No an issue , rather feature request:
It would be really nice if you could add some kind of @Authenticated() decorator to controller and actions that will call some midleware to decide if user is authorized to call the controller action.
Thanks.
I want the same requirement as above.
I want to use authentication for each router using passport and and json web token. In pure express routes its very easy to implement. But currently i am using this module for routing So could you please explain how to add passport and jwt authentication routers using thus module.
I'd like this feature too.
I wish the method to look like @Authenticated(role : string).
This way I can use the same decorator throughout the application in different scenarios.
I saw a simple implementation for this middleware here, the only problem is that I'm not sure how to create the middleware from the decorator.
Thanks
@Authorized in all cases will have a different logic. This decorators needs a good proposal how it should be designed and work with different use cases on each client.
It may help you:
import {Middleware, MiddlewareInterface} from "routing-controllers";
import {Forbidden} from "../lib/HttpStatus";
@Middleware()
export class RequireAuth implements MiddlewareInterface {
use(request: any, response: any, next?: (err?: any) => any): any {
if(request.session.auth) {
return next();
}
throw new Forbidden();
}
}
Instead of @Authorized you need to add this to your class/controller:
@UseBefore(RequireAuth)
export class UsersController {
// ...
}
I have this simple auth middleware, just for my needs.
You can make multiple auth middleware for admin check, role check, etc.
import { Middleware, UnauthorizedError } from "routing-controllers";
import * as express from "express";
/**
* Authorization middleware for express framework with routing-controllers.
* Prevent access of not logged user to the routes guarded by this middleware.
*/
@Middleware()
export class AuthorizationMiddleware {
/**
* Checks if there is a session in request with atached user.
* If is, calls next middleware in chain, otherwise throws UnauthorizedError.
*
* @param {express.Request} req The Express request object
* @param {express.Response} _res The Express response object (not used)
* @param {express.NextFunction} [next] The next Express middleware function to call after (optional)
*/
public use(req: express.Request, _res: express.Response, next?: express.NextFunction) {
if (!req.session || !req.session.user || !req.session.user.id) {
throw new UnauthorizedError("Access denied, you have to login first!");
}
if (next) {
next();
}
}
}
It is supported now in 0.7.0
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Most helpful comment
It is supported now in 0.7.0