using afIoc::Injectusing afIocConfig::Configusing afBedSheet** BedSheet middleware that invokes the Guards.** ** 'SleepSafeMiddleware' is contributed with the following:** ** pre>** syntax: fantom** ** @Contribute { serviceType=MiddlewarePipeline# }** Void contributeMiddleware(Configuration config, SleepSafeMiddleware middleware) {** config.set("afSleepSafe.guards", middleware).after("afBedSheet.assets").before("afBedSheet.routes")** }** <pre** ** Assets are not purposely not protected to prevent HTTP sessions being loaded (potentially from a database) on *every* ** request. Override Middleware ordering to change this behaviour.**constclass SleepSafeMiddleware : Middleware { @Inject privateconst Log log @Inject privateconst HttpRequest req @Inject privateconst HttpResponse res @Inject privateconst ResponseProcessors resPros @Config privateconst Int rejectedStatusCode** The Guards used to protect / reject each HTTP request.const Guard[] guards @NoDocnew make(Type:Guard guards, |This| f){ f(this)// note: we can inject just "Guard[]" when we upgrade to afIoc 3.0.8 this.guards = guards.vals} @NoDocoverride Void service(MiddlewarePipeline pipeline){if(shouldGuardRequest(req)){ denied := guards.eachWhile {it.guard(req, res)}if(denied != null)return rejectSuspectedAttack(denied)} pipeline.service}** Override hook to optionally exempt HTTP requests from being guarded by SleepSafe.** Sometimes you want to exclude URLs from being processed, this override hook lets you do that by optionally returning 'false'.** ** This method defaults to returning 'true'.virtual Bool shouldGuardRequest(HttpRequest httpReq){true}** Override hook to respond to failed Guard checks. ** Defaults to logging the msg (at warn level) and processes a 403 status.virtual Void rejectSuspectedAttack(Str msg){ log.warn(msg) resPros.processResponse(HttpStatus(rejectedStatusCode, msg))}}
