add separate secure external api config, and use it for oauth

omega · Mar 3, 2014 · ff44f3b · ff44f3b
1 parent b0062d5
commit ff44f3b
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 3 deletions.
diff --git a/lib/MetaCPAN/Web/Controller/Root.pm b/lib/MetaCPAN/Web/Controller/Root.pm
@@ -87,6 +87,11 @@ sub end : ActionClass('RenderView') {
     $c->stash->{api_secure} = $c->config->{api_secure} || $c->config->{api};
     $c->stash->{api_external}
         = $c->config->{api_external} || $c->config->{api};
+    $c->stash->{api_external_secure}
+        = $c->config->{api_external_secure} || $c->config->{api_external}
+        || $c->stash->{api_secure};
+    $c->stash->{oauth_prefix} = $c->stash->{api_external_secure}
+      . '/oauth2/authorize?client_id=' . $c->config->{consumer_key};
     $c->res->header( Vary => 'Cookie' );
 
     unless (

diff --git a/metacpan_web.conf b/metacpan_web.conf
@@ -6,6 +6,7 @@ default_view HTML
 api             = http://api.metacpan.org
 api_external    = http://api.metacpan.org
 api_secure      = https://api.metacpan.org
+api_external_secure = https://api.metacpan.org
 consumer_key    = metacpan.dev
 consumer_secret = ClearAirTurbulence
 

diff --git a/root/account/identities.html b/root/account/identities.html
@@ -15,7 +15,7 @@ <h4 class="alert-heading">Information</h4>
                 <button type="submit" class="btn btn-block btn-danger"><i class="icon-remove icon-white"></i> Disconnect</a>
             </form>
             <%- ELSE %>
-            <a class="btn btn-block btn-success" href="<% api_secure %>/oauth2/authorize?choice=<% identity.lower %>&amp;client_id=<% c.config.consumer_key %>" onclick="return logInPAUSE(this)"><i class="icon-share icon-white"></i> Connect</a>
+            <a class="btn btn-block btn-success" href="<% oauth_prefix %>&amp;choice=<% identity.lower %>" onclick="return logInPAUSE(this)"><i class="icon-share icon-white"></i> Connect</a>
             <%- END %>
         </td>
     </tr>

diff --git a/root/account/profile.html b/root/account/profile.html
@@ -3,7 +3,7 @@
     <% IF no_profile -%>
     <div class="alert alert-error">
       <h4 class="alert-heading">Error</h4>
-      In order to change your profile you have to <a href="<% api_secure %>/oauth2/authorize?choice=pause&amp;client_id=<% c.config.consumer_key %>" onclick="return logInPAUSE(this)">connect your account to PAUSE</a>.
+      In order to change your profile you have to <a href="<% oauth_prefix %>&amp;choice=pause" onclick="return logInPAUSE(this)">connect your account to PAUSE</a>.
     </div>
     <% ELSE -%>
     <form method="POST" action="" class="form-horizontal">

diff --git a/root/wrapper.html b/root/wrapper.html
@@ -116,7 +116,7 @@
               <ul class="dropdown-menu">
                 <%- FOREACH identity IN ['Facebook', 'GitHub', 'Twitter', 'Google'] %>
                 <li>
-                  <a href="<% api_secure %>/oauth2/authorize?choice=<% identity.lower %>&amp;client_id=<% c.config.consumer_key %>" onclick="return logInPAUSE(this)"><% identity %></a>
+                  <a href="<% oauth_prefix %>&amp;choice=<% identity.lower %>" onclick="return logInPAUSE(this)"><% identity %></a>
                 </li>
                 <%- END %>
               </ul>