NAME

App::MFILE::WWW::Dispatch - app dispatch stub

SYNOPSIS

TBD

DESCRIPTION

This is where we override the default version of the is_authorized method defined by Web::Machine::Resource.

This module is only used in standalone mode. In derived distribution mode, the application's dispatch module will be used, instead.

METHODS

is_authorized

Since all requests go through this function at a fairly early stage, we leverage it to validate the session.

process_post

POST requests are assumed to be AJAX calls. Their entity bodies must be valid JSON with the following simple structure:

    { method: HTTP_METHOD, path: RESOURCE, body: BODY_JSON }

where HTTP_METHOD is any HTTP method accepted by the REST server, RESOURCE is a valid path to a REST server resource, and BODY_JSON is the content body to be sent in the HTTP request to the REST server. Provided the request is properly authorized and the body is well-formed, the request is forwarded to the REST server via the App::MFILE package's rest_req routine and the REST server's response is sent back to the user's browser, where it is processed by the JavaScript code.

In derived-distro mode, this structure is expected to be translated into a "real" HTTP request, to be forwarded via the LWP::UserAgent object stored in the session data. The status object received in the response is then passed back to the JavaScript side.

There is one special case: the POST request from the login dialog looks like this:

    { method: "LOGIN", path: "login", body: { nam: 'nick', pwd: 'kcin" } }

Login requests receive special handling.

_is_fresh

Takes a single argument, which is assumed to be number of seconds since epoch when the session was last seen. This is compared to "now" and if the difference is greater than the MFILE_REST_SESSION_EXPIRATION_TIME site parameter, the return value is false, otherwise true.

init_session

Takes a session and an IP address. Initializes the session so it no longer contains any information that might tie it to the current user.