Date: Wed, 29 Feb 2012 22:39:59 +0100 From: Filip Valder <filip.valder@vsb.cz> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Filip Valder <filip@valder.cz> Subject: ports/165565: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD Message-ID: <4F4E9B2F.8010406@vsb.cz> Resent-Message-ID: <201202292140.q1TLeGxN027937@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 165565 >Category: ports >Synopsis: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Feb 29 21:40:16 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Filip Valder >Release: FreeBSD 8.2-RELEASE i386 >Organization: ULICE.SvetDoma.cz >Environment: System: FreeBSD ulicnik.ulice 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Sat Dec 3 23:35:47 CET 2011 root@hlidac-ha-2.ulice:/usr/obj/usr/src/sys/MYKERNEL i386 >Description: Token-based authentication similar to mod_secdownload in LIGHTTPD. Have your script generate a token and let Apache handle the file transfer without having to pipe it through a script for security. >How-To-Repeat: >Fix: --- mod_auth_token.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # mod_auth_token # mod_auth_token/Makefile # mod_auth_token/pkg-descr # mod_auth_token/distinfo # mod_auth_token/pkg-deinstall # mod_auth_token/pkg-message # echo c - mod_auth_token mkdir -p mod_auth_token > /dev/null 2>&1 echo x - mod_auth_token/Makefile sed 's/^X//' >mod_auth_token/Makefile << '9f12235b8a9ec0e6dd5b3158e829e2fc' X# New ports collection makefile for: mod_auth_token X# Date created: 29 February 2012 X# Whom: fv X# X# $FreeBSD$ X# X XPORTNAME= mod_auth_token XPORTVERSION= 1.0.5 XCATEGORIES= www XMASTER_SITES= http://mod-auth-token.googlecode.com/files/ XMASTER_SITES+= http://ports.valder.cz/${PORTNAME:L}/ X XMAINTAINER= filip@valder.cz XCOMMENT= Token-based authentication similar to mod_secdownload in LIGHTTPD X XBUILD_DEPENDS= automake>=1.10:${PORTSDIR}/devel/automake X XUSE_APACHE= 22+ XAP_GENPLIST= yes XPLIST_FILES+= %%APACHEMODDIR%%/mod_auth_token.so X XUSE_AUTOTOOLS= aclocal:env automake:env libtool X Xpost-patch: X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/COPYING ${WRKSRC}/COPYING X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.guess ${WRKSRC}/config.guess X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.sub ${WRKSRC}/config.sub X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/install-sh ${WRKSRC}/install-sh X @${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/missing ${WRKSRC}/missing X Xpost-install: X @${CAT} ${WRKSRC}/README X X.include <bsd.port.mk> 9f12235b8a9ec0e6dd5b3158e829e2fc echo x - mod_auth_token/pkg-descr sed 's/^X//' >mod_auth_token/pkg-descr << '91039b76901d21b2a9e74a3142652e82' XToken-based authentication similar to mod_secdownload in LIGHTTPD. XHave your script generate a token and let Apache handle the file Xtransfer without having to pipe it through a script for security. X XWWW: http://code.google.com/p/mod-auth-token/ 91039b76901d21b2a9e74a3142652e82 echo x - mod_auth_token/distinfo sed 's/^X//' >mod_auth_token/distinfo << '4f40ad080ecb2bad0a7130d84dcd78d7' XSHA256 (mod_auth_token-1.0.5.tar.gz) = 85af5d3d9bf5fb01d1ba04c814de3b43660cb0bb54122517429113cdb2b198fe XSIZE (mod_auth_token-1.0.5.tar.gz) = 340355 4f40ad080ecb2bad0a7130d84dcd78d7 echo x - mod_auth_token/pkg-deinstall sed 's/^X//' >mod_auth_token/pkg-deinstall << 'cfd8bb91d9a91d905ba285ce084053e0' X#!/bin/sh X# X# $FreeBSD$ X# X Xsed -i.bak '/LoadModule.*mod_auth_token.so/d' /usr/local/etc/apache[0-9]*/httpd.conf cfd8bb91d9a91d905ba285ce084053e0 echo x - mod_auth_token/pkg-message sed 's/^X//' >mod_auth_token/pkg-message << '887de36e5961a0b4aa13e29fd511a720' X X This module uses token based authentication to secure downloads X and prevent deep-linking. X X Have your script or servlet generate a token to authenticate the X download and let Apache handle the file transfer without having X to pipe it through a script for security. X X You can find downloads, daily snapshots and support information at X http://www.synd.info/ X XUSAGE X X The token is an hex-encoded MD5 hash of the X secret password, relative file path and the timestamp. It is X encoded onto the URI as: X X <uri-prefix><token>/<timestamp-in-hex><rel-path> X X For example X X /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt X X where the token is generated as X X md5("secret" + "/path/to/file.txt" + dechex(time_now())) X X with the following configuration in httpd.conf X X <Location /protected/> X AuthTokenSecret "secret" X AuthTokenPrefix /protected/ X AuthTokenTimeout 60 X </Location X X The actual file would be located in X X /protected/path/to/file.txt X XCREDITS X X Implementation ideas were taken from mod_secdownload for LIGHTTPD X - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload 887de36e5961a0b4aa13e29fd511a720 exit --- mod_auth_token.shar ends here --- --------------030606060801070605070602 Content-Type: text/plain; name="=?ISO-8859-2?Q?=C8=E1st_p=F8ipojen=E9_zpr=E1vy?=" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0*=ISO-8859-2''%C8%E1%73%74%20%70%F8%69%70%6F%6A%65%6E%E9%20%7A; filename*1*=%70%72%E1%76%79 --------------030606060801070605070602-- >Release-Note: >Audit-Trail: >Unformatted: This is a multi-part message in MIME format. --------------030606060801070605070602 Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F4E9B2F.8010406>