diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-06-27 20:59:27 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-02 14:49:13 +0200 |
| commit | 394b62ceab778eb58e7eb8927068a7e1faab4add (patch) | |
| tree | 2d1b14020f4e405ab60b480d68817961314f5fd8 | |
| parent | 6cbe572b7e5d2e1357a10f0dff94b561129f34c6 (diff) | |
Make a unique program with all commands
| -rwxr-xr-x | bootstrap | 2 | ||||
| -rw-r--r-- | doc/webid-oidc.texi | 14 | ||||
| -rw-r--r-- | guix/vkraus/packages/webid-oidc.scm | 6 | ||||
| -rw-r--r-- | guix/vkraus/services/webid-oidc.scm | 7 | ||||
| -rw-r--r-- | man/Makefile.am | 6 | ||||
| -rw-r--r-- | po/POTFILES.in | 2 | ||||
| -rw-r--r-- | po/fr.po | 376 | ||||
| -rw-r--r-- | po/webid-oidc.pot | 237 | ||||
| -rw-r--r-- | src/Makefile.am | 2 | ||||
| -rw-r--r-- | src/scm/webid-oidc/Makefile.am | 2 | ||||
| -rw-r--r-- | src/scm/webid-oidc/program.scm | 257 | ||||
| -rw-r--r-- | src/scm/webid-oidc/reverse-proxy.scm | 163 | ||||
| -rwxr-xr-x | src/webid-oidc (renamed from src/webid-oidc-reverse-proxy) | 2 |
13 files changed, 650 insertions, 426 deletions
@@ -4,7 +4,7 @@ autoreconf -vif || exit 1 sed -i 's|SHELL = /bin/sh|SHELL = @SHELL@|g' po/Makefile.in.in || exit 1 ## Prepare the man pages -SCRIPTS_THAT_GET_EXECUTED="../src/webid-oidc-issuer ../src/webid-oidc-reverse-proxy ../src/webid-oidc-client-service ../src/webid-oidc-example-app" +SCRIPTS_THAT_GET_EXECUTED="../src/webid-oidc-issuer ../src/webid-oidc ../src/webid-oidc-client-service ../src/webid-oidc-example-app" mkdir -p .native || exit 1 cd .native || exit 1 diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi index 039bf30..f7da5b3 100644 --- a/doc/webid-oidc.texi +++ b/doc/webid-oidc.texi @@ -439,7 +439,7 @@ the seed. @chapter Running a Resource Server @menu -* Running webid-oidc-reverse-proxy:: +* Running webid-oidc reverse-proxy:: * The authenticator:: * Resources stored on the server:: @end menu @@ -448,11 +448,11 @@ A Solid server is the server that manages your data. It needs to check that the proofs of possession are correct, and the possessed key is signed by the identity provider. -@node Running webid-oidc-reverse-proxy -@section Running webid-oidc-reverse-proxy +@node Running webid-oidc reverse-proxy +@section Running webid-oidc reverse-proxy -The distribution comes with a reverse proxy, aptly named -@code{webid-oidc-reverse-proxy}, to listen to an interface, take +The @code{webid-oidc} program comes with a reverse proxy command, +aptly named @code{reverse-proxy}, to listen to an interface, take requests, authenticate them, and pass them to a backend with an additional header containing the webid of the agent, if authenticated. @@ -461,9 +461,9 @@ The reverse proxy is invoked with the following arguments: @table @asis @item @code{-p}@var{PORT}, @code{--port=}@var{PORT} the port on which the reverse proxy listens; -@item @code{-i}@var{INBOUND}, @code{--inbound-uri=}@var{INBOUND} +@item @code{-n}@var{URI}, @code{--server-name=}@var{URI} the public name of the server; -@item @code{-o}@var{OUTBOUND}, @code{--outbound-uri=}@var{OUTBOUND} +@item @code{-b}@var{URI}, @code{--backend-uri=}@var{URI} the address of the backend; @item @code{-H}@var{HEADER}, @code{--header=}@var{HEADER} replace the name of the header that will contain the webid of the diff --git a/guix/vkraus/packages/webid-oidc.scm b/guix/vkraus/packages/webid-oidc.scm index b4d0aa2..8ada121 100644 --- a/guix/vkraus/packages/webid-oidc.scm +++ b/guix/vkraus/packages/webid-oidc.scm @@ -73,13 +73,17 @@ (format #f "~a/lib/guile/~a/site-ccache" prop-input effective-version)) guile-propagated-inputs)))) + (wrap-program + (format #f "~a/bin/webid-oidc" out) + `("GUILE_LOAD_PATH" ":" = ,mod-paths) + `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths)) (for-each (lambda (program) (wrap-program (format #f "~a/bin/webid-oidc-~a" out program) `("GUILE_LOAD_PATH" ":" = ,mod-paths) `("GUILE_LOAD_COMPILED_PATH" ":" = ,go-paths))) - '(client-service example-app hello issuer reverse-proxy)))))))) + '(client-service example-app hello issuer)))))))) (native-inputs `(("pkg-config" ,pkg-config) ("guile" ,guile-3.0) diff --git a/guix/vkraus/services/webid-oidc.scm b/guix/vkraus/services/webid-oidc.scm index e510ba9..b648494 100644 --- a/guix/vkraus/services/webid-oidc.scm +++ b/guix/vkraus/services/webid-oidc.scm @@ -193,10 +193,11 @@ (prepare-directory "/var/cache/webid-oidc")) (make-forkexec-constructor (list - (string-append #$webid-oidc "/bin/webid-oidc-reverse-proxy") + (string-append #$webid-oidc "/bin/webid-oidc") + "reverse-proxy" "--port" (with-output-to-string (lambda () (display #$port))) - "--inbound-uri" #$inbound-uri - "--outbound-uri" #$outbound-uri + "--server-name" #$inbound-uri + "--backend-uri" #$outbound-uri "--header" #$header "--log-file" "reverse-proxy.log" "--error-file" "reverse-proxy.err" diff --git a/man/Makefile.am b/man/Makefile.am index 54e5e15..2832a72 100644 --- a/man/Makefile.am +++ b/man/Makefile.am @@ -1,4 +1,4 @@ -dist_man8_MANS = webid-oidc-issuer.man webid-oidc-reverse-proxy.man webid-oidc-client-service.man +dist_man8_MANS = webid-oidc-issuer.man webid-oidc.man webid-oidc-client-service.man EXTRA_DIST = ./reset-env @@ -6,8 +6,8 @@ webid-oidc-issuer.man: ../src/scm/webid-oidc/identity-provider.scm ../configure. $(AM_V_GEN) ../pre-inst-env ./reset-env $(HELP2MAN) $(srcdir)/../src/webid-oidc-issuer > $@-t mv $@-t $(srcdir)/$@ -webid-oidc-reverse-proxy.man: ../src/scm/webid-oidc/reverse-proxy.scm ../configure.ac - $(AM_V_GEN) ../pre-inst-env ./reset-env $(HELP2MAN) $(srcdir)/../src/webid-oidc-reverse-proxy > $@-t +webid-oidc.man: ../src/scm/webid-oidc/program.scm ../configure.ac + $(AM_V_GEN) ../pre-inst-env ./reset-env $(HELP2MAN) $(srcdir)/../src/webid-oidc > $@-t mv $@-t $(srcdir)/$@ webid-oidc-client-service.man: ../src/scm/webid-oidc/client.scm ../configure.ac diff --git a/po/POTFILES.in b/po/POTFILES.in index 1dd9e41..80def86 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -10,7 +10,7 @@ src/scm/webid-oidc/errors.scm src/scm/webid-oidc/identity-provider.scm src/scm/webid-oidc/authorization-page-unsafe.scm src/scm/webid-oidc/resource-server.scm -src/scm/webid-oidc/reverse-proxy.scm src/scm/webid-oidc/hello-world.scm src/scm/webid-oidc/client.scm src/scm/webid-oidc/example-app.scm +src/scm/webid-oidc/program.scm @@ -2,8 +2,8 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-27 00:20+0200\n" -"PO-Revision-Date: 2021-06-27 00:21+0200\n" +"POT-Creation-Date: 2021-06-27 21:10+0200\n" +"PO-Revision-Date: 2021-06-27 21:22+0200\n" "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n" "Language-Team: French <vivien@planete-kraus.eu>\n" "Language: fr\n" @@ -828,9 +828,8 @@ msgid "Warning: generating a new key pair." msgstr "Attention : génération d'une nouvelle paire de clé." #: src/scm/webid-oidc/identity-provider.scm:148 -#: src/scm/webid-oidc/reverse-proxy.scm:124 #: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 -#: src/scm/webid-oidc/example-app.scm:100 +#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:50 msgid "command-line|version" msgstr "version" @@ -874,12 +873,12 @@ msgid "comand-line|port" msgstr "port" #: src/scm/webid-oidc/identity-provider.scm:168 -#: src/scm/webid-oidc/reverse-proxy.scm:136 src/scm/webid-oidc/client.scm:633 +#: src/scm/webid-oidc/client.scm:633 src/scm/webid-oidc/program.scm:62 msgid "comand-line|log-file" msgstr "fichier-journal" #: src/scm/webid-oidc/identity-provider.scm:170 -#: src/scm/webid-oidc/reverse-proxy.scm:138 src/scm/webid-oidc/client.scm:635 +#: src/scm/webid-oidc/client.scm:635 src/scm/webid-oidc/program.scm:64 msgid "comand-line|error-file" msgstr "fichier-erreur" @@ -1030,9 +1029,8 @@ msgstr "" "Si vous trouvez une erreur dans le programme, envoyez-en un rapport à ~a.\n" #: src/scm/webid-oidc/identity-provider.scm:267 -#: src/scm/webid-oidc/reverse-proxy.scm:210 #: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 -#: src/scm/webid-oidc/example-app.scm:143 +#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:177 #, scheme-format msgid "~a version ~a\n" msgstr "~a version ~a\n" @@ -1066,7 +1064,6 @@ msgid "You need to set the token endpoint URI.\n" msgstr "Vous devez définir l'URI du terminal de jeton.\n" #: src/scm/webid-oidc/identity-provider.scm:327 -#: src/scm/webid-oidc/reverse-proxy.scm:238 #: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 msgid "The port should be a number between 0 and 65535.\n" msgstr "Le port doit être un nombre entre 0 et 65535.\n" @@ -1229,148 +1226,6 @@ msgstr "" msgid "~a: authentication failure: ~a\n" msgstr "~a : échec d’authentificationn : ~a\n" -#: src/scm/webid-oidc/reverse-proxy.scm:126 -msgid "command-line|help" -msgstr "aide" - -#: src/scm/webid-oidc/reverse-proxy.scm:128 -msgid "command-line|port" -msgstr "port" - -#: src/scm/webid-oidc/reverse-proxy.scm:130 -msgid "command-line|inbound-uri" -msgstr "uri-entrant" - -#: src/scm/webid-oidc/reverse-proxy.scm:132 -msgid "command-line|outbound-uri" -msgstr "uri-sortant" - -#: src/scm/webid-oidc/reverse-proxy.scm:134 -msgid "command-line|header" -msgstr "en-tête" - -#: src/scm/webid-oidc/reverse-proxy.scm:152 -#, scheme-format -msgid "" -"Usage: ~a [OPTIONS]...\n" -"\n" -"Run a reverse proxy, taking requests with webid-oidc authentication\n" -"and passing them to the outbound URI with an additional header\n" -"containing the webid of the agent.\n" -"\n" -"Options:\n" -" -h, --~a:\n" -" display this help message and exit.\n" -" -v, --~a:\n" -" display the version information (~a) and exit.\n" -" -p PORT, --~a=8080:\n" -" set the port to bind.\n" -" -i URI, --~a=URI: \n" -" set the public URI of the reverse proxy.\n" -" -o URI, --~a=URI:\n" -" pass the requests to the server running at URI.\n" -" -H HEADER, --~a=HEADER:\n" -" pass request with optional HEADER set to the webid, XXX-Agent by " -"default.\n" -" -l FILE.log, --~a=FILE.log:\n" -" dump the standard output to that file.\n" -" -e FILE.err, --~a=FILE.err:\n" -" dump the standard error to that file.\n" -"\n" -"Environment variables:\n" -"\n" -" LANG: set the locale of the sysadmin-facing interface. It is\n" -"currently ~a.\n" -"\n" -"Example:\n" -"\n" -"Suppose that you operate data.provider.com. Since everything is behind\n" -"a big global reverse proxy, the authenticated proxy listens on\n" -"http://localhost:8080. You have the data server running at\n" -"https://private.data.provider.com, set up so that only you can query\n" -"it. The private server needs the XXX-Agent header to contain the\n" -"authenticated webid of the user, if the user is authenticated. That’s\n" -"why you don’t want anyone to query it. You would run:\n" -"\n" -" export LANG=C\n" -" webid-oidc-reverse-proxy \\\n" -" --port 8080 \\\n" -" --inbound-uri https://data.provider.com \\\n" -" --outbound-uri https://private.data.provider.com \\\n" -" --header XXX-Agent \\\n" -" --log-file /var/log/proxy.log \\\n" -" --error-file /var/log/proxy.err\n" -"\n" -"If you find a bug, send a report to ~a.\n" -msgstr "" -"Utilisation : ~a [OPTIONS]...\n" -"\n" -"Exécute un proxy inversé, prenant des requêtes avec authentification\n" -"webid-oidc et les passant à un URI sortant avec un en-tête\n" -"additionel contenant le webid de l’agent.\n" -"\n" -"Options :\n" -" -h, --~a :\n" -" affiche ce message d’aide et quitte.\n" -" -v, --~a :\n" -" affiche le numéro de version (~a) et quitte.