Assaf Gordon
and 1 contributors

NAME

Authen::ModAuthToken - Generates Mod-Auth-Token compatible URLs

VERSION

version 0.03

SYNOPSIS

In your Apache's configuration, define the following:

        ## (your module's path may vary)
        LoadModule auth_token_module  /usr/lib/apache2/modules/mod_auth_token.so

        Alias "/protected"  "/my/protected/directory"
        <Location "/protected">
                AuthTokenSecret       "FlyingMonkeys"
                AuthTokenPrefix       /protected/
                AuthTokenTimeout      14400
        </Location>

In a CGI script, use the following:

        use Authen::ModAuthToken qw/generate_mod_auth_token/;

        ## If the file wasn't protected with "mod-auth-token",
        ## its URL would have been:
        ##   http://my.server.com/protected/myfile.txt

        $web_server = "http://my.server.com" ;
        $prefix_url = "/protected";
        $file_to_protect = "/myfile.txt";


        ##
        ## Since the location is protected with mod-auth-token,
        ## Generate a valid access token:
        ##
        $token = generate_mod_auth_token(
                        secret => "FlyingMonkeys",
                        filepath => $file_to_protect ) ;

        $url = $web_server . $prefix_url . $token ;

        ## The protected URL will look like
        ##   http://my.server.com/protected/6c488f69992206a2b5cc9c6a9cc91709/4f0f7b09/myfile.txt
        ## (actual value will change, as it dependant upon the current time).
        ##
        ## Show this URL to the user, to allow him access to this file.

DESCRIPTION

This module does not perform the actual authentication - it merely generates a valid authentication token URL, which will be authenticated by the mod_auth_token module.

FUNCTIONS

generate_mod_auth_token ( sercet => $secret, filepath => $path, [ remote_addr => $remote_addr ])

Generates an authentication token, based on given parameters and current time.

Parameters:

secret - The secret key, will be used to calculate the MD5 hash. Must match the key in your apache's configuration.

filepath - The relative URL of the file you want to publish. The path must begin with a slash (/) .

remote_addr - (optional) - the remote IP of the client. If you use this option, your apache configuratino should include AuthTokenLimitByIp on - see the mod-auth-token website for more details.

Output:

The function returns a URL portion of the protected file (see synopsis for an example).

Examples

The following example files are in the ./eg/ directory:

mod_auth_token_example.pl

prints a mod-auth-token URL. Configuration (server, prefix, key, file) can be set with command-line parameters.

AUTHOR

Assaf Gordon, <gordon at cshl.edu>

TODO

Add OO interface

BUGS

Please report any bugs or feature requests to https://github.com/agordon/Authen-ModAuthToken/issues

SEE ALSO

http://code.google.com/p/mod-auth-token/

ACKNOWLEDGEMENTS

Thanks to Mikael Johansson (http://www.synd.info) and David Alves (http://www.alvesdavid.com) for creating Mod-Auth-Token.

LICENSE AND COPYRIGHT

Copyright 2011 Assaf Gordon.

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.