Permalink
Browse files

mod_ssl: Added mod_ssl, enables ssl certs per site. Removed ssl from …

…the core. Tuned dispatch rules for more secure usage. Fixes #434. Fixes #433.
  • Loading branch information...
mworrell committed Oct 2, 2012
1 parent 9051de1 commit 54e60f6e6b397e52f29a65ab0d4f3276f3f44656
View
@@ -222,3 +222,8 @@
-define(zDebug(Msg, Context), z:debug(Msg, [{module, ?MODULE}, {line, ?LINE}], Context)).
-define(zInfo(Msg, Context), z:info(Msg, [{module, ?MODULE}, {line, ?LINE}], Context)).
-define(zWarning(Msg, Context), z:warning(Msg, [{module, ?MODULE}, {line, ?LINE}], Context)).
+
+-define(zDebug(Msg, Args, Context), z:debug(Msg, Args, [{module, ?MODULE}, {line, ?LINE}], Context)).
+-define(zInfo(Msg, Args, Context), z:info(Msg, Args, [{module, ?MODULE}, {line, ?LINE}], Context)).
+-define(zWarning(Msg, Args, Context), z:warning(Msg, Args, [{module, ?MODULE}, {line, ?LINE}], Context)).
+
@@ -21,12 +21,15 @@
%% | {ok, #dispatch_match{}}
%% | {ok, #dispatch_redirect{}}
%% | undefined.
--record(dispatch, {host, path=[], method='GET', is_ssl=false}).
+-record(dispatch, {host, path=[], method='GET', protocol=http}).
-record(dispatch_redirect, {location, is_permanent=false}).
-record(dispatch_match, {dispatch_name, mod, mod_opts=[], path_tokens=[], bindings=[], app_root="", string_path=""}).
+%% @doc Modify cookie options, used for setting http_only and secure options. (foldl)
+-record(cookie_options, {name, value}).
+
% 'module_ready' - Sent when modules have changed, z_module_indexer reindexes all modules' templates, actions etc.
%% @doc A module has been activated and started. (notify)
@@ -1,14 +1,14 @@
%% -*- mode: erlang -*-
%% Admin dispatch rules
[
- {admin, ["admin"], controller_admin, []},
- {admin_logon, ["admin", "logon"], controller_logon, [{template, "admin_logon.tpl"}]},
- {admin_overview_rsc, ["admin", "overview"], controller_admin, [{template, "admin_overview.tpl"}, {selected, "overview"}]},
- {admin_media, ["admin", "media"], controller_admin, [{template, "admin_media.tpl"}, {selected, "media"}]},
+ {admin, ["admin"], controller_admin, []},
+ {admin_logon, ["admin", "logon"], controller_logon, [{template, "admin_logon.tpl"}, {ssl,true}]},
+ {admin_overview_rsc, ["admin", "overview"], controller_admin, [{template, "admin_overview.tpl"}, {selected, "overview"}]},
+ {admin_media, ["admin", "media"], controller_admin, [{template, "admin_media.tpl"}, {selected, "media"}]},
- {admin_edit_rsc, ["admin", "edit", id], controller_admin_edit, []},
- {admin_referrers, ["admin", "referrer", id], controller_admin_referrers, []},
- {admin_media_preview, ["admin", "media", "preview", id], controller_admin_media_preview, []},
+ {admin_edit_rsc, ["admin", "edit", id], controller_admin_edit, []},
+ {admin_referrers, ["admin", "referrer", id], controller_admin_referrers, []},
+ {admin_media_preview, ["admin", "media", "preview", id], controller_admin_media_preview, []},
- {admin_status, ["admin", "status"], controller_admin, [{template, "admin_status.tpl"}, {selected, "status"}]}
+ {admin_status, ["admin", "status"], controller_admin, [{template, "admin_status.tpl"}, {selected, "status"}]}
].
@@ -1,5 +1,5 @@
%% -*- mode: erlang -*-
%% Dispatch rule for overview of configuration settings.
[
- {admin_config, ["admin", "config"], controller_admin_config, []}
+ {admin_config, ["admin", "config"], controller_admin_config, [{ssl,true}]}
].
@@ -1,4 +1,4 @@
%% -*- mode: erlang -*-
[
- {admin_user, ["admin", "users"], controller_admin, [{template, "admin_users.tpl"}, {selected, "users"}]}
+ {admin_user, ["admin", "users"], controller_admin, [{template, "admin_users.tpl"}, {selected, "users"}, {ssl, true}]}
].
@@ -1,5 +1,5 @@
%% -*- mode: erlang -*-
[
{logon, ["logon"], controller_logon, [{ssl, true}]},
- {logoff, ["logoff"], controller_logoff, []}
+ {logoff, ["logoff"], controller_logoff, [{ssl, true}]}
].
@@ -1,12 +1,13 @@
%% -*- mode: erlang -*-
[
- {admin_backup, [ "admin", "backup" ], controller_admin_backup, []},
- {admin_backup_revision, [ "admin", "backup", id ], controller_admin_backup_revision, []},
+ {admin_backup, [ "admin", "backup" ], controller_admin_backup, [{ssl, any}]},
+ {admin_backup_revision, [ "admin", "backup", id ], controller_admin_backup_revision, [{ssl, any}]},
{backup_download, [ "backup", '*' ], controller_file_readonly,
[
{root, [{module, mod_backup}]},
{content_disposition, attachment},
- {use_cache, false}
+ {use_cache, false},
+ {ssl, any}
]}
].
@@ -5,7 +5,7 @@
{comet, ["comet"], controller_comet, [{ssl, any}, {no_session, true}]},
%% Comet sub-domain connection, used with long polls from the browser.
- {comet, ["comet", "subdomain"], controller_template, [{template, "comet_subdomain.tpl"}]},
+ {comet, ["comet", "subdomain"], controller_template, [{template, "comet_subdomain.tpl"}, {ssl, any}]},
