search

MasoniteFramework / api

Masonite API package currently in development
MIT License
8 stars 4 forks source link

Using JWTAuthentication or TokenAuthentication as middleware on Route instead of Resource #18

Closed nicolaipre closed 4 years ago

nicolaipre commented 4 years ago

Hi.

I am trying to create a middleware I can use to verify whether a valid JWT token is specified in the headers of a request.

Routes are protected this way, just like the example in the documentation. resources/AdminUserResource.py

class AdminUserResource(Resource, JSONSerializer, JWTAuthentication):
    model = User
...

web.py

...
ROUTES = [
    AdminUserResource('/admin/users').routes(),
]

However, I do not want to use CRUD and register my routes via Resources.

I want to use JWTAuthentication as a middleware (JWTMiddleware.py) that does the same thing, and register my routes like this:

web.py

    RouteGroup(
        prefix="/api",
        middleware=['auth:api'],
        routes=[
            Get('/profile',       'ProfileController@show').name('ssr.profile'),
            Get('/profile/apikey',   'ProfileController@apikey').name('ssr.profile.apikey'), # Generate X-API-Key for user
        ]
    ),

config/middleware.py

ROUTE_MIDDLEWARE = {
    'auth': AuthenticationMiddleware, # For VIEWS - I do not use views, but instead use a SPA or Server Side Rendering in JavaScript Frontend.
    'verified': VerifyEmailMiddleware,
    'guard': GuardMiddleware,
    'auth:api': JWTMiddleware, # All routes with this middleware requires a valid JWT token
}

JWTMiddleware.py

from masonite.request import Request
from masonite.api.authentication import JWTAuthentication, PermissionScopes

class JWTMiddleware(JWTAuthentication):
    """Middleware To Check If JWT key from header is valid. """

    def __init__(self, request: Request):
        """Inject Any Dependencies From The Service Container.

        Arguments:
            request {masonite.request.Request} -- The Masonite request class.
        """
        self.request = request

    def before(self):
        """Run This Middleware Before The Route Executes."""
        if self.authenticate(self.request) == None:
            return "Token was valid"
        #if not self.request.user():
            #self.request.redirect_to('login')
        else:
            return "Token was not valid"

    def after(self):
        """Run This Middleware After The Route Executes."""
        pass

Is there an easier way to do this? Perhaps I am using the framework/library incorrectly?

I have a feeling I am supposed to do this with middleware=['guard:api'] instead...

nockstarr commented 4 years ago

Also interested in this. Devs?

josephmancuso commented 4 years ago

@nockstarr discussion is here https://github.com/MasoniteFramework/masonite/issues/359