unit WebModuleUnit; interface uses System.SysUtils, System.Classes, Web.HTTPApp, MVCFramework; type Twm = class(TWebModule) procedure WebModuleCreate(Sender: TObject); private MVCEngine: TMVCEngine; end; var WebModuleClass: TComponentClass = Twm; implementation {$R *.dfm} uses TestServerControllerU, TestServerControllerExceptionU, SpeedMiddlewareU, MVCFramework.Middleware.Authentication, System.Generics.Collections, MVCFramework.Commons, TestServerControllerPrivateU; type TAuthHandlerBase = class abstract(TInterfacedObject, IMVCAuthenticationHandler) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); virtual; abstract; procedure OnAuthentication(const UserName: string; const Password: string; UserRoles: System.Generics.Collections.TList; var IsValid: Boolean; const SessionData: TDictionary); virtual; procedure OnAuthorization(UserRoles : System.Generics.Collections.TList; const ControllerQualifiedClassName: string; const ActionName: string; var IsAuthorized: Boolean); virtual; end; TBasicAuthHandler = class(TAuthHandlerBase) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); override; end; TCustomAuthHandler = class(TAuthHandlerBase) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); override; end; procedure Twm.WebModuleCreate(Sender: TObject); begin MVCEngine := TMVCEngine.Create(self, procedure(Config: TMVCConfig) begin Config[TMVCConfigKey.Messaging] := 'true'; end, nil); MVCEngine.AddController(TTestServerController) .AddController(TTestPrivateServerController) .AddController(TTestServerControllerExceptionAfterCreate) .AddController(TTestServerControllerExceptionBeforeDestroy) .AddController(TTestPrivateServerControllerCustomAuth) .AddMiddleware(TMVCSpeedMiddleware.Create) .AddMiddleware(TMVCBasicAuthenticationMiddleware.Create(TBasicAuthHandler.Create)) .AddMiddleware(TMVCCustomAuthenticationMiddleware.Create(TCustomAuthHandler.Create, '/system/users/logged','/login.html')); // MVCEngine.Config[TMVCConfigKey.Messaging] := 'false'; end; { TSampleAuth } procedure TAuthHandlerBase.OnAuthentication( const UserName: string; const Password: string; UserRoles: System.Generics.Collections.TList; var IsValid: Boolean; const SessionData: TDictionary); begin UserRoles.Clear; IsValid := UserName = Password; if not IsValid then Exit; if UserName = 'user1' then begin IsValid := True; UserRoles.Add('role1'); end; if UserName = 'user2' then begin IsValid := True; UserRoles.Add('role2'); end; end; procedure TAuthHandlerBase.OnAuthorization(UserRoles : System.Generics.Collections.TList; const ControllerQualifiedClassName, ActionName: string; var IsAuthorized: Boolean); begin IsAuthorized := False; if (ActionName = 'OnlyRole1') or (ActionName = 'OnlyRole1Session') then IsAuthorized := UserRoles.Contains('role1'); if ActionName = 'OnlyRole2' then IsAuthorized := UserRoles.Contains('role2'); end; { TBasicAuthHandler } procedure TBasicAuthHandler.OnRequest(const ControllerQualifiedClassName, ActionName: string; var AuthenticationRequired: Boolean); begin AuthenticationRequired := ControllerQualifiedClassName.EndsWith ('TTestPrivateServerController'); end; { TCustomAuthHandler } procedure TCustomAuthHandler.OnRequest(const ControllerQualifiedClassName, ActionName: string; var AuthenticationRequired: Boolean); begin AuthenticationRequired := ControllerQualifiedClassName.EndsWith ('TTestPrivateServerControllerCustomAuth'); end; end.