[dancer-users] Dancer::Plugin::Auth::Extensible - possible backwards-incompatible change
David Cantrell
david at cantrell.org.uk
Fri Dec 14 23:47:40 GMT 2012
On Tue, Dec 11, 2012 at 11:25:00AM +0000, David Precious wrote:
> Whilst I really like the (ab)use of subroutine attributes for denoting
> which routes require authentication/specific roles, some people (whose
> opinions I respect) have tried to convince me that this is a Bad Idea,
> and is likely to be fragile.
>
> One particularly good point made is that the current implementation
> stores the attributes for a given route handler by the refaddr, which
> could be problematic if run under threads ...
... or under the debugger, as David P and I know all too well :-)
> One suggestion was to provide a new keyword, e.g. requires_auth, which
> would work something like:
>
> get '/secret' => requires_login(sub { .... });
>
> get '/beer' => requires_role('BeerDrinker', sub { ... });
>
> (Something along those lines, at least.) I'm certain how I would
> implement it, though - i.e. how requires_login/requires_role would
> store the fact that the provided sub requires auth, without the same
> thread safety issues of using refaddr.
That's easy. requires_role() constructs a subroutine that does the
authentication and then hands off to the supplied sub. Something like
this:
sub requires_role {
my $role = shift;
my $handler = shift;
my $fail_handler = shift;
return sub {
if(currently_logged_in_as($role)) {
return $handler->();
} else {
return $fail_handler->();
}
}
}
--
David Cantrell | top google result for "topless karaoke murders"
"Cynical" is a word used by the naive to describe the experienced.
George Hills, in uknot
More information about the dancer-users
mailing list