express-openapi-validator icon indicating copy to clipboard operation
express-openapi-validator copied to clipboard

Published 20 hours ago • verified publisher icon cdimascio

Pass Express response to custom security handlers

Open elliotdickison opened this issue 2 years ago • 1 comments

Is your feature request related to a problem? Please describe.

The express docs recommend saving authentication state on res.locals (https://expressjs.com/en/api.html#res.locals). The express TypeScript types are also setup to allow custom typings for res.locals. However, the express response is not provided to security handlkers

Describe the solution you'd like

Passing the Express Response object (res) to custom security handlers would solve it for me.

Describe alternatives you've considered

I am currently saving my auth state directly on the Express Request object (req.auth = myAuth) because locals are not supported on the Request object. This works fine in JS-land, but in TypeScript land I have to add a custom override of the Request type:

declare namespace Express {
   export interface Request {
      auth?: MyAuthType
   }
}

UPDATE: I discovered that the response is available via the request object under req.res. Express's types indicate that this field may be undefined, but in practice it seems to always be present (using [email protected]). I think it would be cleaner to have the response passed directly to the security handler, but for now I've switched to accessing locals via req.res.locals.

elliotdickison avatar Jul 15 '21 19:07 elliotdickison

Cool. Sounds like a reasonable workaround. Feel free to submit a PR. Happy to review

cdimascio avatar Jul 25 '21 13:07 cdimascio