NAME

Mojolicious::Plugin::PlugAuthLite - Add a minimal PlugAuth server to your Mojolicious application.

VERSION

version 0.38

SYNOPSIS

 use Mojolicious::Lite
 
 plugin 'plug_auth_lite', 
   auth => sub {
     my($user, $pass) = @_;
     if($user eq 'optimus' && $pass eq 'matrix')
     { return 1; }
     else
     { return 0; }
   },
   authz => sub {
     my($user, $action, $resource) = @_;
     if($user eq 'optimus && $action eq 'open' && $resource =~ m{^/matrix})
     { return 1 }
     else
     { return 0 }
   };

DESCRIPTION

This plugin provides a very minimal but customizable PlugAuth server which can be included with your Mojolicious application for Clustericious applications to authenticate against. If you do not need specialized plugins for LDAP or DBI, and if you do not need the user/group/resource management provided by a the full featured PlugAuth server then this plugin may be for you.

The script plugauthlite included with this distribution provides PlugAuth style authentication (but not authorization) using a simple Apache style password file.

CONFIGURATION

auth

Subroutine which checks the authentication of a user. It is passed two arguments, the username and the password. If they are authentic this call back should return 1. Otherwise it should return 0.

authz

Subroutine which checks the authorization of a user. It is passwd three arguments, the username, action (usually a verb) and resource (usually the path part of a URL). If the user is authorized for the action on that resource the call back should return 1. Otherwise it should return 0.

url

The prefix to prepend to the standard PlugAuth API routes. Usually the authentication route is /auth and the authorization route is /authz, but if the PlugAuth.conf client configuration is set to http://example.com/foo the client expects the authentication route to be /foo/auth and the authorization route to be /foo/authz. In this case you would set this configuration item to '/foo'.

realm

The realm to use for HTTP Basic authentication. The default is PlugAuthLite.

ROUTES

GET /auth

  • if username and password provided using BASIC authentication and are correct

    Return 200 ok

  • if username and password provided using BASIC authentication but are not correct

    Return 403 not ok

  • if username and password are not provided using BASIC authentication

    Return 401 please authenticate

GET /authz/user/#user/#action/(*resource)

  • if the given user (#user) is permitted to perform the given action (#action) on the given resource (*resource)

    Return 200 ok

  • otherwise

    return 403 not ok

METHODS

register

This method adds the routes to your application required to implement the PlugAuth API.

LIMITATIONS

This implementation of the PlugAuth protocol does not support these features provided by the full fledged PlugAuth server:

  • Groups

  • Management API for creating/removing/modifying users/groups/resources

  • Standard Clustericious routes like "/version" and "/status"

  • Clustericious configuration file (~/etc/PlugAuth.conf)

  • Support for PlugAuth plugins (PlugAuth::Plugin).

  • Probably many others.

SEE ALSO

plugauthlite, PlugAuth::Lite, PlugAuth

AUTHOR

Graham Ollis <plicease@cpan.org>

COPYRIGHT AND LICENSE

This software is copyright (c) 2013 by Graham Ollis.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.