Comments (4)
github-actions
commented on June 13, 2024
Hello there kbublitz 👋
Thank you for opening your very first issue in this project.
We will try to get back to you as soon as we can.👀
from tsoa.
github-actions
commented on June 13, 2024
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days
from tsoa.
kbublitz
commented on June 13, 2024
Now before my issue gets closed without any response, let me give a short update. I now implemented it the way I suggested in my initial question. It looks like the following snippet and seems to work well for my use case.
export async function expressAuthentication(
request: express.Request,
securityName: string,
scopes?: string[],
): Promise<any> {
switch (securityName) {
case "authToken":
// This will use jsonwebtoken to verify a jwt and resolve with a user object like { userName: "John Doe", "permissions": ["readPrivateFiles", "readPublicFiles"] }
return await evaluateToken(request, scopes);
case "authTokenOrPublic":
return await maybeEvaluateToken(request, scopes);
}
return Promise.reject("invalid-authentication-method");
}
async function maybeEvaluateToken(request, scopes) {
try {
return await evaluateToken(request, scopes);
} catch (error) {
return { userName: "public", permissions: ["readPublicFiles"] };
}
}
async function evaluateToken(request, scopes) {
// check jwt and so on ...
return realUserObject;
}The controller is then annotated only with @Security("authTokenOrPublic").
I'll leave the issue open until it closes automatically, still any feedback is welcome.
from tsoa.
daxadal
commented on June 13, 2024
I tried to implement the same behaviour, and I used the scopes for that. I included an optional scope, and i only throw and Unauthorized error when the optional scope is not present. Then, you'll only need the authToken security method. He's an expample code based on yours:
export async function expressAuthentication(
request: express.Request,
securityName: string,
scopes?: string[]
): Promise<any> {
switch (securityName) {
case "authToken":
// This will use jsonwebtoken to verify a jwt and resolve with a user object like { userName: "John Doe", "permissions": ["readPrivateFiles", "readPublicFiles"] }
return await evaluateToken(request, scopes);
}
return Promise.reject("invalid-authentication-method");
}
async function evaluateToken(request, scopes) {
const user = await chekJwtAndGetUser(request);
if (!scopes?.includes("optional") && !user) {
throw new UnauthorizedError();
} else if (!user) {
return { userName: "public", permissions: ["readPublicFiles"] }
}
return user;
}You can flip the conditions by using a requiredscope instead, if it's easier to understand.
from tsoa.
Related Issues (20)
- Make express request injectable HOT 3
- Problem with @types/express version 4.17.21 HOT 2
- Upload multiple files using @UploadedFiles() and @UploadedFile causes multer error HOT 2
- Using combination of @UploadedFile() and @UploadedFiles() decorators throws MulterError: Unexpected field HOT 3
- GenerateMetadataError: Unknown type: IndexedAccessType HOT 6
- GenerateMetadataError: Unknown type: IntrinsicKeyword HOT 3
- Routes.ts TSC Error expressAuthenticationRecasted HOT 1
- Multiple runtime dependencies for backend frameworks. HOT 1
- nullable: true and allOf HOT 1
- Support verbatimModuleSyntax (tsconfig) HOT 2
- Regression in route generation from 5.1.1 to 6.x.x: "This node kind is unknown"
- CLI cannot import tsoa-config.js in ESM project HOT 2
- Handle errors by throwing them HOT 2
- Where are the docs source code? HOT 1
- Support @title keyword annotation HOT 1
- The array [0] gets validated as the floating point number 0 HOT 1
- Merge info from multiple @Security methods into `req.user` HOT 3
- Add a minimal boilerplate repo to the docs. HOT 3
- Recently merged issue #1593 is a breaking change HOT 2
- tsc build error with file uploads HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsoa.