From d6e9200cc35411f3f27426b608bcfdef9348e6d3 Mon Sep 17 00:00:00 2001 From: Jason A. Donenfeld Date: Tue, 14 Jan 2014 21:49:31 +0100 Subject: auth: add basic authentication filter framework This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld --- cgitrc.5.txt | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'cgitrc.5.txt') diff --git a/cgitrc.5.txt b/cgitrc.5.txt index 170e825..c45dbd3 100644 --- a/cgitrc.5.txt +++ b/cgitrc.5.txt @@ -42,6 +42,13 @@ agefile:: hh:mm:ss". You may want to generate this file from a post-receive hook. Default value: "info/web/last-modified". +auth-filter:: + Specifies a command that will be invoked for authenticating repository + access. Receives quite a few arguments, and data on both stdin and + stdout for authentication processing. Details follow later in this + document. If no auth-filter is specified, no authentication is + performed. Default value: none. See also: "FILTER API". + branch-sort:: Flag which, when set to "age", enables date ordering in the branch ref list, and when set to "name" enables ordering by branch name. Default @@ -605,6 +612,8 @@ specification with the relevant string; available values are: URL escapes for a path and writes 'str' to the webpage. 'html_url_arg(str)':: URL escapes for an argument and writes 'str' to the webpage. + 'html_include(file)':: + Includes 'file' in webpage. Parameters are provided to filters as follows. @@ -635,7 +644,32 @@ source filter:: file that is to be filtered is available on standard input and the filtered contents is expected on standard output. -Also, all filters are handed the following environment variables: +auth filter:: + The authentication filter receives 11 parameters: + - filter action, explained below, which specifies which action the + filter is called for + - http cookie + - http method + - http referer + - http path + - http https flag + - cgit repo + - cgit page + - cgit url + When the filter action is "body", this filter must write to output the + HTML for displaying the login form, which POSTs to "/?p=login". When + the filter action is "authenticate-cookie", this filter must validate + the http cookie and return a 0 if it is invalid or 1 if it is invalid, + in the exit code / close function. If the filter action is + "authenticate-post", this filter receives POST'd parameters on + standard input, and should write to output one or more "Set-Cookie" + HTTP headers, each followed by a newline. + + Please see `filters/simple-authentication.lua` for a clear example + script that may be modified. + + +All filters are handed the following environment variables: - CGIT_REPO_URL (from repo.url) - CGIT_REPO_NAME (from repo.name) -- cgit v1.2.3-70-g09d2