\n" -" -p PORT, --~a=PORT :\n" -" définit le port à lier.\n" -" -i URI, --~a=URI :\n" -" définit le nom public du proxy inversé.\n" -" -o URI, --~a=URI :\n" -" passe les requêtes au serveur exécuté à URI.\n" -" -h ENTÊTE, --~a=ENTÊTE :\n" -" passe les requêtes avec un ENTÊTE optionnel défini par la valeur\n" -" du webid, XXX-Agent par défaut.\n" -" -l FICHIER.log, --~a=FICHIER.log :\n" -" déverser la sortie standard vers ce fichier.\n" -" -e FICHIER.err, --~a=FICHIER.err :\n" -" déverser la sortie d’erreur vers ce fichier.\n" -"\n" -"Variables d’environnement :\n" -"\n" -" LANG : définit la locale de l’interface de l’administrateur système\n" -"Elle vaut actuellement ~a.\n" -"\n" -"Exemple :\n" -"\n" -"Supposons que vous opérez donnees.fournisseur.com. Puisque tout est\n" -"derrière un grand proxy inversé global, le proxy d’authentification\n" -"écoute sur http://localhost:8080. Vous avez le serveur de données sur\n" -"https://prive.donnees.fournisseur.com, configuré de sorte à ce que\n" -"vous seul puissiez le requêter. Le serveur privé nécessite que la\n" -"valeur de l’en-tête XXX-Agent contienne le webid de l’utilisateur\n" -"authentifié, si c’est le cas. C’est pourquoi vous ne voulez pas que\n" -"n’importe qui puisse le requêter. Vous exécuteriez :\n" -"\n" -" export LANG=fr_FR.UTF-8\n" -" webid-oidc-reverse-proxy \\\n" -" --port 8080 \\\n" -" --uri-entrant https://donnees.fournisseur.com \\\n" -" --uri-sortant https://prive.donnees.fournisseur.com \\\n" -" --en-tête XXX-Agent \\\n" -" --fichier-journal /var/log/proxy.log \\\n" -" --fichier-erreur /var/log/proxy.err\n" -"\n" -"Si vous trouvez une erreur dans le programme, envoyez-en un rapport à\n" -"~a.\n" - -#: src/scm/webid-oidc/reverse-proxy.scm:243 -msgid "" -"The public name of the server must be present (with scheme) as --inbound-" -"uri.\n" -msgstr "" -"Le nom public du serveur doit être présent (avec protocole) avec\n" -"--uri-entrant.\n" - -#: src/scm/webid-oidc/reverse-proxy.scm:248 -msgid "" -"The address of the proxy must be present (with scheme) as --outbound-uri.\n" -msgstr "" -"L’adresse du serveur doit être présent (avec protocole) avec\n" -"--uri-sortant.\n" - #: src/scm/webid-oidc/hello-world.scm:44 #, scheme-format msgid "" @@ -1668,6 +1523,225 @@ msgstr "" msgid "There was an error: ~a\n" msgstr "Il y a eu une erreur : ~a\n" +#: src/scm/webid-oidc/program.scm:52 +msgid "command-line|help" +msgstr "aide" + +#: src/scm/webid-oidc/program.scm:54 +msgid "command-line|server|port" +msgstr "port" + +#: src/scm/webid-oidc/program.scm:56 +msgid "command-line|server|server-name" +msgstr "nom-du-serveur" + +#: src/scm/webid-oidc/program.scm:58 +msgid "command-line|server|reverse-proxy|backend-uri" +msgstr "uri-arrière-plan" + +#: src/scm/webid-oidc/program.scm:60 +msgid "command-line|server|reverse-proxy|header" +msgstr "en-tête" + +#: src/scm/webid-oidc/program.scm:78 +#, scheme-format +msgid "" +"Usage: ~a COMMAND [OPTIONS]...\n" +"\n" +"Run the webid-oidc COMMAND.\n" +"\n" +"Available commands:\n" +" ~a: \n" +" run an authenticating reverse proxy.\n" +"\n" +"General options:\n" +" -h, --~a:\n" +" display a short help message and exit.\n" +" -v, --~a:\n" +" display the version information (~a) and exit.\n" +" -l FILE.log, --~a=FILE.log:\n" +" redirect the program standard output to FILE.log.\n" +" -e FILE.err, --~a=FILE.err:\n" +" redirect the program errors to FILE.err.\n" +"\n" +"General server-side options:\n" +" -p PORT, --~a=PORT:\n" +" set the server port to bind, 8080 by default.\n" +" -n URI, --~a=URI:\n" +" set the public server URI (scheme, userinfo, host, and port).\n" +"\n" +"Options for the reverse proxy:\n" +" -H HEADER, --~a=HEADER:\n" +" the HEADER field contains the webid of the authenticated user,\n" +" XXX-Agent by default.\n" +" -b URI, --~a=URI:\n" +" set the backend URI for the reverse proxy, only for the\n" +" reverse-proxy command.\n" +"\n" +"Environment variables:\n" +"\n" +" LANG: set the locale of the user interface (for the server commands,\n" +"the user is the system administrator).~a\n" +"\n" +"Running a reverse proxy\n" +"\n" +"Suppose that you operate data.provider.com. You want to run an\n" +"authenticating reverse proxy, that will receive incoming requests\n" +"through http://localhost:8080, and forward them to\n" +"https://private.data.provider.com. The backend will look for the\n" +"XXX-Agent header, and if it is found, then its value will be\n" +"considered the webid of the authenticated\n" +"user. https://private.data.provider.com should only accept requests\n" +"from this reverse proxy.\n" +"\n" +" ~a ~a \\\n" +" --~a 8080 \\\n" +" --~a 'https://data.provider.com' \\\n" +" --~a 'https://private.data.provider.com' \\\n" +" --~a 'XXX-Agent' \\\n" +" --~a '/var/log/proxy.log' \\\n" +" --~a '/var/log/proxy.err'\n" +"\n" +"If you find a bug, then please send a report to ~a.\n" +msgstr "" +"Utilisation : ~a COMMANDE [OPTIONS]...\n" +"\n" +"Exécute la COMMANDE de webid-oidc.\n" +"\n" +"Commandes disponibles :\n" +" ~a :\n" +" exécute le proxy inverse authentifiant.\n" +"\n" +"Options générales :\n" +" -h, --~a :\n" +" affiche un court message d’aide et quitte.\n" +" -v, --~a :\n" +" affiche le numéro de version (~a) et quitte.\n" +" -l FICHIER.log, --~a=FICHIER.log :\n" +" redirige la sortie standard du programme vers ce fichier.\n" +" -e FICHIER.err, --~a=FICHIER.err :\n" +" redirige la sortie d’erreur du programme vers ce fichier.\n" +"\n" +"Options générales pour le serveur :\n" +" -p PORT, --~a=PORT :\n" +" définit le port à lier, par défaut 8080.\n" +" -n URI, --~a=URI :\n" +" définit le nom public du serveur (schéma, userinfo, hôte, et port).