moleculer-web: Custom alias do not call authorize

Hi all,

I’ve noticed custom alias handler is not calling the authorize method. First I thought of using onBeforeCall; however, it’s not called as well. My temporary solution is to create a custom handler that sets an ‘auth’ property and creates the Context to invoke the authorize, such as follow:

'POST /files/upload': {
  auth: 'required',
  handler: async function(req, res) {
    const { broker } = req.$service;
    const ctx = Context.create(broker, '', broker.nodeID, req.$params, req.$route.callOptions || {});
    try {
      if (await this.authorize(ctx, req.$route, req)) {
        this.uploadFile(req, res);
      }
    } catch (err) {
      this.sendError(req, res, err);
    }
  },
},

Then, in the authorize method I added the following logic:

// Check if route requires auth
if ((req.$endpoint && req.$endpoint.action.auth === 'required') || (req.$alias && req.$alias.auth === 'required')) {

I guess custom alias/actions should be part of the action lifecycle somehow.

Thanks

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 23 (23 by maintainers)

Most upvoted comments

Yes, it’s really easy.

Using Hapi17, you basically create one plugin and then register it. The plugin would be smth like:

export const plugin = {
  name: 'hapi-moleculer',
  version: '1.0.0',
  register: async function register(server) {
    const broker = new ServiceBroker({});

    server.decorate('server', 'broker', broker);
    server.decorate('request', 'broker', broker);

    await broker.start();
  },
};

Of course there are many things one can do. It’s possible to handle the moleculer errors in the onPreResponse lifecycle and even create the routes for your REST actions within moleculer.

A really simple example:

    const aliases = [{ method: 'REST', path: '/user', action: 'users' }];
    let routes = [];
    aliases.forEach((alias) => {
      if (alias.method === 'REST') {
        routes.push({ method: 'GET', path: `${alias.path}/{id}`, action: `${alias.action}.get` });
        routes.push({ method: 'GET', path: alias.path, action: `${alias.action}.list` });
        routes.push({ method: 'POST', path: alias.path, action: `${alias.action}.create` });
        routes.push({ method: 'PUT', path: `${alias.path}/{id}`, action: `${alias.action}.update` });
        routes.push({ method: 'DELETE', path: `${alias.path}/{id}`, action: `${alias.action}.remove` });
      } else {
        routes.push(alias);
      }
    });
    routes = routes.map(route => ({
      path: route.path,
      method: route.method,
      options: {
        tags: ['api', 'user'],
      },
      handler: async function action(request) {
        const params = _.extend(request.params, request.query, request.payload);
        const ret = await request.broker.call(route.action, params);
        return ret;
      },
    }));

I’ll see if I can create a hapi-moleculer plugin to publish.

+1
felipegcampos on May 27, 2018

ok, in this case, I will create a new branch: https://github.com/moleculerjs/moleculer-web/tree/alias-next

+1
icebob on May 21, 2018
Read more comments on GitHub
← moleculer-web: assets not work
laravel-cashier-mollie: Some Payment Methods don't work with LIVE API key, but do with TEST API key  →