ports/165565: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD

Filip Valder filip.valder at vsb.cz
Wed Feb 29 21:40:17 UTC 2012 

>Number:         165565
>Category:       ports
>Synopsis:       New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 29 21:40:16 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Filip Valder
>Release:        FreeBSD 8.2-RELEASE i386
>Organization:
ULICE.SvetDoma.cz
>Environment:
System: FreeBSD ulicnik.ulice 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Sat 
Dec 3 23:35:47 CET 2011 
root at hlidac-ha-2.ulice:/usr/obj/usr/src/sys/MYKERNEL i386
>Description:
Token-based authentication similar to mod_secdownload in LIGHTTPD.
Have your script generate a token and let Apache handle the file
transfer without having to pipe it through a script for security.
>How-To-Repeat:
>Fix:
--- mod_auth_token.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	mod_auth_token
#	mod_auth_token/Makefile
#	mod_auth_token/pkg-descr
#	mod_auth_token/distinfo
#	mod_auth_token/pkg-deinstall
#	mod_auth_token/pkg-message
#
echo c - mod_auth_token
mkdir -p mod_auth_token > /dev/null 2>&1
echo x - mod_auth_token/Makefile
sed 's/^X//' >mod_auth_token/Makefile << '9f12235b8a9ec0e6dd5b3158e829e2fc'
X# New ports collection makefile for:	mod_auth_token
X# Date created:				29 February 2012
X# Whom:					fv
X#
X# $FreeBSD$
X#
X
XPORTNAME=	mod_auth_token
XPORTVERSION=	1.0.5
XCATEGORIES=	www
XMASTER_SITES=	http://mod-auth-token.googlecode.com/files/
XMASTER_SITES+=	http://ports.valder.cz/${PORTNAME:L}/
X
XMAINTAINER=	filip at valder.cz
XCOMMENT=	Token-based authentication similar to mod_secdownload in LIGHTTPD
X
XBUILD_DEPENDS=	automake>=1.10:${PORTSDIR}/devel/automake
X
XUSE_APACHE=	22+
XAP_GENPLIST=	yes
XPLIST_FILES+=	%%APACHEMODDIR%%/mod_auth_token.so
X
XUSE_AUTOTOOLS=	aclocal:env automake:env libtool
X
Xpost-patch:
X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/COPYING 
${WRKSRC}/COPYING
X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.guess 
${WRKSRC}/config.guess
X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.sub 
${WRKSRC}/config.sub
X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/install-sh 
${WRKSRC}/install-sh
X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/missing 
${WRKSRC}/missing
X
Xpost-install:
X	@${CAT} ${WRKSRC}/README
X
X.include <bsd.port.mk>
9f12235b8a9ec0e6dd5b3158e829e2fc
echo x - mod_auth_token/pkg-descr
sed 's/^X//' >mod_auth_token/pkg-descr << '91039b76901d21b2a9e74a3142652e82'
XToken-based authentication similar to mod_secdownload in LIGHTTPD.
XHave your script generate a token and let Apache handle the file
Xtransfer without having to pipe it through a script for security.
X
XWWW: http://code.google.com/p/mod-auth-token/
91039b76901d21b2a9e74a3142652e82
echo x - mod_auth_token/distinfo
sed 's/^X//' >mod_auth_token/distinfo << '4f40ad080ecb2bad0a7130d84dcd78d7'
XSHA256 (mod_auth_token-1.0.5.tar.gz) = 
85af5d3d9bf5fb01d1ba04c814de3b43660cb0bb54122517429113cdb2b198fe
XSIZE (mod_auth_token-1.0.5.tar.gz) = 340355
4f40ad080ecb2bad0a7130d84dcd78d7
echo x - mod_auth_token/pkg-deinstall
sed 's/^X//' >mod_auth_token/pkg-deinstall << 
'cfd8bb91d9a91d905ba285ce084053e0'
X#!/bin/sh
X#
X# $FreeBSD$
X#
X
Xsed -i.bak '/LoadModule.*mod_auth_token.so/d' 
/usr/local/etc/apache[0-9]*/httpd.conf
cfd8bb91d9a91d905ba285ce084053e0
echo x - mod_auth_token/pkg-message
sed 's/^X//' >mod_auth_token/pkg-message << 
'887de36e5961a0b4aa13e29fd511a720'
X
X  This module uses token based authentication to secure downloads X 
and prevent deep-linking. X
X  Have your script or servlet generate a token to authenticate the X 
download and let Apache handle the file transfer without having X  to 
pipe it through a script for security.
X  X  You can find downloads, daily snapshots and support information at
X    http://www.synd.info/
X
XUSAGE
X
X  The token is an hex-encoded MD5 hash of the X  secret password, 
relative file path and the timestamp. It is X  encoded onto the URI as:
X
X    <uri-prefix><token>/<timestamp-in-hex><rel-path>
X
X  For example
X  X 
/protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt
X
X  where the token is generated as X
X    md5("secret" + "/path/to/file.txt" + dechex(time_now()))
X
X  with the following configuration in httpd.conf
X
X    <Location /protected/>
X      AuthTokenSecret       "secret"
X      AuthTokenPrefix       /protected/
X      AuthTokenTimeout      60
X    </Location
X
X  The actual file would be located in
X  X    /protected/path/to/file.txt
X
XCREDITS
X
X  Implementation ideas were taken from mod_secdownload for LIGHTTPD
X    - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload
887de36e5961a0b4aa13e29fd511a720
exit
--- mod_auth_token.shar ends here ---



--------------030606060801070605070602
Content-Type: text/plain;
 name="=?ISO-8859-2?Q?=C8=E1st_p=F8ipojen=E9_zpr=E1vy?="
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename*0*=ISO-8859-2''%C8%E1%73%74%20%70%F8%69%70%6F%6A%65%6E%E9%20%7A;
 filename*1*=%70%72%E1%76%79


--------------030606060801070605070602--
>Release-Note:
>Audit-Trail:
>Unformatted:
 This is a multi-part message in MIME format.
 --------------030606060801070605070602
 Content-Type: text/plain; charset=ISO-8859-2; format=flowed
 Content-Transfer-Encoding: 7bit

More information about the freebsd-ports-bugs mailing list