mirror of
https://github.com/standardebooks/web.git
synced 2025-07-16 03:16:36 -04:00
Move HTTP auth to PHP
This commit is contained in:
Alex Cabal
parent
e290758a9a
commit
30442c0c62
11 changed files with 110 additions and 86 deletions
|
|
@ -273,8 +273,8 @@ Define webroot /standardebooks.org/web
|
|||
RewriteCond expr "tolower(%{REQUEST_METHOD}) =~ /^post$/"
|
||||
RewriteRule ^/polls/([^/\.]+)/votes$ /polls/votes/post.php?pollurlname=$1 [L]
|
||||
|
||||
# Feeds
|
||||
# Rewrite old links to feeds
|
||||
# Rewrite rules for feeds eeds
|
||||
# Redirect old feed URLs
|
||||
RewriteRule ^/(opds|rss|atom)(.*)$ /feeds/$1$2 [R=301,L]
|
||||
|
||||
# If we ask for /opds/all?query=xyz, rewrite that to the search page.
|
||||
|
|
@ -283,31 +283,12 @@ Define webroot /standardebooks.org/web
|
|||
|
||||
RewriteRule ^/feeds/(atom|rss)/([^/\.]+)$ /feeds/collection.php?type=$1&name=$2
|
||||
|
||||
RewriteRule ^/feeds/(.+\.xml)$ /feeds/download.php?path=$1
|
||||
|
||||
# Rewrite rules for bulk downloads
|
||||
RewriteRule ^/bulk-downloads/(.+\.zip)$ /bulk-downloads/download.php?path=$1
|
||||
RewriteRule ^/bulk-downloads/([^/\.]+)$ /bulk-downloads/collection.php?name=$1
|
||||
|
||||
# Enable mod_authn_dbd
|
||||
# DBDriver mysql
|
||||
# DBDParams "dbname=se user=www-data"
|
||||
# # HTTP Basic Auth configuration for /feeds
|
||||
# <DirectoryMatch "^${webroot}/www/feeds/(opds|rss|atom)">
|
||||
# AuthType Basic
|
||||
# AuthName "Enter your Patrons Circle email address and leave the password empty."
|
||||
# Require valid-user
|
||||
|
||||
# # Credentials caching to prevent slamming the DB. socache must be ahead of dbd
|
||||
# AuthBasicProvider socache dbd
|
||||
# AuthnCacheProvideFor dbd
|
||||
# AuthnCacheContext ${domain}
|
||||
|
||||
# # mod_authn_dbd SQL query to authenticate a user
|
||||
# # The hash is simply the hash of a blank password. We're only interested in the username/API key.
|
||||
# # We have to do this tortured query instead of a cleaner one, because the AuthDBDUserPWQuery
|
||||
# # function will only replace %s EXACTLY ONCE. We cannot have more than one %s in the query string.
|
||||
# AuthDBDUserPWQuery "select '$apr1$13q1pnGf$vQnIj94BXP1EPdL/4ISba.' from Users u inner join Benefits b using (UserId) where %s in (u.Email, u.Uuid) and b.CanAccessFeeds = true limit 1"
|
||||
# </DirectoryMatch>
|
||||
|
||||
# Specific config for /bulk-downloads
|
||||
<DirectoryMatch "${webroot}/www/bulk-downloads">
|
||||
# Both directives are required
|
||||
|
|
@ -316,22 +297,11 @@ Define webroot /standardebooks.org/web
|
|||
</DirectoryMatch>
|
||||
|
||||
# Specific config for /feeds
|
||||
<DirectoryMatch "^${webroot}/www/feeds/(opds|rss|atom)">
|
||||
ErrorDocument 401 /feeds/401
|
||||
|
||||
<FilesMatch "^(style\.php|new-releases\.xml|index\.php|index\.xml)$">
|
||||
# Disable HTTP Basic auth for the feed XSL stylesheet and the new releases feeds
|
||||
Require all granted
|
||||
</FilesMatch>
|
||||
</DirectoryMatch>
|
||||
|
||||
# Emit content-types for OPDS feeds, as some clients require a strictly correct content-type in order to work
|
||||
<DirectoryMatch "^${webroot}/www/feeds/opds">
|
||||
Header set Content-Type "application/atom+xml;profile=opds-catalog;kind=acquisition; charset=utf-8"
|
||||
|
||||
<FilesMatch "^index\.xml$">
|
||||
Header set Content-Type "application/atom+xml;profile=opds-catalog;kind=navigation; charset=utf-8"
|
||||
</FilesMatch>
|
||||
<DirectoryMatch "^${webroot}/www/feeds">
|
||||
# This must be defined at the top level /feeds/ directory
|
||||
# Both directives are required
|
||||
XSendFile on
|
||||
XSendFilePath /standardebooks.org/web/www/feeds
|
||||
</DirectoryMatch>
|
||||
|
||||
# Emit content-types for RSS/Atom feeds
|
||||
|
|
|
|||
|
|
@ -255,8 +255,8 @@ Define webroot /standardebooks.org/web
|
|||
RewriteCond expr "tolower(%{REQUEST_METHOD}) =~ /^post$/"
|
||||
RewriteRule ^/polls/([^/\.]+)/votes$ /polls/votes/post.php?pollurlname=$1 [L]
|
||||
|
||||
# Feeds
|
||||
# Rewrite old links to feeds
|
||||
# Rewrite rules for feeds eeds
|
||||
# Redirect old feed URLs
|
||||
RewriteRule ^/(opds|rss|atom)(.*)$ /feeds/$1$2 [R=301,L]
