Comments (7)
Alright, didn't found an request for that 🤔
because you don’t want auth a specific sub endpoint it won’t be possible to do that
That's right, but imo defining the Auth to the parent controller would be wrong anyways then
This feature become a nightmare for me compared to just adding the decorator at the right place for dev
Okay, i understand this, maybe just let this feature request open and label it with "help wanted" if someone wants to tackle this in the future?
In general i would say it would be the expected behaviour
from tsed.
Maybe the problem is just related to the useBefore behavior on class. I have to re read the code because isn’t maybe clear for me ^^. I’ll keep this issue open, because your not the firt dev that ask me for that!
from tsed.
Hello @EinfachHans
I already answered this question. I’m not favorable of this feature. It’s preferable to define over each method (or controller) the authentication strategy. because you don’t want auth a specific sub endpoint it won’t be possible to do that. Adding also the complexity to apply correctly the middleware for each controler and children controler, and this feature become a nightmare for me compared to just adding the decorator at the right place for dev.
See you
from tsed.
Ok after investigation I found the reason why it's not possible.
The problem is here:
https://github.com/tsedio/tsed/blob/production/packages/platform/platform-middlewares/src/decorators/useAuth.ts#L49
Actually to apply auth middleware on inherited method, I have to use decorateMethodsOf
utils. This function create a proxy method with the appropriate metadata instead of adding it over base class, for example:
class CrudController {
@Get('/:id')
get() {}
@Get('/')
getList() {}
// etc...
}
@Controller("/users")
@UseAuth(MyAuthMiddleware)
class UsersController extends CrudController {
@Get('/:id')
getRoles() {}
}
@Controller("/public-data")
class PublicDataController extends CrudController {
@Get('/:id')
getOwners()
}
In this example, we want to apply AuthMiddleware only on UsersController. Without decorateMethodsOf, typescript add metadata on all methods including over CrudController methods. By side effect, the inherited PublicDataController methods (get/getList) has also impacted by the AuthMiddleware. (see #1535).
decorateMethodsOf solve this problem by monkey patching the child class (it add get and getList method).
The solution could be to use the Use decorator on class instead UseBefore. BUT isn't possible because for some usecase, we need to override the Auth options on some method using the @AuthOptions
decorator.
@Controller("/users")
@UseAuth(MyAuthMiddleware, {scope: 'read write'})
class UsersController extends CrudController {
@Get('/:id')
@AuthOptions({scope: 'admin'})
getRoles() {}
@Get('/:id/other')
other() {}
}
In this case:
- proxy method
get
hasread write
scopes - proxy method
getList
hasread write
scopes - method
getRoles
hasadmin
scope - method
other
hasread write
scopes
Now you have the overview of the actual implementation and you must see why the subject is complex ^^
I think the problem is currently with the decorator implementation. he has too much responsibility. we would just have to store the information from the auth middleware and apply it correctly when constructing the routes.
Here is the schema of the middleware call sequence:
See you ;)
from tsed.
Note: UseAuth is a kind of UseBeforeEach
from tsed.
Good morning @Romakita ,
thanks for the explanation. In my case i don't extend controller classes, i use the children
option of the @Controller
decorator.
I understand that extending the controller brings problems with it, in your example above the CrudController
methods should be protected within the UsersController
, but not in the PublicDataController
- i see the problem with this.
But do we have the same problem with the children
option? 🤔
from tsed.
But do we have the same problem with the children option? 🤔
Yes the same mechanism should be propagated to children because it will be one of the first things asked by the devs (class inheritance support).
from tsed.
Related Issues (20)
- [BUG] Dependencies issue when update Mikro orm to v4.5.0 + HOT 2
- [BUG] Update temporal.io dependencies causing issue HOT 2
- [BUG] Dependency injection w/ useAsyncFactory returns Promise on 2nd invoke() HOT 3
- Link Checker Report HOT 1
- [BUG] Missing repository's d.ts after running 'npm run prisma:generate'
- Override reconnectOnError in tsed ioredis module HOT 3
- Enhance Context Management for event listeners in `SocketHandlersBuilder` HOT 2
- [BUG] Lack support for ACK callbacks HOT 2
- Missing the basics HOT 4
- [BUG] Swagger UI no longer loads HOT 5
- Link Checker Report HOT 1
- [BUG] `deepClone` does not respect built-in objects like `Set` and `Map` HOT 2
- [BUG] Swagger UI no longer loads HOT 36
- [BUG] Swagger issue on loading an undefined resource HOT 9
- [BUG] Custom `.Error` does not work on schemas other than `@Required` HOT 3
- [BUG] How do i add a description to a `@BodyParams` HOT 2
- [BUG] tsed doesn't work with Nx Workspace HOT 1
- [BUG] ESM error in BullMQModule HOT 3
- [BUG] Children Controller Routes should be declared before parent HOT 10
- [BUG] package installation of @tsed/typeorm and typeorm produces dependency conflict HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tsed.