Please support @Authorized about routing-controllers HOT 7 CLOSED

I have this simple auth middleware, just for my needs.
You can make multiple auth middleware for admin check, role check, etc.

import { Middleware, UnauthorizedError } from "routing-controllers";
import * as express from "express";

/**
 * Authorization middleware for express framework with routing-controllers.
 * Prevent access of not logged user to the routes guarded by this middleware.
 */
@Middleware()
export class AuthorizationMiddleware {

    /**
     * Checks if there is a session in request with atached user.
     * If is, calls next middleware in chain, otherwise throws UnauthorizedError.
     * 
     * @param {express.Request} req The Express request object
     * @param {express.Response} _res The Express response object (not used)
     * @param {express.NextFunction} [next] The next Express middleware function to call after (optional)
     */
    public use(req: express.Request, _res: express.Response, next?: express.NextFunction) {
        if (!req.session || !req.session.user || !req.session.user.id) {
            throw new UnauthorizedError("Access denied, you have to login first!");
        }

        if (next) {
            next();
        }
    }
}

from routing-controllers.

It is supported now in 0.7.0

from routing-controllers.

I want the same requirement as above.

I want to use authentication for each router using passport and and json web token. In pure express routes its very easy to implement. But currently i am using this module for routing So could you please explain how to add passport and jwt authentication routers using thus module.

from routing-controllers.

I'd like this feature too.
I wish the method to look like @authenticated(role : string).
This way I can use the same decorator throughout the application in different scenarios.

I saw a simple implementation for this middleware here, the only problem is that I'm not sure how to create the middleware from the decorator.

Thanks

from routing-controllers.

@Authorized in all cases will have a different logic. This decorators needs a good proposal how it should be designed and work with different use cases on each client.

from routing-controllers.

It may help you:

import {Middleware, MiddlewareInterface} from "routing-controllers";
import {Forbidden} from "../lib/HttpStatus";

@Middleware()
export class RequireAuth implements MiddlewareInterface {

    use(request: any, response: any, next?: (err?: any) => any): any {
        if(request.session.auth) {
          return next();
        }

        throw new Forbidden();
    }

}

Instead of @Authorized you need to add this to your class/controller:

@UseBefore(RequireAuth)
export class UsersController {
// ...
}

from routing-controllers.

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from routing-controllers.