[GitHub] incubator-trafficcontrol pull request #562: Will not try to download lua fil...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/562


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #562: Will not try to download lua fil...

2017-05-09 Thread dg4prez 
GitHub user dg4prez opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/562

Will not try to download lua files referenced in remap.config

This ignores lua files when processing the remap.config, and does not 
attempt to download them.  They will still be downloaded if added as a take and 
bake parameter file.

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/dg4prez/incubator-trafficcontrol 
ort_skip_missing_files

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/562.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #562


commit 12c70068b0b987ba526b610d8eaf34780ffd2c82
Author: Derek Gelinas 
Date:   2017-05-09T20:47:50Z

Will not try to download lua files referenced in remap.config




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #557: [TC-278] postinstall -defaults o...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/557


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #555: run dispersion sleep after updat...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/555


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #554: add some sorting to parent confi...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/554


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #553: prevents DB update error when us...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/553


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #551: API GW phase 0 (depends on PR #5...

2017-05-09 Thread rob05c 
Github user rob05c commented on a diff in the pull request:


https://github.com/apache/incubator-trafficcontrol/pull/551#discussion_r115551147
  
--- Diff: traffic_ops/experimental/webfront/webfront.go ---
@@ -122,188 +145,311 @@ func main() {
Logger.Fatal(http.ListenAndServeTLS(":" + 
strconv.Itoa(int(config.ListenPort)), "server.pem", "server.key", s))
 }
 
-func validateToken(tokenString string) (*jwt.Token, error) {
-
-   tokenString = strings.Replace(tokenString, "Bearer ", "", 1)
-   token, err := jwt.ParseWithClaims(tokenString, {}, func(token 
*jwt.Token) (interface{}, error) {
-   if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-   return nil, fmt.Errorf("Unexpected signing method: %v", 
token.Header["alg"])
-   }
-   return []byte(os.Args[2]), nil
-   })
-   return token, err
-}
-
-// NewServer constructs a Server that reads rules from file with a period
-// specified by poll.
+// NewServer constructs a Server that reads Rules from file with a period 
+// specified by poll
 func NewServer(file string, poll time.Duration) (*Server, error) {
s := new(Server)
if err := s.loadRules(file); err != nil {
-   Logger.Fatal("Error loading rules file: ", err)
+   Logger.Fatal(fmt.Errorf("Load rules failed: %s", err))
}
go s.refreshRules(file, poll)
return s, nil
 }
 
-// ServeHTTP matches the Request with a Rule and, if found, serves the
-// request with the Rule's handler. If the rule's secure field is true, it 
will
-// only allow access if the request has a valid JWT bearer token.
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+// loadRules tests whether file has been modified since its last invocation
+// and, if so, loads the rule set from file.
+func (s *Server) loadRules(file string) error {
 
-   rule := s.getRule(r)
-   if rule == nil {
-   Logger.Printf("%v %v No mapping in rules file!", r.Method, 
r.URL.RequestURI())
-   http.Error(w, "Not found", http.StatusNotFound)
-   return
+   fi, err := os.Stat(file)
+   if err != nil {
+   return err
}
 
-   isAuthorized := false
+   mtime := fi.ModTime()
+   if !mtime.After(s.last) && s.Rules != nil {
+   return nil // no change
+   }
 
-   if rule.Secure {
-   tokenValid := false
-   token, err := validateToken(r.Header.Get("Authorization"))
+   Rules, err := parseRules(file)
+   if err != nil {
+   return err
+   }
 
-   if err == nil {
-   tokenValid = true
-   } else {
-   Logger.Println("Token Error:", err.Error())
+   s.mu.Lock()
+   s.last = mtime
+   s.Rules = Rules
+   s.mu.Unlock()
+   return nil
+}
+
+// refreshRules polls file periodically and refreshes the Server's rule set
+// if the file has been modified.
+func (s *Server) refreshRules(file string, poll time.Duration) {
+   for {
+   if err := s.loadRules(file); err != nil {
+   Logger.Printf("Refresh rules failed: %s", err)
}
+   time.Sleep(poll)
+   }
+}
 
