[catagits/Catalyst-Runtime.git] / lib / Catalyst / Manual / Cookbook.pod

=head1 NAME

Catalyst::Manual::Cookbook - Cooking with Catalyst

=head1 DESCRIPTION

Yummy code like your mum used to bake!

=head1 RECIPES

=head2 Force debug screen

You can force Catalyst to display the debug screen at the end of the request by
placing a die() call in the _end action.

     sub end : Private {
         my ( $self, $c ) = @_;
         die "testing";
     }

If you're tired of removing and adding this all the time, you
can easily add a condition. for example:

  die "Testing" if $c->param->{dump_info};

=head2 Disable statistics

Just add this line to your application class if you don't want those nifty
statistics in your debug messages.

    sub Catalyst::Log::info { }

=head2 Scaffolding

Scaffolding is very simple with Catalyst.
Just use Catalyst::Model::CDBI::CRUD as baseclass.

    # lib/MyApp/Model/CDBI.pm
    package MyApp::Model::CDBI;

    use strict;
    use base 'Catalyst::Model::CDBI::CRUD';

    __PACKAGE__->config(
        dsn           => 'dbi:SQLite:/tmp/myapp.db',
        relationships => 1
    );

    1;

    # lib/MyApp.pm
    package MyApp;

    use Catalyst 'FormValidator';

    __PACKAGE__->config(
        name => 'My Application',
        root => '/home/joeuser/myapp/root'
    );

    sub my_table : Global {
        my ( $self, $c ) = @_;
        $c->form( optional => [ MyApp::Model::CDBI::Table->columns ] );
        $c->forward('MyApp::Model::CDBI::Table');
    }

    1;

Modify the $c->form() parameters to match your needs, and don't forget to copy
the templates. ;)

=head2 Single file upload with Catalyst

To implement uploads in Catalyst you need to have a HTML form similiar to
this:

    <form action="/upload" method="post" enctype="multipart/form-data">
      <input type="hidden" name="form_submit" value="yes">
      <input type="file" name="my_file">
      <input type="submit" value="Send">
    </form>

It's very important not to forget enctype="multipart/form-data" in form, 
if it's not there, uploads just don't work.

Catalyst Controller module 'upload' action:

    sub upload : Global {
        my ($self, $c) = @_;

        if ( $c->request->parameters->{form_submit} eq 'yes' ) {

            if ( my $upload = $c->request->upload('my_file') ) {
            
                my $filename = $upload->filename;
                my $target   = "/tmp/upload/$filename";
                
                unless ( $upload->link_to($target) || $upload->copy_to($target) ) {
                    die( "Failed to copy '$filename' to '$target': $!" );
                }
            }
        }
        
        $c->stash->{template} = 'file_upload.html';
    }

=head2 Multiple file upload with Catalyst

Code for uploading multiple files from one form needs little changes compared
to single file upload.

Form goes like this:

    <form action="/upload" method="post" enctype="multipart/form-data">
      <input type="hidden" name="form_submit" value="yes">
      <input type="file" name="file1" size="50"><br>
      <input type="file" name="file2" size="50"><br>
      <input type="file" name="file3" size="50"><br>
      <input type="submit" value="Send">
    </form>

Controller:

    sub upload : Local {
        my ($self, $c) = @_;

        if ( $c->request->parameters->{form_submit} eq 'yes' ) {

            for my $field ( $c->req->upload ) {

                my $filename = $upload->filename;
                my $target   = "/tmp/upload/$filename";
                
                unless ( $upload->link_to($target) || $upload->copy_to($target) ) {
                    die( "Failed to copy '$filename' to '$target': $!" );
                }
            }
        }

        $c->stash->{template} = 'file_upload.html';
    }

for my $field ($c->req->upload) loops automatically over all file input
fields and gets input names. After that is basic file saving code, just like in
single file upload.

Notice: die'ing might not be what you want to do, when error occurs, but
it works as an example. Better idea would be to store error $! in
$c->stash->{error} and show custom error template displaying this message.

