/ 
Cookieville-0.06
River stage zero No dependents
/ Cookieville::Plugin::Authorize

NAME

Cookieville::Plugin::Authorize - Plugin for handling authorization

DESCRIPTION

Cookieville::Plugin::Authorize is a plugin for just allowing some clients from doing read/write/update. The clients are identified by the X-Cookieville-Auth-Id HTTP header. These headers should be long to prevent brute force entry.

SYNOPSIS

This "SYNOPSIS" explains how to enable this plugin in the Cookieville server.

Example MOJO_CONFIG file:

{
  access_rules => {
    "Some-Long-Auth-Id-12b34acf274" => {
      Artist => [qw( GET PATCH )],
      CD => [qw( GET PATCH PUT )],
    },
  },
}

The presense of "access_rules" in MOJO_CONFIG file will load this plugin with the given set of rules.

The rules above will allow a client with the X-Cookieville-Auth-Id header set to "Some-Long-Auth-Id-12b34acf274" to "GET" and "PATCH" data to the "Artist" source. The same client can also "GET", "PATCH" and "PUT" data to the "CD" source.

Any client can access "/".

Any client with a valid X-Cookieville-Auth-Id can access "/sources".

Any other request will result in HTTP status code "401" and an error message.

You can have as many X-Cookieville-Auth-Id keys under "access_rules" as you want.

METHODS

register

This plugin will register a route with the name "cookieville_authorizer" in the main app. This route is then used for any request in the main app, except "/".

AUTHOR

Jan Henning Thorsen - jhthorsen@cpan.org