\n" +"\n" +"Options pour le proxy inverse :\n" +" -h ENTÊTE, --~a=ENTÊTE :\n" +" passe les requêtes avec un ENTÊTE optionnel défini par la valeur\n" +" du webid, XXX-Agent par défaut.\n" +" -b URI, --~a=URI :\n" +" définit l’URI d’arrière-plan pour le proxy inverse, uniquement\n" +" pour la commande proxy-inversé.\n" +"\n" +"Variables d’environnement :\n" +"\n" +" LANG : définit la locale de l’interface utilisateur (pour les\n" +"commandes serveur, l’utilisateur est l’administrateur système).~a\n" +"\n" +"Exécution d’un proxy inverse\n" +"\n" +"Supposons que vous opérez donnees.fournisseur.com. Vous voulez\n" +"exécuter un proxy inverse authentifiant, qui reçoit des requêtes\n" +"entrantes à travers http://localhost:8080, et les transmet à\n" +"https://prive.donnees.fournisseur.com. Le service d’arrière-plan\n" +"recherchera l’en-tête XXX-Agent, et s’il est trouvé, alors sa valeur\n" +"sera considérée comme le webid de l’utilisateur\n" +"authentifié. https://prive.donnees.fournisseur.com doit uniquement\n" +"accepter les requêtes de ce proxy inverse.\n" +"\n" +" export LANG=fr_FR.UTF-8\n" +" ~a ~a \\\n" +" --~a 8080 \\\n" +" --~a 'https://donnees.fournisseur.com' \\\n" +" --~a 'https://prive.donnees.fournisseur.com' \\\n" +" --~a 'XXX-Agent' \\\n" +" --~a '/var/log/proxy.log' \\\n" +" --~a '/var/log/proxy.err'\n" +"\n" +"Si vous trouvez une erreur dans le programme, envoyez-en un rapport à\n" +"~a.\n" + +#: src/scm/webid-oidc/program.scm:139 src/scm/webid-oidc/program.scm:170 +#: src/scm/webid-oidc/program.scm:236 +msgid "command-line|command|reverse-proxy" +msgstr "proxy-inversé" + +#: src/scm/webid-oidc/program.scm:163 +#, scheme-format +msgid "an environment variable| It is currently set to ~s." +msgstr " Elle vaut actuellement ~s." + +#: src/scm/webid-oidc/program.scm:165 +msgid "an environment variable| It is currently unset." +msgstr " Elle n’est actuellement pas définie." + +#: src/scm/webid-oidc/program.scm:185 +#, scheme-format +msgid "The --~a argument must be a number, not ~s.\n" +msgstr "L’argument de --~a doit être un nombre, pas ~s.\n" + +#: src/scm/webid-oidc/program.scm:191 +#, scheme-format +msgid "The --~a argument must be an integer, not ~s.\n" +msgstr "L’argument de --~a doit être un entier, pas ~s.\n" + +#: src/scm/webid-oidc/program.scm:197 +#, scheme-format +msgid "The --~a argument must be positive, ~s is invalid.\n" +msgstr "L’argument de --~a doit être positif, ~s est invalide.\n" + +#: src/scm/webid-oidc/program.scm:202 +#, scheme-format +msgid "The --~a argument must be less than 65536, ~s is invalid.\n" +msgstr "L’argument de --~a doit être inférieur à 65536, ~s est invalide.\n" + +#: src/scm/webid-oidc/program.scm:220 +#, scheme-format +msgid "" +"Usage: ~a COMMAND [OPTIONS]...\n" +"See --~a (-h).\n" +msgstr "" +"Utilisation : ~a COMMANDE [OPTIONS]...\n" +"Voir --~a (-h).\n" + +#: src/scm/webid-oidc/program.scm:239 +#, scheme-format +msgid "You must pass --~a to set the server name.\n" +msgstr "Vous devez passer --~a pour définir le nom du serveur.\n" + +#: src/scm/webid-oidc/program.scm:243 +#, scheme-format +msgid "You must pass --~a to set the backend URI.\n" +msgstr "Vous devez passer --~a pour définir l'URI du service d’arrière-plan.\n" + +#: src/scm/webid-oidc/program.scm:255 +#, scheme-format +msgid "Unknown command ~s\n" +msgstr "Commande inconnue ~s\n" + +#~ msgid "command-line|inbound-uri" +#~ msgstr "uri-entrant" + +#~ msgid "command-line|outbound-uri" +#~ msgstr "uri-sortant" + +#~ msgid "" +#~ "The public name of the server must be present (with scheme) as --inbound-" +#~ "uri.\n" +#~ msgstr "" +#~ "Le nom public du serveur doit être présent (avec protocole) avec\n" +#~ "--uri-entrant.\n" + +#~ msgid "" +#~ "The address of the proxy must be present (with scheme) as --outbound-" +#~ "uri.\n" +#~ msgstr "" +#~ "L’adresse du serveur doit être présent (avec protocole) avec\n" +#~ "--uri-sortant.\n" + #, scheme-format #~ msgid "the resource ~s could not be found (because ~a)" #~ msgstr "la ressource ~s n’a pas été trouvée (parce que ~a)" diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot index ae6f474..84850fc 100644 --- a/po/webid-oidc.pot +++ b/po/webid-oidc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-27 00:20+0200\n" +"POT-Creation-Date: 2021-06-27 21:10+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -795,9 +795,8 @@ msgid "Warning: generating a new key pair." msgstr "" #: src/scm/webid-oidc/identity-provider.scm:148 -#: src/scm/webid-oidc/reverse-proxy.scm:124 #: src/scm/webid-oidc/hello-world.scm:31 src/scm/webid-oidc/client.scm:619 -#: src/scm/webid-oidc/example-app.scm:100 +#: src/scm/webid-oidc/example-app.scm:100 src/scm/webid-oidc/program.scm:50 msgid "command-line|version" msgstr "" @@ -841,12 +840,12 @@ msgid "comand-line|port" msgstr "" #: src/scm/webid-oidc/identity-provider.scm:168 -#: src/scm/webid-oidc/reverse-proxy.scm:136 src/scm/webid-oidc/client.scm:633 +#: src/scm/webid-oidc/client.scm:633 src/scm/webid-oidc/program.scm:62 msgid "comand-line|log-file" msgstr "" #: src/scm/webid-oidc/identity-provider.scm:170 -#: src/scm/webid-oidc/reverse-proxy.scm:138 src/scm/webid-oidc/client.scm:635 +#: src/scm/webid-oidc/client.scm:635 src/scm/webid-oidc/program.scm:64 msgid "comand-line|error-file" msgstr "" @@ -924,9 +923,8 @@ msgid "" msgstr "" #: src/scm/webid-oidc/identity-provider.scm:267 -#: src/scm/webid-oidc/reverse-proxy.scm:210 #: src/scm/webid-oidc/hello-world.scm:61 src/scm/webid-oidc/client.scm:700 -#: src/scm/webid-oidc/example-app.scm:143 +#: src/scm/webid-oidc/example-app.scm:143 src/scm/webid-oidc/program.scm:177 #, scheme-format msgid "~a version ~a\n" msgstr "" @@ -960,7 +958,6 @@ msgid "You need to set the token endpoint URI.