Comments (2)
What structure would you like for your URLs? I can read your comment in two ways: you want all routes beginning with auth/
to check for some credentials, or you want one route at auth/
to check credentials and then forward the request elsewhere.
Many Routes Under auth/
The solution for the former is indeed to use a request guard and then ask for some type that validates the authentication on every route you require it. This may seem like it violates DRY, but the information is required by every route; each route needs to know that validation was successful to run. This is the right way to do it, though you may disagree. Let me illustrate why.
Another way to do this is to have one route, auth/<path..>
with a request guard that errors with a bad auth status when authentication fails and forwards when authentication succeeds. Then, you give every other route whose path
begins with auth/
a rank greater than 1. This gives you exactly what you're looking for: when any path that begins with auth/
is visited, authentications runs, and if it succeeds, Rocket calls the route for the actual path. This seems nice and DRY. So what's the problem? The issue is this: say you forgot to rank one of the routes under auth/
higher than 1 (Rocket actually gives you a warning here). Because that route didn't itself require authentication, it will run without it. That's a big problem, and one that request guards were explicitly designed to counteract.
We might imagine a way for you to tell Rocket, succinctly: all of these routes require this request guard. I think that would be nice, and I've thought about ways to do this, but nothing has satisfied me. I really like that I can tell exactly what is required for a route to run by looking at the function signature. Perhaps there is some nice design I haven't thought about. It's certainly something I'm considering, but the ergonomics, usability, and syntactic obviousness all have to be right.
One auth/
route
There are two ways to do this, depending on the behavior you're looking for.
First, you could have your auth
route return a redirect to the second route. You could also use Flash to send a message along with the redirect. This is the way to go if you want the URL to change when the other route takes over.
Alternatively, you can simply call the function corresponding to the other routes. This won't change the URL, but is faster since the user's client doesn't need to issue another request.
To prevent the problem we discussed for the former option (Rocket won't warn you here since there's no collision), the children routes should all take an auth request guard as well.
The official support channel is on irc.mozilla.org in #rocket. Feel free to join!
from rocket.
Thanks for this detailed explanation! Will ping you on #rocket if I still can't figure it out.
from rocket.
Related Issues (20)
- DefaultListener::bindable() isnβt usable HOT 8
- Allow routes that match any method HOT 4
- Hyper and Rocket disagreeing on validity of URL HOT 3
- Allow from form macro to work on structs with range HOT 4
- Clippy Lint w/ FromForm derive HOT 7
- Possible Incompleteness HOT 1
- Possible Incompleteness HOT 1
- doc: change `&ContentType` with `&Accept` in the list of implementations of `FromRequest` HOT 1
- [Feature]: Enhanced State Mutation for Effortless Handling of Shared Resources HOT 5
- Guide navigation causes relative links inside articles to 404 HOT 1
- Redirection to a route which takes a vector parameter results in an error HOT 1
- Allow users to create of Data<'r> objects HOT 5
- Validation not invoked on Json HOT 6
- Implement `FromForm` for `Range` HOT 1
- Missing license files in rocket_codegen-0.5.0.crate HOT 2
- Add SQLite extensions HOT 2
- Middleware that handles requests for static resources HOT 2
- Unable to build: no `Serialize` in `de` HOT 3
- Add default content_type for TempFile uploads HOT 2
- Could not find `json` in `serde` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rocket.