Hello!
I have built a simple authorization bridge. It simply tests that the user is already authenticated before delivering the requested route; if she is not logged in, then she is redirected to the login page. For example:
sub build {
my $self = shift;
my $r = $self->routes;
$r->add( '/' => {
to => sub { shift->authorize() },
bridge => 1
});
$r->add( '/home' => 'home' );
$r->add( [ GET => '/profile' ] => 'profile' );
$r->add( [ POST => '/profile' ] => 'update_profile' );
}
The authorization bridge is:
sub authorize {
my $self = shift;
if (!$self->user_logged_in) {
$self->info('Unauthorized request');
$self->status_error('Please identify yourself to fetch the desired resource');
$self->res->redirect_to( '/login', {}, 303 );
$self->res->rendered(1);
return 0;
}
return 1;
}
It returns false when the user is not logged in to prevent the next route to be processed, and it sets rendered to true to avoid returning the standard 401 error (see psgi in Kelp.pm).
Is this the normal way of doing authorization with Kelp?
What do you think about setting rendered() to true after a redirect() and a redirect_to()? Within a bridge, the usage I exemplified above becomes slightly simpler. Within a route, it would avoid an unnecessary call to render() within the psgi() method of Kelp.
Thank you and best regards,
Julio