plumber icon indicating copy to clipboard operation
plumber copied to clipboard

Published 20 hours ago verified publisher icon rstudio

Allow a filter to impose itself on a glob of paths

Open trestletech opened this issue 7 years ago • 2 comments

Invert the current @preempt logic by allowing a filter to impose itself on a particular regex or glob of paths. This way you don't have to remember to annotate every endpoint with @preempt. You can just install a filter and have it register itself globally on all paths if you wish.

trestletech avatar Jun 12 '17 22:06 trestletech

is this something that is still on the roadmap? I am working on authentication / authorization in plumber and this feature would be a great help - also given that preempting multiple filters is not possible right now.

For example:



pr <- plumber::plumber$new()

pr$filter("auth", function (req, res) {
  # forward if the user is authenticated
})

# filter to allow access to admins only
pr$filter("auth-admin-only", function (req, res) {
  # forward if the user is authenticated & authorized for admin access
})

pr$handle("GET", "/admin", function (req, res) {
  return("This route requires admin authorization.")
})

pr$handle("GET", "/authed", function (req, res) {
  return("This route is accessible for all authenticated users.")
}, preempt = c("auth-admin-only"))

pr$handle("GET", "/no-auth", function (req, res) {
  return("This route requires no authentication.")
}, preempt = c("auth", "auth-admin-only"))
#> Error in private$ends[[preempt]]: no such index at level 1

Created on 2019-03-12 by the reprex package (v0.2.1)

with "inverted logic", it could maybe look like this?

pr <- plumber::plumber$new()

# integrate the jwt strategy in a filter
pr$filter("auth", function (req, res) {
  # forward if the user is authenticated
})

# filter to allow access to admins only
pr$filter("auth-admin-only", function (req, res) {
  # forward if the user is authorized for admin access
})

pr$handle("GET", "/admin", function (req, res) {
  return("This route requires admin authorization.")
}, filter = c("auth-admin-only"))

pr$handle("GET", "/authed", function (req, res) {
  return("This route is accessible for all authenticated users.")
}, filter = c("auth"))

pr$handle("GET", "/no-auth", function (req, res) { return("This route requires no authentication.") })

pr130 avatar Mar 12 '19 09:03 pr130

@friep Yes. We are very aware of this.

This will not happen in the upcoming release, but I am currently planning on the following release.

schloerke avatar Mar 12 '19 14:03 schloerke