require 'rack/auth/basic' require 'hws_settings' module Auth # We setup our middleware to generally require Basic authentication that # indicates our Perforce login and ticket. # # This should be applied *after* HWSSettings, since we might not know which # server we are connecting to. class Middleware def initialize(app, options = {}) @app = app @unauthenticated_paths = [] if options[:unauthenticated_paths] @unauthenticated_paths.concat(options[:unauthenticated_paths]) end end def call(env) return @app.call(env) if unauthenticated_path?(env) auth = Rack::Auth::Basic::Request.new(env) if auth.provided? && auth.basic? if HWSSettings.system.ENABLE_HELIX_CLOUD_AUTH # TODO(HelixCloud) - Validate ticket, then check AUTH_CREDENTIALS, # p4, and p4.user as needed. else begin check_and_establish_p4_session(env, auth) rescue P4Exception env['AUTH_CREDENTIALS'] = nil env['p4'] = nil return unauthenticated_error end end return @app.call(env) end unauthenticated_error end def check_and_establish_p4_session(env, auth) env['AUTH_CREDENTIALS'] = auth.credentials p4 = P4Util.open_from_env(env) p4.connect results = p4.run_user('-o') env['p4.user'] = results.first env['p4'] = p4 end def unauthenticated_path?(env) @unauthenticated_paths.any? do |pathspec| (env['REQUEST_METHOD'] == pathspec[:method]) && ((pathspec[:path].is_a?(String) && pathspec[:path] == env['PATH_INFO']) || (pathspec[:path].is_a?(Regexp) && pathspec[:path].match(env['PATH_INFO']))) end end def unauthenticated_error [ 403, { 'Content-Type' => 'text/plain', 'Content-Length' => '0', 'WWW-Authenticate' => 'Basic realm="Perforce Web API"' }, [] ] end end end