koha: prepare middleware auth for restapi v2

c00782de · Benjamin Rokseth · 856eb0e2 · c00782de · c00782de · c00782de
Commit c00782de authored Jan 24, 2019 by Benjamin Rokseth
--- a/koha/Deichman/Plack/Middleware/Session.pm
+++ b/koha/Deichman/Plack/Middleware/Session.pm
@@ -186,6 +186,7 @@ sub call {
        $dt,
        $out->[0];

+    # Print response
    return Plack::Util::response_cb($out, sub {
        my ($res) = @_;
        my $cookie = bake_cookie("koha.session" =>

--- a/koha/api/Auth.pm
+++ b/koha/api/Auth.pm
+package Auth;
+
+use strict;
+use warnings;
+
+use parent "Plack::Middleware";
+use Plack::Request;
+
+=head
+  Authentication middleware used by swagger_security
+  Checks for header token if a protected route
+  For now we validate routes here, but it should be in raisin routes
+=cut
+sub call {
+    my ($self, $env) = @_;
+    my $req = Plack::Request->new($env);
+    my $path = $req->path;
+    my @paths = qw(
+        /auth/overdrive
+        /patron/dooraccess
+    );
+    if (my ($p) = grep { $_ eq $path } @paths) {
+        warn "Protected route: $p";
+        # TODO: proper auth
+        ($req->header("bearer") // "") eq "secret" or return [403, [], ["forbidden"]];
+    }
+    $self->app->($env);
+}
+
+1;
\ No newline at end of file
--- a/koha/api/RESTAPI.pm
+++ b/koha/api/RESTAPI.pm
@@ -12,12 +12,13 @@ use Types::Standard qw(Int Str);
 use FindBin '$Bin';
 use lib ("$Bin/.");

-plugin "Swagger";
+middleware "+Auth";
 middleware "CrossOrigin",
    origins => "*",
    methods => [qw/DELETE GET HEAD OPTIONS PATCH POST PUT/],
    headers => [qw/accept authorization content-type api_key_token/];

+plugin "Swagger";
 plugin "Logger", outputs => [["Screen", min_level => "debug"]];

 api_default_format "json";
@@ -39,11 +40,7 @@ swagger_setup(
        url => "http://dev.perl.org/licenses/",
    },
 );
-
-#before sub {
-#    my $self = shift;
-#    say "Before " . $self->req->method . q{ } . $self->req->path;
-#};
+swagger_security(name => "bearer", in => "header", type => "api_key");

 use RESTAPI::Auth;
 use RESTAPI::Items;

--- a/koha/api/RESTAPI/Auth.pm
+++ b/koha/api/RESTAPI/Auth.pm
@@ -13,8 +13,9 @@ use Deichman::Auth;
 use Deichman::Auth::Session::DB;
 use Deichman::Exception;

-desc "Session operations";
+desc "Auth operations";
 resource auth => sub {
+    desc "Login session creation";
    resource session => sub {
        params(
          requires("userid", type => Str, desc => "Session user"),
@@ -40,6 +41,35 @@ resource auth => sub {
            };
        };
    };
+    desc "Overdrive authentication";
+    resource overdrive => sub {
+        params(
+          requires("userid", type => Str, desc => "Overdrive user"),
+          requires("password", type => Str, desc => "Overdrive pass"),
+        );
+        tags "overdrive";
+        summary "Authenticate against overdrive";
+        post sub {
+            my $params = shift;
+            try {
+                # validate here
+                {
+                    IsAuthorized => 1,
+                    LibraryBranch => "Deichman Hovedbibliotek",
+                    LoanerId => 1004567,
+                }
+            } catch {
+                use Data::Dumper; warn Dumper($_->description);
+                if ($_->isa("Deichman::Exception::Auth::ArgumentError") ||
+                    $_->isa("Deichman::Exception::Auth::InvalidSession")) {
+                    res->status(HTTP_FORBIDDEN);
+                } else {
+                    app->log(error => $_->description);
+                    res->status(HTTP_INTERNAL_SERVER_ERROR);
+                }
+            };
+        };
+    };
 };

 1;