freshlybakedca.ke
Git fork
1#!/bin/sh
2
3VALID_CREDS_FILE=custom-auth.valid
4CHALLENGE_FILE=custom-auth.challenge
5
6#
7# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
8# credential for the current request. Each line in the file is considered a
9# valid HTTP Authorization header value. For example:
10#
11# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
12#
13# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
14# in a 401 response if no valid authentication credentials were included in the
15# request. For example:
16#
17# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
18# WWW-Authenticate: Basic realm="example.com"
19#
20
21if test -n "$HTTP_AUTHORIZATION" && \
22 grep -Fqs "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
23then
24 idno=$(grep -F "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" | sed -e 's/^id=\([a-z0-9-][a-z0-9-]*\) .*$/\1/')
25 status=$(sed -ne "s/^id=$idno.*status=\\([0-9][0-9][0-9]\\).*\$/\\1/p" "$CHALLENGE_FILE" | head -n1)
26 # Note that although git-http-backend returns a status line, it
27 # does so using a CGI 'Status' header. Because this script is an
28 # No Parsed Headers (NPH) script, we must return a real HTTP
29 # status line.
30 # This is only a test script, so we don't bother to check for
31 # the actual status from git-http-backend and always return 200.
32 echo "HTTP/1.1 $status Nonspecific Reason Phrase"
33 if test "$status" -eq 200
34 then
35 exec "$GIT_EXEC_PATH"/git-http-backend
36 else
37 sed -ne "s/^id=$idno.*response=//p" "$CHALLENGE_FILE"
38 echo
39 exit
40 fi
41fi
42
43echo 'HTTP/1.1 401 Authorization Required'
44if test -f "$CHALLENGE_FILE"
45then
46 sed -ne 's/^id=default.*response=//p' "$CHALLENGE_FILE"
47fi
48echo