Authentication
lfernando-silva opened this issue · 3 comments
Hey, good work at this library. I'm using it and it works well.
About authentication, I realized the params of .auth hook are different of passport params, as I couldnt make
//myHooksAsMiddleware.js
module.exports = {
create: {
auth: myCustomPassportAuth
},
list: {},
update: {},
delete: {},
read: {}
};because the 3rd param of myCustomPassportAuth middleware is a next, but finale-rest .auth has a 3rd param that is an object that contains the next function. So I had to change to
//myHooksAsMiddleware.js
module.exports = {
create: {
auth: (req, res, context) => myCustomPassportAuth(req, res, context.continue)
},
list: {},
update: {},
delete: {},
read: {}
};Does have some different aproach to do this authentication?
At first glance I would probably take the passport auth out of the finale controller (before finale routes) and do the authentication check inside the auth milestone if possible.
auth: (req, res, context) => req.user ? context.continue : context.stop
Also, if you're only passing in context.continue, how would you throw an error? The milestones really aren't set up to be middleware themselves, nor do they have a reason to be.
Here is an example taken straight out of the docs for using non-middleware passport to accomplish this. You could also just use the auth milestone.
users.list.fetch.before(function(req, res, context) {
passport.authenticate('bearer', function(err, user, info) {
if(err) {
res.status(500);
return context.stop();
}
if(user) {
context.continue();
} else {
context.error(new ForbiddenError());
}
});
});
Ok, is a good way to handle the problem. I will follow this. Thanks!