%% WebSocket connection.
{websocket, ["websocket"], controller_websocket, [{ssl, any}, {no_session, true}]},
@@ -17,7 +17,7 @@
{close_connection, ["close-connection"], controller_close_connection, [{ssl, any}, {no_session, true}]},
%% The id controller redirects depending on the accept header sent by the user agent.
- {id, ["id", id], controller_id, []},
+ {id, ["id", id], controller_id, [{ssl, any}]},
%% CSS and Javascript files from the "lib" module folder. Possibly more than one file combined in one request.
{lib, ["lib",'*'], controller_lib, [ {use_cache, false}, {ssl, any} ]},
@@ -36,34 +36,38 @@
[
{path, id},
{use_cache, false},
- {content_disposition, attachment}
+ {content_disposition, attachment},
+ {ssl, any}
]},
%% Download of an image, attached to a media rsc
{media_inline, ["media","inline","id",id], controller_file_readonly,
[
{path, id},
{use_cache, false},
- {content_disposition, inline}
+ {content_disposition, inline},
+ {ssl, any}
]},
%% Inline display of original uploaded files. Assumes the files are in the root folder.
{media_inline, ["media","inline",'*'], controller_file_readonly,
[
{use_cache, false},
- {content_disposition, inline}
+ {content_disposition, inline},
+ {ssl, any}
]},
%% Download of original uploaded files. Assumes the files are in the root folder.
{media_attachment, ["media","attachment",'*'], controller_file_readonly,
[
{use_cache, false},
- {content_disposition, attachment}
+ {content_disposition, attachment},
+ {ssl, any}
]},
%% API access
- {api, ["api",module,method], controller_api, []},
- {api, ["api",module], controller_api, []},
+ {api, ["api",module,method], controller_api, [{ssl, any}]},
+ {api, ["api",module], controller_api, [{ssl, any}]},
%% Serves the favicon.ico from "lib/images/favicon.ico" in the modules.
{favicon, ["favicon.ico"], controller_file_readonly,
@@ -76,9 +80,9 @@
]},
%% User Agent handling
- {ua_probe, ["useragent","probe.js"], controller_user_agent_probe, []},
- {ua_select, ["useragent","select", ua_class], controller_user_agent_select, []},
- {ua_select, ["useragent","select"], controller_user_agent_select, []},
+ {ua_probe, ["useragent","probe.js"], controller_user_agent_probe, [{ssl, any}]},
+ {ua_select, ["useragent","select", ua_class], controller_user_agent_select, [{ssl, any}]},
+ {ua_select, ["useragent","select"], controller_user_agent_select, [{ssl, any}]},
%% robots.txt - simple allow all file
{robots_txt, ["robots.txt"], controller_file_readonly,
@@ -1,11 +1,11 @@
%% -*- mode: erlang -*-
[
- {admin_development, ["admin", "development"], controller_admin, [{template, "admin_development.tpl"}, {selected, "development"}]},
+ {admin_development, ["admin", "development"], controller_admin, [{template, "admin_development.tpl"}, {selected, "development"}, {ssl,true}]},
- {admin_development_templates, ["admin", "development", "templates"], controller_admin, [{template, "admin_development_templates.tpl"}, {selected, "development"}]},
+ {admin_development_templates, ["admin", "development", "templates"], controller_admin, [{template, "admin_development_templates.tpl"}, {selected, "development"}, {ssl,true}]},
- {wmtrace_conf, ["wmtrace_conf"], controller_wmtrace_conf, []},
+ {wmtrace_conf, ["wmtrace_conf"], controller_wmtrace_conf, [{ssl,true}]},
- {wmtrace, ["wmtrace"], controller_wmtrace, []},
- {wmtrace, ["wmtrace", '*'], controller_wmtrace, []}
+ {wmtrace, ["wmtrace"], controller_wmtrace, [{ssl,true}]},
+ {wmtrace, ["wmtrace", '*'], controller_wmtrace, [{ssl,true}]}
].
@@ -1,6 +1,6 @@
%% -*- mode: erlang -*-
[
- {admin_facebook, ["admin", "facebook"], controller_admin_facebook, []},
- {facebook_authorize, ["facebook", "authorize"], controller_facebook_authorize, []},
- {facebook_redirect, ["facebook", "redirect"], controller_facebook_redirect, []}
+ {admin_facebook, ["admin", "facebook"], controller_admin_facebook, [{ssl,true}]},
+ {facebook_authorize, ["facebook", "authorize"], controller_facebook_authorize, [{ssl,any}]},
+ {facebook_redirect, ["facebook", "redirect"], controller_facebook_redirect, [{ssl,any}]}
].
@@ -7,5 +7,5 @@
{oauth_authorize, ["oauth", "authorize"], controller_oauth_authorize, []},
{oauth_finish, ["oauth", "authorize", "finished"], controller_template, [ {template, "oauth_authorize_finished.tpl"} ]},
- {admin_oauth, ["admin", "oauth", "apps"], controller_oauth_apps, []}
+ {admin_oauth, ["admin", "oauth", "apps"], controller_oauth_apps, [{ssl,true}]}
].
@@ -1,4 +1,4 @@
[
- {rest_rsc, ["rest", "rsc", format, id], controller_rest_rsc, []},
- {rest_rsc, ["rest", "rsc", id], controller_rest_rsc, []}
+ {rest_rsc, ["rest", "rsc", format, id], controller_rest_rsc, [{ssl,any}]},
+ {rest_rsc, ["rest", "rsc", id], controller_rest_rsc, [{ssl,any}]}
].
Oops, something went wrong.

0 comments on commit 54e60f6

Please sign in to comment.