/ 
Amon2-6.13
⭐ Starred 163 / Amon2::Web::Dispatcher::RouterBoom
Security Advisories (1)
CVE-2025-15604 (2026-03-28)

Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Before version 6.06, there was no fallback when /dev/urandom was not available. Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string. This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.

NAME

Amon2::Web::Dispatcher::RouterBoom - Router::Boom bindings

SYNOPSIS

package MyApp2::Web::Dispatcher;
use Amon2::Web::Dispatcher::RouterBoom;

use MyApp::Web::C::Foo;

base 'MyApp::Web::C';

get '/' => 'Foo#bar';

1;

DESCRIPTION

This is a router class for Amon2. It's based on Router::Boom.

DSL FUNCTIONS

get($path:Str, $destnation:Str)
post($path:Str, $destnation:Str)
put($path:Str, $destnation:Str)
delete_($path:Str, $destnation:Str)
any($path:Str, $destnation:Str)
get  '/' => 'Root#index';
get  '/:user' => 'User#show';
any  '/:user/update' => 'User#update';
post '/:user/blog/post' => 'Blog#post';
put  '/:user/blog/put'  => 'Blog#put';
delete_ '/:user/blog/:id' => 'Blog#remove';

Add routes by DSL. First argument is the path pattern in Path::Boom rules. Second argument is the destination method path.

Destination method pass is ${class}#${method} form.

The path declared with get() accepts GET and HEAD. The path declared with post() accepts POST method. The path declared with put() accepts PUT method. The path declared with delete_() accepts DELETE method. The path declared with any() accepts any methods.

base($klass:Str)
base 'My::App::Web::C';

You can specify the base class name for 'Root#index' style definition.

If you are write your dispatcher in following code, then the method for '/' is My::App::Web::C::Root->index.

base 'My::App::Web::C';
get '/' => 'Root#index';
get($path:Str, $destnation:CodeRef)
post($path:Str, $destnation:CodeRef)
put($path:Str, $destnation:CodeRef)
delete_($path:Str, $destnation:CodeRef)
any($path:Str, $destnation:CodeRef)
get  '/' => sub {
    my ($c) = @_;
    ...
};
get  '/:user' => sub {
    my ($c, $args) = @_;
    $c->render(
        'user.tx' => {
            user => $args->{user},
        },
    );
};

Add routes by DSL. First argument is the path pattern in Path::Boom rules. Second argument is the destination code.

Callback function's first argument is the context object. Second is the captured values from the router.

ROUTING RULES

Router::Boom's routing rule is really flexible. You can embed regexp in your rule.

/foo/bar

String literal matches strings.

/:foo

:foo matches qr{[^/]}. It's captured.

/{foo}

{foo} is same as :foo.

/{foo:.*}

You can use the custom regexp for capturing.

/*

* is same as {*:.*}.

EXCEPTION HANDLER

You can customize the exception handler. You can define the special named method 'handle_exception'.

package MyApp::Web::Dispatcher;

sub handle_exception {
    my ($class, $c, $e) = @_;

    if (UNIVERSAL::isa($e, 'My::Exception::Validation')) {
        return $c->create_simple_status_page(400, 'Bad Request');
    } else {
        return $c->res_500();
    }
}

SEE ALSO

Amon2