Open diosney opened 9 years ago
I'm leaving this open for discussion and to think about, but the obvious solution that would work right now if you needed it would be the following (so you're not blocked on discussions here):
app.use(function (req, res, next) {
res.render = createRouteRender(res.render)
next()
})
function createRouteRender(_render) {
return function render() {
this.locals.route = this.req.route
return _render.apply(this, arguments)
}
}
@dougwilson That would really work, thanks for the tip, but it could be great that other solution is provided for the long term (being the 'render' event or another one). The thing is that I don't feel quite right overwriting .render
(if you are suggesting this then maybe the side effects are minimum to null).
So, thanks again, expecting further discussion on this :smile:
I have a similar issue. I'm writing an authorization middleware that goes above where the routes are all defined. In that case, req.route
is null.
So if I'm trying to allow/deny access in the authorization middleware based on req.route.path
to something like /user/:id
, it becomes difficult (if it's checking a path that doesn't use params, like /user
, then I don't need req.route
to be available as I can just use req.originalUrl
.
I could use regexes but that becomes error prone depending on what kind of routes exist.
@rightaway I'm trying to resolve the same problem. Did you get the result?
@algebris I had exact same task as @rightaway and I ended up with adding additional layer of middleware everywhere, inside I check authorization to various routes depending on what user is allowed to do.
Details: I have object defining all routes restrictions, e.g. all req.route.path'es that should be protected, depending on users role. If route has no restrictions, I just next(), else check if user role is allowed to execute the controller, if not - render 40x.
Would be great to somehow make this work without injecting another middleware layer.
@rzk yeah, that's would be great anyway. I need req.route.path in order to find a matches in my swagger declarations with auth, validation, caching etc. But i have a lot end-points to add middleware to all of them. So I'm still trying to find a way to make it right ...
Well, I don't know but I've made in yesterday dirty hack to express internals ... I have tested it with express@4.13.3 It intercepts your middleware stack with custom functions before first middleware call
https://gist.github.com/algebris/1f931e112b0253249a04
Could anybody verify how's it bad to do like that? I know it's just a hack but ...
Related links
https://github.com/strongloop/express/issues/2093 http://stackoverflow.com/a/19460598/881286
A practical and real application of
req.route
would be one that you have/user/:id
At the view, it would be nice to do a conditional on a route definition instead of the actual url path.
To acomplish that right now it is needed to add a local variable in each route middleware definition, whis is a cumbersome task:
Real deal
A nice way to overcome this would be having a general middleware that do it in a single place, but the issue is that
req.route
only gets filled when the routing middleware gets executed, so there is no way to code a separated middleware that gets executed AFTERreq.route
is defined and BEFORE therender
method.Conclusion
If an Expressjs custom event existed, that gets executed just after the
render
method gets executed, it could be used to overcome this issue:Thanks