How does one define distinct routes at the same level of the hierarchy with different authentication/authorization requirements? For example, how would one define the following:
/api/v1/ping : completely open, non-authenticated
/api/v1/user_info : requires authentication, but not authorization
/api/v1/stats : requires authentication and authorization as administrator
Sorry if I'm being dumb, but I spent quite a bit of time last night trying various things to achieve this and came up short. Here's about the closest I could get:
let apiPipeline =
pipeline {
plug acceptJson
}
let authenticatedApiPipeline =
pipeline {
requires_authentication (Giraffe.Auth.challenge JwtBearerDefaults.AuthenticationScheme)
}
let v1AuthenticatedApiRouter =
router {
pipe_through authenticatedApiPipeline
forward "/user_info" (setStatusCode 200 >=> text "TODO: user info")
}
let v1ApiRouter =
router {
forward "/ping" (setStatusCode 200 >=> text "pong")
forward "" v1AuthenticatedApiRouter
}
let apiRouter =
router {
not_found_handler (setStatusCode 404 >=> text "API 404")
pipe_through apiPipeline
forward "/v1" v1ApiRouter
}
This already felt hacky to me, and I could see no way to extend it further to accommodate authorized routes as well. Is there a way to achieve this?
Hello,
How does one define distinct routes at the same level of the hierarchy with different authentication/authorization requirements? For example, how would one define the following:
/api/v1/ping
: completely open, non-authenticated/api/v1/user_info
: requires authentication, but not authorization/api/v1/stats
: requires authentication and authorization as administratorSorry if I'm being dumb, but I spent quite a bit of time last night trying various things to achieve this and came up short. Here's about the closest I could get:
This already felt hacky to me, and I could see no way to extend it further to accommodate authorized routes as well. Is there a way to achieve this?