-   if !tokenValid {
-   Logger.Printf("%v %v Valid token required, but none 
found!", r.Method, r.URL.RequestURI())
-   w.WriteHeader(http.StatusForbidden)
-   return
+// parseRules reads rule definitions from file, constructs the rule 
handlers,
+// and returns the resultant rules.
+func parseRules(file string) ([]*FwdRule, error) {
+
+   f, err := os.Open(file)
+   if err != nil {
+   return nil, err
+   }
+   defer f.Close()
+
+   Logger.Printf("Loading rules file: %s", file)
+
+   var rules []*FwdRule
+   if err := json.NewDecoder(f).Decode(); err != nil {
+   return nil, err
+   }
+
+   for _, r := range rules {
+
+   if r.Auth {
+   r.routes, err = parseRoutes(r.RoutesFile)
+   if err != nil {
+   Logger.Printf("Skip rule %s ERROR: %s", r.Path, 
err)
+   continue
+   }   
}
 
-   claims, ok := token.Claims.(*Claims)
-   if !ok {
-   Logger.Printf("%v %v Valid token found, but cannot 
parse claims!", r.Method, r.URL.RequestURI())
-   w.WriteHeader(http.StatusForbidden)
-   return
+   r.handler, err = makeHandler(r)
+   if err != nil {
+   Logger.Printf("Skip rule %s

[GitHub] incubator-trafficcontrol pull request #560: Updated Contribution.md and adde...

2017-05-09 Thread ashish-timilsina 
GitHub user ashish-timilsina opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/560

Updated Contribution.md and added a new folder for cdn scripts



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ashish-timilsina/incubator-trafficcontrol 
master

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/560.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #560


commit a553ed50fdfbdcfabc70b74e2890944dbeb3c250
Author: at9418 
Date:   2017-03-10T18:51:47Z

Organized the sections

commit 4fa93ae4d7e6c76f654cccb0be6cdf72fdb631f8
Author: at9418 
Date:   2017-03-10T18:57:37Z

Update CONTRIBUTING.md

commit 09a32e3fe44d474858f2fb0b98d414be0945f407
Author: Ashish Timilsina 
Date:   2017-03-13T13:36:55Z

Update CONTRIBUTING.md

commit 2684eb2524654be45992571af9d107e49236bd61
Author: Ashish Timilsina 
Date:   2017-03-13T13:43:14Z

Update CONTRIBUTING.md

commit 665f971e397ed62f3f17c17d545a99afa779ef36
Author: Ashish Timilsina 
Date:   2017-03-13T14:01:01Z

Update CONTRIBUTING.md

commit cc2bb2e8e832a7730eb6be9c314a93af7e7e
Author: Ashish Timilsina 
Date:   2017-03-13T14:08:29Z

Update CONTRIBUTING.md

commit cafd28193b151c1d3ac180044e0975739b4d1149
Author: Ashish Timilsina 
Date:   2017-05-09T15:39:26Z

Merge remote-tracking branch 'apache/master'

commit eabd04bc5e96a0573214357cd13bffd25b6be56b
Author: Ashish Timilsina 
Date:   2017-05-09T16:01:15Z

added mojokey script

commit b8ce5bc25cbf16f2bf3a74b7d9b93f4869834057
Author: Ashish Timilsina 
Date:   2017-05-09T16:04:51Z

updated readme

commit 5119b4f37c2d1476b2c92d7dc64092ee77318b6b
Author: Ashish Timilsina 
Date:   2017-05-09T16:36:08Z

updated contribution page




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol issue #537: made changes to support seeds cleanup

2017-05-09 Thread dewrich 
Github user dewrich commented on the issue:

https://github.com/apache/incubator-trafficcontrol/pull/537
  
In reference to JIRA: https://issues.apache.org/jira/browse/TC-279


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (TC-64) TO experimental SPA application

