NAME
Web::ACL - A helper for creating basic apikey/slug/IP based ACLs.
VERSION
Version 0.1.0
SYNOPSIS
use Web::ACL;
my $acl = Web::ACL->new(acl=>{
fooBar=>{
ip_auth => 1,
slug_auth => 0,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => [],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => [],
},
derp=>{
ip_auth => 1,
slug_auth => 1,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => ['10.0.10.0/24'],
},
derpderp=>{
ip_auth => 0,
slug_auth => 1,
require_ip => 0,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
});
my $results=$acl->check(
apikey=>'a_test',
ip=>'10.1.3.4',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['not_derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}METHODS
new
Initiates the object.
- acl :: The ACL hash to use.
- Default :: {
'undef' => {
ip_auth => 0,
path_auth => 0,
slug_auth => 0,
ua_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
ua_regex_allow => [],
ua_regex_deny => [],
paths_regex_allow => [],
paths_regex_deny => [],
},
'nonexistent' => {
ip_auth => 0,
path_auth => 0,
slug_auth => 0,
ua_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
ua_regex_allow => [],
ua_regex_deny => [],
paths_regex_allow => [],
paths_regex_deny => [],
},
}check
- apikey :: The API key to check for. If not specified it is set to 'undef'
and if none match, the it is set to 'nonexistent'.
- Default :: 'undef'
- slugs :: An array of slugs to check again. All must match. If undef or none
are specified, a value of 'undef' is added.
- Default :: ['undef']
- ip :: An IP to check for.
- Default :: undefACL HASH
The ACL hash is a hash of hashes. The keys for primary hash are API keys. The keys for the subhashes are as below.
Slugs should be though of a freeform text field for access check. Function name or whatever.
- ip_auth :: Use IP for authing. If false, the IP will not be checked.
- Default :: 0
- path_auth :; Use the path for authing. If false it won't be checked.
- Default :: 0
- slug_auth :; Use the slug for authing. If false it won't be checked.
- Default :: 0
- ua_auth :; Use the UA for authing. If false it won't be checked.
- Default :: 0
- require_ip :: Require a value for IP to be specified.
- Default :: 0
- require_path :: Require a value for path to be specified.
- Default :: 0
- require_slug :: Require a value for slug to be specified.
- Default :: 0
- require_slug :: Require a value for UA to be specified.
- Default :: 0
- final :: The return value for if none of the auth checks are denied.
- Default for 'undef'/'nonexistent' apikeys:: 0
- Default for other apikeys:: 1
- slugs :; Slugs that are allowed for access.
- Default :: []
- slugs_regex :: Regexps to check slug values against.
- Default :: []
- allow_subnets :: Allowed subnets for remote IPs. This is a array of CIDRs.
- Default :: []
- deny_subnets :: Denied subnets for remote IPs. This is a array of CIDRs.
- Default :: []
- paths_regex_allow :: Allowed paths.
- Default :: []
- paths_regex_deny :: Denied paths.
- Default :: []
- ua_regex_allow :: Allowed UAs.
- Default :: []
- ua_regex_deny :: Denied UAs.
- Default :: []There are two special ones for the ACL hash. Those are 'undef' and 'nonexistent' and they should not be used as API keys. These are for in the instances that the apikey for the checkis undef or if specified and does not exist 'nonexistent' is used.
By default they are as below.
{
'undef' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
'nonexistent' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
}ERROR CODES / FLAGS
1, ACLnotHash
'acl' as passed to new is not of the of the ref type 'HASH'.
2, ACLitemNotArray
The expected item is expected to be of the ref type ARRAY.
3, subnetError
Could not init sub_matcher.
4, ACLnotString
'acl' as passed to new is not of the of the ref type ''.
AUTHOR
Zane C. Bowers-Hadley, <vvelox at vvelox.net>
BUGS
Please report any bugs or feature requests to bug-web-acl at rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Web-ACL. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Web::ACLYou can also look for information at:
RT: CPAN's request tracker (report bugs here)
Search CPAN
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
This software is Copyright (c) 2024 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991