Updated src.

Author: k2u2

src/ngx_auth/exec/check_ldap/config.go

@@ -4,14 +4,18 @@ import (
 	"os"
 
 	"github.com/naoina/toml"
+
+	"ngx_auth/htstat"
 )
 
 type NgxLdapAuthConfig struct {
-	SocketType   string
-	SocketPath   string
-	CacheSeconds uint32 `toml:",omitempty"`
-	UseEtag      bool   `toml:",omitempty"`
-	AuthRealm    string `toml:",omitempty"`
+	SocketType        string
+	SocketPath        string
+	CacheSeconds      uint32 `toml:",omitempty"`
+	NegCacheSeconds    uint32 `toml:",omitempty"`
+	UseEtag           bool   `toml:",omitempty"`
+	UseSerializedAuth bool   `toml:",omitempty"`
+	AuthRealm         string `toml:",omitempty"`
 
 	HostUrl        string
 	StartTls       int      `toml:",omitempty"`
@@ -21,15 +25,19 @@ type NgxLdapAuthConfig struct {
 	BindDn         string
 	UniqFilter     string `toml:",omitempty"`
 	Timeout        int    `toml:",omitempty"`
+
+	Response htstat.HttpStatusTbl `toml:",omitempty"`
 }
 
 type NgxLdapPathAuthConfig struct {
-	SocketType   string
-	SocketPath   string
-	CacheSeconds uint32 `toml:",omitempty"`
-	UseEtag      bool   `toml:",omitempty"`
-	AuthRealm    string `toml:",omitempty"`
-	PathHeader   string `toml:",omitempty"`
+	SocketType        string
+	SocketPath        string
+	CacheSeconds      uint32 `toml:",omitempty"`
+	NegCacheSeconds    uint32 `toml:",omitempty"`
+	UseEtag           bool   `toml:",omitempty"`
+	UseSerializedAuth bool   `toml:",omitempty"`
+	AuthRealm         string `toml:",omitempty"`
+	PathHeader        string `toml:",omitempty"`
 
 	Ldap struct {
 		HostUrl        string
@@ -50,6 +58,8 @@ type NgxLdapPathAuthConfig struct {
 		DefaultRight  string            `toml:",omitempty"`
 		PathRight     map[string]string `toml:",omitempty"`
 	}
+
+	Response htstat.HttpStatusTbl `toml:",omitempty"`
 }
 
 func load_ldap_auth_config(file string) (*NgxLdapAuthConfig, error) {

src/ngx_auth/exec/ngx_header_path_auth/handle.go

@@ -3,7 +3,6 @@ package main
 import (
 	"encoding/binary"
 	"fmt"
-	"io"
 	"net/http"
 
 	"ngx_auth/etag"
@@ -52,25 +51,59 @@ func makeEtag(ms int64, user, rpath string) string {
 	return etag.Make(tm, etag.Crypt(tm, []byte(user)), []byte(pathid))
 }
 
+func isModified(hd http.Header, org_tag string) bool {
+	if_nmatch := hd.Get("If-None-Match")
+
+	if if_nmatch != "" {
+		return !isEtagMatch(if_nmatch, org_tag)
+	}
+
+	return true
+}
+
+func isEtagMatch(tag_str string, org_tag string) bool {
+	tags, _ := etag.Split(tag_str)
+	for _, tag := range tags {
+		if tag == org_tag {
+			return true
+		}
+	}
+
+	return false
+}
+
 func TestAuthHandler(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Cache-Control", "no-store")
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.Header().Set("Cache-Control", "no-store")
 
 	rpath := r.Header.Get(PathHeader)
 	if rpath == "" {
-		http.Error(w, "No path header", http.StatusForbidden)
+		HttpResponse.Nopath.Error(w)
 		return
 	}
 
 	user := r.Header.Get(UserHeader)
 	if user == "" {
-		http.Error(w, "No user header", http.StatusForbidden)
+		HttpResponse.Nouser.Error(w)
 		return
 	}
+
+	if NegCacheSeconds > 0 {
+		w.Header().Set("Cache-Control",
+			fmt.Sprintf("max-age=%d, must-revalidate", NegCacheSeconds))
+	}
+
 	tag := makeEtag(StartTimeMS, user, rpath)
+	w.Header().Set("Etag", tag)
+	if UseEtag {
+		if !isModified(r.Header, tag) {
+			w.WriteHeader(http.StatusNotModified)
+			return
+		}
+	}
 
 	if !get_path_right(rpath, user) {
-		http.Error(w, "Forbidden", http.StatusForbidden)
+		HttpResponse.Forbidden.Error(w)
 		return
 	}
 
