Subscribed unsubscribe Subscribe Subscribe

Hateburo: kazeburo hatenablog

Operations Engineer / Site Reliability / 運用系小姑 / Perl Monger

Plack::Middleware::Auth::Basic を Proxy-Authorization に対応させる

とりあえず、Auth::BasicをProxyでも動くようにするには以下のようなパッチをあてれば良いんだけど

diff --git a/lib/Plack/Middleware/Auth/Basic.pm b/lib/Plack/Middleware/Auth/Basic.pm
index 25be748..df25b67 100644
--- a/lib/Plack/Middleware/Auth/Basic.pm
+++ b/lib/Plack/Middleware/Auth/Basic.pm
@@ -19,7 +19,7 @@ sub prepare_app {
 sub call {
     my($self, $env) = @_;
 
-    my $auth = $env->{HTTP_AUTHORIZATION}
+    my $auth = $env->{HTTP_PROXY_AUTHORIZATION}
         or return $self->unauthorized;
 
     if ($auth =~ /^Basic (.*)$/) {
@@ -36,12 +36,12 @@ sub call {
 
 sub unauthorized {
     my $self = shift;
-    my $body = 'Authorization required';
+    my $body = 'Proxy Authorization required';
     return [
-        401,
+        407,
         [ 'Content-Type' => 'text/plain',
           'Content-Length' => length $body,
-          'WWW-Authenticate' => 'Basic realm="' . ($self->realm || "restricted area") . '"' ],
+          'Proxy-Authenticate' => 'Basic realm="' . ($self->realm || "restricted area") . '"' ],
         [ $body ],
     ];
 }

通常のAuthorizationと両方動くようにする為には、リクエストのREQUEST_URIがhttpから始まっている、もしくはCONNECT methodだったらとかで切り替えればいいのかな。httpsのproxyはPlack::App::Proxyで対応してないけど