Routing-controllers: Please support @Authorized

Created on 26 Nov 2016  路  7Comments  路  Source: typestack/routing-controllers

No an issue , rather feature request:

It would be really nice if you could add some kind of @Authenticated() decorator to controller and actions that will call some midleware to decide if user is authorized to call the controller action.

Thanks.

Most helpful comment

It is supported now in 0.7.0

All 7 comments

I want the same requirement as above.

I want to use authentication for each router using passport and and json web token. In pure express routes its very easy to implement. But currently i am using this module for routing So could you please explain how to add passport and jwt authentication routers using thus module.

I'd like this feature too.
I wish the method to look like @Authenticated(role : string).
This way I can use the same decorator throughout the application in different scenarios.

I saw a simple implementation for this middleware here, the only problem is that I'm not sure how to create the middleware from the decorator.

Thanks

@Authorized in all cases will have a different logic. This decorators needs a good proposal how it should be designed and work with different use cases on each client.

It may help you:

import {Middleware, MiddlewareInterface} from "routing-controllers";
import {Forbidden} from "../lib/HttpStatus";

@Middleware()
export class RequireAuth implements MiddlewareInterface {

    use(request: any, response: any, next?: (err?: any) => any): any {
        if(request.session.auth) {
          return next();
        }

        throw new Forbidden();
    }

}

Instead of @Authorized you need to add this to your class/controller:

@UseBefore(RequireAuth)
export class UsersController {
// ...
}

I have this simple auth middleware, just for my needs.
You can make multiple auth middleware for admin check, role check, etc.

import { Middleware, UnauthorizedError } from "routing-controllers";
import * as express from "express";

/**
 * Authorization middleware for express framework with routing-controllers.
 * Prevent access of not logged user to the routes guarded by this middleware.
 */
@Middleware()
export class AuthorizationMiddleware {

    /**
     * Checks if there is a session in request with atached user.
     * If is, calls next middleware in chain, otherwise throws UnauthorizedError.
     * 
     * @param {express.Request} req The Express request object
     * @param {express.Response} _res The Express response object (not used)
     * @param {express.NextFunction} [next] The next Express middleware function to call after (optional)
     */
    public use(req: express.Request, _res: express.Response, next?: express.NextFunction) {
        if (!req.session || !req.session.user || !req.session.user.id) {
            throw new UnauthorizedError("Access denied, you have to login first!");
        }

        if (next) {
            next();
        }
    }
}

It is supported now in 0.7.0

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

d-bechtel picture d-bechtel  路  6Comments

OysteinAmundsen picture OysteinAmundsen  路  3Comments

circy picture circy  路  3Comments

AleskiWeb picture AleskiWeb  路  4Comments

impzero picture impzero  路  4Comments