Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
L
libvmod-hoailona
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
libvmod-hoailona
Commits
e9dee87e
Commit
e9dee87e
authored
Jan 16, 2017
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
finish up all docs, except for the unimplemented .explain() method
parent
47f082cd
Pipeline
#113
skipped
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
120 additions
and
30 deletions
+120
-30
CONTRIBUTING.rst
CONTRIBUTING.rst
+3
-0
INSTALL.rst
INSTALL.rst
+3
-0
README.rst
README.rst
+55
-13
vmod_hoailona.vcc
src/vmod_hoailona.vcc
+59
-17
No files found.
CONTRIBUTING.rst
View file @
e9dee87e
...
@@ -16,6 +16,9 @@ The build specifies C99 conformance, all compiler warnings turned on,
...
@@ -16,6 +16,9 @@ The build specifies C99 conformance, all compiler warnings turned on,
and all warnings considered errors (compiler options ``-std=c99
and all warnings considered errors (compiler options ``-std=c99
-Werror -Wall -Wextra``).
-Werror -Wall -Wextra``).
The VMOD has been tested with both the gcc and clang compilers, and
should always compile and test successfully with both of them.
By default, ``CFLAGS`` is set to ``-g -O2``, so that symbols are
By default, ``CFLAGS`` is set to ``-g -O2``, so that symbols are
included in the shared library, and optimization is at level
included in the shared library, and optimization is at level
``O2``. To change or disable these options, set ``CFLAGS`` explicitly
``O2``. To change or disable these options, set ``CFLAGS`` explicitly
...
...
INSTALL.rst
View file @
e9dee87e
...
@@ -11,6 +11,9 @@ resources. This sequence will install the VMOD::
...
@@ -11,6 +11,9 @@ resources. This sequence will install the VMOD::
> make check # to run unit tests in src/tests/*.vtc
> make check # to run unit tests in src/tests/*.vtc
> sudo make install
> sudo make install
``make check`` requires that the VMOD ``blobcode`` is installed
(https://code.uplex.de/uplex-varnish/libvmod-blobcode).
If you have installed Varnish in a non-standard directory, call
If you have installed Varnish in a non-standard directory, call
``autogen.sh`` and ``configure`` with the ``PKG_CONFIG_PATH``
``autogen.sh`` and ``configure`` with the ``PKG_CONFIG_PATH``
environment variable pointing to the appropriate path. For example,
environment variable pointing to the appropriate path. For example,
...
...
README.rst
View file @
e9dee87e
...
@@ -66,7 +66,7 @@ provided by Akamai Media Services. Applications of the VMOD include:
...
@@ -66,7 +66,7 @@ provided by Akamai Media Services. Applications of the VMOD include:
This manual presupposes familiarity with the Akamai SecureHD
This manual presupposes familiarity with the Akamai SecureHD
service. For more information, see the documentation provided by
service. For more information, see the documentation provided by
Akamai (
XXX: links
).
Akamai (
see `Akamai documentation`_
).
The VMOD does not provide cryptographic code to generate HMACs, but it
The VMOD does not provide cryptographic code to generate HMACs, but it
does provide the means to associate shared secrets with a policy,
does provide the means to associate shared secrets with a policy,
...
@@ -92,7 +92,8 @@ a TTL, and possibly a shared secret used for authorization. For example::
...
@@ -92,7 +92,8 @@ a TTL, and possibly a shared secret used for authorization. For example::
# Define a policy for token authorization lasting one hour,
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
# and associate it with a shared secret.
new token_policy
new token_policy
= hoailona.policy(TOKEN, 1h, blobcode.decode(encoded="secret"));
= hoailona.policy(TOKEN, 1h,
blobcode.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN, 1h);
new open_policy = hoailona.policy(OPEN, 1h);
...
@@ -297,9 +298,9 @@ Examples::
...
@@ -297,9 +298,9 @@ Examples::
# Token authorization required, where authorization lasts 2 hours,
# Token authorization required, where authorization lasts 2 hours,
# using the given shared secret, and setting the start offset to
# using the given shared secret, and setting the start offset to
# 10 seconds before "now".
# 10 seconds before "now".
# (Note that in
current versions of VCL, the negative integer for
# (Note that in
Varnish 5.0.0, the negative integer for start_offset
#
start_offset must be written as 0-10, because negative literals
#
must be written as 0-10, because negative literals are not parsed
#
are not parsed
correctly.)
# correctly.)
import blobcode;
import blobcode;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blobcode.decode(HEX,
secret=blobcode.decode(HEX,
...
@@ -644,31 +645,72 @@ Example::
...
