# Web-ACL
A helper for creating basic apikey/slug/IP based ACLs.
Slugs should be though of as a freeform field for use function names
or the like.
```perl
use Web::ACL;
my $acl = Web::ACL->new(acl=>{
fooBar=>{
ip_auth => 1,
slug_auth => 0,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => [],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => [],
},
derp=>{
ip_auth => 1,
slug_auth => 1,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => ['192.168.0.0/16','127.0.0.1/32'],
deny_subnets => ['10.0.10.0/24'],
},
derpderp=>{
ip_auth => 0,
slug_auth => 1,
require_ip => 1,
require_slug => 0,
final => 1,
slugs => ['derp'],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
});
my $results=$acl->check(
apikey=>'a_test',
ip=>'10.1.3.4',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'fooBar',
ip=>'192.168.1.2',
slugs=>['test2'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
my $results=$acl->check(
apikey=>'derpderp',
ip=>'192.168.1.2',
slugs=>['not_derp'],
);
if ($results) {
print "Authed\n";
}else{
print "Not Authed\n";
}
```
## ACL HASH
The ACL hash is a hash of hashes. The keys for primary hash are API
keys. The keys for the subhashes are as below.
Slugs should be though of a freeform text field for access
check. Function name or whatever.
```
- ip_auth :: Use IP for authing. If false, the IP will not be checked.
- Default :: 0
- slug_auth :; Use the slug for authing. If false it won't be checked.
- Default :: 0
- require_ip :: Require a value for IP to be specified.
- Default :: 0
- require_slug :: Require a value for slug to be specified.
- Default :: 0
- final :: The return value for if none of the auth checks are denied.
- Default for 'undef'/'nonexistent' apikeys:: 0
- Default for other apikeys:: 1
- slugs :; Slugs that are allowed for access.
- Default :: []
- slugs_regex :: Regexps to check slug values against.
- Default :: []
- allow_subnets :: Allowed subnets for remote IPs. This is a array of CIDRs.
- Default :: []
- deny_subnets :: Denied subnets for remote IPs. This is a array of CIDRs.
- Default :: []
```
There are two special ones for the ACL hash. Those are `undef` and
`nonexistent` and they should not be used as API keys. These are for
in the instances that the apikey for the checkis undef or if specified
and does not exist `nonexistent` is used.
By default they are as below.
```perl
{
'undef' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
'nonexistent' => {
ip_auth => 0,
slug_auth => 0,
require_ip => 0,
require_slug => 0,
final => 0,
slugs => [],
slugs_regex => [],
allow_subnets => [],
deny_subnets => [],
},
}
```