For more information about uploads and usable methods look at
C<Catalyst::Request::Upload> and C<Catalyst::Request>.

=head2 Authentication with Catalyst::Plugin::Authentication::CDBI

There are (at least) two ways to implement authentication with this plugin:
1) only checking username and password
2) checking username, password and the roles the user has

For both variants you'll need the following code in your MyApp package:

    use Catalyst qw/Session::FastMmap Static Authentication::CDBI/;

    MyApp->config( authentication => { user_class => 'MyApp::M::MyApp::Users',
                                       user_field => 'email',
                                       password_field => 'password' });

'user_class' is a Class::DBI class for your users table.
'user_field' tells which field is used for username lookup (might be 
email, first name, surname etc).
'password_field' is, well, password field in your table and by default 
password is stored in plain text. Authentication::CDBI looks for 'user' 
and 'password' fields in table, if they're not defined in the config.

In PostgreSQL users table might be something like:

CREATE TABLE users (
  user_id   serial,
  name      varchar(100),
  surname   varchar(100),
  password  varchar(100),
  email     varchar(100),
  primary key(user_id)
);

We'll discuss the first variant for now:
1. user:password login / auth without roles

To log in a user you might use a action like this:

    sub 'login' : Local {
        my ($self, $c) = @_;
        if ($c->req->params->{username}) {
            $c->session_login($c->req->params->{username}, 
                              $c->req->params->{password} );
            if ($c->req->{user}) {
                $c->forward('?restricted_area');
            }
        }
    }

$c->req->params->{username} and $c->req->params->{password} are html 
form parameters from a login form. If login succeeds, then 
$c->req->{user} contains the username of the authenticated user.

If you want to remember the users login status inbetween further 
requests, then just use the $c->session_login method, Catalyst will 
create a session id, session cookie and automatically append session 
id to all urls. So all you have to do, is just check $c->req->{user} 
where needed.

To log out user, just call $c->session_logout.

Now lets take a look at the second variant:
2. user:password login / auth with roles

To use roles you need to add to MyApp->config in the 'authentication' 
section following parameters:

    role_class      => 'MyApp::M::MyApp::Roles',
    user_role_class => 'MyApp::M::MyApp::UserRoles',
    user_role_user_field => 'user_id',
    user_role_role_field => 'role_id',

Corresponding tables in PostgreSQL could look like this:

CREATE TABLE roles (
  role_id  serial,
  name     varchar(100),
  primary key(role_id)
);

CREATE TABLE user_roles (
  user_role_id  serial,
  user_id       int,
  role_id       int,
  primary key(user_role_id),
  foreign key(user_id) references users(user_id),
  foreign key(role_id) references roles(role_id)
);

The 'roles' table is a list of role names and the 'user_role' table is 
used for the user -> role lookup.

Now if a logged in user wants to see a location which is allowed only 
for people with 'admin' role then in you controller you can check it 
with:

    sub add : Local {
        my ($self, $c) = @_;
        if ($c->roles(qw/admin/)) {
            $c->req->output("Your account has the role 'admin.'");
        } else {
            $c->req->output("You're not allowed to be here");
        }
    }

One thing you might need is to forward non-authenticated users to login 
form, if they try to access restricted areas. If you want to do this 
controller-wide (if you have one controller for admin section) then it's 
best to add user check to '!begin' action:

    sub begin : Private {
        my ($self, $c) = @_;
        unless ($c->req->{user}) {
            $c->req->action(undef);  ## notice this!!
            $c->forward('?login');
        }
    }

Pay attention to $c->req->action(undef). This is needed, because of the 
way $c->forward works - forward to login gets called, but after that 
Catalyst executes anyway the action defined in the uri (eg. if you 
tried to watch /add, then first 'begin' forwards to 'login', but after
that anyway 'add' is executed). So $c->req->action(undef) undefines any 
actions that were to be called and forwards user where we want him/her 
to be.

And this is all you need to do, isn't Catalyst wonderful?


