1 package Koha
::Middleware
::SetEnv
;
3 # Copyright 2016 ByWater Solutions and the Koha Dev Team
5 # This file is part of Koha.
7 # Koha is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
12 # Koha is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use parent
qw(Plack::Middleware);
28 Koha::Middleware::SetEnv - Plack middleware to allow SetEnv through proxied headers
34 enable "Koha::Middleware::SetEnv";
42 This module adds a Plack middleware to convert C<X-Koha-SetEnv> request headers to actual
43 environment variables.
45 This is needed because Plackified Koha is currently connected to Apache via an HTTP proxy, and
46 C<SetEnv>s are not passed through. Koha uses SetEnvs to pass memcached settings and per-virtualhost
47 styles, search limits and syspref overrides.
51 Due to how HTTP headers are combined, if you want to set a value with an embedded comma, it must be
54 SetEnv OVERRIDE_SYSPREF_LibraryName "The Best, Truly the Best, Koha Library"
55 RequestHeader add X-Koha-SetEnv "OVERRIDE_SYSPREF_LibraryName The Best\, Truly the Best\, Koha Library"
59 This system was designed to use a single header for reasons of security. We have no way of knowing
60 whether a given request header was set by Apache or the original client, so we have to clear any
61 relevant headers before Apache starts adding them. This is only really practical for a single header
66 my $allowed_setenvs = qr
/^(
67 OVERRIDE_SYSPREF_
(\w
+) |
68 OVERRIDE_SYSPREF_NAMES
|
75 my ( $self, $env ) = @_;
76 my $req = Plack
::Request
->new($env);
78 # First, we split the result only on unescaped commas.
79 my @setenv_headers = split /(?<!\\),\s*/, $req->header('X-Koha-SetEnv') || '';
81 # Then, these need to be mapped to key-value pairs, and commas removed.
83 # The syntax of this is a bit awkward because you can't use return inside a map (it
84 # returns from the enclosing function).
85 if (!/$allowed_setenvs/) {
86 warn "Forbidden/incorrect X-Koha-SetEnv: $_";
90 my ( $key, $value ) = /(\w+) (.*)/;
97 # Finally, everything is shoved into the $env.
103 return $self->app->($env);
108 Jesse Weaver, E<lt>jweaver@bywatersolutions.comE<gt>