我正在寻找一个简单的解决方案,用Cro的基本身份验证机制来保护我的路由。在我的示例中,如果您根本不提供任何凭据,我希望看到401 Unauthorized
。如果您提供了错误的凭据,我希望看到403 Forbidden
在我的代码示例中,我从未见过MyBasicAuth
中间件被调用:
class MyUser does Cro::HTTP::Auth {
has $.username;
}
subset LoggedInUser of MyUser where { .username.defined }
class MyBasicAuth does Cro::HTTP::Auth::Basic[MyUser, "username"] {
method authenticate(Str $user, Str $pass --> Bool) {
# No, don't actually do this!
say "authentication called";
my $success = $user eq 'admin' && $pass eq 'secret';
forbidden without $success;
return $success
}
}
sub routes() is export {
my %storage;
route {
before MyBasicAuth.new;
post -> LoggedInUser $user, 'api' {
request-body -> %json-object {
my $uuid = UUID.new(:version(4));
%storage{$uuid} = %json-object;
created "api/$uuid", 'application/json', %json-object;
}
}
}
}
此结构:
route {
before MyBasicAuth.new;
post -> LoggedInUser $user, 'api' {
...
}
}
取决于即将发布的Cro 0.8.0中新的before
/after
语义。在请求/写入时的当前Cro版本以及之前的版本中,route
块中的before
将仅适用于已经匹配的路由。然而,对于旨在影响将匹配的中间件来说,这已经太晚了。Cro 0.8.0之前的方法是在服务器级别安装中间件,或者这样做:
route {
before MyBasicAuth.new;
delegate <*> => route {
post -> LoggedInUser $user, 'api' {
...
}
}
}
这确保了在考虑任何路由匹配之前应用中间件。这就不那么好看了,因此即将发布的0.8.0中的更改(它还将引入具有原始before
语义的before-matched
(。
最后,forbidden without $success;
在这里不起作用。forbidden
子是Cro::HTTP::Router
的一部分,用于路由处理程序,而中间件不与路由器绑定(因此您可以决定以不同的方式路由请求,例如,在不失去使用所有中间件的能力的情况下(。authenticate
方法的约定是,它返回一个确定应该发生什么的真实值;这不是一个尝试强制使用不同响应代码的合适地方。
未能匹配像LoggedInUser
这样的身份验证约束将产生401。要重写它,请在最外层的route
块中添加一个after
来映射它:
route {
before MyBasicAuth.new;
after { forbidden if response.status == 401; }
delegate <*> => route {
post -> LoggedInUser $user, 'api' {
...
}
}
}
目前cro发布版本中似乎有一个错误,该错误已经在github的上游修复。在#perl6 IRC频道的sena_kun的帮助下,我们确实使用了当前版本的cro-http
:
$ git clone https://github.com/croservices/cro-http.git
$ perl6 -Icro-http/lib example.p6
然后使用curl
,我终于看到了"被调用的身份验证"。我们发现了另外两个小错误:
第一个:当我调用curl -v -d '{"string":"hi"}' http://admin:secret@localhost:10000/api
时,我忘记添加-H 'Content-Type: application/json'
authentication called An operation first awaited: in sub request-body at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 716 in block at restapp/example.pl line 24 in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 130
Died with the exception:
Cannot unbox a type object (Nil) to int.
in sub decode-payload-to-pairs at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/BodyParsers.pm6 (Cro::HTTP::BodyParsers) line 62
in method parse at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/BodyParsers.pm6 (Cro::HTTP::BodyParsers) line 50
in method body at /home/martin/.rakudobrew/moar-2018.08/install/share/perl6/site/sources/557D6C932894CB1ADE0F83C0596851F9212C2A67 (Cro::MessageWithBody) line 77
in sub request-body at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 716
in block at restapp/example.pl line 24
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 130
第二次是因为在此部分调用forbidden
:
class MyBasicAuth does Cro::HTTP::Auth::Basic[MyUser, "username"] {
method authenticate(Str $user, Str $pass --> Bool) {
say "authentication called";
my $success = $user eq 'admin' && $pass eq 'secret';
forbidden unless $success;
return $success;
} }
这导致了这种堆叠竞争:
authentication called
Can only use 'content' inside of a request handler
in sub set-status at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 846
in sub forbidden at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 823
in method authenticate at restapp/example.pl line 15
in method process-auth at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 26
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 11
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 8
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Internal.pm6 (Cro::HTTP::Internal) line 22
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/RequestParser.pm6 (Cro::HTTP::RequestParser) line 109
in block at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/RequestParser.pm6 (Cro::HTTP::RequestParser) line 90
in block at /home/martin/.rakudobrew/moar-2018.08/install/share/perl6/site/sources/F048BB66854D2463798A39CC2B01D4CC1532F957 (Cro::TCP) line 53
我想这个bug很快就会被修复!