Move api authentication to under command, add Authentication plugin
This commit is contained in:
parent
f2f2a543fa
commit
998259f0ae
3 changed files with 64 additions and 34 deletions
3
cpanfile
3
cpanfile
|
@ -1,4 +1,5 @@
|
|||
requires 'Mojolicious::Lite';
|
||||
requires 'Mojolicious';
|
||||
requires 'Mojolicious::Plugin::Authentication';
|
||||
requires 'Data::UUID';
|
||||
requires 'Devel::Dwarn';
|
||||
requires 'Mojo::JSON';
|
||||
|
|
|
@ -30,6 +30,18 @@ sub startup {
|
|||
});
|
||||
my $config = $self->config;
|
||||
|
||||
$self->plugin('Authentication' => {
|
||||
'load_user' => sub {
|
||||
my ( $c, $user_id ) = @_;
|
||||
return $c->schema->resultset('User')->find($user_id);
|
||||
},
|
||||
'validate_user' => sub {
|
||||
my ( $c, $email, $password, $args) = @_;
|
||||
my $user = $c->schema->resultset('User')->find({email => $email});
|
||||
return $c->check_password_email($email, $password) ? $user->userid : undef;
|
||||
},
|
||||
});
|
||||
|
||||
# shortcut for use in template
|
||||
$self->helper( db => sub { $self->app->schema->storage->dbh });
|
||||
$self->helper( schema => sub { $self->app->schema });
|
||||
|
@ -37,7 +49,36 @@ sub startup {
|
|||
|
||||
my $r = $self->routes;
|
||||
$r->any('/')->to('root#index');
|
||||
my $api = $r->any('/api');
|
||||
$r->any('/admin')->to('admin#index');
|
||||
my $api = $r->under('/api' => sub {
|
||||
my $c = shift;
|
||||
|
||||
#See if logged in.
|
||||
my $sessionToken = $c->get_session_token();
|
||||
|
||||
#0 = no session, npn-0 is has updated session
|
||||
my $hasBeenExtended = $c->extend_session($sessionToken);
|
||||
|
||||
my $path = $c->req->url->to_abs->path;
|
||||
|
||||
#Has valid session
|
||||
if ($hasBeenExtended) {
|
||||
#If logged in and requestine the login page redirect to the main page.
|
||||
if ($path eq '/api/login') {
|
||||
#Force expire and redirect.
|
||||
$c->res->code(303);
|
||||
$c->redirect_to('/api');
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
#Has expired or did not exist in the first place and the path is not login
|
||||
elsif ($path ne '/api/login' && $path ne '/api/register') {
|
||||
$c->res->code(303);
|
||||
$c->redirect_to('/api/login');
|
||||
return undef;
|
||||
}
|
||||
return 1;
|
||||
});
|
||||
|
||||
$api->post("/register")->to('api-register#post_register');
|
||||
$api->post("/upload")->to('api-upload#post_upload');
|
||||
|
@ -56,44 +97,14 @@ sub startup {
|
|||
return $self->render(json => { success => Mojo::JSON->true });
|
||||
});
|
||||
|
||||
my $admin_routes = $r->under('/admin')->to('admin#under');
|
||||
|
||||
$self->hook( before_dispatch => sub {
|
||||
my $self = shift;
|
||||
|
||||
$self->app->log->debug('Before Dispatch');
|
||||
$self->res->headers->header('Access-Control-Allow-Origin' => '*') if $self->app->mode eq 'development';
|
||||
|
||||
$self->remove_all_expired_sessions();
|
||||
|
||||
#See if logged in.
|
||||
my $sessionToken = $self->get_session_token();
|
||||
#$self->app->log->debug( "sessionToken: " . $sessionToken);
|
||||
|
||||
#0 = no session, npn-0 is has updated session
|
||||
my $hasBeenExtended = $self->extend_session($sessionToken);
|
||||
#$self->app->log->debug( "hasBeenExtended: " . $hasBeenExtended);
|
||||
|
||||
my $path = $self->req->url->to_abs->path;
|
||||
|
||||
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
|
||||
|
||||
#Has valid session
|
||||
if ($hasBeenExtended) {
|
||||
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
|
||||
#If logged in and requestine the login page redirect to the main page.
|
||||
if ($path eq '/api/login') {
|
||||
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
|
||||
#Force expire and redirect.
|
||||
$self->res->code(303);
|
||||
$self->redirect_to('/api');
|
||||
}
|
||||
}
|
||||
#Has expired or did not exist in the first place and the path is not login
|
||||
elsif ($path ne '/api/login' && $path ne '/api/register') {
|
||||
$self->app->log->debug('Path Error: file:' . __FILE__ . ', line: ' . __LINE__);
|
||||
$self->res->code(303);
|
||||
$self->redirect_to('/api/login');
|
||||
}
|
||||
$self->app->log->debug('Path: file:' . __FILE__ . ', line: ' . __LINE__);
|
||||
});
|
||||
|
||||
|
||||
|
|
18
lib/Pear/LocalLoop/Controller/Admin.pm
Normal file
18
lib/Pear/LocalLoop/Controller/Admin.pm
Normal file
|
@ -0,0 +1,18 @@
|
|||
package Pear::LocalLoop::Controller::Admin;
|
||||
use Mojo::Base 'Mojolicious::Controller';
|
||||
|
||||
sub index {
|
||||
my $c = shift;
|
||||
}
|
||||
|
||||
sub under {
|
||||
my $c = shift;
|
||||
|
||||
if ( $c->is_user_authenticated ) {
|
||||
return 1 if defined $c->current_user->administrator;
|
||||
}
|
||||
$c->redirect_to('/');
|
||||
return undef;
|
||||
}
|
||||
|
||||
1;
|
Reference in a new issue