Plack::Middleware::Auth::Bitcard - Bitcard authentication for Plack, which I suppose is what you might have guessed from the name
use strict; use warnings; use Authen::Bitcard; use Plack::Builder; my $app = sub { my $env = shift; my $username = $env->{BITCARD}{username}; ...; }; my $bc = "Authen::Bitcard"->new; $bc->token("12345678"); $bc->api_secret("1234567890ABCDEF"); builder { enable "Auth::Bitcard", bitcard => $bc; $app; };
This module provides Plack middleware for Bitcard authentication.
What is Bitcard? It's a trusted third-party authentication system. Like OpenID but centralised, somewhat outdated, and pretty obscure.
So why use it? You probably shouldn't. An exception would be if you need login functionality for a website that is aimed at Perl developers. This is because Bitcard is already used as login for rt.cpan.org and cpanratings.perl.org, so many Perl developers already have a login set up.
rt.cpan.org
cpanratings.perl.org
The example in the SYNOPSIS section shows how easy it is to add Bitcard authentication to an existing PSGI app.
You'll need a Bitcard token and API secret for your website - to get these, sign into http://www.bitcard.org/, go to your account settings, click on "My Sites", then add a new site. You will need to tell it your site's name, and a URL. This URL should be the "base" URL for your PSGI app with /_bitcard_boomerang added to the end. For example, if you are serving http://bugs.example.com/ using Plack, then the URL you want is http://bugs.example.com/_bitcard_boomerang. Once you've entered that information, the bitcard.org site will issue you with a token and API secret.
/_bitcard_boomerang
http://bugs.example.com/
http://bugs.example.com/_bitcard_boomerang
With this simple setup, all requests to your site will be protected by Bitcard authentication. When somebody first hits your site, they'll be instantly redirected to bitcard.org to login.
Once they've logged in, their Bitcard details, including their username will be in $env->{BITCARD}.
$env->{BITCARD}
You may want to specify that certain parts of your site do not require a login; or perhaps visitors from certain IP addresses do not need to login; or whatever.
This module accepts a coderef which can check these sorts of criteria:
builder { enable "Auth::Bitcard", bitcard => $bc, skip_if => sub { my $env = shift; ... }; $app; };
If the coderef returns true, then Bitcard authentication will be skipped for the given request.
Perhaps you don't always need people to login to your site. Maybe you are happy for them to browse a public version of your site, and they only need to login if they want to access the super-awesome features.
In this case, you can provide an on_unauth action:
on_unauth
builder { enable "Auth::Bitcard", bitcard => $bc, on_unauth => sub { my $env = shift; ... }; $app; };
on_unauth is a PSGI app in its own right, and is expected to return a PSGI-style arrayref.
You can obtain login/logout URLs using the following:
my $login_url = $env->{BITCARD_URL}->(login_url => $env); my $logout_url = $env->{BITCARD_URL}->(logout_url => $env);
There are also URLs for the user's account settings page, and to register for a new bitcard account.
my $account_url = $env->{BITCARD_URL}->(account_url => $env); my $register_url = $env->{BITCARD_URL}->(register_url => $env);
When logged in people return to your site, they will arrive back at your site's base URL. If you wish to send them elsewhere, set a cookie containing the full URL you wish them to return to:
my $res = "Plack::Response"->new; $res->cookies->{bitcard_return_to} = "http://example.com/goodbye"; $res->redirect($env->{BITCARD_URL}->(logout_url => $env)); return $res->finalize;
Please report any bugs to http://rt.cpan.org/Dist/Display.html?Queue=Plack-Middleware-Auth-Bitcard.
Authen::Bitcard.
Toby Inkster <tobyink@cpan.org>.
This software is copyright (c) 2013 by Toby Inkster.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
To install Plack::Middleware::Auth::Bitcard, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Plack::Middleware::Auth::Bitcard
CPAN shell
perl -MCPAN -e shell install Plack::Middleware::Auth::Bitcard
For more information on module installation, please visit the detailed CPAN module installation guide.