Nest: Suggestion: Exclude routes from MiddlewareBuilder #17

Created on 18 Jun 2018 · 9Comments · Source: nestjs/nest

I'm submitting a...


[ ] Regression 
[ ] Bug report
[X] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Nest users have expressed a desire to exclude specific routes from being applied by the middleware consumer. Right now, paths must be hard-coded to exclude routes from being applied. Example: if you want to screen for a JWT in a header for all routes EXCEPT '/auth', there is no way to do so without hard-coding all paths.

Expected behavior

A common solution in #17 was to implement a MiddlewaresConsumer.exclude() method, wherein you can specifically exclude a route from consuming a middleware.

Example (with v4 syntax, not updated for v5):

consumer
    .apply(AuthMiddleware)
    .forRoutes({ path: '*', method: RequestMethod.ALL })
    .exclude({ path: '/auth', method: RequestMethod.ALL })

What is the motivation / use case for changing the behavior?

This would reduce developer friction, and give them more control over where to apply middlewares.

Environment


Nest version: N/A

Others:

core done 👏 type

Source

wbhob

👍18

Most helpful comment

Any news on this issue?

For me it doesn't correct the expected behavior.
The expected behavior is something like this:

            .apply(AuthMiddleware)
            .exclude({ path: '/status', method: RequestMethod.ALL })
            .forRoutes({ path: '/*', method: RequestMethod.ALL });

We want to have one declaration for all the routes except the ones provided inside the exclude method.

Thanks a lot guys.

alfirin on 11 Sep 2018

👍3

All 9 comments

100% agree 👍

kamilmysliwiec on 18 Jun 2018

👍3

Same here, definitely needed that !

alfirin on 27 Jun 2018

@alfirin the builder has already been updated and add now the RouteInfo that allow us as the previous version to configure the forRoutes by adding the path/method and also to exclude.

adrien2p on 27 Jun 2018

Added in v5.1.0

kamilmysliwiec on 5 Jul 2018

👍3

Any news on this issue?

For me it doesn't correct the expected behavior.
The expected behavior is something like this:

            .apply(AuthMiddleware)
            .exclude({ path: '/status', method: RequestMethod.ALL })
            .forRoutes({ path: '/*', method: RequestMethod.ALL });

We want to have one declaration for all the routes except the ones provided inside the exclude method.

Thanks a lot guys.

alfirin on 11 Sep 2018

👍3

Agreed with @alfirin on this. We have the same use case and it doesn't seem to work correctly:

    consumer
      .apply(AuthenticationMiddleware)
      .exclude('health')
      .forRoutes('*')

$ curl --verbose localhost:8080/health
...
< HTTP/1.1 401 Unauthorized
...

rlewan on 9 Oct 2018

👍2

For your cases, you should rather use either regexp path or with() method to pass custom routes (for example, health) to middleware and exclude paths manually.

kamilmysliwiec on 10 Oct 2018

👎7

On v6 of nest, it still does not work. I have same example, and there is no more with() method on MiddlewareConsumer and no real example how to provide some params to new Middlewares with use() method