\n" msgstr "" #: src/scm/webid-oidc/identity-provider.scm:327 -#: src/scm/webid-oidc/reverse-proxy.scm:238 #: src/scm/webid-oidc/hello-world.scm:72 src/scm/webid-oidc/client.scm:738 msgid "The port should be a number between 0 and 65535.\n" msgstr "" @@ -1115,92 +1112,6 @@ msgstr "" msgid "~a: authentication failure: ~a\n" msgstr "" -#: src/scm/webid-oidc/reverse-proxy.scm:126 -msgid "command-line|help" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:128 -msgid "command-line|port" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:130 -msgid "command-line|inbound-uri" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:132 -msgid "command-line|outbound-uri" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:134 -msgid "command-line|header" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:152 -#, scheme-format -msgid "" -"Usage: ~a [OPTIONS]...\n" -"\n" -"Run a reverse proxy, taking requests with webid-oidc authentication\n" -"and passing them to the outbound URI with an additional header\n" -"containing the webid of the agent.\n" -"\n" -"Options:\n" -" -h, --~a:\n" -" display this help message and exit.\n" -" -v, --~a:\n" -" display the version information (~a) and exit.\n" -" -p PORT, --~a=8080:\n" -" set the port to bind.\n" -" -i URI, --~a=URI: \n" -" set the public URI of the reverse proxy.\n" -" -o URI, --~a=URI:\n" -" pass the requests to the server running at URI.\n" -" -H HEADER, --~a=HEADER:\n" -" pass request with optional HEADER set to the webid, XXX-Agent by " -"default.\n" -" -l FILE.log, --~a=FILE.log:\n" -" dump the standard output to that file.\n" -" -e FILE.err, --~a=FILE.err:\n" -" dump the standard error to that file.\n" -"\n" -"Environment variables:\n" -"\n" -" LANG: set the locale of the sysadmin-facing interface. It is\n" -"currently ~a.\n" -"\n" -"Example:\n" -"\n" -"Suppose that you operate data.provider.com. Since everything is behind\n" -"a big global reverse proxy, the authenticated proxy listens on\n" -"http://localhost:8080. You have the data server running at\n" -"https://private.data.provider.com, set up so that only you can query\n" -"it. The private server needs the XXX-Agent header to contain the\n" -"authenticated webid of the user, if the user is authenticated. That’s\n" -"why you don’t want anyone to query it. You would run:\n" -"\n" -" export LANG=C\n" -" webid-oidc-reverse-proxy \\\n" -" --port 8080 \\\n" -" --inbound-uri https://data.provider.com \\\n" -" --outbound-uri https://private.data.provider.com \\\n" -" --header XXX-Agent \\\n" -" --log-file /var/log/proxy.log \\\n" -" --error-file /var/log/proxy.err\n" -"\n" -"If you find a bug, send a report to ~a.\n" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:243 -msgid "" -"The public name of the server must be present (with scheme) as --inbound-" -"uri.\n" -msgstr "" - -#: src/scm/webid-oidc/reverse-proxy.scm:248 -msgid "" -"The address of the proxy must be present (with scheme) as --outbound-uri.\n" -msgstr "" - #: src/scm/webid-oidc/hello-world.scm:44 #, scheme-format msgid "" @@ -1399,3 +1310,141 @@ msgstr "" #, scheme-format msgid "There was an error: ~a\n" msgstr "" + +#: src/scm/webid-oidc/program.scm:52 +msgid "command-line|help" +msgstr "" + +#: src/scm/webid-oidc/program.scm:54 +msgid "command-line|server|port" +msgstr "" + +#: src/scm/webid-oidc/program.scm:56 +msgid "command-line|server|server-name" +msgstr "" + +#: src/scm/webid-oidc/program.scm:58 +msgid "command-line|server|reverse-proxy|backend-uri" +msgstr "" + +#: src/scm/webid-oidc/program.scm:60 +msgid "command-line|server|reverse-proxy|header" +msgstr "" + +#: src/scm/webid-oidc/program.scm:78 +#, scheme-format +msgid "" +"Usage: ~a COMMAND [OPTIONS]...\n" +"\n" +"Run the webid-oidc COMMAND.\n" +"\n" +"Available commands:\n" +" ~a: \n" +" run an authenticating reverse proxy.\n" +"\n" +"General options:\n" +" -h, --~a:\n" +" display a short help message and exit.\n" +" -v, --~a:\n" +" display the version information (~a) and exit.\n" +" -l FILE.log, --~a=FILE.log:\n" +" redirect the program standard output to FILE.log.\n" +" -e FILE.err, --~a=FILE.err:\n" +" redirect the program errors to FILE.err.\n" +"\n" +"General server-side options:\n" +" -p PORT, --~a=PORT:\n" +" set the server port to bind, 8080 by default.\n" +" -n URI, --~a=URI:\n" +" set the public server URI (scheme, userinfo, host, and port).\n" +"\n" +"Options for the reverse proxy:\n" +" -H HEADER, --~a=HEADER:\n" +" the HEADER field contains the webid of the authenticated user,\n" +" XXX-Agent by default.\n" +" -b URI, --~a=URI:\n" +" set the backend URI for the reverse proxy, only for the\n" +" reverse-proxy command.\n" +"\n" +"Environment variables:\n" +"\n" +" LANG: set the locale of the user interface (for the server commands,\n" +"the user is the system administrator).~a\n" +"\n" +"Running a reverse proxy\n" +"\n" +"Suppose that you operate data.provider.com. You want to run an\n" +"authenticating reverse proxy, that will receive incoming requests\n" +"through http://localhost:8080, and forward them to\n" +"https://private.data.provider.com. The backend will look for the\n" +"XXX-Agent header, and if it is found, then its value will be\n" +"considered the webid of the authenticated\n" +"user. https://private.data.provider.com should only accept requests\n" +"from this reverse proxy.\n" +"\n" +" ~a ~a \\\n" +" --~a 8080 \\\n" +" --~a 'https://data.provider.com' \\\n" +" --~a 'https://private.data.provider.com' \\\n" +" --~a 'XXX-Agent' \\\n" +" --~a '/var/log/proxy.log' \\\n" +" --~a '/var/log/proxy.err'\n" +"\n" +"If you find a bug, then please send a report to ~a.