NAME

WWW::Suffit::AuthDB - Suffit Authorization Database

SYNOPSIS

use WWW::Suffit::AuthDB;

my $authdb = WWW::Suffit::AuthDB->new(
        dsuri => "sqlite:///tmp/auth.db?sqlite_unicode=1"
    );

DESCRIPTION

Suffit Authorization Database

new

my $authdb = WWW::Suffit::AuthDB->new(
        dsuri => "sqlite:///tmp/auth.db?sqlite_unicode=1",
        file => "/tmp/authdb.json"
    );
die $authdb->error if $authdb->error;

Create new AuthDB object

access

$authdb->access(
    controller  => $self, # The Mojo controller object
    username    => $username,
) or die "Access denied!";

This method performs access control

$authdb->access(
    controller  => $self, # The Mojo controller object
    username    => "Bob",
    method      => "GET",
    base        => "https://www.example.com",
    path        => "/foo/bar",
    client_ip   => "192.168.0.123",
    headers     => {
        Accept      => "text/html,text/plain",
        Connection  => "keep-alive",
        Host        => "localhost:8695",
    },
) or die "Access denied!";

This method performs access control for outer requests

$authdb->access(
    controller  => $self, # The Mojo controller object
    username    => "Bob",
    routename   => "index", # or 'route'
    base        => "https://www.example.com",
    client_ip   => "192.168.0.123",
    headers     => {
        Accept      => "text/html,text/plain",
        Connection  => "keep-alive",
        Host        => "localhost:8695",
    },
) or die "Access denied!";

... or by routename

Examples:

<% if (has_access(path => url_for('settings')->to_string)) { %> ... <% } %>
<% if (has_access(route => 'settings') { %> ... <% } %>

authen

$authdb->authen("username", "password") or die $authdb->error;

Checks password by specified credential pair (username and password). This method returns the User object or false status of check

authz

$authdb->authz("username") or die $authdb->error;
$authdb->authz("username", 1) or die $authdb->error;

This method checks authorization status by specified username as first argument.

The second argument defines a scope. This argument can be false or true. false - determines the fact that internal authorization is being performed (on Suffit system); true - determines the fact that external authorization is being performed (on another sites)

The method returns the User object or false status of check

cache

Get cache instance

cached_group

my $group = $authdb->cached_group("manager");

This method returns data of specified groupname as WWW::Suffit::AuthDB::Group object

cached_realm

my $realm = $authdb->cached_realm("default");

This method returns data of specified realm name as WWW::Suffit::AuthDB::Realm object

cached_routes

my $routes = $authdb->cached_routes("http://localhost/");

Returns hash of routes by base URL

cached_user

my $user = $authdb->cached_user("alice");

This method returns data of specified username as WWW::Suffit::AuthDB::User object

clean

$authdb->clean;

Cleans state vars on the AuthDB object and returns it

dump

print $authdb->dump;

Returns JSON dump of loaded authentication database

export_data

Export data to JSON file

group

my $group = $authdb->group("manager");

This method returns data of specified groupname as WWW::Suffit::AuthDB::Group object

group_del

$authdb->group_del( "wheel" ) or die $authdb->error;

Delete group by groupname

group_enroll

$authdb->group_enroll(
        groupname => "wheel",
        username => "alice",
    ) or die $authdb->error;

Add user to group members

group_get

my %data = $authdb->group_get( "wheel" );
my @groups = $authdb->group_get;

This method returns group's data or returns all groups as array of hashes

group_members

my @members = $authdb->group_members( "wheel" );

This method returns group's members

group_pure_set

$authdb->group_pure_set(
        groupname => "wheel",
        description => "Admin group",
    ) or die $authdb->error;

This method adds new group or doing update data of existing group in pure mode

group_set

$authdb->group_set(
        groupname => "wheel",
        description => "Admin group",
    ) or die $authdb->error;

This method adds new group or doing update data of existing group

import_data

Import data from JSON file

load

$authdb->load("/tmp/authdb.json");
die $authdb->error if $authdb->error;

This method performs loading specified filename.

meta

$authdb->meta("my.key", "my value") or die $authdb->error;

Sets meta-value by key

my $val = $authdb->meta("my.key"); # my value
die $authdb->error if $authdb->error;

Gets meta-value by key

$authdb->meta("my.key", undef) or die $authdb->error;

Deletes meta-value by key

model

Get model instance

raise

return $authdb->raise("Error string");
return $authdb->raise("Error %s", "string");
return $authdb->raise(200 => "Error string");
return $authdb->raise(200 => "Error %s", "string");

Sets error string and returns false status. Also this method can performs sets the HTTP status code

realm

my $realm = $authdb->realm("default");

This method returns data of specified realm name as WWW::Suffit::AuthDB::Realm object

realm_del

$authdb->realm_del( "default" ) or die $authdb->error;

