t/lib-httpd/nph-custom-auth.sh - git - Git at Google

 #!/bin/sh

 VALID_CREDS_FILE=custom-auth.valid
 CHALLENGE_FILE=custom-auth.challenge

 #
 # If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
 # credential for the current request. Each line in the file is considered a
 # valid HTTP Authorization header value. For example:
 #
 # Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 #
 # If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
 # in a 401 response if no valid authentication credentials were included in the
 # request. For example:
 #
 # WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
 # WWW-Authenticate: Basic realm="example.com"
 #

 if test -n "$HTTP_AUTHORIZATION" && \
 	grep -Fqs "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
 then
 	idno=$(grep -F "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" | sed -e 's/^id=\([a-z0-9-][a-z0-9-]*\) .*$/\1/')
 	status=$(sed -ne "s/^id=$idno.*status=\\([0-9][0-9][0-9]\\).*\$/\\1/p" "$CHALLENGE_FILE" | head -n1)
 	# Note that although git-http-backend returns a status line, it
 	# does so using a CGI 'Status' header. Because this script is an
 	# No Parsed Headers (NPH) script, we must return a real HTTP
 	# status line.
 	# This is only a test script, so we don't bother to check for
 	# the actual status from git-http-backend and always return 200.
 	echo "HTTP/1.1 $status Nonspecific Reason Phrase"
 	if test "$status" -eq 200
 	then
 		exec "$GIT_EXEC_PATH"/git-http-backend
 	else
 		sed -ne "s/^id=$idno.*response=//p" "$CHALLENGE_FILE"
 		echo
 		exit
 	fi
 fi

 echo 'HTTP/1.1 401 Authorization Required'
 if test -f "$CHALLENGE_FILE"
 then
 	sed -ne 's/^id=default.*response=//p' "$CHALLENGE_FILE"
 fi
 echo
	#!/bin/sh

	VALID_CREDS_FILE=custom-auth.valid
	CHALLENGE_FILE=custom-auth.challenge

	#
	# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
	# credential for the current request. Each line in the file is considered a
	# valid HTTP Authorization header value. For example:
	#
	# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
	#
	# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
	# in a 401 response if no valid authentication credentials were included in the
	# request. For example:
	#
	# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
	# WWW-Authenticate: Basic realm="example.com"
	#

	if test -n "$HTTP_AUTHORIZATION" && \
	grep -Fqs "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
	then
	idno=$(grep -F "creds=${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" \| sed -e 's/^id=\([a-z0-9-][a-z0-9-]\) .$/\1/')
	status=$(sed -ne "s/^id=$idno.status=\\([0-9][0-9][0-9]\\).\$/\\1/p" "$CHALLENGE_FILE" \| head -n1)
	# Note that although git-http-backend returns a status line, it
	# does so using a CGI 'Status' header. Because this script is an
	# No Parsed Headers (NPH) script, we must return a real HTTP
	# status line.
	# This is only a test script, so we don't bother to check for
	# the actual status from git-http-backend and always return 200.
	echo "HTTP/1.1 $status Nonspecific Reason Phrase"
	if test "$status" -eq 200
	then
	exec "$GIT_EXEC_PATH"/git-http-backend
	else
	sed -ne "s/^id=$idno.*response=//p" "$CHALLENGE_FILE"
	echo
	exit
	fi
	fi

	echo 'HTTP/1.1 401 Authorization Required'
	if test -f "$CHALLENGE_FILE"
	then
	sed -ne 's/^id=default.*response=//p' "$CHALLENGE_FILE"
	fi
	echo