@@ -644,31 +645,72 @@ Example::
std.log("Using VMOD hoailona version " + hoailona.version());
std.log("Using VMOD hoailona version " + hoailona.version());
ERRORS
======
...
REQUIREMENTS
REQUIREMENTS
============
============
This VMOD requires Varnish
..
.
This VMOD requires Varnish
since version 5.0.0
.
LIMITATIONS
LIMITATIONS
===========
===========
...
The VMOD uses Varnish workspace for the strings returned by the
``hosts.token()`` method and for task-scoped data saved when the
``hosts.policy()`` method is called. It also uses workspace during
``vcl_init`` for temporary internal data structures needed while
policy and hosts configurations are constructed. If the VMOD's methods
fail with the message ``out of space`` in the Varnish log (with the
log tag ``VCL_Error``), or if VCL initialization fails with such a
message, then you need to increase one or both of the varnishd runtime
parameters ``workspace_client`` and ``workspace_backend``. The size
of workspace during ``vcl_init`` is governed by ``workspace_client``.
It appears to us that the Akamai documentation is not explicit about
whether the ``...`` and ``*`` constructs in the path pattern syntax
are required to match non-empty strings. Such a requirement would
mean, for example, that ``/foo/*/bar`` and ``/foo/.../bar`` do not
match ``/foo//bar``, that ``/foo/bar/...`` does not match
``/foo/bar/`` (with no suffix), and that ``.../foo/bar`` does not
match ``/foo/bar`` (with no prefix). All of their examples show these
constructs matching non-empty strings, and it seems to us to be the
intuitive interpretation. So the VMOD explicitly enforces this
requirement.
INSTALLATION
INSTALLATION
============
============
See `
`INSTALL``
.
See `
INSTALL.rst <INSTALL.rst>`_ in the source repository
.
SEE ALSO
SEE ALSO
========
========
* varnishd(1)
* varnishd(1)
* vcl(7)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
--------------------
Technical documentation about SecureHD token authorization appears to
be available only to Akamai customers who have access to the Luna
Control Center. This public document gives a non-technical overview:
* https://www.akamai.com/jp/ja/multimedia/documents/product-brief/securehd-media-content-security-product-brief.pdf
Users of the Luna Control Center can consult:
* SecureHD Policy Editor User's Guide
* https://control.akamai.com/dl/customers/SPE/spe_ug.pdf
* SecureHD Policy Editor online help
* https://control.akamai.com/dl/SPE/index.htm
* Sanctioned token generator code (since code is the best documentation)
* https://control.akamai.com/dl/customers/SPE/EdgeAuth-latest.zip
COPYRIGHT
COPYRIGHT
=========
=========
...
...
src/vmod_hoailona.vcc
View file @
e9dee87e
...
@@ -49,7 +49,7 @@ provided by Akamai Media Services. Applications of the VMOD include:
...
@@ -49,7 +49,7 @@ provided by Akamai Media Services. Applications of the VMOD include:
This manual presupposes familiarity with the Akamai SecureHD
This manual presupposes familiarity with the Akamai SecureHD
service. For more information, see the documentation provided by
service. For more information, see the documentation provided by
Akamai (
XXX: links
).
Akamai (
see `Akamai documentation`_
).
The VMOD does not provide cryptographic code to generate HMACs, but it
The VMOD does not provide cryptographic code to generate HMACs, but it
does provide the means to associate shared secrets with a policy,
does provide the means to associate shared secrets with a policy,
...
@@ -75,7 +75,8 @@ a TTL, and possibly a shared secret used for authorization. For example::
...
@@ -75,7 +75,8 @@ a TTL, and possibly a shared secret used for authorization. For example::
# Define a policy for token authorization lasting one hour,
# Define a policy for token authorization lasting one hour,
# and associate it with a shared secret.
# and associate it with a shared secret.
new token_policy
new token_policy
= hoailona.policy(TOKEN, 1h, blobcode.decode(encoded="secret"));
= hoailona.policy(TOKEN, 1h,
blobcode.decode(encoded="secret"));
# Define a policy for open access (authorization not required)
# Define a policy for open access (authorization not required)
new open_policy = hoailona.policy(OPEN, 1h);
new open_policy = hoailona.policy(OPEN, 1h);
...
@@ -267,9 +268,9 @@ Examples::
...
@@ -267,9 +268,9 @@ Examples::
# Token authorization required, where authorization lasts 2 hours,
# Token authorization required, where authorization lasts 2 hours,
# using the given shared secret, and setting the start offset to
# using the given shared secret, and setting the start offset to
# 10 seconds before "now".
# 10 seconds before "now".
# (Note that in
current versions of VCL, the negative integer for
# (Note that in
Varnish 5.0.0, the negative integer for start_offset
#
start_offset must be written as 0-10, because negative literals
#
must be written as 0-10, because negative literals are not parsed
#
are not parsed
correctly.)
