[dancer-users] Dancer::Plugin::Auth::Extensible - possible backwards-incompatible change
David Precious
davidp at preshweb.co.uk
Tue Dec 11 11:25:00 GMT 2012
Hi all,
Whilst I really like the (ab)use of subroutine attributes for denoting
which routes require authentication/specific roles, some people (whose
opinions I respect) have tried to convince me that this is a Bad Idea,
and is likely to be fragile.
One particularly good point made is that the current implementation
stores the attributes for a given route handler by the refaddr, which
could be problematic if run under threads (not sure if anyone really
does that, though). Classes can provide a CLONE method to work around
this, but I don't think that'll work in this case.
One suggestion was to provide a new keyword, e.g. requires_auth, which
would work something like:
get '/secret' => requires_login(sub { .... });
get '/beer' => requires_role('BeerDrinker', sub { ... });
(Something along those lines, at least.) I'm certain how I would
implement it, though - i.e. how requires_login/requires_role would
store the fact that the provided sub requires auth, without the same
thread safety issues of using refaddr.
Perhaps detecting the use of threads and refusing to continue would be
one way of dealing with it :)
Opinions on this would be very welcome.
--
David Precious ("bigpresh") <davidp at preshweb.co.uk>
http://www.preshweb.co.uk/ www.preshweb.co.uk/twitter
www.preshweb.co.uk/linkedin www.preshweb.co.uk/facebook
www.preshweb.co.uk/cpan www.preshweb.co.uk/github
More information about the dancer-users
mailing list