The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.

NAME

Catalyst::Plugin::RequestToken - Handling transaction token for Catalyst

SYNOPSIS

in your application class:

    use Catalyst qw/Session::FastMmap RequestToken FillForm/;
    
    sub input : Local {
        my ( $self, $c ) = @_;

        $c->stash->{template} = 'input.html';
        $c->forward('MyApp::V::TT');
    }

    sub confirm : Local {
        my ( $self, $c ) = @_;

        $c->create_token;
        $c->stash->{template} = 'confirm.html';
        $c->forward('MyApp::V::TT');
        $c->fillform;
    }

    sub complete : Local {
        my ( $self, $c ) = @_;

        if ($c->validate_token) {
            $c->res->output('Complete');
        } else {
            $c->res->output('Invalid Token');
        }
        $c->remove_token;
    }

root/input.html TT template:

    <html>
    <body>
    <form action="confirm" method="post">
    <input type="submit" name="submit" value="confirm"/>
    </form>
    </body>
    </html>

root/confirm.html TT template:

    <html>
    <body>
    <form action="complete" method="post">
    <input type="hidden" name="token"/>
    <input type="submit" name="submit" value="complete"/>
    </form>
    </body>
    </html>

or you can call prepare_token instead of a bunch of methods. And you don't have to write '<input type="hidden" name="token"... >' for token in your template.

    sub input : Local {
        my ( $self, $c ) = @_;

        $c->stash->{template} = 'input.html';
        $c->prepare_token;
    }

DESCRIPTION

This plugin create, remove and validate transaction token, to be used for enforcing a single request for some transaction, for exapmle, you can prevent duplicate submits.

Note: This plugin uses Data::UUID for creating transaction token for each request. Also this plugin requires a session plugin like Catalyst::Plugin::Session::FastMmap to store server side token.

EXTENDED METHODS

setup

You can configure name both of session and request. Default name is 'token'.

METHODS

prepare_token

automatically append token hidden tag to response body.

create_token

Create new token.

remove_token

Remove token from server side session.

validate_token

Validate token.

SEE ALSO

Catalyst, Data::UUID, Catalyst::Plugin::Session::FastMmap

AUTHOR

Hideo Kimura, <hide@hide-k.net>

COPYRIGHT AND LICENSE

Copyright (C) 2005 by Hideo Kimura

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.