List Info

Thread: RFC: make ActionClass less ugly or implement Secure attribute in base Action
RFC: make ActionClass less ugly or implement Secure attribute in base Action
user name
 2006-10-20 11:09:49 
This afternoon, I implemented a Catalyst:ispatchT
ype::Secure, which filters actions and denies execution to
actions with the Secure attribute that are being executed
over an insecure connection (based on
$c->req->secure).  mst "suggested" that this
would be better implemented as an ActionClass.

A first look of the Secure DispatchType is available at http://scsys.co.uk:8001/
4608 ...though it is not ready for use.

While I agree that the ActionClass is an ideal venue for
"filters" such as this (which would overload
match(), for example), I can't quite bring myself to type
"ActionClass('Secure')" rather than just
"Secure" every time I want to ensure an action is
only matched/executed if the connection is being made over
SSL.  It's just too ugly!

I have two recommendations to propose:

(1) The Secure attribute should be implemented in the same
way as Args is, in the base Catalyst::Action::match
function.  It should take as an argument the action to
forward to upon failure to secure the connection, or no
arguments if it should fail silently.  It should not
actually rewrite the URL and redirect to an HTTPS server,
but rather the action that it forwards to (in its argument)
should do that, which can be implemented by the user.

(2) If you do not want to implement the Secure attribute in
the core, I propose that ActionClasses be detected, in
addition to ActionClass('SomeName'), as an attribute with
just their name.  For example, if I created a really simple
Secure ActionClass that just acted as a filter, shown below,
I could make an Action be of this ActionClass by simple
specifying: sub myaction : Global Secure { ... }, rather
than having to type sub myaction : Global
ActionClass('Secure') { ... }.

This would pose the potential for naming conflicts.  So,
when such conflicts arise, I propose that the first
ActionClass that matches the attribute be used.  When I say
"first", I mean: "Recurse down the tree of
Catalyst:ispatchT
ype and Catalyst::Action inheritance, and prefer the
DispatchTypes  before ActionClasses, and the first
ActionClass closest to the base C::Action" when parsing
the attributes.

Cheers,
Ido Rosen

A super-simplistic Secure ActionClass (untested):

  package Catalyst::Action::Secure;
  use base 'Catalyst::Action';

sub execute {
    my $self = shift;
    my ($controller, $c ) = _;

    if ($c->request->secure) { # if secure, proceed
without question.
      $self->NEXT::execute( _ );
      return 1;
    } else { return 0; }
}


_______________________________________________
Catalyst-dev mailing list
Catalyst-devlists.rawmode.org
http://lists.rawmode.org/mailman/listinfo/catalyst-dev
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )