diff options
author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-06-27 20:59:27 +0200 |
---|---|---|
committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-07-02 14:49:13 +0200 |
commit | 394b62ceab778eb58e7eb8927068a7e1faab4add (patch) | |
tree | 2d1b14020f4e405ab60b480d68817961314f5fd8 /src/scm/webid-oidc/reverse-proxy.scm | |
parent | 6cbe572b7e5d2e1357a10f0dff94b561129f34c6 (diff) |
Make a unique program with all commands
Diffstat (limited to 'src/scm/webid-oidc/reverse-proxy.scm')
-rw-r--r-- | src/scm/webid-oidc/reverse-proxy.scm | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/src/scm/webid-oidc/reverse-proxy.scm b/src/scm/webid-oidc/reverse-proxy.scm index 87588b9..cc4d46a 100644 --- a/src/scm/webid-oidc/reverse-proxy.scm +++ b/src/scm/webid-oidc/reverse-proxy.scm @@ -18,13 +18,6 @@ #:use-module (webid-oidc cache) #:use-module (web server)) -(define (G_ text) - (let ((out (gettext text))) - (if (string=? out text) - ;; No translation, disambiguate - (car (reverse (string-split text #\|))) - out))) - (define*-public (make-reverse-proxy #:key (jti-list #f) @@ -99,159 +92,3 @@ (response-headers response))))) (close-port port) (values adapted-response response-body)))))))))))) - -(define-public (main) - (define* (http-get-with-log uri #:key (headers '())) - (define date (date->string (time-utc->date (current-time)))) - (define uri-string (if (uri? uri) (uri->string uri) uri)) - (format (current-error-port) "~a: GET ~a ~s...\n" - date uri-string headers) - (receive (response response-body) (http-get uri #:headers headers) - (format (current-error-port) "~a: GET ~a ~s: ~s ~a bytes\n" - date uri-string headers response - (if (bytevector? response-body) - (bytevector-length response-body) - (string-length response-body))) - (values response response-body))) - (define cache-http-get - (with-cache #:http-get http-get-with-log)) - (setvbuf (current-output-port) 'none) - (setvbuf (current-error-port) 'none) - (setlocale LC_ALL "") - (bindtextdomain cfg:package cfg:localedir) - (textdomain cfg:package) - (let ((version-sym - (string->symbol (G_ "command-line|version"))) - (help-sym - (string->symbol (G_ "command-line|help"))) - (port-sym - (string->symbol (G_ "command-line|port"))) - (inbound-uri-sym - (string->symbol (G_ "command-line|inbound-uri"))) - (outbound-uri-sym - (string->symbol (G_ "command-line|outbound-uri"))) - (header-sym - (string->symbol (G_ "command-line|header"))) - (log-file-sym - (string->symbol (G_ "comand-line|log-file"))) - (error-file-sym - (string->symbol (G_ "comand-line|error-file")))) - (let ((options - (let ((option-spec - `((,version-sym (single-char #\v) (value #f)) - (,help-sym (single-char #\h) (value #f)) - (,port-sym (single-char #\p) (value #t)) - (,inbound-uri-sym (single-char #\i) (value #t)) - (,outbound-uri-sym (single-char #\o) (value #t)) - (,header-sym (single-char #\H) (value #t)) - (,log-file-sym (single-char #\l) (value #t)) - (,error-file-sym (single-char #\e) (value #t))))) - (getopt-long (command-line) option-spec)))) - (cond - ((option-ref options help-sym #f) - (format #t (G_ "Usage: ~a [OPTIONS]... - -Run a reverse proxy, taking requests with webid-oidc authentication -and passing them to the outbound URI with an additional header -containing the webid of the agent. - -Options: - -h, --~a: - display this help message and exit. - -v, --~a: - display the version information (~a) and exit. - -p PORT, --~a=8080: - set the port to bind. - -i URI, --~a=URI: - set the public URI of the reverse proxy. - -o URI, --~a=URI: - pass the requests to the server running at URI. - -H HEADER, --~a=HEADER: - pass request with optional HEADER set to the webid, XXX-Agent by default. - -l FILE.log, --~a=FILE.log: - dump the standard output to that file. - -e FILE.err, --~a=FILE.err: - dump the standard error to that file. - -Environment variables: - - LANG: set the locale of the sysadmin-facing interface. It is -currently ~a. - -Example: - -Suppose that you operate data.provider.com. Since everything is behind -a big global reverse proxy, the authenticated proxy listens on -http://localhost:8080. You have the data server running at -https://private.data.provider.com, set up so that only you can query -it. The private server needs the XXX-Agent header to contain the -authenticated webid of the user, if the user is authenticated. That’s -why you don’t want anyone to query it. You would run: - - export LANG=C - webid-oidc-reverse-proxy \\ - --port 8080 \\ - --inbound-uri https://data.provider.com \\ - --outbound-uri https://private.data.provider.com \\ - --header XXX-Agent \\ - --log-file /var/log/proxy.log \\ - --error-file /var/log/proxy.err - -If you find a bug, send a report to ~a. -") - (car (command-line)) - help-sym version-sym - cfg:version - port-sym inbound-uri-sym outbound-uri-sym header-sym - log-file-sym error-file-sym - (or (getenv "LANG") "") - cfg:package-bugreport)) - ((option-ref options version-sym #f) - (format #t (G_ "~a version ~a\n") - cfg:package cfg:version)) - (else - (let ((port-string - (option-ref options port-sym "8080")) - (inbound-uri-string - (option-ref options inbound-uri-sym #f)) - (outbound-uri-string - (option-ref options outbound-uri-sym #f)) - (header-string - (option-ref options header-sym "XXX-Agent")) - (log-file-string - (option-ref options log-file-sym #f)) - (error-file-string - (option-ref options error-file-sym #f))) - (when log-file-string - (set-current-output-port (stubs:open-output-file* log-file-string)) - (setvbuf (current-output-port) 'none)) - (when error-file-string - (set-current-error-port (stubs:open-output-file* error-file-string)) - (setvbuf (current-error-port) 'none)) - (unless (and port-string - (string? port-string) - (string->number port-string) - (integer? (string->number port-string)) - (>= (string->number port-string) 0) - (<= (string->number port-string) 65535)) - (format (current-error-port) - (G_ "The port should be a number between 0 and 65535.\n")) - (exit 1)) - (unless (and inbound-uri-string - (string->uri inbound-uri-string)) - (format (current-error-port) - (G_ "The public name of the server must be present (with scheme) as --inbound-uri.\n")) - (exit 1)) - (unless (and outbound-uri-string - (string->uri outbound-uri-string)) - (format (current-error-port) - (G_ "The address of the proxy must be present (with scheme) as --outbound-uri.\n")) - (exit 1)) - (install-suspendable-ports!) - (run-server (make-reverse-proxy - #:server-uri (string->uri inbound-uri-string) - #:http-get cache-http-get - #:endpoint (string->uri outbound-uri-string) - #:auth-header (string->symbol header-string)) - 'http - (list #:port (string->number port-string))))))))) |