Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How do you allow only some get routes to have auth #230

Open
rodude123 opened this issue Oct 6, 2022 · 3 comments
Open

How do you allow only some get routes to have auth #230

rodude123 opened this issue Oct 6, 2022 · 3 comments

Comments

@rodude123
Copy link

I'm making an API where some data is publicly available for my site and some need auth. I know I can add this,

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "rules" => [
        new Tuupola\Middleware\JwtAuthentication\RequestPathRule([
            "path" => "/",
            "ignore" => []
        ]),
        new Tuupola\Middleware\JwtAuthentication\RequestMethodRule([
            "ignore" => ["OPTIONS", "GET"]
        ])
    ]
]));

This allows all GET methods to have no auth on them. so is there a way to specify /projectData as a GET route that has no auth but /projetData as a POST, PUT, PATCH, DELETE routes have auth on them
@tuupola
Copy link
Owner

tuupola commented Oct 7, 2022

Something like this should work.

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "rules" => [
        new Tuupola\Middleware\JwtAuthentication\RequestPathRule([
            "path" => ["/projectData"],
            "ignore" => []
        ]),
        new Tuupola\Middleware\JwtAuthentication\RequestMethodRule([
            "ignore" => ["OPTIONS", "GET"]
        ])
    ]
]))

@rodude123
Copy link
Author

rodude123 commented Oct 8, 2022
edited

This worked perfectly! Although a quick follow-up question. How would I allow some GET routes to have auth on them? I tried to put the route in the path, like so:

$app->add(new Tuupola\Middleware\JwtAuthentication([
    "rules" => [
        new Tuupola\Middleware\JwtAuthentication\RequestPathRule([
            "path" => ["/projectData", "/user/getUserInfo"],
            "ignore" => []
        ]),
        new Tuupola\Middleware\JwtAuthentication\RequestMethodRule([
            "ignore" => ["OPTIONS", "GET"]
        ])
    ]
]))

This however didn't work and it didn't require auth for the get route of /user/getUserInfo when I want it to

@rodude123 rodude123 changed the title How do allow only some get routes to have auth How do you allow only some get routes to have auth Oct 8, 2022
@tuupola
Copy link
Owner

tuupola commented Oct 22, 2022

In your config you are ignoring all GET requests so GET /user/getUserInfo will not be authenticated. Easiest thing would be to organize your routes so that you do not need complicated rules. For example:

$app->add(new JwtAuthentication([
    "path" => ["/api", "/admin"]
]));

Now any path starting with /api/ and /admin/ will be authenticated while the rest will not. Alternatively some frameworks allow you to bind middlewares manually to your selected routes. With Slim this is something like:

/* Add to single route */
$app->get("/", function () { ... })->add(new JwtAuthentication());

/* Add to route group */
$app->group("/", function () { ... })->add(new JwtAuthentication());

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tuupola @rodude123