view release on metacpan or  search on metacpan

lib/Mojolicious/Plugin/RoutesAuthDBI/Access.pm  view on Meta::CPAN

package Mojolicious::Plugin::RoutesAuthDBI::Access;
use Mojo::Base -base;
use Exporter 'import'; 
our @EXPORT_OK = qw(load_user validate_user);
use Mojolicious::Plugin::RoutesAuthDBI::Util qw(load_class);
use Mojo::Util qw(md5_sum);
#~ use Mojo::Exception;

has [qw(app plugin)], undef, weak=>1;
has qw(model);

#~ has model_profiles => sub { shift->plugin->model('Profiles') };
#~ has model => sub {
  #~ { map $_ => load_class("Mojolicious::Plugin::RoutesAuthDBI::Model::$_")->new, qw(Profiles Namespaces Routes Refs Controllers Actions Roles) }
#~ };

sub new {# from plugin! init Class vars
  state $self = shift->SUPER::new(@_);
}

sub load_user {# import for Mojolicious::Plugin::Authentication
  my ($c, $uid) = @_;
  
  my $p = load_class("Mojolicious::Plugin::RoutesAuthDBI::Model::Profiles")->get_profile($uid, undef);
  #~ my $p = $c->model_profiles->get_profile($uid, undef);
  
  $c->app->log->debug("Loading profile by id=$uid failed")
    and return undef
    unless $p && $p->{id};
    
  #~ eval { Mojo::Exception->throw('load_user') };
  #~ $c->app->log->debug($c->dumper($_)) for @{$@->frames};
  
  $c->app->log->debug("Loading profile by id=$uid success");
  $p->{pass} = '**********************';
  return $p;
}

sub validate_user {# import for Mojolicious::Plugin::Authentication
  my ($c, $login, $pass, $extradata) = @_;
  
  return $extradata->{id}
    if $extradata && $extradata->{id};
  
  if (my $p = load_class("Mojolicious::Plugin::RoutesAuthDBI::Model::Profiles")->get_profile(undef, $login)) {
  #~ if (my $p = $c->model_profiles->get_profile(undef, $login)) {
    $c->app->log->debug("Success authenticate by login[$login]/pass[$pass] for profile id[$p->{id}]")
      and return $p->{id}
      if ($p->{pass} eq $pass || $p->{pass} eq md5_sum($pass))
        && !$p->{disable};
    
    $c->app->log->debug("Failure authenticate by login[$login]/pass[$pass]:[@{[md5_sum($pass)]}] for profile id[$p->{id}:$p->{pass}]");
    
    return undef;
  }
  
  $c->app->log->debug("Failure authenticate by login[$login]/pass[$pass]:[@{[md5_sum($pass)]}]");
  
  return undef;
}

sub apply_ns {# Plugin
  my ($self,) = @_;
  my $ns = $self->plugin->model('Namespaces')->app_ns;
  return unless @$ns;
  my $r = $self->app->routes;
  push @{ $r->namespaces() }, $_->{namespace} for @$ns;
}

sub apply_route {# meth in Plugin
  my ($self, $r_hash) = @_;# $r_hash - это строка запроса маршрута из БД
  my $r = $self->app->routes;
  
  $self->app->log->debug("Skip disabled route id=[$r_hash->{id}] [$r_hash->{request}]")
    and return undef
    if $r_hash->{disable};
  
  $r_hash->{request} //= $r_hash->{route};
  
  $self->app->log->debug("Skip route @{[$self->app->dumper($r_hash) =~ s/\s+//gr]}: empty request")
    and return undef
    unless $r_hash->{request};
  
  $self->app->log->debug("Skip comment request [$r_hash->{request}]")
    and return undef
    if $r_hash->{request} =~ /^#/;
  
  my @request = grep /\S/, split /\s+/, $r_hash->{request}
    or $self->app->log->debug("Skip route @{[$self->app->dumper($r_hash) =~ s/\s+//gr]}: bad request")
    and return;
  
  my $nr;
  if (@request eq 2 && $request[0] =~ /websocket|ws/i) {
    $nr = $r->websocket(pop @request);
  } else {
    $nr = $r->any(pop @request);#Mojolicious::Routes::Route::route is DEPRECATED
    $nr->methods(@request)# Deprecated Mojolicious::Routes::Route::via in favor of Mojolicious::Routes::Route::methods.
      if @request;
  }

lib/Mojolicious/Plugin/RoutesAuthDBI/Access.pm  view on Meta::CPAN

Check by tables ids: routes, actions, controllers, namespaces. Check refs to profile roles ids.

