++ed by:

1 non-PAUSE user.

Jan Henning Thorsen


Cookieville::Plugin::Authorize - Plugin for handling authorization


Cookieville::Plugin::Authorize is a plugin for just allowing some clients from doing read/write/update. The clients are identified by the X-Cookieville-Auth-Id HTTP header. These headers should be long to prevent brute force entry.


This "SYNOPSIS" explains how to enable this plugin in the Cookieville server.

Example MOJO_CONFIG file:

    access_rules => {
      "Some-Long-Auth-Id-12b34acf274" => {
        Artist => [qw( GET PATCH )],
        CD => [qw( GET PATCH PUT )],

The presense of "access_rules" in MOJO_CONFIG file will load this plugin with the given set of rules.

The rules above will allow a client with the X-Cookieville-Auth-Id header set to "Some-Long-Auth-Id-12b34acf274" to "GET" and "PATCH" data to the "Artist" source. The same client can also "GET", "PATCH" and "PUT" data to the "CD" source.

Any client can access "/".

Any client with a valid X-Cookieville-Auth-Id can access "/sources".

Any other request will result in HTTP status code "401" and an error message.

You can have as many X-Cookieville-Auth-Id keys under "access_rules" as you want.



This plugin will register a route with the name "cookieville_authorizer" in the main app. This route is then used for any request in the main app, except "/".


Jan Henning Thorsen - jhthorsen@cpan.org