1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
% Licensed under the Apache License, Version 2.0 (the "License"); you may not
% use this file except in compliance with the License. You may obtain a copy of
% the License at
%
% http://www.apache.org/licenses/LICENSE-2.0
%
% Unless required by applicable law or agreed to in writing, software
% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
% License for the specific language governing permissions and limitations under
% the License.
-module(couch_replicator_auth).
-export([
initialize/1,
update_headers/2,
handle_response/3,
cleanup/1
]).
-include_lib("couch_replicator/include/couch_replicator_api_wrap.hrl").
-type headers() :: [{string(), string()}].
-type code() :: non_neg_integer().
-define(DEFAULT_PLUGINS, "couch_replicator_auth_session,couch_replicator_auth_noop").
% Behavior API
% Note for plugin developers: consider using the "auth" field in the source and
% target objects to store credentials. In that case non-owner and non-admin
% users will have those credentials stripped when they read the replication
% document, which mimicks the behavior for "headers" and user and pass fields
% in endpoint URLs".
-callback initialize(#httpdb{}) ->
{ok, #httpdb{}, term()} | {error, term()} | ignore.
-callback update_headers(term(), headers()) -> {headers(), term()}.
-callback handle_response(term(), code(), headers()) ->
{continue | retry, term()}.
-callback cleanup(term()) -> ok.
% Main API
-spec initialize(#httpdb{}) -> {ok, #httpdb{}} | {error, term()}.
initialize(#httpdb{auth_context = nil} = HttpDb) ->
case try_initialize(get_plugin_modules(), HttpDb) of
{ok, Mod, HttpDb1, Context} ->
{ok, HttpDb1#httpdb{auth_context = {Mod, Context}}};
{error, Error} ->
{error, Error}
end.
-spec update_headers(#httpdb{}, headers()) -> {headers(), #httpdb{}}.
update_headers(#httpdb{auth_context = {Mod, Context}} = HttpDb, Headers) ->
{Headers1, Context1} = Mod:update_headers(Context, Headers),
{Headers1, HttpDb#httpdb{auth_context = {Mod, Context1}}}.
-spec handle_response(#httpdb{}, code(), headers()) ->
{continue | retry, term()}.
handle_response(#httpdb{} = HttpDb, Code, Headers) ->
{Mod, Context} = HttpDb#httpdb.auth_context,
{Res, Context1} = Mod:handle_response(Context, Code, Headers),
{Res, HttpDb#httpdb{auth_context = {Mod, Context1}}}.
-spec cleanup(#httpdb{}) -> #httpdb{}.
cleanup(#httpdb{auth_context = {Module, Context}} = HttpDb) ->
ok = Module:cleanup(Context),
HttpDb#httpdb{auth_context = nil}.
% Private helper functions
-spec get_plugin_modules() -> [atom()].
get_plugin_modules() ->
Plugins1 = config:get("replicator", "auth_plugins", ?DEFAULT_PLUGINS),
[list_to_atom(Plugin) || Plugin <- string:tokens(Plugins1, ",")].
try_initialize([], _HttpDb) ->
{error, no_more_auth_plugins_left_to_try};
try_initialize([Mod | Modules], HttpDb) ->
try Mod:initialize(HttpDb) of
{ok, HttpDb1, Context} ->
{ok, Mod, HttpDb1, Context};
ignore ->
try_initialize(Modules, HttpDb);
{error, Error} ->
{error, Error}
catch
error:undef ->
{error, {could_not_load_plugin_module, Mod}}
end.
|