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:139 src/scm/webid-oidc/program.scm:170 +#: src/scm/webid-oidc/program.scm:236 +msgid "command-line|command|reverse-proxy" +msgstr "" + +#: src/scm/webid-oidc/program.scm:163 +#, scheme-format +msgid "an environment variable| It is currently set to ~s." +msgstr "" + +#: src/scm/webid-oidc/program.scm:165 +msgid "an environment variable| It is currently unset." +msgstr "" + +#: src/scm/webid-oidc/program.scm:185 +#, scheme-format +msgid "The --~a argument must be a number, not ~s.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:191 +#, scheme-format +msgid "The --~a argument must be an integer, not ~s.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:197 +#, scheme-format +msgid "The --~a argument must be positive, ~s is invalid.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:202 +#, scheme-format +msgid "The --~a argument must be less than 65536, ~s is invalid.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:220 +#, scheme-format +msgid "" +"Usage: ~a COMMAND [OPTIONS]...\n" +"See --~a (-h).\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:239 +#, scheme-format +msgid "You must pass --~a to set the server name.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:243 +#, scheme-format +msgid "You must pass --~a to set the backend URI.\n" +msgstr "" + +#: src/scm/webid-oidc/program.scm:255 +#, scheme-format +msgid "Unknown command ~s\n" +msgstr "" diff --git a/src/Makefile.am b/src/Makefile.am index b61df70..1876a55 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,6 +1,6 @@ lib_LTLIBRARIES += %reldir%/libwebidoidc.la -dist_bin_SCRIPTS += %reldir%/webid-oidc-issuer %reldir%/webid-oidc-reverse-proxy %reldir%/webid-oidc-hello %reldir%/webid-oidc-client-service %reldir%/webid-oidc-example-app +dist_bin_SCRIPTS += %reldir%/webid-oidc-issuer %reldir%/webid-oidc %reldir%/webid-oidc-hello %reldir%/webid-oidc-client-service %reldir%/webid-oidc-example-app AM_CPPFLAGS += -I %reldir% -I $(srcdir)/%reldir% diff --git a/src/scm/webid-oidc/Makefile.am b/src/scm/webid-oidc/Makefile.am index 732fd3d..d96b63a 100644 --- a/src/scm/webid-oidc/Makefile.am +++ b/src/scm/webid-oidc/Makefile.am @@ -22,6 +22,7 @@ dist_webidoidcmod_DATA += \ %reldir%/provider-confirmation.scm \ %reldir%/resource-server.scm \ %reldir%/hello-world.scm \ + %reldir%/program.scm \ %reldir%/reverse-proxy.scm \ %reldir%/client.scm \ %reldir%/example-app.scm \ @@ -52,6 +53,7 @@ webidoidcgo_DATA += \ %reldir%/provider-confirmation.go \ %reldir%/resource-server.go \ %reldir%/hello-world.go \ + %reldir%/program.go \ %reldir%/reverse-proxy.go \ %reldir%/client.go \ %reldir%/example-app.go \ diff --git a/src/scm/webid-oidc/program.scm b/src/scm/webid-oidc/program.scm new file mode 100644 index 0000000..b8878b0 --- /dev/null +++ b/src/scm/webid-oidc/program.scm @@ -0,0 +1,257 @@ +(define-module (webid-oidc program) + #:use-module (webid-oidc errors) + #:use-module (webid-oidc reverse-proxy) + #:use-module ((webid-oidc stubs) #:prefix stubs:) + #:use-module ((webid-oidc config) #:prefix cfg:) + #:use-module (ice-9 optargs) + #:use-module (ice-9 receive) + #:use-module (ice-9 i18n) + #:use-module (ice-9 getopt-long) + #:use-module (ice-9 suspendable-ports) + #:use-module (srfi srfi-19) + #:use-module (rnrs bytevectors) + #:use-module (web uri) + #:use-module (web request) + #:use-module (web response) + #:use-module (web client) + #:use-module (webid-oidc cache) + #:use-module (web server)) + +(define (G_ text) + (let ((out (gettext text))) + (if (string=? out text) + ;; No translation, disambiguate + (car (reverse (string-split text #\|))) + out))) + +(define* (http-get-with-log uri #:key (headers '())) + (define date (date->string (time-utc->date (current-time)))) + (define uri-string (if (uri? uri) (uri->string uri) uri)) + (format (current-error-port) "~a: GET ~a ~s...\n" + date uri-string headers) + (receive (response response-body) (http-get uri #:headers headers) + (format (current-error-port) "~a: GET ~a ~s: ~s ~a bytes\n" + date uri-string headers response + (if (bytevector? response-body) + (bytevector-length response-body) + (string-length response-body))) + (values response response-body))) + +(define cache-http-get + (with-cache #:http-get http-get-with-log)) + +(define-public (main) + (setvbuf (current-output-port) 'none) + (setvbuf (current-error-port) 'none) + (setlocale LC_ALL "") + (bindtextdomain cfg:package cfg:localedir) + (textdomain cfg:package) + (let ((version-sym + (string->symbol (G_ "command-line|version"))) + (help-sym + (string->symbol (G_ "command-line|help"))) + (port-sym + (string->symbol (G_ "command-line|server|port"))) + (server-name-sym + (string->symbol (G_ "command-line|server|server-name"))) + (backend-uri-sym + (string->symbol (G_ "command-line|server|reverse-proxy|backend-uri"))) + (header-sym + (string->symbol (G_ "command-line|server|reverse-proxy|header"))) + (log-file-sym + (string->symbol (G_ "comand-line|log-file"))) + (error-file-sym + (string->symbol (G_ "comand-line|error-file")))) + (let ((options + (let ((spec + `((,version-sym (single-char #\v) (value #f)) + (,help-sym (single-char #\h) (value #f)) + (,log-file-sym (single-char #\l) (value #t)) + (,error-file-sym (single-char #\e) (value #t)) + (,port-sym (single-char #\p) (value #t)) + (,server-name-sym (single-char #\n) (value #t)) + (,header-sym (single-char #\H) (value #t)) + (,backend-uri-sym (single-char #\b) (value #t))))) + (getopt-long (command-line) spec)))) + (cond + ((option-ref options help-sym #f) + (format #t (G_ "Usage: ~a COMMAND [OPTIONS]... + +Run