Menu
Search

Forums

Forum Index

Thread overview
VibeD - REST API and vibed.web.auth framework
Aug 06, 2017
holo
Aug 07, 2017
Bastiaan Veelo
Aug 07, 2017
holo
August 06, 2017
Gravatar of holoPosted by holoReply
holo
Gravatar of holo


Reply
Hello

I'm trying to use auth framework with REST api ( http://vibed.org/api/vibe.web.auth/ ).

Is it possible to use it with registerRestInterface? According to description under: http://vibed.org/api/vibe.web.auth/requiresAuth it should be available on both Web and REST.

Here is my example code and compilation errors bellow:

import vibe.d;
import vibe.web.auth;
import vibe.http.session;
import vibe.web.rest : registerRestInterface;
import vibe.web.web : noRoute;
import std.algorithm, std.array;


struct AuthInfo {
	string userName;
    bool premium;
    bool admin;

	@safe:
	bool isAdmin() { return this.admin; }
	bool isPremiumUser() { return this.premium; }
}


interface IfOAuthAPI
{
    void postLogin(ValidUsername login, ValidPassword password);
//    bool postTokenValidation(string token, string userName);
}

@path("/api")
@requiresAuth
class OAuthAPI : IfOAuthAPI
{


  @noRoute
  AuthInfo authenticate(scope HTTPServerRequest req, scope HTTPServerResponse res) @safe
	{
		if (!req.session || !req.session.isKeySet("auth"))
			throw new HTTPStatusException(HTTPStatus.forbidden, "Not authorized to perform this action!");

		return req.session.get!AuthInfo("auth");
  }

  this(MongoCollection coll)
  {
    collection = coll;
  }

  private:
    MongoCollection collection;

  public:
    @noAuth
    string postLogin(ValidUsername login, ValidPassword password)
    {
      logInfo("Recived data for" ~ login ~ "and" ~ password);

      Bson query = Bson(["username" : Bson(login)]);
      auto result = collection.find(query);

      foreach (i, doc; result)
        logInfo("Item %d: %s", i, doc.toJson().toString());

      logInfo("Sending respond");
      return "OK";

    }
}

And im getting such errors:

ms-frontpage ~master: building configuration "application"...
../../.dub/packages/vibe-d-0.7.31/vibe-d/source/vibe/http/server.d(286,33): Deprecation: alias diet.traits.FilterCallback is deprecated - Use SafeFilterCallback instead.
source/app.d(14,31): Error: cannot create instance of interface IfOAuthAPI
source/service/oauth.d(35,8): Error: @safe function 'oauth.OAuthAPI.authenticate' cannot call @system function 'vibe.http.session.Session.opCast'
source/service/oauth.d(35,44): Error: @safe function 'oauth.OAuthAPI.authenticate' cannot call @system function 'vibe.http.session.Session.isKeySet'
source/service/oauth.d(36,10): Error: @safe function 'oauth.OAuthAPI.authenticate' cannot call @system constructor 'vibe.http.common.HTTPStatusException.this'
source/service/oauth.d(38,34): Error: @safe function 'oauth.OAuthAPI.authenticate' cannot call @system function 'vibe.http.session.Session.get!(AuthInfo).get'
dmd failed with exit code 1.

Regards
holo
August 07, 2017
Gravatar of Bastiaan VeeloPosted by Bastiaan Veelo
in reply to holo		Reply
Bastiaan Veelo
Gravatar of Bastiaan Veelo
Posted in reply to holo


Reply
On Sunday, 6 August 2017 at 16:47:14 UTC, holo wrote:
> Hello
>
> I'm trying to use auth framework with REST api ( http://vibed.org/api/vibe.web.auth/ ).
>
> Is it possible to use it with registerRestInterface? According to description under: http://vibed.org/api/vibe.web.auth/requiresAuth it should be available on both Web and REST.
>
> Here is my example code and compilation errors bellow:
>

[snip]

>   AuthInfo authenticate(scope HTTPServerRequest req, scope HTTPServerResponse res) @safe

[snip]

>
> And im getting such errors:
>
> ms-frontpage ~master: building configuration "application"...
> ../../.dub/packages/vibe-d-0.7.31/vibe-d/source/vibe/http/server.d(286,33): Deprecation: alias diet.traits.FilterCallback is deprecated - Use SafeFilterCallback instead.
> source/app.d(14,31): Error: cannot create instance of interface IfOAuthAPI
> source/service/oauth.d(35,8): Error: @safe function 'oauth.OAuthAPI.authenticate' cannot call @system function 'vibe.http.session.Session.opCast'

[snip]

Are you aware what @safe does? If you remove it, it probably compiles.

From @safe functions you cannot call functions that are not marked @safe or @trusted [1].

Regards,
Bastiaan.

[1] https://dlang.org/spec/function.html#function-safety
August 07, 2017
Gravatar of holoPosted by holo
in reply to Bastiaan Veelo		Reply
holo
Gravatar of holo
Posted in reply to Bastiaan Veelo


Reply
Thank you for explanation.

It fix my problem with compilation. I was using https://github.com/rejectedsoftware/vibe.d/blob/master/examples/web-auth/source/app.d as example and there is @safe function. I try to compile it with newest (beta) version of vibe.d and it compiled too (so i suspect in newest version system function is marked as trusted/safe too or it is fixed some other way :)).

Regards
holo