=head2 How to use Catalyst without mod_perl

Catalyst applications give optimum performance when run under mod_perl.
However sometimes mod_perl is not an option, and running under CGI is 
just too slow.  There's also an alternatives to mod_perl that gives
reasonable performance named FastCGI.

B<Using FastCGI>

To quote from L<http://www.fastcgi.com/>: "FastCGI is a language 
independent, scalable, extension to CGI that provides high performance 
without the limitations of specific server APIs."  Web server support 
is provided for Apache in the form of C<mod_fastcgi> and there is Perl
support in the C<FCGI> module.  To convert a CGI Catalyst application 
to FastCGI one needs to initialize an C<FCGI::Request> object and loop 
while the C<Accept> method returns zero.  The following code shows how 
it is done - and it also works as a normal, single-shot CGI script.

    #!/usr/bin/perl
    use strict;
    use FCGI;
    use MyApp;

    my $request = FCGI::Request();
    while ($request->Accept() >= 0) {
        MyApp->run;
    }

Any initialization code should be included outside the request-accept 
loop.

There is one little complication, which is that C<MyApp->run> outputs a
complete HTTP response including the status line (e.g.: 
"C<HTTP/1.1 200>").
FastCGI just wants a set of headers, so the sample code captures the 
output and  drops the first line if it is an HTTP status line (note: 
this may change).

The Apache C<mod_fastcgi> module is provided by a number of Linux 
distros and is straightforward to compile for most Unix-like systems.  
The module provides a FastCGI Process Manager, which manages FastCGI 
scripts.  You configure your script as a FastCGI script with the 
following Apache configuration directives:

    <Location /fcgi-bin>
       AddHandler fastcgi-script fcgi
    </Location>

or:

    <Location /fcgi-bin>
       SetHandler fastcgi-script
       Action fastcgi-script /path/to/fcgi-bin/fcgi-script
    </Location>

C<mod_fastcgi> provides a number of options for controlling the FastCGI
scripts spawned; it also allows scripts to be run to handle the
authentication, authorization and access check phases.

For more information see the FastCGI documentation, the C<FCGI> module 
and L<http://www.fastcgi.com/>.

=head1 AUTHOR

Sebastian Riedel, C<sri@oook.de>
Danijel Milicevic C<me@danijel.de>
Viljo Marrandi C<vilts@yahoo.com>
Marcus Ramberg C<mramberg@cpan.org>

