composing routes about rocket HOT 2 CLOSED

What structure would you like for your URLs? I can read your comment in two ways: you want all routes beginning with auth/ to check for some credentials, or you want one route at auth/ to check credentials and then forward the request elsewhere.

Many Routes Under auth/

The solution for the former is indeed to use a request guard and then ask for some type that validates the authentication on every route you require it. This may seem like it violates DRY, but the information is required by every route; each route needs to know that validation was successful to run. This is the right way to do it, though you may disagree. Let me illustrate why.

Another way to do this is to have one route, auth/<path..> with a request guard that errors with a bad auth status when authentication fails and forwards when authentication succeeds. Then, you give every other route whose path begins with auth/ a rank greater than 1. This gives you exactly what you're looking for: when any path that begins with auth/ is visited, authentications runs, and if it succeeds, Rocket calls the route for the actual path. This seems nice and DRY. So what's the problem? The issue is this: say you forgot to rank one of the routes under auth/ higher than 1 (Rocket actually gives you a warning here). Because that route didn't itself require authentication, it will run without it. That's a big problem, and one that request guards were explicitly designed to counteract.

We might imagine a way for you to tell Rocket, succinctly: all of these routes require this request guard. I think that would be nice, and I've thought about ways to do this, but nothing has satisfied me. I really like that I can tell exactly what is required for a route to run by looking at the function signature. Perhaps there is some nice design I haven't thought about. It's certainly something I'm considering, but the ergonomics, usability, and syntactic obviousness all have to be right.

One auth/ route

There are two ways to do this, depending on the behavior you're looking for.

First, you could have your auth route return a redirect to the second route. You could also use Flash to send a message along with the redirect. This is the way to go if you want the URL to change when the other route takes over.

Alternatively, you can simply call the function corresponding to the other routes. This won't change the URL, but is faster since the user's client doesn't need to issue another request.

To prevent the problem we discussed for the former option (Rocket won't warn you here since there's no collision), the children routes should all take an auth request guard as well.

The official support channel is on irc.mozilla.org in #rocket. Feel free to join!

from rocket.

Thanks for this detailed explanation! Will ping you on #rocket if I still can't figure it out.

from rocket.