the webid-oidc COMMAND. + +Available commands: + ~a: + run an authenticating reverse proxy. + +General options: + -h, --~a: + display a short help message and exit. + -v, --~a: + display the version information (~a) and exit. + -l FILE.log, --~a=FILE.log: + redirect the program standard output to FILE.log. + -e FILE.err, --~a=FILE.err: + redirect the program errors to FILE.err. + +General server-side options: + -p PORT, --~a=PORT: + set the server port to bind, 8080 by default. + -n URI, --~a=URI: + set the public server URI (scheme, userinfo, host, and port). + +Options for the reverse proxy: + -H HEADER, --~a=HEADER: + the HEADER field contains the webid of the authenticated user, + XXX-Agent by default. + -b URI, --~a=URI: + set the backend URI for the reverse proxy, only for the + reverse-proxy command. + +Environment variables: + + LANG: set the locale of the user interface (for the server commands, +the user is the system administrator).~a + +Running a reverse proxy + +Suppose that you operate data.provider.com. You want to run an +authenticating reverse proxy, that will receive incoming requests +through http://localhost:8080, and forward them to +https://private.data.provider.com. The backend will look for the +XXX-Agent header, and if it is found, then its value will be +considered the webid of the authenticated +user. https://private.data.provider.com should only accept requests +from this reverse proxy. + + ~a ~a \\ + --~a 8080 \\ + --~a 'https://data.provider.com' \\ + --~a 'https://private.data.provider.com' \\ + --~a 'XXX-Agent' \\ + --~a '/var/log/proxy.log' \\ + --~a '/var/log/proxy.err' + +If you find a bug, then please send a report to ~a. +") + ;; Usage: + (car (command-line)) + ;; Available commands: + (G_ "command-line|command|reverse-proxy") + ;; General options + ;; help + help-sym + ;; version + version-sym + cfg:version + ;; log-file + log-file-sym + ;; error-file + error-file-sym + ;; General server-side options + ;; port + port-sym + ;; server-name + server-name-sym + ;; Options for the reverse proxy + ;; header + header-sym + ;; backend-uri + backend-uri-sym + ;; Environment variables + ;; LANG + (if (getenv "LANG") + (format #f (G_ "an environment variable| It is currently set to ~s.") + (getenv "LANG")) + (G_ "an environment variable| It is currently unset.")) + ;; Running a reverse proxy + ;; Program name + (car (command-line)) + ;; command + (G_ "command-line|command|reverse-proxy") + ;; options + port-sym server-name-sym backend-uri-sym header-sym + log-file-sym error-file-sym + ;; Bug report + cfg:package-bugreport)) + ((option-ref options version-sym #f) + (format #t (G_ "~a version ~a\n") + cfg:package cfg:version)) + (else + (let ((rest (option-ref options '() '())) + (port + (let ((port (string->number (option-ref options port-sym "8080")))) + (unless port + (format (current-error-port) + (G_ "The --~a argument must be a number, not ~s.\n") + port-sym + (option-ref options port-sym "8080")) + (exit 1)) + (unless (integer? port) + (format (current-error-port) + (G_ "The --~a argument must be an integer, not ~s.\n") + port-sym + port) + (exit 1)) + (unless (> port 0) + (format (current-error-port) + (G_ "The --~a argument must be positive, ~s is invalid.\n") + port-sym port) + (exit 1)) + (unless (<= port 65535) + (format (current-error-port) + (G_ "The --~a argument must be less than 65536, ~s is invalid.\n") + port-sym port) + (exit 1)) + port)) + (server-name + (let ((str (option-ref options server-name-sym #f))) + (and str + (string->uri str)))) + (backend-uri + (let ((str (option-ref options backend-uri-sym #f))) + (and str + (string->uri str)))) + (header + (let ((str (option-ref options header-sym #f))) + (and str + (string->symbol str))))) + (when (null? rest) + (format (current-error-port) + (G_ "Usage: ~a COMMAND [OPTIONS]...\nSee --~a (-h).\n") + (car (command-line)) + help-sym) + (exit 1)) + (install-suspendable-ports!) + (when (option-ref options log-file-sym #f) + (set-current-output-port + (stubs:open-output-file* (option-ref options log-file-sym #f))) + (setvbuf (current-output-port) 'none)) + (when (option-ref options error-file-sym #f) + (set-current-error-port + (stubs:open-output-file* (option-ref options error-file-sym #f))) + (setvbuf (current-error-port) 'none)) + (let ((command (car rest)) + (non-options (cdr rest))) + (cond + ((equal? command (G_ "command-line|command|reverse-proxy")) + (begin + (unless server-name + (format (current-error-port) (G_ "You must pass --~a to set the server name.\n") + server-name-sym) + (exit 1)) + (unless backend-uri + (format (current-error-port) (G_ "You must pass --~a to set the backend URI.\n") + backend-uri-sym) + (exit 1)) + (run-server + (make-reverse-proxy + #:server-uri server-name + #:http-get cache-http-get + #:endpoint backend-uri + #:auth-header header) + 'http + (list #:port port)))) + (else + (format (current-error-port) (G_ "Unknown command ~s\n") + command) + (exit 1)))))))))) diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm index 87588b9..cc4d46a 100644 --- a/src/scm/webid-oidc/reverse-proxy.scm +++ b/src/scm/webid-oidc/reverse-proxy.scm @@ -18,13 +18,6 @@ #:use-module (webid-oidc cache) #:use-module (web server)) -(define (G_ text) - (let ((out (gettext text))) - (if (string=? out text) - ;; No translation, disambiguate - (car (reverse (string-split text #\|))) - out))) - (define*-public (make-reverse-proxy #:key (jti-list #f) @@ -99,159 +92,3 @@ (response-headers response))))) (close-port port) (values adapted-response response-body)))))))))))) - -(define-public (main) - (define* (http-get-with-log uri #:key (headers '())) - (define date (date->string (time-utc->date (current-time)))) - (define uri-string (if (uri? uri) (uri->string uri) uri)) - (format (current-error-port) "~a: GET ~a ~s...