Basic Authentication in perl6 with Cro

此结构：

route {
before MyBasicAuth.new;
post -> LoggedInUser $user, 'api' {
...
}
}

取决于即将发布的Cro 0.8.0中新的before/after语义。在请求/写入时的当前Cro版本以及之前的版本中，route块中的before将仅适用于已经匹配的路由。然而，对于旨在影响将匹配的中间件来说，这已经太晚了。Cro 0.8.0之前的方法是在服务器级别安装中间件，或者这样做：

route {
before MyBasicAuth.new;
delegate <*> => route {
post -> LoggedInUser $user, 'api' {
...
}
}
}

这确保了在考虑任何路由匹配之前应用中间件。这就不那么好看了，因此即将发布的0.8.0中的更改(它还将引入具有原始before语义的before-matched(。

最后，forbidden without $success;在这里不起作用。forbidden子是Cro::HTTP::Router的一部分，用于路由处理程序，而中间件不与路由器绑定(因此您可以决定以不同的方式路由请求，例如，在不失去使用所有中间件的能力的情况下(。authenticate方法的约定是，它返回一个确定应该发生什么的真实值；这不是一个尝试强制使用不同响应代码的合适地方。

未能匹配像LoggedInUser这样的身份验证约束将产生401。要重写它，请在最外层的route块中添加一个after来映射它：

route {
before MyBasicAuth.new;
after { forbidden if response.status == 401; }
delegate <*> => route {
post -> LoggedInUser $user, 'api' {
...
}
}
}

目前cro发布版本中似乎有一个错误，该错误已经在github的上游修复。在#perl6 IRC频道的sena_kun的帮助下，我们确实使用了当前版本的cro-http:

$ git clone https://github.com/croservices/cro-http.git
$ perl6 -Icro-http/lib example.p6

然后使用curl，我终于看到了"被调用的身份验证"。我们发现了另外两个小错误：

第一个：当我调用curl -v -d '{"string":"hi"}' http://admin:secret@localhost:10000/api时，我忘记添加-H 'Content-Type: application/json'

authentication called An operation first awaited:   in sub request-body at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 716   in block  at restapp/example.pl line 24 in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 130
Died with the exception:
Cannot unbox a type object (Nil) to int.
in sub decode-payload-to-pairs at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/BodyParsers.pm6 (Cro::HTTP::BodyParsers) line 62
in method parse at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/BodyParsers.pm6 (Cro::HTTP::BodyParsers) line 50
in method body at /home/martin/.rakudobrew/moar-2018.08/install/share/perl6/site/sources/557D6C932894CB1ADE0F83C0596851F9212C2A67 (Cro::MessageWithBody) line 77
in sub request-body at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 716
in block  at restapp/example.pl line 24
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 130

第二次是因为在此部分调用forbidden：

class MyBasicAuth does Cro::HTTP::Auth::Basic[MyUser, "username"] {
method authenticate(Str $user, Str $pass --> Bool) {
say "authentication called";
my $success = $user eq 'admin' && $pass eq 'secret';
forbidden unless $success;
return $success;
} }

这导致了这种堆叠竞争：

authentication called
Can only use 'content' inside of a request handler
in sub set-status at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 846
in sub forbidden at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Router.pm6 (Cro::HTTP::Router) line 823
in method authenticate at restapp/example.pl line 15
in method process-auth at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 26
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 11
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Auth/Basic.pm6 (Cro::HTTP::Auth::Basic) line 8
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/Internal.pm6 (Cro::HTTP::Internal) line 22
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/RequestParser.pm6 (Cro::HTTP::RequestParser) line 109
in block  at /home/martin/.workspace/voteimproved/cro-http/lib/Cro/HTTP/RequestParser.pm6 (Cro::HTTP::RequestParser) line 90
in block  at /home/martin/.rakudobrew/moar-2018.08/install/share/perl6/site/sources/F048BB66854D2463798A39CC2B01D4CC1532F957 (Cro::TCP) line 53

我想这个bug很快就会被修复！