Delete realm by realmname

realm_get

my %data = $authdb->realm_get( "default" );
my @realms = $authdb->realm_get;

This method returns realm's data or returns all realms as array of hashes

realm_pure_set

$authdb->realm_pure_set(
        realmname => "default",
        realm => "Strict Zone",
        description => "Default realm",
    ) or die $authdb->error;

This method adds new realm or doing update data of existing realm in pure mode

realm_requirements

my @requirements = $authdb->realm_requirements( "default" );

This method returns list of realm's requirements

realm_routes

my @routes = $authdb->realm_routes( "default" );

This method returns list of realm's routes

realm_set

$authdb->realm_set(
        realmname => "default",
        realm => "Strict Zone",
        description => "Default realm",
    ) or die $authdb->error;

This method adds new realm or doing update data of existing realm

route_del

$authdb->route_del( "index" ) or die $authdb->error;

Delete route by routename

route_get

my %data = $authdb->route_get( "index" );
my @routes = $authdb->route_get;

This method returns route's data or returns all routes as array of hashes

route_pure_set

$authdb->route_pure_set(
        routename => "default",
        route => "Strict Zone",
        description => "Default route",
    ) or die $authdb->error;

This method adds new route or doing update data of existing route in pure mode

my @routes = $authdb->route_search( $text );

This method performs search route by name fragment

route_set

$authdb->route_set(
        routename => "default",
        route => "Strict Zone",
        description => "Default route",
    ) or die $authdb->error;

This method adds new route or doing update data of existing route

save

$authdb->load();
die $authdb->error if $authdb->error;

Performs flush database to file that was specified in constructor

$authdb->load("/tmp/new-authdb.json");
die $authdb->error if $authdb->error;

Performs flush database to file that specified directly

token_check

$authdb->token_check($username, $jti)
    or die "The token is revoked";

This method checks status of the token in database

token_del

$authdb->token_del($username, $jti)
    or die $authdb->error;

This method deletes token from database by username and token ID (jti)

token_get

my @tokens = $authdb->token_get();
my %data = $authdb->token_get( 123 );
my %issued = $authdb->token_get($username, $jti);

Returns the token's metadata by id or pair - username and jti By default (without specified arguments) this method returns list of all tokens

token_set

$authdb->token_set(
    type        => 'api',
    jti         => $jti,
    username    => $username,
    clientid    => 'qwertyuiqwertyui',
    iat         => time,
    exp         => time + 3600,
    address     => '127.0.0.1',
) or die($authdb->error);

Ads new token to database

$authdb->token_set(
    id          => 123,
    type        => 'api',
    jti         => $jti,
    username    => $username,
    clientid    => 'qwertyuiqwertyui',
    iat         => time,
    exp         => time + 3600,
    address     => '127.0.0.1',
) or die($authdb->error);

Performs modify token's data by id

user

my $user = $authdb->user("alice");

This method returns data of specified username as WWW::Suffit::AuthDB::User object

user_del

$authdb->user_del( "admin" ) or die $authdb->error;

Delete user by username

user_edit

$authdb->user_edit(
    username    => $username,
    comment     => $comment,
    email       => $email,
    name        => $name,
    role        => $role,
) or вшу($authdb->error);

Edit general user data

user_get

my %data = $authdb->user_get( "admin" );
my @users = $authdb->user_get;

This method returns user's data or returns all users as array of hashes

user_groups

my @groups = $authdb->user_groups( "admin" );

This method returns all groups of the user

user_passwd

$authdb->user_passwd(
        username => "admin",
        password => "password",
    ) or die $authdb->error;

This method sets password for user

user_pure_set

$authdb->user_pure_set(
        username => "admin",
        name => "Test User",
        # . . .
    ) or die $authdb->error;

This method adds new user or doing update data of existing user in pure mode

my @users = $authdb->user_search( $text );

This method performs search user by name fragment

user_set

$authdb->user_set(
        username => "admin",
        name => "Test User",
        # . . .
    ) or die $authdb->error;

This method adds new user or doing update data of existing user

user_setkeys

$authdb->user_setkeys(
        username => "admin",
        public_key => $public_key,
        private_key => $private_key,
    ) or die $authdb->error;

This method sets keys for user

user_tokens

my @tokens = $authdb->user_tokens( $username );

This method returns all tokens of specified user

EXAMPLE

Example of default authdb.json

See src/authdb.json

HISTORY

See Changes file

TO DO

See TODO file

SEE ALSO

WWW::Suffit, Mojolicious

AUTHOR

Serż Minus (Sergey Lepenkov) https://www.serzik.com <abalama@cpan.org>

COPYRIGHT

Copyright (C) 1998-2023 D&D Corporation. All Rights Reserved

LICENSE

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

See LICENSE file and https://dev.perl.org/licenses/