ports/165565: New port: www/mod_auth_token Token-based
 authentication similar to mod_secdownload in LIGHTTPD
    Filip Valder 
    filip.valder at vsb.cz
       
    Wed Feb 29 22:10:13 UTC 2012
    
    
  
The following reply was made to PR ports/165565; it has been noted by GNATS.
From: Filip Valder <filip.valder at vsb.cz>
To: bug-followup at FreeBSD.org, filip at valder.cz
Cc:  
Subject: Re: ports/165565: New port: www/mod_auth_token Token-based authentication
 similar to mod_secdownload in LIGHTTPD
Date: Wed, 29 Feb 2012 23:10:00 +0100
 This is a multi-part message in MIME format.
 --------------020109090804050307090101
 Content-Type: text/plain; charset=ISO-8859-2; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Hi.
 
 I've got some problem with my public PTR record (maintained by my ISP). 
 FreeBSD.org MXs don't accept mail from me, so I re-sent it using another 
 mailbox, but the message was corrupted (as I expected :-)). I've 
 attached the original message to his mail. It has got the right headers, 
 consistent shar file etc...
 
 Sorry for the inconvenience... My first porting...
 
 Cheers,
 Filip
 
 --------------020109090804050307090101
 Content-Type: message/rfc822;
  name="mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD.eml"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename*0="mod_auth_token Token-based authentication similar to mod_sec";
  filename*1="download in LIGHTTPD.eml"
 
 Received: from postak.ulice (postak.ulice [192.168.1.252])
 	by smtp.svetdoma.cz (Postfix) with ESMTP id D18D5427DDD;
 	Wed, 29 Feb 2012 22:21:43 +0100 (CET)
 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=valder.cz; h=
 	reply-to:from:from:subject:subject:message-id:date:date:received
 	:received:received:received; s=dkim; t=1330550497; x=1332364898;
 	 bh=f4lCZ3DyUYs4Us0dcUkba9qvnplo7UrY78hvd5yv7is=; b=bzhlDJeBmvYI
 	JrT7C9DnDlQkxoMq0sZetM5Q1Zre5Wxapi2jFggxKi3srybdZ0BDcIAmq/gbdWy9
 	gqf0ICh5Rsut2W+w9UeG2U6lWioguGRXhd1ZIZxaGXqhok7VUTL8vctI5HzGEWrM
 	us+Nz32T3O4crEQrPs/lNeiEu1ika/Q=
 Received: from smtp.svetdoma.cz ([192.168.1.252])
 	by postak.ulice (smtp.svetdoma.cz [192.168.1.252]) (amavisd-new, port 10026)
 	with ESMTP id Rj-eZQlkXKlA; Wed, 29 Feb 2012 22:21:37 +0100 (CET)
 Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253])
 	by smtp.svetdoma.cz (Postfix) with ESMTPS id C62D8427D54;
 	Wed, 29 Feb 2012 22:21:37 +0100 (CET)
 Received: from ulicnik.ulice (ulicnik.ulice [192.168.1.253])
 	by ulicnik.ulice (8.14.3/8.14.3) with ESMTP id q1TLLbw1023075;
 	Wed, 29 Feb 2012 22:21:37 +0100 (CET)
 	(envelope-from root at ulicnik.ulice)
 Received: (from root at localhost)
 	by ulicnik.ulice (8.14.3/8.14.3/Submit) id q1TLLbHc023074;
 	Wed, 29 Feb 2012 22:21:37 +0100 (CET)
 	(envelope-from root)
 Date: Wed, 29 Feb 2012 22:21:37 +0100 (CET)
 Message-Id: <201202292121.q1TLLbHc023074 at ulicnik.ulice>
 To: FreeBSD-gnats-submit at freebsd.org
 Subject: New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD
 From: Filip Valder <filip at valder.cz>
 Reply-To: Filip Valder <filip at valder.cz>
 Cc: Filip Valder <filip at valder.cz>
 X-send-pr-version: 3.113
 X-GNATS-Notify: 
 
