[Catalyst] Authentication and architecture

[Jon Molin]

Hi list,

I just started testing Catalyst, TT and Class::DBI yesterday. I've only used
(Apache::)DBI, (Apache::)CGI and similar 'classic' modules prior when
working with perl, so this way of thinking is all new to me. I've got a site
I've been wanting to do for some time and figured I could use it to learn
about this stuff.

I figured it'd suit me best to put all the logic in the ::C:: modules and
only handle plain db stuff in the ::M:: classes. From looking at the
documentation (and the 'best practices') I figured Authentication::CDBI,
Authentication, Session, Session::State Session::Store where the modules I
wanted to help me out with it. My plan was to have /, /login and /register
accessible to all and let my ::C::Member module handle all sessions, account
creation/modifications and logins/logouts. Using thoose modules in Member
and let it have the subs needed; store_session_data etc. That doesn't seems
to work at all though, it seems as I must use all plugins in the 'main'
module and therefor also have the store_session... functions there as well?

I'm guessing I've figured it wrong so if someone can point me in the right
direction I'd be happy. What I have is basicly:

package MyApp;
use Catalyst qw/-Debug Authentication::CDBI Authentication Session
Session::State Session::Store Static::Simple/;
my $ok_paths = { '' => 1, 'user/login' => 1, 'user/register' => 1 };
# this I'd prefer to have in ::C::Member
__PACKAGE__->config->{authentication} = {
    'user_class'        => 'MyApp::Model::MyAppDB::Member',
    'user_field'        => 'uname',
    'password_field'    => 'passwd',
    'password_hash'     => '',
  };

# taken from documentation:
sub auto : Private {
    my ($self, $c) = @_;
    my $login_path = 'login';
    # allow people to actually reach the login page!
    if ($ok_paths->{$c->req->path}) {
        return 1;
    }
    if ( $c->req->user ) {
      $c->session->{'authed_user'} =
        MyApp::Module::MyAppDB::Member->retrieve(
                             'username' => $c->req->user
                             );
    }
    else {
     $c->res->redirect($c->req->base . $login_path);
    }
    return 1;
}

And in MyApp::C::Member I want to have get_session_data, store_session_data,
delete_session_data where I store the sessions via the M::MyAppDB::Session.

However, if I put the 'use Auth' and so on in ::C::Member won't it load and
I get "Can't locate object method "store_session_data"", and if I have the
use in the MyApp module I must have the session functions in there as well.

Can someone please point me in the right direction here? What is 'good
practice' in separating login/creating/modifying users, and how to avoid
filling the MyApp module with tons of logic and functions?

Thanks in advance

Jon

ps the example 'Hops' you link to from your first page doesn't work, I dunno
for how long it's been like that but I guess it'd be good to fix Hops or
temporarily remove the link as it confuses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.rawmode.org/pipermail/catalyst/attachments/20051219/a0c87083/attachment.htm