# correctly.)
import blobcode;
import blobcode;
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
new token = hoailona.policy(type=TOKEN, ttl=2h, start_offset=0-10,
secret=blobcode.decode(HEX,
secret=blobcode.decode(HEX,
...
@@ -441,10 +442,10 @@ If more than one path pattern was assigned for the host, then it
...
@@ -441,10 +442,10 @@ If more than one path pattern was assigned for the host, then it
attempts to match the "most specific" patterns first. The general idea
attempts to match the "most specific" patterns first. The general idea
is: if, for example, the patterns ``/foo/.../bar`` and
is: if, for example, the patterns ``/foo/.../bar`` and
``/foo/.../baz/bar`` were assigned for a matching host, and the
``/foo/.../baz/bar`` were assigned for a matching host, and the
``path`` to be matched is ``/foo/quux/baz/bar``, then
``path`` to be matched is ``/foo/quux/baz/bar``, then
the more
``/foo/.../baz/bar`` will be matched and the policy type assigned for
specific pattern ``/foo/.../baz/bar`` will be matched and the policy
t
hat pattern will be returned, even though ``/foo/.../bar`` would have
t
ype assigned for that pattern will be returned, even though
also matched.
``/foo/.../bar`` would have
also matched.
Formally, the "more specific" relation is defined as:
Formally, the "more specific" relation is defined as:
...
@@ -566,30 +567,71 @@ Example::
...
@@ -566,30 +567,71 @@ Example::
std.log("Using VMOD hoailona version " + hoailona.version());
std.log("Using VMOD hoailona version " + hoailona.version());
ERRORS
======
...
REQUIREMENTS
REQUIREMENTS
============
============
This VMOD requires Varnish
..
.
This VMOD requires Varnish
since version 5.0.0
.
LIMITATIONS
LIMITATIONS
===========
===========
...
The VMOD uses Varnish workspace for the strings returned by the
``hosts.token()`` method and for task-scoped data saved when the
``hosts.policy()`` method is called. It also uses workspace during
``vcl_init`` for temporary internal data structures needed while
policy and hosts configurations are constructed. If the VMOD's methods
fail with the message ``out of space`` in the Varnish log (with the
log tag ``VCL_Error``), or if VCL initialization fails with such a
message, then you need to increase one or both of the varnishd runtime
parameters ``workspace_client`` and ``workspace_backend``. The size
of workspace during ``vcl_init`` is governed by ``workspace_client``.
It appears to us that the Akamai documentation is not explicit about
whether the ``...`` and ``*`` constructs in the path pattern syntax
are required to match non-empty strings. Such a requirement would
mean, for example, that ``/foo/*/bar`` and ``/foo/.../bar`` do not
match ``/foo//bar``, that ``/foo/bar/...`` does not match
``/foo/bar/`` (with no suffix), and that ``.../foo/bar`` does not
match ``/foo/bar`` (with no prefix). All of their examples show these
constructs matching non-empty strings, and it seems to us to be the
intuitive interpretation. So the VMOD explicitly enforces this
requirement.
INSTALLATION
INSTALLATION
============
============
See `
`INSTALL``
.
See `
INSTALL.rst <INSTALL.rst>`_ in the source repository
.
SEE ALSO
SEE ALSO
========
========
* varnishd(1)
* varnishd(1)
* vcl(7)
* vcl(7)
* source repository: https://code.uplex.de/uplex-varnish/libvmod-hoailona
* VMOD blobcode: https://code.uplex.de/uplex-varnish/libvmod-blobcode
* VMOD blobdigest: https://code.uplex.de/uplex-varnish/libvmod-blobdigest
Akamai documentation
--------------------
Technical documentation about SecureHD token authorization appears to
be available only to Akamai customers who have access to the Luna
Control Center. This public document gives a non-technical overview:
* https://www.akamai.com/jp/ja/multimedia/documents/product-brief/securehd-media-content-security-product-brief.pdf
Users of the Luna Control Center can consult:
* SecureHD Policy Editor User's Guide
* https://control.akamai.com/dl/customers/SPE/spe_ug.pdf
* SecureHD Policy Editor online help
* https://control.akamai.com/dl/SPE/index.htm
* Sanctioned token generator code (since code is the best documentation)
* https://control.akamai.com/dl/customers/SPE/EdgeAuth-latest.zip
$Event event
$Event event
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment