diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-15 00:49:31 +0400 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2014-01-16 05:28:12 +0400 |
commit | d6e9200cc35411f3f27426b608bcfdef9348e6d3 (patch) | |
tree | 9cdd921b03465458d10b99ff4357f79a810501c0 /cgitrc.5.txt | |
parent | 3741254a6989b2837cd8d20480f152f0096bcb9a (diff) |
auth: add basic authentication filter framework
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'cgitrc.5.txt')
-rw-r--r-- | cgitrc.5.txt | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/cgitrc.5.txt b/cgitrc.5.txt index 170e825..c45dbd3 100644 --- a/cgitrc.5.txt +++ b/cgitrc.5.txt @@ -42,6 +42,13 @@ agefile:: hh:mm:ss". You may want to generate this file from a post-receive hook. Default value: "info/web/last-modified". +auth-filter:: + Specifies a command that will be invoked for authenticating repository + access. Receives quite a few arguments, and data on both stdin and + stdout for authentication processing. Details follow later in this + document. If no auth-filter is specified, no authentication is + performed. Default value: none. See also: "FILTER API". + branch-sort:: Flag which, when set to "age", enables date ordering in the branch ref list, and when set to "name" enables ordering by branch name. Default @@ -605,6 +612,8 @@ specification with the relevant string; available values are: URL escapes for a path and writes 'str' to the webpage. 'html_url_arg(str)':: URL escapes for an argument and writes 'str' to the webpage. + 'html_include(file)':: + Includes 'file' in webpage. Parameters are provided to filters as follows. @@ -635,7 +644,32 @@ source filter:: file that is to be filtered is available on standard input and the filtered contents is expected on standard output. -Also, all filters are handed the following environment variables: +auth filter:: + The authentication filter receives 11 parameters: + - filter action, explained below, which specifies which action the + filter is called for + - http cookie + - http method + - http referer + - http path + - http https flag + - cgit repo + - cgit page + - cgit url + When the filter action is "body", this filter must write to output the + HTML for displaying the login form, which POSTs to "/?p=login". When + the filter action is "authenticate-cookie", this filter must validate + the http cookie and return a 0 if it is invalid or 1 if it is invalid, + in the exit code / close function. If the filter action is + "authenticate-post", this filter receives POST'd parameters on + standard input, and should write to output one or more "Set-Cookie" + HTTP headers, each followed by a newline. + + Please see `filters/simple-authentication.lua` for a clear example + script that may be modified. + + +All filters are handed the following environment variables: - CGIT_REPO_URL (from repo.url) - CGIT_REPO_NAME (from repo.name) |