#!/usr/bin/env perl
#server.pl
use strict;
use warnings;
use Mojolicious::Lite;
plugin 'ClientIP';
plugin 'basic_auth_plus';
# sample data for authentication
my %accepted_IPs = ( '10.0.0.3' => 1 );
my %users = ( usr1 => 'pwd1', usr2 => 'pwd2' );
# sample data to send back to client
my $text_a = 'Né più mai toccherò le sacre sponde';
my $text_b = 'ove il mio corpo fanciulletto giacque,';
# I expect all non specified routes to answer 404, right?
sub checkUserPW {
my $self = shift;
my ($href, $auth_ok) = $self->basic_auth(
realm => sub {
if ( exists $users{$_[0]} and $users{$_[0]} eq $_[1]){
return 1;
}
return 0;
});
}
sub checkIP {
my $c = shift;
my $remote_IP = $c->client_ip;
if (exists $accepted_IPs{$remote_IP}) {
return 1;
}
return 0;
}
sub checkCreds {
my $c = shift;
return 1 if ( checkIP($c) && checkUserPW($c) );
return 0;
}
under sub {
my $c = shift;
return 1 if checkCreds($c);
$c->render(status => 401, text => 'not ok');
return undef;
};
get 'get_first' => sub {
my $c = shift;
return $c->render(text => $text_a);
};
get 'get_second' => sub {
my $c = shift;
return $c->render(text => $text_b);
};
app->start;
./client.pl
FIRST REQUEST
[2020-06-16 22:30:43.75375] [7657] [debug] [siQnjFJG] GET "/get_first"
[2020-06-16 22:30:43.75403] [7657] [debug] [siQnjFJG] Routing to a cal
+lback
[2020-06-16 22:30:43.75436] [7657] [debug] [siQnjFJG] Routing to a cal
+lback
[2020-06-16 22:30:43.75466] [7657] [debug] [siQnjFJG] 200 OK (0.000877
+s, 1140.251/s)
HTTP/1.1 200 OK
Date: Wed, 17 Jun 2020 03:30:43 GMT
Server: Mojolicious (Perl)
Content-Length: 38
Content-Type: text/html;charset=UTF-8
Client-Date: Wed, 17 Jun 2020 03:30:43 GMT
Client-Peer: 10.0.0.3:3000
Client-Response-Num: 1
Né più mai toccherò le sacre sponde
SECOND REQUEST
[2020-06-16 22:30:46.76167] [7657] [debug] [rq4czVSf] GET "/get_second
+"
[2020-06-16 22:30:46.76195] [7657] [debug] [rq4czVSf] Routing to a cal
+lback
[2020-06-16 22:30:46.76231] [7657] [debug] [rq4czVSf] 401 Unauthorized
+ (0.000614s, 1628.664/s)
HTTP/1.1 401 Unauthorized
Date: Wed, 17 Jun 2020 03:30:46 GMT
Server: Mojolicious (Perl)
WWW-Authenticate: Basic realm="realm"
Content-Length: 6
Content-Type: text/html;charset=UTF-8
Client-Date: Wed, 17 Jun 2020 03:30:46 GMT
Client-Peer: 10.0.0.3:3000
Client-Response-Num: 1
not ok
ATTENTION: next should fail..
[2020-06-16 22:30:49.77717] [7657] [debug] [DknpCqhV] GET "/get_second
+"
[2020-06-16 22:30:49.77744] [7657] [debug] [DknpCqhV] Routing to a cal
+lback
[2020-06-16 22:30:49.77780] [7657] [debug] [DknpCqhV] 401 Unauthorized
+ (0.000613s, 1631.321/s)
HTTP/1.1 401 Unauthorized
Date: Wed, 17 Jun 2020 03:30:49 GMT
Server: Mojolicious (Perl)
WWW-Authenticate: Basic realm="realm"
Content-Length: 6
Content-Type: text/html;charset=UTF-8
Client-Date: Wed, 17 Jun 2020 03:30:49 GMT
Client-Peer: 10.0.0.3:3000
Client-Response-Num: 1
not ok
I tested with morbo server.pl. A small prod deployment server.pl daemon -m production -l http://ip:port. The string MfmL-Zeg is per HTTP request I believe. So you can track through a complicated HTTP session that spawns a bunch of requests.