mirror of https://github.com/LilithSec/Web-ACL.git
Zane C. B-H
0f244038c4
|
||
|---|---|---|
| lib/Web | ||
| t | ||
| .gitignore | ||
| Changes | ||
| LICENSE | ||
| MANIFEST | ||
| Makefile.PL | ||
| README.md | ||
README.md
Web-ACL
A helper for creating basic apikey/slug/IP based ACLs.
Slugs should be though of as a freeform field for use function names or the like.
use Web::ACL;
my $acl = Web::ACL->new(acl=>{
fooBar=>{
ip_auth => 1,
slug_auth => 0,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => [],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => [],
},
derp=>{
ip_auth => 1,
slug_auth => 1,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => ['10.0.10.0/24'],
},
derpderp=>{
ip_auth => 0,
slug_auth => 1,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
});
my $results=$acl->check(
apikey=>'a_test',
ip=>'10.1.3.4',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['not_derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
ACL HASH
The ACL hash is a hash of hashes. The keys for primary hash are API keys. The keys for the subhashes are as below.
Slugs should be though of a freeform text field for access check. Function name or whatever.
- ip_auth :: Use IP for authing. If false, the IP will not be checked.
- Default :: 0
- slug_auth :; Use the slug for authing. If false it won't be checked.
- Default :: 0
- require_ip :: Require a value for IP to be specified.
- Default :: 0
- require_slug :: Require a value for slug to be specified.
- Default :: 0
- final :: The return value for if none of the auth checks are denied.
- Default for 'undef'/'nonexistent' apikeys:: 0
- Default for other apikeys:: 1
- slugs :; Slugs that are allowed for access.
- Default :: []
- slugs_regex :: Regexps to check slug values against.
- Default :: []
- allow_subnets :: Allowed subnets for remote IPs. This is a array of CIDRs.
- Default :: []
- deny_subnets :: Denied subnets for remote IPs. This is a array of CIDRs.
- Default :: []
There are two special ones for the ACL hash. Those are undef and
nonexistent and they should not be used as API keys. These are for
in the instances that the apikey for the checkis undef or if specified
and does not exist nonexistent is used.
By default they are as below.
{
'undef' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
'nonexistent' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
}