auth icon indicating copy to clipboard operation
auth copied to clipboard
verified publisher icon yiisoft

Add ability to specify request type in optional patterns

Open hiscaler opened this issue 2 years ago • 14 comments 

 Group::create("/products")
        ->withCors(Cors::class)
        ->routes()
        ->routes(
            Route::get('')
                ->action([ProductController::class, 'index'])
                ->name('product/index'),
            Route::get('/{id:\d+}')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'view'])
                ->name('product/view'),
            Route::post('')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'create'])
                ->name('product/create'),
            Route::post('/{id:\d+}')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'update'])
                ->name('product/update'),
            Route::delete('/{id:\d+}')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'delete'])
                ->name('product/delete'),
            Route::put('/{id:\d+}/undo')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'undo'])
                ->name('product/undo'),
            Route::post('/{id:\d+}/favorite')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'favorite'])
                ->name('product/favorite'),
            Route::delete('/{id:\d+}/favorite')
                ->middleware(Authentication::class)
                ->action([ProductController::class, 'cancelFavorite'])
                ->name('product/cancelFavorite'),
        ),

like product/view if user is login will return 'favorite': true, if not login will return 'favorite': false

but if is use Authentication middleware, must login.

is can use follow code

Authentication::class => [
        'class' => Authentication::class,
        '__construct()' => [
            'authenticationFailureHandler' => Reference::to(PassportRequestErrorHandler::class),
        ],
        'withOptionalPatterns()' => [
            'optional' => ['/en/products/[1-9]']
        ]
    ],

but delete,update action url is like to view. what can i do?

hiscaler avatar Feb 26 '23 06:02 hiscaler

  1. Remove Authentication middleware from the route.
  2. Use $currentUser->isGuest() in your controller.

rustamwin avatar Feb 26 '23 06:02 rustamwin

@rustamwin If remove Authentication middleware in route, $currentUser->isGuest() alway return true.

hiscaler avatar Feb 26 '23 15:02 hiscaler

@hiscaler You should add optional routes to withOptionalPatterns() method. For example:

Authentication::class => [
        'class' => Authentication::class,
        '__construct()' => [
            'authenticationFailureHandler' => Reference::to(PassportRequestErrorHandler::class),
        ],
        'withOptionalPatterns()' => [
            'optional' => [
                '/en/products/[1-9]',
                'products/product/view', // Don't forget adapt pattern for your case
            ]
        ]
    ],

vjik avatar Feb 26 '23 17:02 vjik

@vjik I will try. Thank you!

hiscaler avatar Feb 27 '23 01:02 hiscaler

@vjik Can not.

GET /en/products/1 is return product 1 detail PUT /en/products/1 is update product 1 detail DELETE /en/products/1 is delete product 1

but withOptionalPatterns.optional

['/en/products/[1-9]']

can't not know what's request method.

hiscaler avatar Feb 27 '23 05:02 hiscaler

and has a other question.

['/en/products/[1-9]{1}']

can't matched /en/products/123

hiscaler avatar Feb 27 '23 05:02 hiscaler

@hiscaler see patterns https://github.com/yiisoft/strings/blob/master/README.md#wildcardpattern-usage

rustamwin avatar Feb 27 '23 05:02 rustamwin

@rustamwin Thank you!

hiscaler avatar Feb 27 '23 09:02 hiscaler

@hiscaler see patterns https://github.com/yiisoft/strings/blob/master/README.md#wildcardpattern-usage

Valid setting is ['/en/products/[1-9]*'] , thank you.

hiscaler avatar Feb 27 '23 09:02 hiscaler

@vjik Can not.

GET /en/products/1 is return product 1 detail PUT /en/products/1 is update product 1 detail DELETE /en/products/1 is delete product 1

but withOptionalPatterns.optional

['/en/products/[1-9]']

can't not know what's request method.

So i think should add check request method in Authentication.isOptional

hiscaler avatar Feb 27 '23 09:02 hiscaler

@hiscaler you want make optional authentication for GET request only and otherwise required (POST, DELETE, etc.)?

vjik avatar Feb 27 '23 09:02 vjik

@vjik yes, is only GET request, POST, DELETE is must authentication

hiscaler avatar Feb 27 '23 10:02 hiscaler

Need add ability to specify request type in optional patterns.

vjik avatar Mar 01 '23 13:03 vjik

Another idea: leave in Authentication middleware authentication process only and create new middleawre that will be throw exception or return response "No access".

vjik avatar Mar 02 '23 10:03 vjik