=head1 COPYRIGHT

This program is free software, you can redistribute it and/or modify it
under the same terms as Perl itself.
Commit	Line	Data
fc7ec1d9	1	=head1 NAME
	2
	3	Catalyst::Manual::Cookbook - Cooking with Catalyst
	4
	5	=head1 DESCRIPTION
	6
aba94964	7	Yummy code like your mum used to bake!
fc7ec1d9	8
	9	=head1 RECIPES
	10
	11	=head2 Force debug screen
	12
	13	You can force Catalyst to display the debug screen at the end of the request by
	14	placing a die() call in the _end action.
	15
61b1e958	16	sub end : Private {
	17	my ( $self, $c ) = @_;
	18	die "testing";
	19	}
fc7ec1d9	20
aff93052	21	If you're tired of removing and adding this all the time, you
	22	can easily add a condition. for example:
	23
	24	die "Testing" if $c->param->{dump_info};
	25
fc7ec1d9	26	=head2 Disable statistics
	27
	28	Just add this line to your application class if you don't want those nifty
	29	statistics in your debug messages.
	30
	31	sub Catalyst::Log::info { }
	32
	33	=head2 Scaffolding
	34
	35	Scaffolding is very simple with Catalyst.
	36	Just use Catalyst::Model::CDBI::CRUD as baseclass.
	37
	38	# lib/MyApp/Model/CDBI.pm
	39	package MyApp::Model::CDBI;
	40
	41	use strict;
	42	use base 'Catalyst::Model::CDBI::CRUD';
	43
	44	__PACKAGE__->config(
	45	dsn => 'dbi:SQLite:/tmp/myapp.db',
	46	relationships => 1
	47	);
	48
	49	1;
	50
	51	# lib/MyApp.pm
	52	package MyApp;
	53
	54	use Catalyst 'FormValidator';
	55
	56	__PACKAGE__->config(
	57	name => 'My Application',
	58	root => '/home/joeuser/myapp/root'
	59	);
	60
61b1e958	61	sub my_table : Global {
	62	my ( $self, $c ) = @_;
	63	$c->form( optional => [ MyApp::Model::CDBI::Table->columns ] );
	64	$c->forward('MyApp::Model::CDBI::Table');
	65	}
fc7ec1d9	66
	67	1;
	68
	69	Modify the $c->form() parameters to match your needs, and don't forget to copy
	70	the templates. ;)
	71
5c0ff128	72	=head2 Single file upload with Catalyst
aba94964	73
	74	To implement uploads in Catalyst you need to have a HTML form similiar to
	75	this:
	76
	77	<form action="/upload" method="post" enctype="multipart/form-data">
	78	<input type="hidden" name="form_submit" value="yes">
	79	<input type="file" name="my_file">
	80	<input type="submit" value="Send">
	81	</form>
	82
	83	It's very important not to forget enctype="multipart/form-data" in form,
	84	if it's not there, uploads just don't work.
	85
	86	Catalyst Controller module 'upload' action:
	87
5c0ff128	88	sub upload : Global {
5c0ff128	89	my ($self, $c) = @_;
4d89569d	90
	91	if ( $c->request->parameters->{form_submit} eq 'yes' ) {
	92
	93	if ( my $upload = $c->request->upload('my_file') ) {
47ae6960	94
5c0ff128	95	my $filename = $upload->filename;
47ae6960	96	my $target = "/tmp/upload/$filename";
47ae6960	97
3ffaf022	98	unless ( $upload->link_to($target) \|\| $upload->copy_to($target) ) {
47ae6960	99	die( "Failed to copy '$filename' to '$target': $!" );
5c0ff128	100	}
5c0ff128	101	}
5c0ff128	102	}
4d89569d	103
5c0ff128	104	$c->stash->{template} = 'file_upload.html';
	105	}
	106
	107	=head2 Multiple file upload with Catalyst
	108
	109	Code for uploading multiple files from one form needs little changes compared
	110	to single file upload.
	111
	112	Form goes like this:
	113
	114	<form action="/upload" method="post" enctype="multipart/form-data">
	115	<input type="hidden" name="form_submit" value="yes">
	116	<input type="file" name="file1" size="50"><br>
	117	<input type="file" name="file2" size="50"><br>
	118	<input type="file" name="file3" size="50"><br>
	119	<input type="submit" value="Send">
	120	</form>
	121
	122	Controller:
	123
	124	sub upload : Local {
	125	my ($self, $c) = @_;
4d89569d	126
	127	if ( $c->request->parameters->{form_submit} eq 'yes' ) {
	128
	129	for my $field ( $c->req->upload ) {
	130
4d89569d	131	my $filename = $upload->filename;
47ae6960	132	my $target = "/tmp/upload/$filename";
47ae6960	133
3ffaf022	134	unless ( $upload->link_to($target) \|\| $upload->copy_to($target) ) {
47ae6960	135	die( "Failed to copy '$filename' to '$target': $!" );
aba94964	136	}
aba94964	137	}
61b1e958	138	}
4d89569d	139
5c0ff128	140	$c->stash->{template} = 'file_upload.html';
	141	}
	142
	143	for my $field ($c->req->upload) loops automatically over all file input