2017-05-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/TC-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16002843#comment-16002843
 ] 

ASF GitHub Bot commented on TC-64:
--

GitHub user mitchell852 opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/559

[TC-64] - to exp - changes mount point for ssl certs



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mitchell852/incubator-trafficcontrol 
tc-64-docker-compose

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/559.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #559


commit a6acc476564be0ca237b2a92f498b9b4d8efd254
Author: Jeremy Mitchell 
Date:   2017-05-09T15:08:09Z

changes mount point for ssl certs




> TO experimental SPA application
> ---
>
> Key: TC-64
> URL: https://issues.apache.org/jira/browse/TC-64
> Project: Traffic Control
>  Issue Type: Improvement
>  Components: Traffic Ops, Traffic Ops API
>Reporter: Jeremy Mitchell
>Assignee: Jeremy Mitchell
>Priority: Minor
>
> At the 2016 Traffic Control summit, a prototype of a SPA application 
> developed by [~mitchell...@apache.org] using AngularJS was demo'd that works 
> entirely on top of the TO API.
> This issue is a placeholder for any work done to this prototype / 
> experimental UI. The goal is to replicate the functionality of the current 
> MVC TO UI. nothing more, nothing less.
> This will require some additions to the TO API. look for issues regarding 
> each API addition.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] incubator-trafficcontrol pull request #559: [TC-64] - to exp - changes mount...

2017-05-09 Thread mitchell852 
GitHub user mitchell852 opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/559

[TC-64] - to exp - changes mount point for ssl certs



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mitchell852/incubator-trafficcontrol 
tc-64-docker-compose

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/559.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #559


commit a6acc476564be0ca237b2a92f498b9b4d8efd254
Author: Jeremy Mitchell 
Date:   2017-05-09T15:08:09Z

changes mount point for ssl certs




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Created] (TC-279) Postinstall Sample Profiles out of date

2017-05-09 Thread Dewayne Richardson (JIRA) 
Dewayne Richardson created TC-279:
-

 Summary: Postinstall Sample Profiles out of date
 Key: TC-279
 URL: https://issues.apache.org/jira/browse/TC-279
 Project: Traffic Control
  Issue Type: Improvement
  Components: Traffic Ops
Affects Versions: 2.1.0
Reporter: Dewayne Richardson
Priority: Minor
 Fix For: 2.1.0


The existing sample profiles need to be update and the process documented



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] incubator-trafficcontrol pull request #558: [TC-64] - to exp ui - hooks up r...

2017-05-09 Thread asfgit 
Github user asfgit closed the pull request at:

https://github.com/apache/incubator-trafficcontrol/pull/558


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[jira] [Commented] (TC-64) TO experimental SPA application

2017-05-09 Thread ASF GitHub Bot (JIRA) 

[ 
https://issues.apache.org/jira/browse/TC-64?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16002714#comment-16002714
 ] 

ASF GitHub Bot commented on TC-64:
--

GitHub user mitchell852 opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/558

[TC-64] - to exp ui - hooks up routing methods component



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mitchell852/incubator-trafficcontrol 
tc-64-to-exp-dashboard

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/558.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #558


commit 405b74b4c54ffa0ce037de9d7dd178de73acfcb3
Author: Jeremy Mitchell 
Date:   2017-05-09T02:22:36Z

updates libraries, rewrites https redirect and mounts directory to access 
ssl certs from docker

commit 5d5c1895e3eccfd3e2765269098691c69dcd78f4
Author: Jeremy Mitchell 
Date:   2017-05-09T13:51:39Z

hooks up routing methods component




> TO experimental SPA application
> ---
>
> Key: TC-64
> URL: https://issues.apache.org/jira/browse/TC-64
> Project: Traffic Control
>  Issue Type: Improvement
>  Components: Traffic Ops, Traffic Ops API
>Reporter: Jeremy Mitchell
>Assignee: Jeremy Mitchell
>Priority: Minor
>
> At the 2016 Traffic Control summit, a prototype of a SPA application 
> developed by [~mitchell...@apache.org] using AngularJS was demo'd that works 
> entirely on top of the TO API.
> This issue is a placeholder for any work done to this prototype / 
> experimental UI. The goal is to replicate the functionality of the current 
> MVC TO UI. nothing more, nothing less.
> This will require some additions to the TO API. look for issues regarding 
> each API addition.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[GitHub] incubator-trafficcontrol pull request #558: [TC-64] - to exp ui - hooks up r...

