使用Dancer和Postgres的简单登录/授权系统 [英] A Simple Login/Authorization system using Dancer and Postgres

问题描述

作为Perl的新手，我正在努力寻找一种简单的方法来做到这一点。我在数据库中创建了一个非常简单的表：

As a newbie to Perl I'm struggling to find a simple way to do this. I've created a very simple table in my database:

CREATE TABLE users (
id SERIAL NOT NULL PRIMARY KEY, 
username TEXT NOT NULL, 
password TEXT NOT NULL);

到目前为止，我使用的是一个简单的登录系统，该系统具有在网上找到的带有硬编码的用户名和密码：

So far I used a simple login system that has a hard coded username and password that I found online:

package Example;
use Dancer ':syntax';

our $VERSION = '0.1';
set session => "Simple";

get '/' => sub {
    # template 'index',{},{layout => 0};
    template 'index';
};

before sub {
    if (! session('user') && request->path_info !~ m{^/login}) {
        var requested_path => request->path_info;
        request->path_info('/login');
    }
};

get '/login' => sub {
    # Display a login page; the original URL they requested is available as
    # vars->{requested_path}, so could be put in a hidden field in the form
    template 'login', { path => vars->{requested_path} }, {layout => 0};
};

post '/login' => sub {
    # Validate the username and password they supplied
    if (params->{user} eq 'user' && params->{pass} eq 'letmein') {
        session user => params->{user};
        redirect params->{path} || '/';
    } else {
        redirect printf 'login failed';
    }
};

get '/logout' => sub {
  session->destroy;
  redirect '/';
};

如何开始链接数据库，然后将用户输入的内容与数据库中的内容进行匹配？另外，什么时候实现密码的哈希处理？任何教程都将不胜感激-我一直在使用metacpan，但是它没有提供我所需要的详细信息！

How do I get started with linking the database and then matching what the user inputs with what's in the database? And also when do I implement the hashing of the passwords? Any tutorials will be greatly appreciated - I've been using metacpan but it's not providing as much detail as I need!

推荐答案

< a href = https://metacpan.org/pod/Dancer::Plugin::Auth::Extensible rel = nofollow noreferrer> Dancer :: Plugin :: Auth :: Extensible 为您处理了许多样板代码。您可以启动并运行一个简单的登录系统，而不必编写您自己的 / login 路由，如下所示。

安装 Dancer :: Plugin :: Database 和 Dancer :: Plugin :: Auth： ：Extensible :: Provider :: Database 并将其添加到 config.yml ：

session: "YAML"

plugins:
  Auth::Extensible:
    realms:
      users:
        provider: 'Database'
        disable_roles: 1

配置数据库连接

在 environments / development.yml 中配置数据库连接，以便为dev和prod设置不同的配置吸。这是MySQL的配置，连接凭据（数据库名称，主机，用户名和密码）存储在单独的选项文件 database.cfg 中：

Configure database connection

Configure your database connection in environments/development.yml so that you can have different configurations for dev and production. This is what the configuration looks like for MySQL, with the connection credentials (database name, host, username, and password) stored in a separate options file database.cfg:

plugins:
  Database:
    dsn: 'dbi:mysql:;mysql_read_default_file=/path/to/database.cfg'
    dbi_params:
      RaiseError: 1
      AutoCommit: 1

对于Postgres，您应该使用 。 pgpass 文件来存储您的连接凭据。确保该文件不可读。有关示例，请参见此Stack Overflow帖子。测试您的凭据文件在命令行上是否可以工作，并且您的网络服务器可以读取它。

For Postgres, you should use a .pgpass file to store your connection credentials. Make sure the file is not world readable. See this Stack Overflow post for an example. Test that your credentials file works on the command line and that your webserver can read it.

您现有的表似乎符合建议的模式，即使它没有， t，您可以在配置。

Your existing table appears to conform to the suggested schema in the docs, but even if it doesn't, you can adjust the table and column names in the configuration.

添加 require_login 关键字到您要保护的路由。尽管可以，但可以使用基本的登录表单自动生成 /登录路由： ：Auth :: Extensible＃Replacing-the-Default-login-and-login-denied-Routes rel = nofollow noreferrer>如果愿意，可以创建自己的。

Add the require_login keyword to a route you want to protect. A /login route will be generated automatically with a basic login form, although you can create your own if you like.

lib / MyApp.pm

package MyApp;
use Dancer ':syntax';

use Dancer::Plugin::Auth::Extensible;

our $VERSION = '0.1';

get '/' => require_login sub {
    template 'index';
};

true;

（是的，这确实是您必须编写的所有代码。我告诉您，它要照顾好很多样板。）

(Yes, that really is all the code you have to write. I told you it takes care of a lot of boilerplate.)

Crypt :: SaltedHash 用于自动对密码进行哈希处理。注意，永远不要在数据库中存储纯文本密码。将用户添加到数据库时，应生成密码的哈希值并存储该哈希值。

Crypt::SaltedHash is used to hash passwords automatically. Note that you should never store plaintext passwords in your database; when you add a user to your database, you should generate a hash of the password and store the hash.

请注意，在此示例中，角色被禁用。如果启用角色，则可以做其他漂亮的事情例如仅允许具有管理员角色的用户查看管理页面。

Note that roles are disabled in this example. If you enable roles, you can do other nifty things like only allow users with the admin role to view admin pages.

这篇关于使用Dancer和Postgres的简单登录/授权系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！