为每个请求制作一个自定义的 apache 模块挂钩?
Make a custom apache module hook into every requests?
对于一个项目,我需要在 apache 级别进行 HMAC 身份验证。所以我将 mod_example 解释 here 扩展到这一点:
module AP_MODULE_DECLARE_DATA hmac_module =
{
STANDARD20_MODULE_STUFF,
NULL, // Per-directory configuration handler
NULL, // Merge handler for per-directory configurations
NULL, // Per-server configuration handler
NULL, // Merge handler for per-server configurations
NULL, // Any directives we may have for httpd
register_hooks // Our hook registering function
};
/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool)
{
/* Hook the request handler */
ap_hook_handler(hmac_handler, NULL, NULL,APR_HOOK_REALLY_FIRST);
}
static int hmac_handler(request_rec *r)
{
// ...
// some variable definition
// ...
// Check that the "hmac-handler" handler is being called.
if (!r->handler || strcmp(r->handler, "hmac-handler")) return (DECLINED);
ap_args_to_table(r, &GET);
ap_parse_form_data(r, NULL, &POST, -1, 8192);
timestamp = apr_table_get(r->headers_in, "X-EPOCH");
claimedHash = apr_table_get(r->headers_in, "X-HMAC");
if (!timestamp){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Timestamp does not exits in request");
return HTTP_FORBIDDEN;
}
if(!claimedHash){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"There is no claimed hash in the request!");
return HTTP_FORBIDDEN;
}
//...
// calculate timestamp's sha1 hash
//...
if(strcmp(claimedHash,encoded)){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Claimed hash and digested values does not match,Claimed:%s , Target:%s",claimedHash,encoded);
return HTTP_FORBIDDEN;
}
// Let Apache know that we responded to this request.
return OK;
}
现在,我需要在 apache 进一步处理它之前在 apache 中挂钩这个模块,以检查这个请求是否经过身份验证。
我知道 ap_hook_handler 函数中的 APR_HOOK_REALLY_FIRST 参数使 apache 在任何其他处理程序之前执行此处理程序。
但我需要知道如何让这个处理程序在特定目录中发生的任何请求之前执行。
我终于想通了my-self。我应该在早期阶段注册我的模块,而不是在处理程序阶段注册挂钩:access_checker.
如果有人感兴趣,可以在 github 获得最终代码。
对于一个项目,我需要在 apache 级别进行 HMAC 身份验证。所以我将 mod_example 解释 here 扩展到这一点:
module AP_MODULE_DECLARE_DATA hmac_module =
{
STANDARD20_MODULE_STUFF,
NULL, // Per-directory configuration handler
NULL, // Merge handler for per-directory configurations
NULL, // Per-server configuration handler
NULL, // Merge handler for per-server configurations
NULL, // Any directives we may have for httpd
register_hooks // Our hook registering function
};
/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool)
{
/* Hook the request handler */
ap_hook_handler(hmac_handler, NULL, NULL,APR_HOOK_REALLY_FIRST);
}
static int hmac_handler(request_rec *r)
{
// ...
// some variable definition
// ...
// Check that the "hmac-handler" handler is being called.
if (!r->handler || strcmp(r->handler, "hmac-handler")) return (DECLINED);
ap_args_to_table(r, &GET);
ap_parse_form_data(r, NULL, &POST, -1, 8192);
timestamp = apr_table_get(r->headers_in, "X-EPOCH");
claimedHash = apr_table_get(r->headers_in, "X-HMAC");
if (!timestamp){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Timestamp does not exits in request");
return HTTP_FORBIDDEN;
}
if(!claimedHash){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"There is no claimed hash in the request!");
return HTTP_FORBIDDEN;
}
//...
// calculate timestamp's sha1 hash
//...
if(strcmp(claimedHash,encoded)){
ap_log_rerror(APLOG_MARK,APLOG_ERR,HTTP_FORBIDDEN,r,"Claimed hash and digested values does not match,Claimed:%s , Target:%s",claimedHash,encoded);
return HTTP_FORBIDDEN;
}
// Let Apache know that we responded to this request.
return OK;
}
现在,我需要在 apache 进一步处理它之前在 apache 中挂钩这个模块,以检查这个请求是否经过身份验证。
我知道 ap_hook_handler 函数中的 APR_HOOK_REALLY_FIRST 参数使 apache 在任何其他处理程序之前执行此处理程序。
但我需要知道如何让这个处理程序在特定目录中发生的任何请求之前执行。
我终于想通了my-self。我应该在早期阶段注册我的模块,而不是在处理程序阶段注册挂钩:access_checker.
如果有人感兴趣,可以在 github 获得最终代码。