mojoliciousでユーザー認証
LOGIN画面を追加
mmt.pm
Router認証処理を追加する。underで各処理の前に認証済みの確認処理を追加。認証を必要としない処理は元々のRouterを使う。
--- a/toolmmt/lib/Tool/mmt.pm +++ b/toolmmt/lib/Tool/mmt.pm @@ -16,15 +16,20 @@ sub startup { # Router my $r = $self->routes; $r->namespaces(['Tool::mmt::Controller']); + # ユーザー認証 + my $sr = $r->under->to('auth#check'); # Normal route to controller $r->get('/')->to('example#welcome'); - $r->get('/mmt/:_table/desc')->to('mmt#desc'); - $r->get('/mmt/:_table')->to(controller => $self->controller,action =>'mainform'); - $r->post('/mmt/:_table')->to(controller => $self->controller,action => 'registry'); - $r->get('/mmtx/:controller')->to(controller => $self->controller,action =>'mainform'); - $r->post('/mmtx/:controller')->to(controller => $self->controller,action => 'registry'); - $r->any('/mmtx/:controller')->to(controller => $self->controller,action => 'mainform'); - $r->any('/rwt/:controller')->to(controller => $self->controller,action => 'print_main'); + $sr->get('/logout')->to('auth#logout'); + $sr->any('/login')->to('auth#login'); + $sr->any('/mmt/login')->to('auth#login'); + $sr->get('/mmt/:_table/desc')->to('mmt#desc'); + $sr->get('/mmt/:_table')->to(controller => $self->controller,action =>'mainform'); + $sr->post('/mmt/:_table')->to(controller => $self->controller,action => 'registry'); + $sr->get('/mmtx/:controller')->to(controller => $self->controller,action =>'mainform'); + $sr->post('/mmtx/:controller')->to(controller => $self->controller,action => 'registry'); + $sr->any('/mmtx/:controller')->to(controller => $self->controller,action => 'mainform'); + $sr->any('/rwt/:controller')->to(controller => $self->controller,action => 'print_main'); $r->any('/api/:controller/:action')->to('example#welcom'); }
Auth.pm
認証処理は全てAuth.pmに押し込む。Routerのunderにて全ての処理の前にcheckを実行しsessionが確立していればreturn 1にて終了し、確立していない時はユーザー認証画面に繊維する。(ユーザー認証(userAuth)処理は未だ無い)
--- /dev/null +++ b/toolmmt/lib/Tool/mmt/Controller/Auth.pm @@ -0,0 +1,54 @@ +package Tool::mmt::Controller::Auth; +use Mojo::Base 'Tool::mmt::Controller::Mmt'; + +sub login { + my $s = shift; + $s->redirect_to($s->param('url')) if $s->param('url'); + $s->render( template => 'mmt/index'); +} +sub check { + my $s = shift; + # セッション確定済なら認証通貨 + if($s->session('session')){ + return 1; + } + #パスワードチェック + if($s->userAuth()){ + return 1; + } + $s->stash( 'url' => $s->req->url->to_abs ); + $s->render( template => 'auth/login'); + return undef; +} +sub userAuth{ + my $s = shift; + my $user = $s->param('user')||''; + my $pass = $s->param('passwd')||''; + if ($user eq '' or $pass eq '' or $user =~ /(admin|root)/i){ + $s->param('user','guest'); + $s->param('passwd','guest01'); + return undef; + } + my $sessionId = $s->randomStr(); + $s->session('session' => $sessionId); + return 1; +} +sub logout{ + my $s = shift; + # セッション削除 + $s->session(expires => 1); + $s->stash( 'url' => 'login' ); + $s->render( template => 'auth/login'); +} +sub randomStr{ + my $s = shift; + my %arg = (-length =>16, + -str => (join '',('A'..'Z','a'..'z','0'..'9')), + @_); + my @str = split //,$arg{'-str'}; + my $str = ""; + for(1 .. $arg{'-length'}){$str .= $str[int rand($#str+1)];} + return $str; +} + +1;
auth/login.html.ep
ログイン画面
--- /dev/null +++ b/toolmmt/templates/auth/login.html.ep @@ -0,0 +1,13 @@ +% layout 'defrwt'; +% title 'login' ; +<h2>Login</h2> + +%= form_for login => (method => 'post') => begin + <br>Name: + %= text_field 'user' + <br>password: + %= text_field 'passwd' + <br> + %= submit_button 'Login' + %= hidden_field url => $url +% end
default.html.ep
デフォルト画面にlogoutのリンクを追加
--- a/toolmmt/templates/layouts/default.html.ep +++ b/toolmmt/templates/layouts/default.html.ep @@ -50,6 +50,7 @@ <body> <input type=hidden name=_focus id=_focus value=<%= param('_focus') %>> <div class="main"> + <a href=/logout>logout</a> <%= content %> </div> <div class="sidebar">
mmt/index.html.ep
ログイン後のスタートページ
--- /dev/null +++ b/toolmmt/templates/mmt/index.html.ep @@ -0,0 +1,3 @@ +% layout 'default'; +% title "mmt - index " ; +<h1>INDEX</h1>