	144	fields and gets input names. After that is basic file saving code, just like in
	145	single file upload.
aba94964	146
5c0ff128	147	Notice: die'ing might not be what you want to do, when error occurs, but
	148	it works as an example. Better idea would be to store error $! in
	149	$c->stash->{error} and show custom error template displaying this message.
aba94964	150
5c0ff128	151	For more information about uploads and usable methods look at
5c0ff128	152	C<Catalyst::Request::Upload> and C<Catalyst::Request>.
aba94964	153
deb90705	154	=head2 Authentication with Catalyst::Plugin::Authentication::CDBI
	155
	156	There are (at least) two ways to implement authentication with this plugin:
	157	1) only checking username and password
	158	2) checking username, password and the roles the user has
	159
	160	For both variants you'll need the following code in your MyApp package:
	161
	162	use Catalyst qw/Session::FastMmap Static Authentication::CDBI/;
	163
	164	MyApp->config( authentication => { user_class => 'MyApp::M::MyApp::Users',
	165	user_field => 'email',
	166	password_field => 'password' });
	167
	168	'user_class' is a Class::DBI class for your users table.
	169	'user_field' tells which field is used for username lookup (might be
	170	email, first name, surname etc).
	171	'password_field' is, well, password field in your table and by default
	172	password is stored in plain text. Authentication::CDBI looks for 'user'
	173	and 'password' fields in table, if they're not defined in the config.
	174
	175	In PostgreSQL users table might be something like:
	176
	177	CREATE TABLE users (
	178	user_id serial,
	179	name varchar(100),
	180	surname varchar(100),
	181	password varchar(100),
	182	email varchar(100),
	183	primary key(user_id)
	184	);
	185
	186	We'll discuss the first variant for now:
	187	1. user:password login / auth without roles
	188
	189	To log in a user you might use a action like this:
	190
61b1e958	191	sub 'login' : Local {
deb90705	192	my ($self, $c) = @_;
	193	if ($c->req->params->{username}) {
	194	$c->session_login($c->req->params->{username},
61b1e958	195	$c->req->params->{password} );
deb90705	196	if ($c->req->{user}) {
	197	$c->forward('?restricted_area');
	198	}
	199	}
61b1e958	200	}
deb90705	201
deb90705	202	$c->req->params->{username} and $c->req->params->{password} are html
61b1e958	203	form parameters from a login form. If login succeeds, then
61b1e958	204	$c->req->{user} contains the username of the authenticated user.
deb90705	205
61b1e958	206	If you want to remember the users login status inbetween further
	207	requests, then just use the $c->session_login method, Catalyst will
	208	create a session id, session cookie and automatically append session
	209	id to all urls. So all you have to do, is just check $c->req->{user}
	210	where needed.
deb90705	211
	212	To log out user, just call $c->session_logout.
	213
	214	Now lets take a look at the second variant:
	215	2. user:password login / auth with roles
	216
	217	To use roles you need to add to MyApp->config in the 'authentication'
	218	section following parameters:
	219
	220	role_class => 'MyApp::M::MyApp::Roles',
	221	user_role_class => 'MyApp::M::MyApp::UserRoles',
	222	user_role_user_field => 'user_id',
	223	user_role_role_field => 'role_id',
	224
	225	Corresponding tables in PostgreSQL could look like this:
	226
	227	CREATE TABLE roles (
	228	role_id serial,
	229	name varchar(100),
	230	primary key(role_id)
	231	);
	232
	233	CREATE TABLE user_roles (
	234	user_role_id serial,
	235	user_id int,
	236	role_id int,
	237	primary key(user_role_id),
	238	foreign key(user_id) references users(user_id),
	239	foreign key(role_id) references roles(role_id)
	240	);
	241
61b1e958	242	The 'roles' table is a list of role names and the 'user_role' table is
61b1e958	243	used for the user -> role lookup.
deb90705	244
61b1e958	245	Now if a logged in user wants to see a location which is allowed only
	246	for people with 'admin' role then in you controller you can check it
	247	with:
deb90705	248
61b1e958	249	sub add : Local {
deb90705	250	my ($self, $c) = @_;
	251	if ($c->roles(qw/admin/)) {
	252	$c->req->output("Your account has the role 'admin.'");