 
 >Submitter-Id:	fv
 >Originator:	Filip Valder
 >Organization:	ULICE.SvetDoma.cz
 >Confidential:	no
 >Synopsis:	New port: www/mod_auth_token Token-based authentication similar to mod_secdownload in LIGHTTPD
 >Severity:	non-critical
 >Priority:	medium
 >Category:	ports
 >Class:		change-request
 >Release:	FreeBSD 8.2-RELEASE i386
 >Environment:
 System: FreeBSD ulicnik.ulice 8.2-RELEASE FreeBSD 8.2-RELEASE #1: Sat Dec 3 23:35:47 CET 2011 root at hlidac-ha-2.ulice:/usr/obj/usr/src/sys/MYKERNEL i386
 >Description:
 Token-based authentication similar to mod_secdownload in LIGHTTPD.
 Have your script generate a token and let Apache handle the file
 transfer without having to pipe it through a script for security.
 >How-To-Repeat:
 >Fix:
 --- mod_auth_token.shar begins here ---
 # This is a shell archive.  Save it in a file, remove anything before
 # this line, and then unpack it by entering "sh file".  Note, it may
 # create directories; files and directories will be owned by you and
 # have default permissions.
 #
 # This archive contains:
 #
 #	mod_auth_token
 #	mod_auth_token/Makefile
 #	mod_auth_token/pkg-descr
 #	mod_auth_token/distinfo
 #	mod_auth_token/pkg-deinstall
 #	mod_auth_token/pkg-message
 #
 echo c - mod_auth_token
 mkdir -p mod_auth_token > /dev/null 2>&1
 echo x - mod_auth_token/Makefile
 sed 's/^X//' >mod_auth_token/Makefile << '9f12235b8a9ec0e6dd5b3158e829e2fc'
 X# New ports collection makefile for:	mod_auth_token
 X# Date created:				29 February 2012
 X# Whom:					fv
 X#
 X# $FreeBSD$
 X#
 X
 XPORTNAME=	mod_auth_token
 XPORTVERSION=	1.0.5
 XCATEGORIES=	www
 XMASTER_SITES=	http://mod-auth-token.googlecode.com/files/
 XMASTER_SITES+=	http://ports.valder.cz/${PORTNAME:L}/
 X
 XMAINTAINER=	filip at valder.cz
 XCOMMENT=	Token-based authentication similar to mod_secdownload in LIGHTTPD
 X
 XBUILD_DEPENDS=	automake>=1.10:${PORTSDIR}/devel/automake
 X
 XUSE_APACHE=	22+
 XAP_GENPLIST=	yes
 XPLIST_FILES+=	%%APACHEMODDIR%%/mod_auth_token.so
 X
 XUSE_AUTOTOOLS=	aclocal:env automake:env libtool
 X
 Xpost-patch:
 X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/COPYING ${WRKSRC}/COPYING
 X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.guess ${WRKSRC}/config.guess
 X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/config.sub ${WRKSRC}/config.sub
 X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/install-sh ${WRKSRC}/install-sh
 X	@${LN} -f -s ${PREFIX}/share/automake-${AUTOMAKE_VERSION}/missing ${WRKSRC}/missing
 X
 Xpost-install:
 X	@${CAT} ${WRKSRC}/README
 X
 X.include <bsd.port.mk>
 9f12235b8a9ec0e6dd5b3158e829e2fc
 echo x - mod_auth_token/pkg-descr
 sed 's/^X//' >mod_auth_token/pkg-descr << '91039b76901d21b2a9e74a3142652e82'
 XToken-based authentication similar to mod_secdownload in LIGHTTPD.
 XHave your script generate a token and let Apache handle the file
 Xtransfer without having to pipe it through a script for security.
 X
 XWWW: http://code.google.com/p/mod-auth-token/
 91039b76901d21b2a9e74a3142652e82
 echo x - mod_auth_token/distinfo
 sed 's/^X//' >mod_auth_token/distinfo << '4f40ad080ecb2bad0a7130d84dcd78d7'
 XSHA256 (mod_auth_token-1.0.5.tar.gz) = 85af5d3d9bf5fb01d1ba04c814de3b43660cb0bb54122517429113cdb2b198fe
 XSIZE (mod_auth_token-1.0.5.tar.gz) = 340355
 4f40ad080ecb2bad0a7130d84dcd78d7
 echo x - mod_auth_token/pkg-deinstall
 sed 's/^X//' >mod_auth_token/pkg-deinstall << 'cfd8bb91d9a91d905ba285ce084053e0'
 X#!/bin/sh
 X#
 X# $FreeBSD$
 X#
 X
 Xsed -i.bak '/LoadModule.*mod_auth_token.so/d' /usr/local/etc/apache[0-9]*/httpd.conf
 cfd8bb91d9a91d905ba285ce084053e0
 echo x - mod_auth_token/pkg-message
 sed 's/^X//' >mod_auth_token/pkg-message << '887de36e5961a0b4aa13e29fd511a720'
 X
 X  This module uses token based authentication to secure downloads 
 X  and prevent deep-linking. 
 X
 X  Have your script or servlet generate a token to authenticate the 
 X  download and let Apache handle the file transfer without having 
 X  to pipe it through a script for security.
 X  
 X  You can find downloads, daily snapshots and support information at
 X    http://www.synd.info/
 X
 XUSAGE
 X
 X  The token is an hex-encoded MD5 hash of the 
 X  secret password, relative file path and the timestamp. It is 
 X  encoded onto the URI as:
 X
 X    <uri-prefix><token>/<timestamp-in-hex><rel-path>
 X
 X  For example
 X  
 X    /protected/dee0ed6174a894113d5e8f6c98f0e92b/43eaf9c5/path/to/file.txt
 X
 X  where the token is generated as 
 X
 X    md5("secret" + "/path/to/file.txt" + dechex(time_now()))
 X
 X  with the following configuration in httpd.conf
 X
 X    <Location /protected/>
 X      AuthTokenSecret       "secret"
 X      AuthTokenPrefix       /protected/
 X      AuthTokenTimeout      60
 X    </Location
 X
 X  The actual file would be located in
 X  
 X    /protected/path/to/file.txt
 X
 XCREDITS
 X
 X  Implementation ideas were taken from mod_secdownload for LIGHTTPD
 X    - http://trac.lighttpd.net/trac/wiki/Docs%3AModSecDownload
 887de36e5961a0b4aa13e29fd511a720
 exit
 --- mod_auth_token.shar ends here ---
 
 
 
 --------------020109090804050307090101--
    
    
More information about the freebsd-apache
mailing list