Our note application currently does not authenticate the user. In Chapter 3, Get Interactive – Forms and Flow Control, you learned how to enforce authentication by setting up a security interceptor. With the use of the web framework, the routes are automatically created and there is no way to insert a security interceptor. You could split your application class into a class containing only the unsecured functionality and another class containing the secured functionality. It is possible to install a security interceptor between the calls to registerWebInterface()
. The drawback is that you now have two classes.
An elegant way to solve this problem would be to annotate all the handler functions, which require an authenticated user. This annotation should result in a call to a function that checks whether there is an authenticated user. The call must be done before the call to the handler function.
The vibe.d
framework provides you with a generic solution. The @before
attribute...