\n" - date uri-string headers) - (receive (response response-body) (http-get uri #:headers headers) - (format (current-error-port) "~a: GET ~a ~s: ~s ~a bytes\n" - date uri-string headers response - (if (bytevector? response-body) - (bytevector-length response-body) - (string-length response-body))) - (values response response-body))) - (define cache-http-get - (with-cache #:http-get http-get-with-log)) - (setvbuf (current-output-port) 'none) - (setvbuf (current-error-port) 'none) - (setlocale LC_ALL "") - (bindtextdomain cfg:package cfg:localedir) - (textdomain cfg:package) - (let ((version-sym - (string->symbol (G_ "command-line|version"))) - (help-sym - (string->symbol (G_ "command-line|help"))) - (port-sym - (string->symbol (G_ "command-line|port"))) - (inbound-uri-sym - (string->symbol (G_ "command-line|inbound-uri"))) - (outbound-uri-sym - (string->symbol (G_ "command-line|outbound-uri"))) - (header-sym - (string->symbol (G_ "command-line|header"))) - (log-file-sym - (string->symbol (G_ "comand-line|log-file"))) - (error-file-sym - (string->symbol (G_ "comand-line|error-file")))) - (let ((options - (let ((option-spec - `((,version-sym (single-char #\v) (value #f)) - (,help-sym (single-char #\h) (value #f)) - (,port-sym (single-char #\p) (value #t)) - (,inbound-uri-sym (single-char #\i) (value #t)) - (,outbound-uri-sym (single-char #\o) (value #t)) - (,header-sym (single-char #\H) (value #t)) - (,log-file-sym (single-char #\l) (value #t)) - (,error-file-sym (single-char #\e) (value #t))))) - (getopt-long (command-line) option-spec)))) - (cond - ((option-ref options help-sym #f) - (format #t (G_ "Usage: ~a [OPTIONS]... - -Run a reverse proxy, taking requests with webid-oidc authentication -and passing them to the outbound URI with an additional header -containing the webid of the agent. - -Options: - -h, --~a: - display this help message and exit. - -v, --~a: - display the version information (~a) and exit. - -p PORT, --~a=8080: - set the port to bind. - -i URI, --~a=URI: - set the public URI of the reverse proxy. - -o URI, --~a=URI: - pass the requests to the server running at URI. - -H HEADER, --~a=HEADER: - pass request with optional HEADER set to the webid, XXX-Agent by default. - -l FILE.log, --~a=FILE.log: - dump the standard output to that file. - -e FILE.err, --~a=FILE.err: - dump the standard error to that file. - -Environment variables: - - LANG: set the locale of the sysadmin-facing interface. It is -currently ~a. - -Example: - -Suppose that you operate data.provider.com. Since everything is behind -a big global reverse proxy, the authenticated proxy listens on -http://localhost:8080. You have the data server running at -https://private.data.provider.com, set up so that only you can query -it. The private server needs the XXX-Agent header to contain the -authenticated webid of the user, if the user is authenticated. That’s -why you don’t want anyone to query it. You would run: - - export LANG=C - webid-oidc-reverse-proxy \\ - --port 8080 \\ - --inbound-uri https://data.provider.com \\ - --outbound-uri https://private.data.provider.com \\ - --header XXX-Agent \\ - --log-file /var/log/proxy.log \\ - --error-file /var/log/proxy.err - -If you find a bug, send a report to ~a. -") - (car (command-line)) - help-sym version-sym - cfg:version - port-sym inbound-uri-sym outbound-uri-sym header-sym - log-file-sym error-file-sym - (or (getenv "LANG") "") - cfg:package-bugreport)) - ((option-ref options version-sym #f) - (format #t (G_ "~a version ~a\n") - cfg:package cfg:version)) - (else - (let ((port-string - (option-ref options port-sym "8080")) - (inbound-uri-string - (option-ref options inbound-uri-sym #f)) - (outbound-uri-string - (option-ref options outbound-uri-sym #f)) - (header-string - (option-ref options header-sym "XXX-Agent")) - (log-file-string - (option-ref options log-file-sym #f)) - (error-file-string - (option-ref options error-file-sym #f))) - (when log-file-string - (set-current-output-port (stubs:open-output-file* log-file-string)) - (setvbuf (current-output-port) 'none)) - (when error-file-string - (set-current-error-port (stubs:open-output-file* error-file-string)) - (setvbuf (current-error-port) 'none)) - (unless (and port-string - (string? port-string) - (string->number port-string) - (integer? (string->number port-string)) - (>= (string->number port-string) 0) - (<= (string->number port-string) 65535)) - (format (current-error-port) - (G_ "The port should be a number between 0 and 65535.\n")) - (exit 1)) - (unless (and inbound-uri-string - (string->uri inbound-uri-string)) - (format (current-error-port) - (G_ "The public name of the server must be present (with scheme) as --inbound-uri.\n")) - (exit 1)) - (unless (and outbound-uri-string - (string->uri outbound-uri-string)) - (format (current-error-port) - (G_ "The address of the proxy must be present (with scheme) as --outbound-uri.\n")) - (exit 1)) - (install-suspendable-ports!) - (run-server (make-reverse-proxy - #:server-uri (string->uri inbound-uri-string) - #:http-get cache-http-get - #:endpoint (string->uri outbound-uri-string) - #:auth-header (string->symbol header-string)) - 'http - (list #:port (string->number port-string))))))))) diff --git a/src/webid-oidc-reverse-proxy b/src/webid-oidc index 5b7855e..67affe4 100755 --- a/src/webid-oidc-reverse-proxy +++ b/src/webid-oidc @@ -2,6 +2,6 @@ --no-auto-compile -s !# -(use-modules (webid-oidc reverse-proxy)) +(use-modules (webid-oidc program)) (main) |