Perl WAF Overview, with mod_perl - Hokkaido.pm#7 #hokkaidopm

Transcript

1. Perl WAF Overview, with mod_perl גࣜձࣾfonfun ඌܗ మ࣍ (OGATA Tetsuji)

   Twitter: @xtetsuji 2012/05/12 Hokkaido.pm#7

2. *Preface for readers* • ͜ͷεϥΠυ͸ 2012/05/13ʹߦΘΕͨ Hokkaido.pm#7ʹͯʮඈͼೖΓLTʯΛ ߦͬͨࡍʹٳܜ࣌ؒதͷ10෼Ͱ࡞ͬͨ ଈ੮εϥΠυʹɺ࣮ࡍͷτʔΫ಺༰Λ ৫Γ·ͥͯ࠶ฤूͨ͠΋ͷͰ͢

3. ࣗݾ঺հ

4. ࣗݾ঺հ • ඌܗ మ࣍ (OGATA Tetsuji) • Twitter: @xtetsuji •

   Blog: http://post.tetsuji.jp/ • ग़਎͸๺ւಓՏ౦܊Իߋொ(ଳ޿ࢢͷྡ) • େֶͰ্ژͯ͠ݱࡏ͸౦ژͷձࣾʹۈ຿

5. ࣗݾ঺հ • Hokkaido.pm 3ճ໨ͷࢀՃ • Hokkaido.pm#5ʮmod_perlԹނ஌৽ʯ • Hokkaido.pm#6ʮmod_perl Hacks PHPʯ

   • ϞμϯPerlʹ৐Ε͍ͯͳ͍30୅ • mod_perl Hacker…ͳͷ͔ʁ

6. ॴଐ঺հ • גࣜձࣾfonfun(ϑΥϯϑΝϯ) http://www.fonfun.co.jp/ • ओྗ੡඼ɿϦϞʔτϝʔϧ http://rmail.jp/

7. Perl WAF, ancient and modern

8. Perl WAF, ancient • raw (not WAF?) • CGI::Application •

   ...etc

9. Perl WAF, modern • Catalyst • Jifty • ...etc

10. Perl WAF, post-modern • Dancer • Mojolicious • Amon2 •

    Kossy • ...etc

11. What is WAF? • ʮMVC෼཭ʯΛଅਐ͢Δ΋ͷʁ • ҧ͏ • Catalystͷࣦഊྫʁ •

    ModelΛWAFʹີணͤ͞Δͱɺ֎ଆͷ ؅ཧπʔϧ౳͔Β࢖͍ͮΒ͘ͳΔ

12. What is WAF? • ࢲ͸͜͏ࢥ͏… HTTP Request/Responseͷந৅Խ

13. What is WAF? •HTTP Request/Responseͷந৅Խ • Web Server͝ͱͷࠩҟΛٵऩ • Catalyst::Engine::

    ͱ͔ͷόουϊ΢ϋ΢ •PSGI/Plackͷ࣮݁΁

14. ͦΜͳࡉ͔͍ࣄΑΓ mod_perl2

15. ΈΜͳେ޷͖ mod_perl2

16. Latest Perl WAF fashion • Sinatra (WAF, powered by Ruby)

    Like • Perl post-modern WAFs almost have Sinatratic syntax • Lightweight • Controller oriented

17. WAF by mod_perl2 • mod_perl1 ͸ׂѪɺmod_perl2 Λ࢖͏ • mod_perl2 ͷResponseHandlerΛ

    Sinatra Like ʹ͢Ε͹ WAF ͬͯݴ͍͍ͬͯΜ δϟϚΠΧʁ

18. WAF by mod_perl2 • ʮWeb Server͝ͱͷࠩҟΛٵऩʯͱ͔ ͖ͬ͞ݴ͍ͬͯͨࣄ͸ແࢹʂ •Apache2/mod_perl2΂ͬͨΓ • mod_perl2ͷ

    $r (Apache2::RequestRec)͸ Request/ResponseΛྑ͘ந৅Խ͍ͯ͠Δ

19. mod_perl2 handler’s simple “Hello world”

20. package MyApache2::Hello; use strict; use warnings; use Apache2::RequestRec; use Apache2::RequestIO;

    use Apache2::Const -compile => qw(OK); sub handler { my $r = shift; $r->content_type("text/plain"); $r->print("Hello, world"); return Apache2::Const::OK; } 1; __END__ <Location /> PerlResponseHandler MyApache2::Hello </Location>

21. ͜ΕΛSinatra Likeʹ ͢Ε͹͍͍

22. ͳΒ͹ͱॻ͍ͯΈͨ MyApache2::Sinatratic

23. package MyApache2::Sinatratic; use strict; use warnings; # $CALLBACK->{$handler_package}->{$http_method} = [

    [$url, $handler], ... ]; my $CALLBACK = {}; sub import { my $pkg = shift; my @args = @_; my $callpkg = caller(0); for my $method (qw(get post put del)) { $CALLBACK->{$callpkg}->{$method} = []; } # sub handler definition require Apache2::RequestRec; require Apache2::RequestUtil; require APR::Table; no strict 'refs'; *{"$callpkg\::handler"} = \&import_handler; for my $method (qw(get post put del)) { *{"$callpkg\::$method"} = sub { my ($url, $handler) = @_; push @{$CALLBACK->{$callpkg}->{$method}}, [$url, $handler]; }; } *{"$callpkg\::default"} = sub { my $handler = shift; $CALLBACK->{$callpkg} ||= {}; $CALLBACK->{$callpkg}->{default} = $handler; }; }

24. ֓ཁ͸͜Μͳײ͡

25. mod_perl2 handler’s Sinatratic “Hello world”

26. package MyApache2::Hello2; use strict; use warnings; use Apache2::RequestRec; use Apache2::RequestIO;

    use Apache2::Const -compile => qw(OK); use MyApache2::Sinatratic; get '/' => sub { my $r = shift; $r->content_type("text/plain"); $r->print("Hello, world"); return Apache2::Const::OK; }; 1; __END__ <Location /> PerlResponseHandler MyApache2::Hello2 </Location>

27. SinatraͬΆ͘ͳͬͨ! mod_perl2΋WAFͩ!

28. MyApache2::Sinatratic • …ͱ͍͏ͷ͸׬શͳΔδϣʔΫ • ଍Γͳ͍ػೳɺόάຬࡌ • ϓϨʔεϗϧμʹରԠͨͭ͠΋Γఔ౓

29. MyApache2::Sinatratic • ෺޷͖ͷͨΊʹGistʹ์ΓࠐΜͩ • ࢖͏ਓ͸͍ͳ͍ͱࢥ͏͚Ͳɺ࢖͓͏ͱ ࢥ͏༐ऀ͸CAVEATSΛख़ಡͯ͠ʂ • ༐ऀ͕ू·Ε͹ModPerl::Sinatratic(Ծশ) ϓϩδΣΫτ΋΍ͬͪΌ͏͔΋ʂ

30. MyApache2::Sinatratic • ॻ͍͍ͯͯࢥͬͨࣄ • Sinatra LikeͳWAFͬͯɺPlackແ͠Ͱ΋ ͜͏࡞Ε͹͍͍ΜͩͱษڧͰ͖ͨ • γϯϘϧςʔϒϧ͍͡Γָ͍̇͠ •I

    ὑ Perl!

31. ͝ਗ਼ௌ ͋Γ͕ͱ͏͍͟͝·ͨ͠