Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

CGI server module?

by cavac (Parson)
on Apr 18, 2013 at 12:22 UTC ( [id://1029334]=perlquestion: print w/replies, xml ) Need Help??

cavac has asked for the wisdom of the Perl Monks concerning the following question:

I'm in the process of centralizing many (older) webservices into a single one (single sign on, central logging/auditing, coherent layout and user experience).

I rewrote most of them and/or integrated their function into the new system, but a few services are a rather complex CGI scripts (mostly source control stuff). What is the best ways to call them? I didn't find any CPAN module for calling external CGI scripts.

Any ideas?

"I know what i'm doing! Look, what could possibly go wrong? All i have to pull this lever like so, and then press this button here like ArghhhhhaaAaAAAaaagraaaAAaa!!!"

Replies are listed 'Best First'.
Re: CGI server module?
by blue_cowdawg (Monsignor) on Apr 18, 2013 at 14:36 UTC
        but a few services are a rather complex CGI scripts (mostly source control stuff). What is the best ways to call them? I didn't find any CPAN module for calling external CGI scripts.

    IMHO opinion if it ain't broke don't fix it. Then again some things need to be broken just so you can fix them. :-)

    I'm not sure what you mean by "call them" but if you mean dispatch the browser to them then I'd suggest a redirect which is part of CGI.

    If you really insist on refactoring those complex CGI scripts then turn them into modules that you reference from your centralized script.

    Another way to look at this: Your goal here appears to be providing logging/auditing and a single sign on. Bravo. But why do you need to centralize everything into once script (as implied by your post). No need of that. Here are some steps I'd proceed along:

    • Rip out of the "webservices" and CGI scripts any notion of controlling sign-on.
    • Add logic to check whatever method of sign-on you are using to verify that:
      1. Authentication has happened successfully
      2. The session is still valid
    • Make sure the sub-components do their logging in common with the rest of the components

    Whatever your implementation for authentication is using (e.g. LDAP, relational database, Active Directory, /etc/password, .htaccess.. whatever) make sure you generate a session ID for tracking purposes. Make sure you have a timeout function for those who sign in and then leave their browser unattended.

    create table session ( session_id integer not null primary key, session_key varchar(128) not null, userid varchar(10) not null, session_time bigint not null -- or whatever ); create index session_index on session(session_key,userid)
    there's a sample of a session table in a database that can be referenced by a Perl script to determine if a session has timed out. It goes something like this:
    # # when a submit happens check session time use CGI; use CGI::Carp; use DBI; my $cgi = CGI->new; my $dbh = DBI->connect('DBI:{driver}:{params}','userid','password') or die "Failed to connect to database" . $DBI::errstr; my $key = $cgi->param('session_key'); # # Force a login if no session key is present print $cgi->redirect('/cgi-bin/login.cgi') unless $key; # Retrieve session info my $sth = $dbh->prepare('select userid,session_time from session where + session_key = ?') or die $dbh->errstr; $sth->execute($key); my ($userid,$session_time) = $sth->fetchrow_array(); # # Empty results? Session is invalid print $cgi->redirect('/cgi-bin/login.cgi') unless ($userid) && ($sessi +on_time); my $now = time(0); my $passing=$now - $session_time; # Check to see if the session has timed out # if ( $passing > SESSION_TIMEOUT ) { # timeout happened; invalidate the session $sth=$dbh->prepare ('delete from session where session_key = ?') or die $dbh->errstr; $sth->execute($key); print $cgi->redirect('/cgi-bin/login.cgi'); } # # Session is valid, update the time stamp $sth=$dbh->prepare('update session set session_time = ?'); $sth->execute($now); # # and proceed on
    I'd make that code a method within a module that the rest of your code can get to.

    The other method you'd want to create in your module that checks sessions is a create_session method which generates a string [a-z0-9A-Z] which becomes your session_key.

    With all that in place each of your sub-components can now validate accesses against your authentication method without having to reauthenticate.

    Another piece of the puzzle would be logging for audit purposes. I'd create a singleton module to handle logging for consistency. One thought would be to log to a database but certainly a flat file would work. The one reason I'd consider a database is so you could create a web application with search abilities to audit activity.

    I think I've given you enough to chew on, but there's some thoughts for you.


    Peter L. Berghold -- Unix Professional
    Peter -at- Berghold -dot- Net; AOL IM redcowdawg Yahoo IM: blue_cowdawg
Re: CGI server module? (do not call)
by Anonymous Monk on Apr 18, 2013 at 12:26 UTC
Re: CGI server module?
by sundialsvc4 (Abbot) on Apr 18, 2013 at 14:55 UTC

    What I would generally do is this:

    First, shove the entire authentication/authorization problem off to LDAP (OpenDirectory), where it properly belongs in any organization of any size.   :-)   Apache/Nginix can interrogate those credentials to grant or to deny access on a site-basis.   (It can also make the user’s authenticated identity and authorized credentials known to the web application.)   IIS is especially good at this.

    Second, use redirects to send the user to a locally-defined destination such as, say, www.appname.mycompany.com.   Or some appropriate intra-net location.   Set up each application, more or less as-is, in each place.

    Yeah, you’re darn right ... you passed the buck.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://1029334]
Approved by dfaure
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2024-03-28 12:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found