2017-05-09 Thread mitchell852 
GitHub user mitchell852 opened a pull request:

https://github.com/apache/incubator-trafficcontrol/pull/558

[TC-64] - to exp ui - hooks up routing methods component



You can merge this pull request into a Git repository by running:

$ git pull https://github.com/mitchell852/incubator-trafficcontrol 
tc-64-to-exp-dashboard

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/incubator-trafficcontrol/pull/558.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #558


commit 405b74b4c54ffa0ce037de9d7dd178de73acfcb3
Author: Jeremy Mitchell 
Date:   2017-05-09T02:22:36Z

updates libraries, rewrites https redirect and mounts directory to access 
ssl certs from docker

commit 5d5c1895e3eccfd3e2765269098691c69dcd78f4
Author: Jeremy Mitchell 
Date:   2017-05-09T13:51:39Z

hooks up routing methods component




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #551: API GW phase 0 (depends on PR #5...

2017-05-09 Thread amiryesh 
Github user amiryesh commented on a diff in the pull request:


https://github.com/apache/incubator-trafficcontrol/pull/551#discussion_r115421714
  
--- Diff: traffic_ops/experimental/webfront/webfront.go ---
@@ -122,188 +145,311 @@ func main() {
Logger.Fatal(http.ListenAndServeTLS(":" + 
strconv.Itoa(int(config.ListenPort)), "server.pem", "server.key", s))
 }
 
-func validateToken(tokenString string) (*jwt.Token, error) {
-
-   tokenString = strings.Replace(tokenString, "Bearer ", "", 1)
-   token, err := jwt.ParseWithClaims(tokenString, {}, func(token 
*jwt.Token) (interface{}, error) {
-   if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-   return nil, fmt.Errorf("Unexpected signing method: %v", 
token.Header["alg"])
-   }
-   return []byte(os.Args[2]), nil
-   })
-   return token, err
-}
-
-// NewServer constructs a Server that reads rules from file with a period
-// specified by poll.
+// NewServer constructs a Server that reads Rules from file with a period 
+// specified by poll
 func NewServer(file string, poll time.Duration) (*Server, error) {
--- End diff --

Added as TODO


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-trafficcontrol pull request #551: API GW phase 0 (depends on PR #5...

2017-05-09 Thread amiryesh 
Github user amiryesh commented on a diff in the pull request:


https://github.com/apache/incubator-trafficcontrol/pull/551#discussion_r115421632
  
--- Diff: traffic_ops/experimental/webfront/webfront.go ---
@@ -122,188 +145,311 @@ func main() {
Logger.Fatal(http.ListenAndServeTLS(":" + 
strconv.Itoa(int(config.ListenPort)), "server.pem", "server.key", s))
 }
 
-func validateToken(tokenString string) (*jwt.Token, error) {
-
-   tokenString = strings.Replace(tokenString, "Bearer ", "", 1)
-   token, err := jwt.ParseWithClaims(tokenString, {}, func(token 
*jwt.Token) (interface{}, error) {
-   if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-   return nil, fmt.Errorf("Unexpected signing method: %v", 
token.Header["alg"])
-   }
-   return []byte(os.Args[2]), nil
-   })
-   return token, err
-}
-
-// NewServer constructs a Server that reads rules from file with a period
-// specified by poll.
+// NewServer constructs a Server that reads Rules from file with a period 
+// specified by poll
 func NewServer(file string, poll time.Duration) (*Server, error) {
s := new(Server)
if err := s.loadRules(file); err != nil {
-   Logger.Fatal("Error loading rules file: ", err)
+   Logger.Fatal(fmt.Errorf("Load rules failed: %s", err))
}
go s.refreshRules(file, poll)
return s, nil
 }
 
