mojoliciousでユーザー認証
LOGIN画面を追加
- パスワードを入力してもらう為にはセキュアな画面で
mmt.pm
Router認証処理を追加する。underで各処理の前に認証済みの確認処理を追加。認証を必要としない処理は元々のRouterを使う。
--- a/toolmmt/lib/Tool/mmt.pm
+++ b/toolmmt/lib/Tool/mmt.pm
@@ -16,15 +16,20 @@ sub startup {
# Router
my $r = $self->routes;
$r->namespaces(['Tool::mmt::Controller']);
+ # ユーザー認証
+ my $sr = $r->under->to('auth#check');
# Normal route to controller
$r->get('/')->to('example#welcome');
- $r->get('/mmt/:_table/desc')->to('mmt#desc');
- $r->get('/mmt/:_table')->to(controller => $self->controller,action =>'mainform');
- $r->post('/mmt/:_table')->to(controller => $self->controller,action => 'registry');
- $r->get('/mmtx/:controller')->to(controller => $self->controller,action =>'mainform');
- $r->post('/mmtx/:controller')->to(controller => $self->controller,action => 'registry');
- $r->any('/mmtx/:controller')->to(controller => $self->controller,action => 'mainform');
- $r->any('/rwt/:controller')->to(controller => $self->controller,action => 'print_main');
+ $sr->get('/logout')->to('auth#logout');
+ $sr->any('/login')->to('auth#login');
+ $sr->any('/mmt/login')->to('auth#login');
+ $sr->get('/mmt/:_table/desc')->to('mmt#desc');
+ $sr->get('/mmt/:_table')->to(controller => $self->controller,action =>'mainform');
+ $sr->post('/mmt/:_table')->to(controller => $self->controller,action => 'registry');
+ $sr->get('/mmtx/:controller')->to(controller => $self->controller,action =>'mainform');
+ $sr->post('/mmtx/:controller')->to(controller => $self->controller,action => 'registry');
+ $sr->any('/mmtx/:controller')->to(controller => $self->controller,action => 'mainform');
+ $sr->any('/rwt/:controller')->to(controller => $self->controller,action => 'print_main');
$r->any('/api/:controller/:action')->to('example#welcom');
}
Auth.pm
認証処理は全てAuth.pmに押し込む。Routerのunderにて全ての処理の前にcheckを実行しsessionが確立していればreturn 1にて終了し、確立していない時はユーザー認証画面に繊維する。(ユーザー認証(userAuth)処理は未だ無い)
--- /dev/null
+++ b/toolmmt/lib/Tool/mmt/Controller/Auth.pm
@@ -0,0 +1,54 @@
+package Tool::mmt::Controller::Auth;
+use Mojo::Base 'Tool::mmt::Controller::Mmt';
+
+sub login {
+ my $s = shift;
+ $s->redirect_to($s->param('url')) if $s->param('url');
+ $s->render( template => 'mmt/index');
+}
+sub check {
+ my $s = shift;
+ # セッション確定済なら認証通貨
+ if($s->session('session')){
+ return 1;
+ }
+ #パスワードチェック
+ if($s->userAuth()){
+ return 1;
+ }
+ $s->stash( 'url' => $s->req->url->to_abs );
+ $s->render( template => 'auth/login');
+ return undef;
+}
+sub userAuth{
+ my $s = shift;
+ my $user = $s->param('user')||'';
+ my $pass = $s->param('passwd')||'';
+ if ($user eq '' or $pass eq '' or $user =~ /(admin|root)/i){
+ $s->param('user','guest');
+ $s->param('passwd','guest01');
+ return undef;
+ }
+ my $sessionId = $s->randomStr();
+ $s->session('session' => $sessionId);
+ return 1;
+}
+sub logout{
+ my $s = shift;
+ # セッション削除
+ $s->session(expires => 1);
+ $s->stash( 'url' => 'login' );
+ $s->render( template => 'auth/login');
+}
+sub randomStr{
+ my $s = shift;
+ my %arg = (-length =>16,
+ -str => (join '',('A'..'Z','a'..'z','0'..'9')),
+ @_);
+ my @str = split //,$arg{'-str'};
+ my $str = "";
+ for(1 .. $arg{'-length'}){$str .= $str[int rand($#str+1)];}
+ return $str;
+}
+
+1;
auth/login.html.ep
ログイン画面
--- /dev/null +++ b/toolmmt/templates/auth/login.html.ep @@ -0,0 +1,13 @@ +% layout 'defrwt'; +% title 'login' ; +<h2>Login</h2> + +%= form_for login => (method => 'post') => begin + <br>Name: + %= text_field 'user' + <br>password: + %= text_field 'passwd' + <br> + %= submit_button 'Login' + %= hidden_field url => $url +% end
default.html.ep
デフォルト画面にlogoutのリンクを追加
--- a/toolmmt/templates/layouts/default.html.ep
+++ b/toolmmt/templates/layouts/default.html.ep
@@ -50,6 +50,7 @@
<body>
<input type=hidden name=_focus id=_focus value=<%= param('_focus') %>>
<div class="main">
+ <a href=/logout>logout</a>
<%= content %>
</div>
<div class="sidebar">
mmt/index.html.ep
ログイン後のスタートページ
--- /dev/null +++ b/toolmmt/templates/mmt/index.html.ep @@ -0,0 +1,3 @@ +% layout 'default'; +% title "mmt - index " ; +<h1>INDEX</h1>
- 無精・短気・傲慢