[dancer-users] Dancer::Plugin::Auth::Extensible - possible backwards-incompatible change

David Cantrell david at cantrell.org.uk
Fri Dec 14 23:47:40 GMT 2012


On Tue, Dec 11, 2012 at 11:25:00AM +0000, David Precious wrote:

> Whilst I really like the (ab)use of subroutine attributes for denoting
> which routes require authentication/specific roles, some people (whose
> opinions I respect) have tried to convince me that this is a Bad Idea,
> and is likely to be fragile.
> 
> One particularly good point made is that the current implementation
> stores the attributes for a given route handler by the refaddr, which
> could be problematic if run under threads ...

... or under the debugger, as David P and I know all too well :-)

> One suggestion was to provide a new keyword, e.g. requires_auth, which
> would work something like:
> 
>     get '/secret' => requires_login(sub { .... });
>     
>     get '/beer'   => requires_role('BeerDrinker', sub { ... });
> 
> (Something along those lines, at least.)  I'm certain how I would
> implement it, though - i.e. how requires_login/requires_role would
> store the fact that the provided sub requires auth, without the same
> thread safety issues of using refaddr.

That's easy.  requires_role() constructs a subroutine that does the
authentication and then hands off to the supplied sub.  Something like
this:

sub requires_role {
    my $role = shift;
    my $handler = shift;
    my $fail_handler = shift;
    return sub {
        if(currently_logged_in_as($role)) {
	    return $handler->();
	} else {
	    return $fail_handler->();
	}
    }
}

-- 
David Cantrell | top google result for "topless karaoke murders"

  "Cynical" is a word used by the naive to describe the experienced.
      George Hills, in uknot


More information about the dancer-users mailing list