Dancer sessions and before hook

monktopher has asked for the wisdom of the Perl Monks concerning the following question:

Monks, I'm learning Perl Dancer and have been trying to get a simple login system working. I've gone over the example given in the Dancer::Cookbook and modified it slightly. I'm experiencing an issue that I hope you can help me with. Below is my code.


package pmtt;
use Dancer ':syntax';

our $VERSION = '0.1';

set session => 'YAML';



hook 'before' => sub {
    if (! session('user') && request->path_info !~ m{^/login}) {
        var requested_path => request->path_info;
        request->path_info('/login');
    }
};

get '/' => sub {
    
    template 'index';

};

get '/login' => sub {
    # Display a login page; the original URL they requested is availab
+le as
    # vars->{requested_path}, so could be put in a hidden field in the
+ form
    template 'login', { path => vars->{requested_path} };
};
 
post '/login' => sub {
    # Validate the username and password they supplied
    if (params->{username} eq 'monktopher' && params->{password} eq 'p
+assw0rd') {
        session user => params->{username};
        redirect params->{path} || '/';
    } else {
        redirect '/login?failed=1';
    }
};

any ['get','post'] => '/projects' => sub {
  
    return "Projects. Yay.";
    
};

any ['get','post'] => '/logout' => sub {
    
    session->destroy();
    redirect '/';
    
};



true;
[download]

The before hook is being run before all requests except that for /login and checks to see whether or not a user session exists. What I'd like to do is give non-users access to certain routes, much like what is being done for /login. I tried changing the regex to m{^/login|/} thinking that the session check would be bypassed when http://blahblah.com/ was requested. Before changing the regex, the login system would work as expected, I couldn't get to /project unless I already had a session. After changing the regex to include /, I can somehow access the /projects path, even before logging in.

Can anyone see what would be causing this issue? I've already spent a good 2 hours going over the Dancer documents in case I missed something, but haven't had any luck.

Thanks

Comment on Dancer sessions and before hook Download Code

Replies are listed 'Best First'.
Re: Dancer sessions and before hook by aaron_baugher (Curate) on Jul 28, 2012 at 03:57 UTC
This regex: `m{^/login\|/}` will match anything starting with `/login`, OR anything containing a forward slash. So it'll match all your routes, and the second half of your `if` condition will never be true, and your `before` hook will never redirect to `/login`. If you're trying to match either the `/login` page OR the home page, you'll need to anchor that part of the pattern, or compare strings directly instead of a regex: `m{^/login\|^/$}; # or if($route ne '/login' and $route ne '/'){` [download] Aaron B. Available for small or large Perl jobs; see my home node.	[reply] [d/l] [select]
Re^2: Dancer sessions and before hook by monktopher (Novice) on Jul 28, 2012 at 04:14 UTC
Aaron Thank you for your reply. That fixed the issue. I had to type out that if statement in English to fully understand what was going wrong:`If the user does not have a session AND they're trying to get to someplace other than /login or /, redirect them to /login.` Since my regex was matching anything starting with /, there was no other place where they could go, making the 2nd half fail like you said.	[reply]