diff options
Diffstat (limited to 'debian/vendor-h2o/share/h2o/mruby/acl.rb')
-rw-r--r-- | debian/vendor-h2o/share/h2o/mruby/acl.rb | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/debian/vendor-h2o/share/h2o/mruby/acl.rb b/debian/vendor-h2o/share/h2o/mruby/acl.rb new file mode 100644 index 0000000..7a7ba53 --- /dev/null +++ b/debian/vendor-h2o/share/h2o/mruby/acl.rb @@ -0,0 +1,130 @@ +# Copyright (c) 2016 DeNA Co., Ltd., Ichito Nagata +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. +# +require File.expand_path(File.dirname(__FILE__)) + "/bootstrap.rb" + +module H2O + + module ACL + + def acl(&block) + context = H2O::ConfigurationContext.instance + if context.get_value(:acl_handler) then + raise "acl can be called only once for each handler configuration" + end + acl_handler = ACLHandler.new(&block) + context.set_value(:acl_handler, acl_handler) + context.add_post_handler_generation_hook(proc {|handler| + if handler != acl_handler + raise "acl configuration is ignored" + end + }) + return acl_handler + end + + class ACLHandler + + class ConditionalHandler + def initialize(handler, cond) + @handler = handler + @cond = cond + end + + def satisfy?(env) + return @cond.nil? || MatchingBlock.new(env).instance_eval(&@cond) + end + + def call(env) + return @handler.call(env) if satisfy?(env) + return [399, {}, []] + end + end + + def initialize(&block) + @acl = [] + instance_eval(&block) + end + + def call(env) + @acl.each {|ac| + return ac.call(env) if ac.satisfy?(env) + } + return [399, {}, []] + end + + def use(handler, &cond) + ch = ConditionalHandler.new(handler, cond) + @acl << ch + end + + def respond(status, header={}, body=[], &cond) + use(proc {|env| [status, header, body] }, &cond) + end + + def deny(&cond) + respond(403, {}, ["Forbidden"], &cond) + end + + def allow(&cond) + respond(399, {}, [], &cond) + end + + def redirect(location, status=302, &cond) + respond(status, { "Location" => location }, [], &cond) + end + + class MatchingBlock + def initialize(env) + @env = env + end + + def addr(forwarded=true) + addr = @env['REMOTE_ADDR'] + if forwarded && (xff = @env['HTTP_X_FORWARDED_FOR']) + xaddr = xff.split(",")[0] + addr = xaddr if xaddr + end + return addr || "" + end + + def path + return @env["PATH_INFO"] || "" + end + + def method + return @env["REQUEST_METHOD"] || "" + end + + def header(name) + name = 'HTTP_' + name.gsub(/-/, '_').upcase; + return @env[name] || "" + end + + def user_agent + return header("User-Agent") || "" + end + + end + + end + + end + +end |