	253	} else {
	254	$c->req->output("You're not allowed to be here");
	255	}
61b1e958	256	}
deb90705	257
	258	One thing you might need is to forward non-authenticated users to login
	259	form, if they try to access restricted areas. If you want to do this
	260	controller-wide (if you have one controller for admin section) then it's
	261	best to add user check to '!begin' action:
	262
61b1e958	263	sub begin : Private {
deb90705	264	my ($self, $c) = @_;
	265	unless ($c->req->{user}) {
	266	$c->req->action(undef); ## notice this!!
	267	$c->forward('?login');
	268	}
61b1e958	269	}
deb90705	270
	271	Pay attention to $c->req->action(undef). This is needed, because of the
	272	way $c->forward works - forward to login gets called, but after that
61b1e958	273	Catalyst executes anyway the action defined in the uri (eg. if you
	274	tried to watch /add, then first 'begin' forwards to 'login', but after
	275	that anyway 'add' is executed). So $c->req->action(undef) undefines any
deb90705	276	actions that were to be called and forwards user where we want him/her
	277	to be.
	278
	279	And this is all you need to do, isn't Catalyst wonderful?
	280
145074c2	281
	282	=head2 How to use Catalyst without mod_perl
	283
	284	Catalyst applications give optimum performance when run under mod_perl.
61b1e958	285	However sometimes mod_perl is not an option, and running under CGI is
dec2a2a9	286	just too slow. There's also an alternatives to mod_perl that gives
dec2a2a9	287	reasonable performance named FastCGI.
145074c2	288
	289	B<Using FastCGI>
	290
61b1e958	291	To quote from L<http://www.fastcgi.com/>: "FastCGI is a language
	292	independent, scalable, extension to CGI that provides high performance
	293	without the limitations of specific server APIs." Web server support
	294	is provided for Apache in the form of C<mod_fastcgi> and there is Perl
	295	support in the C<FCGI> module. To convert a CGI Catalyst application
	296	to FastCGI one needs to initialize an C<FCGI::Request> object and loop
	297	while the C<Accept> method returns zero. The following code shows how
	298	it is done - and it also works as a normal, single-shot CGI script.
145074c2	299
	300	#!/usr/bin/perl
	301	use strict;
	302	use FCGI;
	303	use MyApp;
	304
	305	my $request = FCGI::Request();
	306	while ($request->Accept() >= 0) {
1c61c726	307	MyApp->run;
145074c2	308	}
145074c2	309
61b1e958	310	Any initialization code should be included outside the request-accept
61b1e958	311	loop.
145074c2	312
145074c2	313	There is one little complication, which is that C<MyApp->run> outputs a
61b1e958	314	complete HTTP response including the status line (e.g.:
	315	"C<HTTP/1.1 200>").
	316	FastCGI just wants a set of headers, so the sample code captures the
	317	output and drops the first line if it is an HTTP status line (note:
	318	this may change).
	319
	320	The Apache C<mod_fastcgi> module is provided by a number of Linux
	321	distros and is straightforward to compile for most Unix-like systems.
	322	The module provides a FastCGI Process Manager, which manages FastCGI
	323	scripts. You configure your script as a FastCGI script with the
	324	following Apache configuration directives:
145074c2	325
	326	<Location /fcgi-bin>
	327	AddHandler fastcgi-script fcgi
	328	</Location>
	329
	330	or:
	331
	332	<Location /fcgi-bin>
	333	SetHandler fastcgi-script
	334	Action fastcgi-script /path/to/fcgi-bin/fcgi-script
	335	</Location>
	336
	337	C<mod_fastcgi> provides a number of options for controlling the FastCGI
	338	scripts spawned; it also allows scripts to be run to handle the
	339	authentication, authorization and access check phases.
	340
61b1e958	341	For more information see the FastCGI documentation, the C<FCGI> module
61b1e958	342	and L<http://www.fastcgi.com/>.
145074c2	343
fc7ec1d9	344	=head1 AUTHOR
	345
	346	Sebastian Riedel, C<sri@oook.de>
deb90705	347	Danijel Milicevic C<me@danijel.de>
deb90705	348	Viljo Marrandi C<vilts@yahoo.com>
61b1e958	349	Marcus Ramberg C<mramberg@cpan.org>
fc7ec1d9	350
	351	=head1 COPYRIGHT
	352
61b1e958	353	This program is free software, you can redistribute it and/or modify it
61b1e958	354	under the same terms as Perl itself.