/usr/share/perl5/HTTP/Server/Simple/Authen.pm is in libhttp-server-simple-authen-perl 0.04-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 | package HTTP::Server::Simple::Authen;
use strict;
our $VERSION = '0.04';
use Carp;
use MIME::Base64;
sub do_authenticate {
my $self = shift;
if (($ENV{HTTP_AUTHORIZATION} || '') =~ /^Basic (.*?)$/) {
my($user, $pass) = split /:/, (MIME::Base64::decode($1) || ':');
if ($self->authen_handler->authenticate($user, $pass)) {
return $user;
}
}
return;
}
sub authen_realm { "Authorized area" }
sub authen_handler {
my $class = ref(shift);
Carp::croak("You have to override $class\::authen_handler to return Authen::Simple object");
}
sub authenticate {
my $self = shift;
my $user = $self->do_authenticate();
unless (defined $user) {
my $realm = $self->authen_realm();
print "HTTP/1.0 401\r\n";
print qq(WWW-Authenticate: Basic realm="$realm"\r\n\r\n);
print "Authentication required.";
return;
}
return $user;
}
1;
__END__
=head1 NAME
HTTP::Server::Simple::Authen - Authentication plugin for HTTP::Server::Simple
=head1 SYNOPSIS
package MyServer;
use base qw( HTTP::Server::Simple::Authen HTTP::Server::Simple::CGI);
use Authen::Simple::Passwd;
sub authen_handler {
Authen::Simple::Passwd->new(passwd => '/etc/passwd');
}
sub handle_request {
my($self, $cgi) = @_;
my $user = $self->authenticate or return;
...
}
MyServer->new->run();
=head1 DESCRIPTION
HTTP::Server::Simple::Authen is an HTTP::Server::Simple plugin to
allow HTTP authentication. Authentication scheme is pluggable and you
can use whatever Authentication protocol that Authen::Simple supports.
You can use C<authenticate> method whatever you want to authenticate
the request. The method returns C<$username> taken from the request if
the authentication is successful, and C<undef> otherwise. The code in
L</SYNOPSIS> requires authentication for all the requests and behaves
just the same as Apache's C<Require valid-user>.
The following code will explain more about conditioning.
sub handle_request {
my($self, $cgi) = @_;
if ($cgi->path_info =~ m!/foo/!) {
my $user = $self->authenticate;
return unless defined($user) && length($user) == 8;
}
...
}
This means all the requests to URL C</foo/> require to be
authenticated, and usernames with 8 chars long are authorized.
=head1 METHODS
Your subclass has to override following methods to implement HTTP
authentication.
=over 4
=item authen_handler
Should return a valid Authen::Simple instance to authenticate HTTP
request (Required).
=item authen_realm
Returns a string for Authentication realm to be shown in the browser's
dialog box. Defaults to 'Authorized area'.
=back
=head1 AUTHOR
Tatsuhiko Miyagawa E<lt>miyagawa@bulknews.netE<gt>
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself.
=head1 SEE ALSO
L<HTTP::Server::Simple>, L<Authen::Simple>
=cut
|