dovecot - Nov 2020 - [patch] enhancement for tika server protected by user/password basic auth

Hi

The existing code is designed for a tika server on local host, or on a
remote host that is either accessable to all or for example taht is
protected by ip restrictions via a proxy in front of it.

I've configured a tika server behind an apache proxy which enforces
basic auth, but sending basic auth credentials for a tika server is not
currently supported by Dovecot.

The following patch allows to have user and password specified in the
fts_tika url in much the same way you can for fts_solr.

fts_tika = https://user:password at tika_host/tika

John

--- dovecot-2.3.11.3-orig/src/plugins/fts/fts-parser-tika.c????
2020-08-12 14:20:41.000000000 +0200
+++ dovecot-2.3.11.3/src/plugins/fts/fts-parser-tika.c? 2020-11-15
15:18:24.351281064 +0100
@@ -57,7 +57,7 @@
??????? tuser = p_new(user->pool, struct fts_parser_tika_user, 1);
??????? MODULE_CONTEXT_SET(user, fts_parser_tika_user_module, tuser);

-?????? if (http_url_parse(url, NULL, 0, user->pool,
+?????? if (http_url_parse(url, NULL, HTTP_URL_ALLOW_USERINFO_PART,
user->pool,
?????????????????????????? &tuser->http_url, &error) < 0) {
??????????????? i_error("fts_tika: Failed to parse HTTP url %s: %s",
url, error);
??????????????? return -1;
@@ -152,6 +152,11 @@
??????????????????????? http_url->host.name,
??????????????????????? t_strconcat(http_url->path, http_url->enc_query,
NULL),
??????????????????????? fts_tika_parser_response, parser);
+??????? if (http_url->user != NULL) {
+??????????????? http_client_request_set_auth_simple(
+??????????????????????? http_req, http_url->user, http_url->password);
+??????? }
+
??????? http_client_request_set_port(http_req, http_url->port);
??????? http_client_request_set_ssl(http_req, http_url->have_ssl);
??????? if (parser_context->content_type != NULL)

On 11/15/20 6:33 AM, John Fawcett wrote:
> I've configured a tika server behind an apache proxy which enforces
> basic auth, but sending basic auth credentials for a tika server is not
> currently supported by Dovecot.
i was _just_ setting up a tika instance behind a nginx proxy with basicauth in
place.

hadn't yet gotten to the "can't pass auth creds in dovecot"
bit.
thx! for the patch; hopefully the premise/patch will get picked up.
(ya-request for a proper @dovecot public bug/issue queue!)

have you found any other 'magic required' to get solr & tika
indexing text/attachments, respectively, in Dovecot context?
is it as straightforward as spec'ing the 'fts_solr' &
'fts_tika' urls, and Dovecot does the passing-around correctly?

On 15/11/2020 15:49, PGNet Dev wrote:
> On 11/15/20 6:33 AM, John Fawcett wrote:
>> I've configured a tika server behind an apache proxy which enforces
>> basic auth, but sending basic auth credentials for a tika server is not
>> currently supported by Dovecot.
>
> i was _just_ setting up a tika instance behind a nginx proxy with
> basicauth in place.
>
> hadn't yet gotten to the "can't pass auth creds in
dovecot" bit.
> thx! for the patch; hopefully the premise/patch will get picked up.
> (ya-request for a proper @dovecot public bug/issue queue!)
>
> have you found any other 'magic required' to get solr & tika
indexing
> text/attachments, respectively, in Dovecot context?
> is it as straightforward as spec'ing the 'fts_solr' &
'fts_tika' urls,
> and Dovecot does the passing-around correctly?
I've just started using tika myself, but from my tests, it's as simple
as adding fts_tika to a working solr integration.

John