Permalink
Browse files

fixes for FCGI authorization (Bruno Rijsman), plus I cleaned up inden…

…tation and comments in yaws_cgi.erl
  • Loading branch information...
1 parent 682bc96 commit 18cec55724a4fc5707daccb7428f65f4888d7ced @vinoski vinoski committed Oct 17, 2009
Showing with 314 additions and 199 deletions.
  1. +27 −5 man/yaws_api.5
  2. +287 −194 src/yaws_cgi.erl
View
@@ -486,30 +486,52 @@ Enable or disable logging of application error messages: output
to stderr and non-zero exit value.
.TP
-\fBcall_fcgi_authorizer(Arg) -> {allowed, Variables} | {denied, Out}\fR
+\fBcall_fcgi_authorizer(Arg) -> {allowed, Out} | {denied, Out}\fR
Calls a FastCGI authorizer.
The address and port of the FastCGI application server are taken
from the server configuration (see yaws.conf).
Used to make `.yaws' wrappers for FastCGI authorizers.
Variables contains the values of the variables returned by the FastCGI
application server in the "Variable-XXX: YYY" headers.
+If access is denied, Out contains the complete response returned by
+the FastCGI application server. This response is typically returned
+as-is to the HTTP client.
+
+If access is allowed, Out contains the response returned by the
+FastCGI application server minus the body (i.e. minus the content)
+which should be ignored per the FastCGI specification. This response
+is typically not returned to the HTTP client. The calling application
+module may wish to inspect the response, for example by extracting
+variables (see fcgi_extract_variables below) or by inspecting the
+headers returned by the FastCGI application server.
+
\fI
.nf
Out -- See return values for out/1 below
-Variables = {Name, Value}
-Name = string()
-Value = string()
.fi
\fR
.TP
-\fBcall_fcgi_authorizer(Arg, Options)\fR
+\fBcall_fcgi_authorizer(Arg, Options) -> {allowed, Out} | {denied, Out}\fR
Same as above, but Options overrides the defaults from the server
configuration. See call_fcgi_responder/2 above for a description
of Options.
.TP
+\fBfcgi_extract_variables(Out) -> [{Name, Value}]\fR
+Extracts the environment variables from a FastCGI authorizer response
+by looking for headers of the form "Variable-Name: Value".
+
+\fI
+.nf
+Name = string() -- The name of the variable (the "Variable-" prefix
+has already been removed).
+Value = string() -- The value of the variable.
+.fi
+\fR
+
+.TP
\fBdir_listing(Arg)\fR
Perform a directory listing. Can be used in special directories
when we don't want to turn on dir listings for the entire server.
Oops, something went wrong.

0 comments on commit 18cec55

Please sign in to comment.