authorisation middleware

2 files changed, 51 insertions, 0 deletions

diff --git a/lib/Ultramarine/Middleware/Authorisation.pm b/lib/Ultramarine/Middleware/Authorisation.pm
new file mode 100644
index 0000000..0ddacf6
--- /dev/null
+++ b/lib/Ultramarine/Middleware/Authorisation.pm
@@ -0,0 +1,18 @@
+use v6.d.PREVIEW;
+use Cro::HTTP::Middleware;
+use Ultramarine::Middleware::Authentication;
+
+class Ultramarine::Middleware::Authorisation
+ does Cro::HTTP::Middleware::Conditional {
+    method process(Supply:D $request-stream) {
+        supply whenever $request-stream -> $request {
+            if ($request ~~ Ultramarine::Request::Authed) {
+                # here we could also add some access control
+                emit $request;
+            }
+            else {
+                emit Cro::HTTP::Response.new(:status<403>);
+            }
+        }
+    }
+}
diff --git a/t/tests/middleware/authorisation.t b/t/tests/middleware/authorisation.t
new file mode 100644
index 0000000..af652b3
--- /dev/null
+++ b/t/tests/middleware/authorisation.t
@@ -0,0 +1,33 @@
+use v6.d.PREVIEW;
+use Test;
+use Cro::HTTP::Response;
+use Ultramarine::Middleware::Authentication;
+use Ultramarine::Middleware::Authorisation;
+
+my $auth = Ultramarine::Middleware::Authorisation.new;
+
+sub test_auth($req,$expected,$message) {
+    my $supply = supply { emit $req };
+
+    react {
+        whenever $auth.process($supply) -> $result {
+            if ($expected) {
+                ok($result ~~ $req,$message);
+            }
+            else {
+                subtest {
+                    ok($result ~~ Cro::HTTP::Response,'should get a response');
+                    is($result.status,403,'with status 403');
+                }, $message;
+            }
+            done;
+        };
+    };
+}
+
+class TestReq { }
+
+test_auth(TestReq.new,0,'should fail without trait');
+test_auth(TestReq.new but Ultramarine::Request::Authed,1,'should pass with trait');
+
+done-testing;