vibe.d beta banner
get vibe.d
0.10.0

Asynchronous I/O that doesn’t get in your way, written in D

Module vibe.web.auth

Authentication and authorization framework based on fine-grained roles.

Example

import vibe.http.router : URLRouter;
import vibe.web.web : noRoute, registerWebInterface;

static struct AuthInfo {
@safe:
	string userName;

	bool isAdmin() { return this.userName == "tom"; }
	bool isRoomMember(int chat_room) {
		if (chat_room == 0)
			return this.userName == "macy" || this.userName == "peter";
		else if (chat_room == 1)
			return this.userName == "macy";
		else
			return false;
	}
	bool isPremiumUser() { return this.userName == "peter"; }
}

@requiresAuth
static class ChatWebService {
@safe:
	@noRoute AuthInfo authenticate(scope HTTPServerRequest req, scope HTTPServerResponse res)
	{
		if (req.headers["AuthToken"] == "foobar")
			return AuthInfo(req.headers["AuthUser"]);
		throw new HTTPStatusException(HTTPStatus.unauthorized);
	}

	@noAuth
	void getLoginPage()
	{
		// code that can be executed for any client
	}

	@anyAuth
	void getOverview()
	{
		// code that can be executed by any registered user
	}

	@auth(Role.admin)
	void getAdminSection()
	{
		// code that may only be executed by adminitrators
	}

	@auth(Role.admin | Role.roomMember)
	void getChatroomHistory(int chat_room)
	{
		// code that may execute for administrators or for chat room members
	}

	@auth(Role.roomMember & Role.premiumUser)
	void getPremiumInformation(int chat_room)
	{
		// code that may only execute for users that are members of a room and have a premium subscription
	}
}

void registerService(URLRouter router)
@safe {
	router.registerWebInterface(new ChatWebService);
}

Functions

NameDescription
anyAuth() Enforces only authentication.
auth(roles) Enforces authentication and authorization.
noAuth() Disables authentication checks.
requiresAuth() Enables authentication and authorization checks for an interface class.

Structs

NameDescription
NoAuthAttribute
Role Represents a required authorization role.
Authors

Sönke Ludwig

Copyright

© 2016 Sönke Ludwig

License

Subject to the terms of the MIT license, as written in the included LICENSE.txt file.