[dancer-users] Apache environment in FCGI app

[Keith Lawson]

I didn't get any responses here or on IRC so I'm posting the solution I went with to get it archived. 

>>>> Keith Lawson 11/29/13 10:22 AM >>>
>Hello,
>
>    I'm working on my first Dancer application and want to deploy it in our standard server environment here.
>
>    For authentication/authz we have custom mod_perl auth handlers that set Apache environment variables with user ID, group membership etc. >I'm trying to write an implementation of Dancer::Plugin::Auth::Extensible::Provider that does auth/authz by reading those environment variables however %ENV isn't populated in my Dancer app. Looking at the source of public/dispatch.fcgi I noticed the following:
>
># For some reason Apache SetEnv directives dont propagate
># correctly to the dispatchers, so forcing PSGI and env here
># is safer.
>    set apphandler => 'PSGI';
>    set environment => 'production';
>
>    Can anyone tell me if it's possible to get %ENV through to my Dancer app or perhaps a different approach for auth/authz that uses $ENV{REMOTE_USER} and our custom Apache environment variables?
>

I never did get FCGI to work so I tried regular CGI, here's my apache config for my app: 

   SetEnv DANCER_ENVIRONMENT "development"

   <Directory "/var/dancerdev/filesafe">
      AllowOverride None
      Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
      Order allow,deny
      Allow from all
      AddHandler cgi-script .cgi
   </Directory>

   ScriptAlias /filesafe /var/dancerdev/filesafe/public/dispatch.cgi

This works but I had to comment out where %ENV keys were explicitly set in dispatch.cgi so that the Apache conf directives for dev/prod environment worked properly: 

--- dispatch.cgi.dist    2013-12-05 09:21:35.917592251 -0500
+++ dispatch.cgi    2013-12-05 09:20:06.912736198 -0500
@@ -6,8 +6,8 @@
 # For some reason Apache SetEnv directives dont propagate
 # correctly to the dispatchers, so forcing PSGI and env here 
 # is safer.
-set apphandler => 'PSGI';
-set environment => 'production';
+# set apphandler => 'PSGI';
+# set environment => 'production';
 
 my $psgi = path($RealBin, '..', 'bin', 'app.pl');
 die "Unable to read startup script: $psgi" unless -r $psgi;

My first crack at doing Dancer auth/authz was to write a provider for Dancer::Plugin::Auth::Extensible with subs that rely on %ENV like this: 

sub authenticate_user 
{
    my ($self, $username, $password) = @_;
    return $ENV{REMOTE_USER};
}

However I couldn't figure out why $ENV{REMOTE_USER} wasn't getting to the plugin so I gave up. 

I just ended up protecting portions of my new app with a <Location> stanza using our Apache2::AuthCookie auth handlers:

   <Location /filesafe/priv>
     order allow,deny
     allow from all
     AuthType Site::LDAPCookieHandler2
     AuthName dancerdev
     PerlAuthenHandler  Site::LDAPCookieHandler2->authenticate
     PerlAuthzHandler   Site::LDAPCookieHandler2->authorize
     require valid-user
     satisfy all
   </Location>

Then in my dancer app I protect portions like this: 

get '/priv/hello' => sub 
{
    die unless $ENV{REMOTE_USER};
    return "Hi there ".$ENV{REMOTE_USER};
};


This won't solve authorization for me but I won't have a need for this in this app. 


>    Thanks,
>    Keith.
>
>
>   


 --------------------------------------------------------------------------------
This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation.