[Catalyst-dev] RFC: make ActionClass less ugly or implement Secure attribute in base Action

Ido Rosen ido at cpan.org
Sat Oct 21 01:30:23 CEST 2006


This afternoon, I implemented a Catalyst::DispatchType::Secure, which  
filters actions and denies execution to actions with the Secure  
attribute that are being executed over an insecure connection (based  
on $c->req->secure).  mst "suggested" that this would be better  
implemented as an ActionClass.

A first look of the Secure DispatchType is available at http:// 
scsys.co.uk:8001/4608 ...though it is not ready for use.

While I agree that the ActionClass is an ideal venue for "filters"  
such as this (which would overload match(), for example), I can't  
quite bring myself to type "ActionClass('Secure')" rather than just  
"Secure" every time I want to ensure an action is only matched/ 
executed if the connection is being made over SSL.  It's just too ugly!

I have two recommendations to propose:

(1) The Secure attribute should be implemented in the same way as  
Args is, in the base Catalyst::Action::match function.  It should  
take as an argument the action to forward to upon failure to secure  
the connection, or no arguments if it should fail silently.  It  
should not actually rewrite the URL and redirect to an HTTPS server,  
but rather the action that it forwards to (in its argument) should do  
that, which can be implemented by the user.

(2) If you do not want to implement the Secure attribute in the core,  
I propose that ActionClasses be detected, in addition to ActionClass 
('SomeName'), as an attribute with just their name.  For example, if  
I created a really simple Secure ActionClass that just acted as a  
filter, shown below, I could make an Action be of this ActionClass by  
simple specifying: sub myaction : Global Secure { ... }, rather than  
having to type sub myaction : Global ActionClass('Secure') { ... }.

This would pose the potential for naming conflicts.  So, when such  
conflicts arise, I propose that the first ActionClass that matches  
the attribute be used.  When I say "first", I mean: "Recurse down the  
tree of Catalyst::DispatchType and Catalyst::Action inheritance, and  
prefer the DispatchTypes  before ActionClasses, and the first  
ActionClass closest to the base C::Action" when parsing the attributes.

Cheers,
Ido Rosen

A super-simplistic Secure ActionClass (untested):

   package Catalyst::Action::Secure;
   use base 'Catalyst::Action';

sub execute {
     my $self = shift;
     my ($controller, $c ) = @_;

     if ($c->request->secure) { # if secure, proceed without question.
       $self->NEXT::execute( @_ );
       return 1;
     } else { return 0; }
}



More information about the Catalyst-dev mailing list