svn msyql自定义权限管理

阅读更多

基本思路：
1.使用apache的svn扩展模块，这样可以使用http协议访问svn
2.在apache前端做http代理，在代理层做用户的权限校验

安装apache,svn,mysql

yum install httpd mysql-server mod_auth_mysql subversion mod_dav_svn

初始化mysql:

service mysqld start
mysqladmin -u root password 111111
mysql -u root -p
grant all privileges on *.* to 'root' @'%' identified by '111111';

vi /etc/my.conf

[mysqld]
default-character-set=utf8

初始化svn:

mkdir -p /home/svn/repo
svnadmin create /home/svn/repo/project1
#htpasswd -c /home/svn/passwd admin #第一次加用户名

cd /home/svn
vi authz

[/]
*=rw

所有人读写，权限控制在http代理层

chown -R apache:apache /home/svn
chcon -R -h -t httpd_sys_content_t /home/svn  #或关闭selinux

vim /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule mysql_auth_module modules/mod_auth_mysql.so


DAV svn
SVNParentPath /home/svn/repo
AuthType Basic
AuthName "Subversion"
#AuthUserFile /home/svn/passwd
AuthzSVNAccessFile /home/svn/authz

AuthMYSQLEnable on
AuthMySQLHost localhost
AuthMySQLPort 3306
AuthMySQLDB svn
AuthMySQLUser root
AuthMySQLPassword 111111
AuthMySQLUserTable users
AuthMySQLNameField name
AuthMySQLPasswordField password
#AuthMySQLGroupField group
AuthMySQLPwEncryption MD5

Require valid-user

#Require group svn
#
#       Require valid-user
#

启动apache
service httpd start

到此我能校验基本的用户信息（用户名和密码），但用户对项目的权限没有限制
权限的限制可以再apache的前做一个http代理，这里使用nodejs http-proxy

'use strict';
var http = require('http'),
    httpProxy = require('http-proxy');
var proxy = httpProxy.createProxyServer();

var server = require('http').createServer(function(req, res) {
  if(req.headers.authorization){
  	var auth = new Buffer(req.headers.authorization.split(' ')[1] , 'base64').toString();
  }
  console.log(req.method,auth,req.headers.depth);
  //to do
  proxy.web(req, res, {
    target: 'http://localhost:8001',  //svn apache 监听8001
    secure: false,
    xfwd: true,
  });

});

console.log("listening on port 5000");
server.listen(5000);