Nathan Cutler


App::MFILE::WWW::Dispatch - app dispatch stub




This is where we override the default version of the is_authorized method defined by Web::Machine::Resource.

This module is only used in standalone mode. In derived distribution mode, the application's dispatch module will be used, instead.



POST requests are assumed to be AJAX calls. Their entity bodies must be valid JSON with the following simple structure:

    { method: HTTP_METHOD, path: RESOURCE, body: BODY_JSON }

where HTTP_METHOD is any HTTP method accepted by the REST server, RESOURCE is a valid path to a REST server resource, and BODY_JSON is the content body to be sent in the HTTP request to the REST server. Provided the request is properly authorized and the body is well-formed, the request is forwarded to the REST server via the App::MFILE package's rest_req routine and the REST server's response is sent back to the user's browser, where it is processed by the JavaScript code.

In derived-distro mode, this structure is expected to be translated into a "real" HTTP request, to be forwarded via the LWP::UserAgent object stored in the session data. The status object received in the response is then passed back to the JavaScript side.

There is one special case: the POST request from the login dialog looks like this:

    { method: "LOGIN", path: "login", body: { nam: "foo", pwd: "bar" } }

Login requests receive special handling.


Called either from process_post on login AJAX requests originating from the JavaScript side (i.e. the login screen in login-dialog.js, via login.js), or directly from is_authorized if the MFILE_WWW_BYPASS_LOGIN_DIALOG mechanism is activated.

Returns a status object - OK means the login was successful; all other statuses mean unsuccessful.


Called from process_post to process logout requests (special AJAX requests) originating from the JavaScript side.