qr,^/static/,;
79 enable 'Log4perl', category => 'plack';
80 enable \&require_admin;
81 enable_if \&some_auth_required, 'Auth::Basic', authenticator => \&authenticate, realm => 'Gruntmaster 6000';
82 Plack::App::Gruntmaster->to_app
83 }
This page took 0.060513 seconds and 3 git commands to generate.