@@ -79,5 +112,5 @@ func TestAuthHandler(w http.ResponseWriter, r *http.Request) {
 			fmt.Sprintf("max-age=%d, must-revalidate", CacheSeconds))
 	}
 	w.Header().Set("Etag", tag)
-	io.WriteString(w, "Authorized\n")
+	HttpResponse.Ok.Error(w)
 }

src/ngx_auth/exec/ngx_header_path_auth/main.go

@@ -17,6 +17,7 @@ import (
 	"github.com/naoina/toml"
 
 	"ngx_auth/authz"
+	"ngx_auth/htstat"
 )
 
 func die(format string, v ...interface{}) {
@@ -29,11 +30,13 @@ func warn(format string, v ...interface{}) {
 }
 
 type NgxHeaderPathAuthConfig struct {
-	SocketType   string
-	SocketPath   string
-	CacheSeconds uint32 `toml:",omitempty"`
-	PathHeader   string `toml:",omitempty"`
-	UserHeader   string `toml:",omitempty"`
+	SocketType     string
+	SocketPath     string
+	CacheSeconds   uint32 `toml:",omitempty"`
+	NegCacheSeconds uint32 `toml:",omitempty"`
+	UseEtag        bool   `toml:",omitempty"`
+	PathHeader     string `toml:",omitempty"`
+	UserHeader     string `toml:",omitempty"`
 
 	Authz struct {
 		UserMapConfig string `toml:",omitempty"`
@@ -43,11 +46,15 @@ type NgxHeaderPathAuthConfig struct {
 		DefaultRight  string            `toml:",omitempty"`
 		PathRight     map[string]string `toml:",omitempty"`
 	}
+
+	Response htstat.HttpStatusTbl `toml:",omitempty"`
 }
 
 var SocketType string
 var SocketPath string
 var CacheSeconds uint32
+var NegCacheSeconds uint32
+var UseEtag bool
 
 var PathHeader = "X-Authz-Path"
 var PathPatternReg *regexp.Regexp
@@ -58,6 +65,8 @@ var NomatchRight string
 var DefaultRight string
 var PathRight map[string]string
 
+var HttpResponse htstat.HttpStatusTbl
+
 var StartTimeMS int64
 
 func init() {
@@ -95,6 +104,8 @@ func init() {
 	}
 
 	CacheSeconds = cfg.CacheSeconds
+	NegCacheSeconds = cfg.NegCacheSeconds
+	UseEtag = cfg.UseEtag
 
 	if cfg.PathHeader != "" {
 		PathHeader = cfg.PathHeader
@@ -141,6 +152,13 @@ func init() {
 		}
 	}
 
+	cfg.Response.SetDefault()
+	if !cfg.Response.IsValid() {
+		die("response code config error.")
+		return
+	}
+	HttpResponse = cfg.Response
+
 	StartTimeMS = time.Now().UnixMicro()
 }
 

src/ngx_auth/exec/ngx_ldap_auth/handle.go

@@ -3,21 +3,29 @@ package main
 import (
 	"encoding/binary"
 	"fmt"
-	"io"
 	"net/http"
 	"strings"
 
+	"github.com/l4go/var_mtx"
+
 	"ngx_auth/etag"
 	"ngx_auth/ldap_auth"
 )
 
+var userMtx = var_mtx.NewVarMutex()
+
 func auth(user string, pass string) bool {
 	la, err := ldap_auth.NewLdapAuth(LdapAuthConfig)
 	if err != nil {
 		return false
 	}
 	defer la.Close()
 
+	if UseSerializedAuth {
+		userMtx.Lock(user)
+		defer userMtx.Unlock(user)
+	}
+
 	ok_auth, _, err := la.Authenticate(user, pass)
 	if err != nil {
 		return false
@@ -26,10 +34,10 @@ func auth(user string, pass string) bool {
 	return ok_auth
 }
 