=item * Implicit access

Access to routes by names: action, controller, namespace, role. This way used for db route to access namespace and for non db routes by syntax:

  $r->any('/foo')->...->to('foo#bar')->requires(access=>{auth=>1})->...; 

or

  $r->...->requires(access=>{auth=>1, role => <id|name>})->...; # access to route by role id|name

=back

See detail L<Mojolicious::Plugin::RoutesAuthDBI#access>

=head1 SYNOPSIS

    $app->plugin('RoutesAuthDBI', 
        ...
        access => {< hashref options list below >},
        ...
    );

=head1 OPTIONS for plugin

=head2 namespace

Default 'Mojolicious::Plugin::RoutesAuthDBI'.

=head2 module

Default 'Access' (this module).

Both above options determining the module which will play as manager of authentication, accessing and generate routing from DBI source.

=head2 fail_auth_cb

  fail_auth_cb => sub {my $c = shift;...}

This callback invoke when request need auth route but authentication was failure.

=head2 fail_access_cb

  fail_access_cb => sub {my ($c, $route, $r_hash, $u) = @_;...}

This callback invoke when request need auth route but access was failure. $route - L<Mojolicious::Routes::Route> object, $r_hash - route hashref db item, $u - useer hashref.

=head2 tables

Hashref of any DB tables names. See L<Mojolicious::Plugin::RoutesAuthDBI::Schema#Default-variables-for-SQL-templates>.


=head1 EXPORT SUBS

=head2 load_user($c, $uid)

Fetch user record from table profiles by COOKIES. Import for Mojolicious::Plugin::Authentication. Required.

=head2 validate_user($c, $login, $pass, $extradata)

Fetch login record from table logins by Mojolicious::Plugin::Authentication. Required. If hashref $extradata->{id} then no fetch and $extradata->{id} will return.

=head1 METHODS

As child of L<Mojolicious::Controller> inherits all parent methods and following ones:

=head2 new(app=> ..., plugin => ...)

Return new access object.

=head2 apply_ns()

Select from db table I<namespaces> ns thus app_ns=1 and push them to $app->namespaces()

=head2 apply_route($r_hash)

Heart of routes generation from db tables and not only. Insert to app->routes an hash item $r_hash. DB schema specific. Return new Mojolicious route.

=head2 routes()

Fetch records for apply_routes. Must return arrayref of hashrefs routes.

=head2 access_explicit($id1, $id2)

Check access to route ($id1 arrayref - either route id or action id or controller id or namespace id) by roles ids ($id2 arrayref). Must return false for deny access or true - allow access.

=head2 access_namespace($namespace, $id2)

Check implicit access to route by $namespace for profile roles ids ($id2 arrayref). Must return false for deny access or true - allow access to all actions of this namespace.

=head2 access_controller($namespace, $controller, $id2)

Check implicit access to route by $namespace and $controller for profile roles ids ($id2 arrayref). Must return false for deny access or true - allow access to all actions of this controller.

=head2 access_action($namespace, $controller, $action, $id2)

Check implicit access to route by $namespace and $controller and $action for profile roles ids ($id2 arrayref). Must return false for deny access or true - allow access to this action.

=head2 access_role($role, $id2)

Check implicit access to route by $role (id|name) and profile roles ids ($id2 arrayref). Must return false for deny access or true - allow access.

=head2 auth_cookie($c, $cookie_value, $cookie_name)

Returns C<< $c->cookie($cookie_name) >> unless $cookie_value.

Returns authenticate profile for $cookie_value. I use this method for cordova mobile app then cookie lost on any reasons.

C<< $cookie_name >> has defaults to C<< $c->app->sessions->cookie_name >>

=head1 SEE ALSO

L<Mojolicious::Plugin::RoutesAuthDBI>

=head1 AUTHOR

Михаил Че (Mikhail Che), C<< <mche [on] cpan.org> >>

=head1 BUGS / CONTRIBUTING