/usr/share/perl5/CGI/Application/Plugin/RequireSSL.pm is in libcgi-application-plugin-requiressl-perl 0.04-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 | package CGI::Application::Plugin::RequireSSL;
use warnings;
use strict;
use Carp;
use base 'Exporter';
use Attribute::Handlers;
our @EXPORT = qw/config_requiressl mode_redirect/;
our %SSL_RUN_MODES;
use Data::Dumper;
=head1 NAME
CGI::Application::Plugin::RequireSSL - Force SSL in specified pages or modules
=head1 VERSION
Version 0.04
=cut
our $VERSION = '0.04';
=head1 SYNOPSIS
use CGI::Application::Plugin::RequireSSL;
sub login_form :RequireSSL {
my $self = shift;
# etc
}
=head1 DESCRIPTION
CGI::Application::Plugin::RequireSSL allows individual run modes or
whole modules to be protected by SSL. If a standard HTTP request is
received, you can specify whether an error is raised or if the request
should be redirected to the HTTPS equivalent URL.
=head1 EXPORT
Exported methods:
config_requiressl, mode_redirect
=head1 USAGE
=head2 run mode-level protection
run mode protection is specified by the RequireSSL attribute after the
method name:
sub process_login :RequireSSL {
my $self = shift;
}
=head2 Module-level protection
You can protect a complete module by setting the 'require_ssl'
parameter in your instance script:
use MyApp;
my $webapp = MyApp->new(
PARAMS => {require_ssl => 1}
);
$webapp->run();
=head2 Redirecting to a protected URL.
By default, an error is raised if a request is made to a protected
run mode or module using HTTP. However, you can specify that the request
is redirected to the HTTPS url by setting the rewrite_to_ssl parameter
as long as the requested method is not POST:
my $webapp = MyApp->new(
PARAMS => {rewrite_to_ssl => 1}
);
=head2 Turning off checks.
If you need to turn off checks, simply set the ignore_check parameter
when configuring the plugin (see L</"config_requiressl"> below).
=head2 Reverting to HTTP
Once a successful request is made to a protected run mode or module, subsequent
requests to a non-protected run mode or module will revert to using HTTP.
To prevent this from happening, set the parameter keep_in_ssl in the
configuration
(see L</"config_requiressl"> below)
=cut
sub import {
my $caller = scalar(caller);
$caller->add_callback(init => \&_add_runmodes);
$caller->add_callback(prerun => \&_check_ssl);
goto &Exporter::import;
}
sub CGI::Application::RequireSSL : ATTR(CODE, BEGIN, CHECK) {
my ($package, $symbol, $referent, $attr, $data, $phase) = @_;
if ($phase eq 'CHECK') {
$SSL_RUN_MODES{*{$symbol}{NAME}}++;
}
}
=head1 METHODS
=head2 config_requiressl
Optionally configure the plugin in your cgiapp_init method
$self->config_requiressl(
keep_in_ssl => 0,
ignore_check => 0,
)
Valid parameters are:
=over 4
=item * keep_in_ssl - if set, all subsequent requests following one to a
protected run mode or module will be via HTTPS.
=item * ignore_check - ignore SSL schecking. This is useful if your
application is deployed in an environment that doesn't support SSL.
=back
=cut
sub config_requiressl {
my ($self, %args) = @_;
foreach my $param (qw/ keep_in_ssl ignore_check/) {
$self->{__PACKAGE__ . $param} = $args{$param} if $args{$param};
}
}
=head2 mode_redirect
This is a run mode that will be automatically called if the request should
be redirected to the equivalent HTTP or HTTPS URL. You should not call it
directly.
=cut
sub mode_redirect {
my $self = shift;
my $new_mode = $self->{__PACKAGE__ . 'new_mode'};
croak "Cannot redirect from POST" if $self->query->request_method eq 'POST';
my $new_url = $self->query->url(-base => 1);
# Can't rely on -query option in case the query has been played with
# prior to the redirect being invoked. Use the REQUEST_URI instead
$new_url .= $ENV{REQUEST_URI} if $ENV{REQUEST_URI};
if ($new_mode eq 'https') {
$new_url =~ s/^http:/https:/;
} else {
$new_url =~ s/^https:/http:/;
}
$self->header_type('redirect');
$self->header_add(-uri => $new_url);
return ' ';
}
sub _add_runmodes {
my $self = shift;
$self->run_modes([qw/config_requiressl mode_redirect/]);
}
sub _check_ssl {
my $self = shift;
my $rm = $self->get_current_runmode;
unless ($self->{__PACKAGE__ . 'ignore_check'}) {
# Process protection is either the module or the requested run mode
# is protected
if (($self->param('require_ssl') || $SSL_RUN_MODES{$rm})
&& !$self->query->https)
{
if ($self->param('rewrite_to_ssl')) {
$self->{__PACKAGE__ . 'new_mode'} = 'https';
return $self->prerun_mode('mode_redirect');
} else {
croak "https request required";
}
}
# If a request is made using SSL, but we don't need it to be, then
# redirect to the non-SSL page
if (
$self->query->https
&& !(
$self->{__PACKAGE__ . 'keep_in_ssl'}
|| $self->param('require_ssl')
|| $SSL_RUN_MODES{$rm}
)
)
{
$self->{__PACKAGE__ . 'new_mode'} = 'http';
return $self->prerun_mode('mode_redirect');
}
}
}
=head1 AUTHOR
Dan Horne, C<< <dhorne at cpan.org> >>
=head1 BUGS
Please report any bugs or feature requests to
C<bug-cgi-application-plugin-requiressl at rt.cpan.org>, or through the web interface at
L<http://rt.cpan.org/NoAuth/ReportBug.html?Queue=CGI-Application-Plugin-RequireSSL>.
I will be notified, and then you'll automatically be notified of progress on
your bug as I make changes.
=head1 CAVEAT
This module been tested under the FastCGI persistent environment, but not under
mod_perl. The author would apprecaute feedback from anyone who is able to
test with that environment.
=head1 SUPPORT
You can find documentation for this module with the perldoc command.
perldoc CGI::Application::Plugin::RequireSSL
You can also look for information at:
=over 4
=item * AnnoCPAN: Annotated CPAN documentation
L<http://annocpan.org/dist/CGI-Application-Plugin-RequireSSL>
=item * CPAN Ratings
L<http://cpanratings.perl.org/d/CGI-Application-Plugin-RequireSSL>
=item * RT: CPAN's request tracker
L<http://rt.cpan.org/NoAuth/Bugs.html?Dist=CGI-Application-Plugin-RequireSSL>
=item * Search CPAN
L<http://search.cpan.org/dist/CGI-Application-Plugin-RequireSSL>
=back
=head1 ACKNOWLEDGEMENTS
=over 4
=item * Users of the CGI::Application wiki (http://www.cgi-app.org) who requested
this module.
=item * Andy Grundman - I stole the idea of the keep_in_ssl parameter from his
L<Catalyst::Plugin::RequireSSL> module
=back
=head1 COPYRIGHT & LICENSE
Copyright 2007 Dan Horne, all rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.
=cut
1; # End of CGI::Application::Plugin::RequireSSL
|