-func http_not_auth(w http.ResponseWriter, r *http.Request) {
+func http_not_auth(w http.ResponseWriter, _ *http.Request) {
 	realm := strings.Replace(AuthRealm, `"`, `\"`, -1)
 	w.Header().Add("WWW-Authenticate", `Basic realm="`+realm+`"`)
-	http.Error(w, "Not authorized", http.StatusUnauthorized)
+	HttpResponse.Unauth.Error(w)
 }
 
 func set_int64bin(bin []byte, v int64) {
@@ -66,22 +74,24 @@ func isEtagMatch(tag_str string, org_tag string) bool {
 }
 
 func TestAuthHandler(w http.ResponseWriter, r *http.Request) {
-	w.Header().Set("Cache-Control", "no-store")
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
+	w.Header().Set("Cache-Control", "no-store")
 
 	user, pass, ok := r.BasicAuth()
 	if !ok {
 		http_not_auth(w, r)
 		return
 	}
 
+	if NegCacheSeconds > 0 {
+		w.Header().Set("Cache-Control",
+			fmt.Sprintf("max-age=%d, must-revalidate", NegCacheSeconds))
+	}
+
 	tag := makeEtag(StartTimeMS, user, pass)
+	w.Header().Set("Etag", tag)
 	if UseEtag {
 		if !isModified(r.Header, tag) {
-			if CacheSeconds > 0 {
-				w.Header().Set("Cache-Control",
-					fmt.Sprintf("max-age=%d, must-revalidate", CacheSeconds))
-			}
 			w.Header().Set("Etag", tag)
 			w.WriteHeader(http.StatusNotModified)
 			return
@@ -97,6 +107,5 @@ func TestAuthHandler(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Cache-Control",
 			fmt.Sprintf("max-age=%d, must-revalidate", CacheSeconds))
 	}
-	w.Header().Set("Etag", tag)
-	io.WriteString(w, "Authorized\n")
+	HttpResponse.Ok.Error(w)
 }

src/ngx_auth/exec/ngx_ldap_auth/main.go

@@ -15,6 +15,7 @@ import (
 	"github.com/l4go/task"
 	"github.com/naoina/toml"
 
+	"ngx_auth/htstat"
 	"ngx_auth/ldap_auth"
 )
 
@@ -28,11 +29,13 @@ func warn(format string, v ...interface{}) {
 }
 
 type NgxLdapAuthConfig struct {
-	SocketType   string
-	SocketPath   string
-	CacheSeconds uint32 `toml:",omitempty"`
-	UseEtag      bool   `toml:",omitempty"`
-	AuthRealm    string `toml:",omitempty"`
+	SocketType        string
+	SocketPath        string
+	CacheSeconds      uint32 `toml:",omitempty"`
+	NegCacheSeconds    uint32 `toml:",omitempty"`
+	UseEtag           bool   `toml:",omitempty"`
+	UseSerializedAuth bool   `toml:",omitempty"`
+	AuthRealm         string `toml:",omitempty"`
 
 	HostUrl        string
 	StartTls       int      `toml:",omitempty"`
@@ -42,14 +45,20 @@ type NgxLdapAuthConfig struct {
 	BindDn         string
 	UniqFilter     string `toml:",omitempty"`
 	Timeout        int    `toml:",omitempty"`
+
+	Response htstat.HttpStatusTbl `toml:",omitempty"`
 }
 
 var SocketType string
 var SocketPath string
 var CacheSeconds uint32
+var NegCacheSeconds uint32
 var UseEtag bool
 var AuthRealm string
+var UseSerializedAuth bool
+
 var LdapAuthConfig *ldap_auth.Config
+var HttpResponse htstat.HttpStatusTbl
 
 var StartTimeMS int64
 
@@ -88,7 +97,9 @@ func init() {
 	}
 
 	CacheSeconds = cfg.CacheSeconds
+	NegCacheSeconds = cfg.NegCacheSeconds
 	UseEtag = cfg.UseEtag
+	UseSerializedAuth = cfg.UseSerializedAuth
 
 	if cfg.AuthRealm == "" {
 		die("relm is required")
@@ -106,6 +117,13 @@ func init() {
 		Timeout:        cfg.Timeout,
 	}
 
+	cfg.Response.SetDefault()
+	if !cfg.Response.IsValid() {
+		die("response code config error.")
+		return
+	}
+	HttpResponse = cfg.Response
+
 	StartTimeMS = time.Now().UnixMicro()
 }