NAME
App::MFILE::WWW::Dispatch - app dispatch stub
SYNOPSIS
TBD
DESCRIPTION
This is where we override the default version of the is_authorized method defined by Web::Machine::Resource.
This module is only used in standalone mode. In derived distribution mode, the application's dispatch module will be used, instead.
METHODS
is_authorized
Since all requests go through this function at a fairly early stage, we leverage it to validate the session.
process_post
POST requests are assumed to be AJAX calls. Their entity bodies must be valid JSON with the following simple structure:
{ method: HTTP_METHOD, path: RESOURCE, body: BODY_JSON }
where HTTP_METHOD is any HTTP method accepted by the backend server, RESOURCE is a valid path to a backend server resource, and BODY_JSON is the content body to be sent in the HTTP request to the backend server.
In derived-distro mode, this structure is expected to be translated into a "real" HTTP request, to be forwarded via the LWP::UserAgent object stored in the session data. The status object received in the response is then passed back to the JavaScript side.
There is one special case: the POST request from the login dialog looks like this:
{ method: "LOGIN", path: "login", body: { nam: 'nick', pwd: 'kcin" } }
Login requests receive special handling.
_is_fresh
Takes a single argument, which is assumed to be number of seconds since epoch when the session was last seen. This is compared to "now" and if the difference is greater than the MFILE_WWW_SESSION_EXPIRATION_TIME site parameter, the return value is false, otherwise true.
init_session
Takes a session and an IP address. Initializes the session so it no longer contains any information that might tie it to the current user.