From: Marius Gavrilescu Date: Thu, 6 Feb 2014 07:33:31 +0000 (+0200) Subject: Enforce private problems and jobs X-Git-Url: http://git.ieval.ro/?a=commitdiff_plain;h=5a879d9a88280c4b0351f5e19dfb8a8269399ccb;p=plack-app-gruntmaster.git Enforce private problems and jobs --- diff --git a/app.psgi b/app.psgi index 50ec1a9..20092c9 100644 --- a/app.psgi +++ b/app.psgi @@ -2,21 +2,62 @@ use v5.14; use Apache2::Authen::Passphrase qw/pwcheck/; +use Apache2::AuthzCaps qw/hascaps/; +use Gruntmaster::Data; use Plack::App::Gruntmaster; use Plack::Builder; use Plack::Request; +$Apache2::AuthzCaps::rootdir = $Apache2::Authen::Passphrase::rootdir; +my $word = qr,(\w+),a; + +sub debug { + local $Log::Log4perl::caller_depth = $Log::Log4perl::caller_depth + 1; + $_[0]->{'psgix.logger'}->({qw/level debug message/ => $_[1]}) +} + sub some_auth_required { my $r = Plack::Request->new($_[0]); - my $word = qr,(\w+),a; - return 1 if $r->path eq '/action/passwd' || $r->path =~ m,/pb/$word/submit$,; + return 1 if $_[0]->{'gruntmaster.reqadmin'} || $r->path eq '/action/passwd' || $r->path =~ m,/pb/$word/submit$,; + 0 +} + +sub admin_required { + local $_ = $_[0]; + return 1 if m,^/pb/$word, && problem_private $1; + return 1 if m,^/log/(?:job|src)/$word, && job_private $1; + return 1 if m,^/ct/$word/(?:pb|log), && time < contest_start $1; + return 1 if m,^/ct/$word/log/src, && time < contest_end $1; 0 } +sub require_admin { + my $app = $_[0]; + sub { + *__ANON__ = "require_admin_middleware"; + my $env = $_[0]; + my $r = Plack::Request->new($env); + $env->{'gruntmaster.reqadmin'} = 1 if admin_required $r->path; + $app->($env) + } +} + +sub authenticate { + my ($user, $pass, $env) = @_; + return unless eval { + pwcheck $user, $pass; + 1 + }; + + return if $env->{'gruntmaster.reqadmin'} && !hascaps $user, 'gmadm'; + 1 +} + builder { enable 'ContentLength'; enable 'Static', path => qr,/static/,; enable 'Log4perl', category => 'plack', conf => 'log.conf'; - enable_if \&some_auth_required, 'Auth::Basic', authenticator => sub { eval {pwcheck @_; 1} }, realm => 'Gruntmaster 6000'; + enable \&require_admin; + enable_if \&some_auth_required, 'Auth::Basic', authenticator => \&authenticate, realm => 'Gruntmaster 6000'; Plack::App::Gruntmaster->to_app }