-// ServeHTTP matches the Request with a Rule and, if found, serves the
-// request with the Rule's handler. If the rule's secure field is true, it 
will
-// only allow access if the request has a valid JWT bearer token.
-func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+// loadRules tests whether file has been modified since its last invocation
+// and, if so, loads the rule set from file.
+func (s *Server) loadRules(file string) error {
 
-   rule := s.getRule(r)
-   if rule == nil {
-   Logger.Printf("%v %v No mapping in rules file!", r.Method, 
r.URL.RequestURI())
-   http.Error(w, "Not found", http.StatusNotFound)
-   return
+   fi, err := os.Stat(file)
+   if err != nil {
+   return err
}
 
-   isAuthorized := false
+   mtime := fi.ModTime()
+   if !mtime.After(s.last) && s.Rules != nil {
+   return nil // no change
+   }
 
-   if rule.Secure {
-   tokenValid := false
-   token, err := validateToken(r.Header.Get("Authorization"))
+   Rules, err := parseRules(file)
+   if err != nil {
+   return err
+   }
 
-   if err == nil {
-   tokenValid = true
-   } else {
-   Logger.Println("Token Error:", err.Error())
+   s.mu.Lock()
+   s.last = mtime
+   s.Rules = Rules
+   s.mu.Unlock()
+   return nil
+}
+
+// refreshRules polls file periodically and refreshes the Server's rule set
+// if the file has been modified.
+func (s *Server) refreshRules(file string, poll time.Duration) {
+   for {
+   if err := s.loadRules(file); err != nil {
+   Logger.Printf("Refresh rules failed: %s", err)
}
+   time.Sleep(poll)
+   }
+}
 
-   if !tokenValid {
-   Logger.Printf("%v %v Valid token required, but none 
found!", r.Method, r.URL.RequestURI())
-   w.WriteHeader(http.StatusForbidden)
-   return
+// parseRules reads rule definitions from file, constructs the rule 
handlers,
+// and returns the resultant rules.
+func parseRules(file string) ([]*FwdRule, error) {
+
+   f, err := os.Open(file)
+   if err != nil {
+   return nil, err
+   }
+   defer f.Close()
+
+   Logger.Printf("Loading rules file: %s", file)
+
+   var rules []*FwdRule
+   if err := json.NewDecoder(f).Decode(); err != nil {
+   return nil, err
+   }
+
+   for _, r := range rules {
+
+   if r.Auth {
+   r.routes, err = parseRoutes(r.RoutesFile)
+   if err != nil {
+   Logger.Printf("Skip rule %s ERROR: %s", r.Path, 
err)
+   continue
+   }   
}
 
-   claims, ok := token.Claims.(*Claims)
-   if !ok {
-   Logger.Printf("%v %v Valid token found, but cannot 
parse claims!", r.Method, r.URL.RequestURI())
-   w.WriteHeader(http.StatusForbidden)
-   return
+   r.handler, err = makeHandler(r)
+   if err != nil {
+   Logger.Printf("Skip rule %s

[GitHub] incubator-trafficcontrol pull request #551: API GW phase 0 (depends on PR #5...

