vibe.d beta banner
get vibe.d
0.7.30

Module vibe.web.auth

Authentication and authorization framework based on fine-grained roles.

Example

import vibe.http.router : URLRouter;
import vibe.web.web : noRoute, registerWebInterface;

static struct AuthInfo {
	string userName;

	bool isAdmin() { return this.userName == "tom"; }
	bool isRoomMember(int chat_room) {
		if (chat_room == 0)
			return this.userName == "macy" || this.userName == "peter";
		else if (chat_room == 1)
			return this.userName == "macy";
		else
			return false;
	}
	bool isPremiumUser() { return this.userName == "peter"; }
}

@requiresAuth
static class ChatWebService {
	@noRoute AuthInfo authenticate(scope HTTPServerRequest req, scope HTTPServerResponse res)
	{
		if (req.headers["AuthToken"] == "foobar")
			return AuthInfo(req.headers["AuthUser"]);
		throw new HTTPStatusException(HTTPStatus.unauthorized);
	}

	@noAuth
	void getLoginPage()
	{
		// code that can be executed for any client
	}

	@anyAuth
	void getOverview()
	{
		// code that can be executed by any registered user
	}

	@auth(Role.admin)
	void getAdminSection()
	{
		// code that may only be executed by adminitrators
	}

	@auth(Role.admin | Role.roomMember)
	void getChatroomHistory(int chat_room)
	{
		// code that may execute for administrators or for chat room members
	}

	@auth(Role.roomMember & Role.premiumUser)
	void getPremiumInformation(int chat_room)
	{
		// code that may only execute for users that are members of a room and have a premium subscription
	}
}

void registerService(URLRouter router)
{
	router.registerWebInterface(new ChatWebService);
}

Functions

NameDescription
anyAuth()Enforces only authentication.
auth(roles)Enforces authentication and authorization.
noAuth()Disables authentication checks.
requiresAuth()Enables authentication and authorization checks for an interface class.

Structs

NameDescription
NoAuthAttribute
RoleRepresents a required authorization role.
Authors

Sönke Ludwig

Copyright

© 2016 RejectedSoftware e.K.

License

Subject to the terms of the MIT license, as written in the included LICENSE.txt file.