Catalyst::Controller::RequestToken - Handling transaction token across forms
requires Catalyst::Plugin::Session module, in your application class:
use Catalyst qw/ Session Session::State::Cookie Session::Store::FastMmap FillForm /;
in your controller class:
use base qw(Catalyst::Controller::RequestToken); sub form :Local { my ($self, $c) = @_; $c->stash->{template} = 'form.tt'; $c->forward($c->view('TT')); } sub confirm :Local :CreateToken { my ($self, $c) = @_; $c->stash->{template} = 'confirm.tt'; $c->forward($c->view('TT')); } sub complete :Local :ValidateToken { my ($self, $c) = @_; if ($self->validate_token) { $c->response->body('complete.'); } eles { $c->response->body('invalid operation.'); } }
form.tt
<html> <body> <form action="confirm" method="post"> <input type="submit" name="submit" value="confirm"/> </form> </body> </html>
confirm.tt
<html> <body> <form action="complete" method="post"> <input type="hidden" name="_token" values="[% c.req.param('_token') %]"/> <input type="submit" name="submit" value="complete"/> </form> </body> </html>
This controller enables to enforcing a single transaction across multi forms. Using token, you can prevent duplicate submits, or protect from CSRF atack.
This module REQUIRES Catalyst::Plugin::Session to store server side token.
If you add CreateToken attribute to action, token will be created and stored into request and session. You can return a content with request token which should be posted to server.
If you add ValidateToken attribute, this will validate request token with sever-side session token, and remove token from session.
After ValidateToken, there is any token in session, so validation will be failed, if user request with expired token.
Return token is valid or not. This will work collectlly only after ValidateToken.
in your application class:
__PACKAGE__->config('Controller::RequestToken' => { session_name => '_token', request_name => '_token', });
Default: _token
Catalyst::Controller::RequestToken::Action::CreateToken Catalyst::Controller::RequestToken::Action::ValidateToken Catalyst Catalyst::Controller Catalyst::Plugin::Session Catalyst::Plugin::FormValidator::Simple
Hideo Kimura <<hide@hide-k.net>>
<<hide@hide-k.net>>
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
The full text of the license can be found in the LICENSE file included with this module.
To install Catalyst::Controller::RequestToken, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Catalyst::Controller::RequestToken
CPAN shell
perl -MCPAN -e shell install Catalyst::Controller::RequestToken
For more information on module installation, please visit the detailed CPAN module installation guide.