2017-05-09 Thread amiryesh 
Github user amiryesh commented on a diff in the pull request:


https://github.com/apache/incubator-trafficcontrol/pull/551#discussion_r115421286
  
--- Diff: traffic_ops/experimental/auth/auth.go ---
@@ -132,83 +150,197 @@ func InitializeDatabase(username, password, dbname, 
server string, port uint) (*
return db, nil
 }
 
-func handler(w http.ResponseWriter, r *http.Request) {
+func LegacyTOLogin(login Login, legacyLoginURL string, w 
http.ResponseWriter) (*http.Response, error) {
 
-   Logger.Println(r.Method, r.URL.Scheme, r.Host, r.URL.RequestURI())
+   // TODO(amiry) - Legacy token expiration should be longer than JWT 
expiration
 
-   if r.Method == "POST" {
-   var login Login
-   tmUserlist := []TmUser{}
-   body, err := ioutil.ReadAll(r.Body)
-   if err != nil {
-   Logger.Println("Error reading body: ", err.Error())
-   http.Error(w, "Error reading body: "+err.Error(), 
http.StatusBadRequest)
-   return
-   }
-   
-   err = json.Unmarshal(body, )
-   if err != nil {
-   Logger.Println("Invalid JSON: ", err.Error())
-   http.Error(w, "Invalid JSON: "+err.Error(), 
http.StatusBadRequest)
-   return
-   }
-   
-   stmt, err := db.PrepareNamed("SELECT role,local_passwd FROM 
tm_user WHERE username=:username")
-   if err != nil {
-   Logger.Println("Database error: ", err.Error())
-   http.Error(w, "Database error: "+err.Error(), 
http.StatusInternalServerError)
-   return
-   }
-
-   err = stmt.Select(, login)
-   if err != nil {
-   Logger.Println("Database error: ", err.Error())
-   http.Error(w, "Database error: "+err.Error(), 
http.StatusInternalServerError)
-   return
-   }
+   legacyLogin := LegacyLogin{ login.Username, login.Password }
 
-   hasher := sha1.New()
-   hasher.Write([]byte(login.Password))
-   hashedPassword := fmt.Sprintf("%x", hasher.Sum(nil))
+   body, err := json.Marshal(legacyLogin)
+if err != nil {
+   Logger.Println("JSON marshal error: ", err.Error())
+return nil, err
+}
 
-   if len(tmUserlist) == 0 || tmUserlist[0].Password != 
string(hashedPassword) {
-   Logger.Printf("Invalid username/password, username %s", 
login.Username)
-   http.Error(w, "Invalid username/password", 
http.StatusUnauthorized)
-   return
-   }
-
-   Logger.Printf("User %s authenticated", login.Username)
-
-   claims := Claims {
-   []string{"read-ds", "write-ds", "read-cg"}, // TODO(amiry) 
- Adding hardcoded capabilities as a POC. 
-   
// Need to read from TO role tables when tables are 
ready
-   jwt.StandardClaims {
-   Subject: login.Username,
-   ExpiresAt: time.Now().Add(time.Hour * 24).Unix(),   // 
TODO(amiry) - We will need to use shorter expiration, 
-   
// and use refresh tokens to extend 
access
-   },
-   }
-
-   token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+   req, err := http.NewRequest("POST", legacyLoginURL,  
bytes.NewBuffer(body))
+   client := {}
+resp, err := client.Do(req)
+   if err != nil {
+   Logger.Println("Legacy Login error: ", err.Error(), " Legacy 
URL: ", legacyLoginURL)
+   return nil, err;
+   }
 
-   tokenString, err := token.SignedString([]byte(os.Args[2]))
-   if err != nil {
-   Logger.Println(err.Error())
-   http.Error(w, err.Error(), 
http.StatusInternalServerError)
-   return
-   }
+   return resp, err
+}
 
-   js, err := json.Marshal(TokenResponse{Token: tokenString})
-   if err != nil {
-   Logger.Println(err.Error())
-   http.Error(w, err.Error(), 
http.StatusInternalServerError)
+func makeHandler(config *Config) (func(http.ResponseWriter, 
*http.Request), error) {
+
+   return func (w http.ResponseWriter, r *http.Request) {
+
+   Logger.Println(r.Method, r.URL.Scheme, r.Host, 
r.URL.RequestURI())
+
+   if r.Method == "POST" {
+
+   var login Login
+