|
||||
|
||||
# If we ask for /opds/all?query=xyz, rewrite that to the search page.
|
||||
|
|
@ -265,31 +265,12 @@ Define webroot /standardebooks.org/web
|
|||
|
||||
RewriteRule ^/feeds/(atom|rss)/([^/\.]+)$ /feeds/collection.php?type=$1&name=$2
|
||||
|
||||
RewriteRule ^/feeds/(.+\.xml)$ /feeds/download.php?path=$1
|
||||
|
||||
# Rewrite rules for bulk downloads
|
||||
RewriteRule ^/bulk-downloads/(.+\.zip)$ /bulk-downloads/download.php?path=$1
|
||||
RewriteRule ^/bulk-downloads/([^/\.]+)$ /bulk-downloads/collection.php?name=$1
|
||||
|
||||
# Enable mod_authn_dbd
|
||||
DBDriver mysql
|
||||
DBDParams "dbname=se user=www-data"
|
||||
# HTTP Basic Auth configuration for /feeds
|
||||
<DirectoryMatch "^${webroot}/www/feeds/(opds|rss|atom)">
|
||||
AuthType Basic
|
||||
AuthName "Enter your Patrons Circle email address and leave the password empty."
|
||||
Require valid-user
|
||||
|
||||
# Credentials caching to prevent slamming the DB. socache must be ahead of dbd
|
||||
AuthBasicProvider socache dbd
|
||||
AuthnCacheProvideFor dbd
|
||||
AuthnCacheContext ${domain}
|
||||
|
||||
# mod_authn_dbd SQL query to authenticate a user
|
||||
# The hash is simply the hash of a blank password. We're only interested in the username/API key.
|
||||
# We have to do this tortured query instead of a cleaner one, because the AuthDBDUserPWQuery
|
||||
# function will only replace %s EXACTLY ONCE. We cannot have more than one %s in the query string.
|
||||
AuthDBDUserPWQuery "select '$apr1$13q1pnGf$vQnIj94BXP1EPdL/4ISba.' from Users u inner join Benefits b using (UserId) where %s in (u.Email, u.Uuid) and b.CanAccessFeeds = true limit 1"
|
||||
</DirectoryMatch>
|
||||
|
||||
# Specific config for /bulk-downloads
|
||||
<DirectoryMatch "${webroot}/www/bulk-downloads">
|
||||
# Both directives are required
|
||||
|
|
@ -298,22 +279,11 @@ Define webroot /standardebooks.org/web
|
|||
</DirectoryMatch>
|
||||
|
||||
# Specific config for /feeds
|
||||
<DirectoryMatch "^${webroot}/www/feeds/(opds|rss|atom)">
|
||||
ErrorDocument 401 /feeds/401
|
||||
|
||||
<FilesMatch "^(style\.php|new-releases\.xml|index\.php|index\.xml)$">
|
||||
# Disable HTTP Basic auth for the feed XSL stylesheet and the new releases feeds
|
||||
Require all granted
|
||||
</FilesMatch>
|
||||
</DirectoryMatch>
|
||||
|
||||
# Emit content-types for OPDS feeds, as some clients require a strictly correct content-type in order to work
|
||||
<DirectoryMatch "^${webroot}/www/feeds/opds">
|
||||
Header set Content-Type "application/atom+xml;profile=opds-catalog;kind=acquisition; charset=utf-8"
|
||||
|
||||
<FilesMatch "^index\.xml$">
|
||||
Header set Content-Type "application/atom+xml;profile=opds-catalog;kind=navigation; charset=utf-8"
|
||||
</FilesMatch>
|
||||
<DirectoryMatch "^${webroot}/www/feeds">
|
||||
# This must be defined at the top level /feeds/ directory
|
||||
# Both directives are required
|
||||
XSendFile on
|
||||
XSendFilePath /standardebooks.org/web/www/feeds
|
||||
</DirectoryMatch>
|
||||
|
||||
# Emit content-types for RSS/Atom feeds
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue