Asynchronous I/O that doesn’t get in your way, written in D
Module vibe.web.auth
Authentication and authorization framework based on fine-grained roles.
Example
import vibe.http.router: URLRouter;
import vibe.web.web: noRoute, registerWebInterface;
static struct AuthInfo {
@safe:
string userName;
bool isAdmin() { return this.userName == "tom"; }
bool isRoomMember(int chat_room) {
if (chat_room == 0)
return this.userName == "macy" || this.userName == "peter";
else if (chat_room == 1)
return this.userName == "macy";
else
return false;
}
bool isPremiumUser() { return this.userName == "peter"; }
}
@requiresAuthstatic class ChatWebService {
@safe:
@noRoute AuthInfo authenticate(scope HTTPServerRequest req, scope HTTPServerResponse res)
{
if (req.headers["AuthToken"] == "foobar")
return AuthInfo(req.headers["AuthUser"]);
throw new HTTPStatusException(HTTPStatus.unauthorized);
}
@noAuthvoid getLoginPage()
{
// code that can be executed for any client
}
@anyAuthvoid getOverview()
{
// code that can be executed by any registered user
}
@auth(Role.admin)
void getAdminSection()
{
// code that may only be executed by adminitrators
}
@auth(Role.admin | Role.roomMember)
void getChatroomHistory(int chat_room)
{
// code that may execute for administrators or for chat room members
}
@auth(Role.roomMember & Role.premiumUser)
void getPremiumInformation(int chat_room)
{
// code that may only execute for users that are members of a room and have a premium subscription
}
}
void registerService(URLRouter router)
@safe {
router.registerWebInterface(new ChatWebService);
}
