Plumber: Allow a filter to impose itself on a glob of paths

Created on 13 Jun 2017  路  2Comments  路  Source: rstudio/plumber

Invert the current @preempt logic by allowing a filter to impose itself on a particular regex or glob of paths. This way you don't have to remember to annotate every endpoint with @preempt. You can just install a filter and have it register itself globally on all paths if you wish.

middleware enhancement

Most helpful comment

@friep Yes. We are very aware of this.

This will not happen in the upcoming release, but I am currently planning on the following release.

All 2 comments

is this something that is still on the roadmap? I am working on authentication / authorization in plumber and this feature would be a great help - also given that preempting multiple filters is not possible right now.

For example:

pr <- plumber::plumber$new()

pr$filter("auth", function (req, res) {
  # forward if the user is authenticated
})

# filter to allow access to admins only
pr$filter("auth-admin-only", function (req, res) {
  # forward if the user is authenticated & authorized for admin access
})

pr$handle("GET", "/admin", function (req, res) {
  return("This route requires admin authorization.")
})

pr$handle("GET", "/authed", function (req, res) {
  return("This route is accessible for all authenticated users.")
}, preempt = c("auth-admin-only"))

pr$handle("GET", "/no-auth", function (req, res) {
  return("This route requires no authentication.")
}, preempt = c("auth", "auth-admin-only"))
#> Error in private$ends[[preempt]]: no such index at level 1

Created on 2019-03-12 by the reprex package (v0.2.1)

with "inverted logic", it could maybe look like this?

pr <- plumber::plumber$new()

# integrate the jwt strategy in a filter
pr$filter("auth", function (req, res) {
  # forward if the user is authenticated
})

# filter to allow access to admins only
pr$filter("auth-admin-only", function (req, res) {
  # forward if the user is authorized for admin access
})

pr$handle("GET", "/admin", function (req, res) {
  return("This route requires admin authorization.")
}, filter = c("auth-admin-only"))

pr$handle("GET", "/authed", function (req, res) {
  return("This route is accessible for all authenticated users.")
}, filter = c("auth"))

pr$handle("GET", "/no-auth", function (req, res) {
return("This route requires no authentication.")
})

@friep Yes. We are very aware of this.

This will not happen in the upcoming release, but I am currently planning on the following release.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

cbuchacher picture cbuchacher  路  4Comments

Jube-Dev picture Jube-Dev  路  3Comments

emmanuelchevallier picture emmanuelchevallier  路  3Comments

alexzaytsev-newsroomly picture alexzaytsev-newsroomly  路  6Comments

trestletech picture trestletech  路  5Comments