Giters

vibe-d / vibe.d

Official vibe.d development

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

vibe.web.auth – optional authentication

p-mitana opened this issue · comments

commented

Hello,

I found a little hole in vibe.web.auth: imagine a situation, where I want everyone to be able to access the endpoint, but still want to know, whether this is a registered users and what roles does he have.

Currently I can do:

@noAuth get() // Anyone can access, but I don't know, if he is authenticated and who he is
@anyAuth get(AuthInfo authInfo) // I do know, who the user is, but unless he is authenticated, he cannot access.

What I would like to have is:

@anyAuth get(Nullable!AuthInfo authInfo) // If user is not authenticated authInfo is Nullable.null

Suggested solution: allow an authentication method overload, which returns Nullable:

@requiresAuthentication
interface API {
    // either of these two can be used
    @noRoute AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);
    @noRoute Nullable!AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);

    // Authentication required – if there is only Nullable authenticate variant and it returns null, 401 is returned
    @anyAuth get(AuthInfo auth);

    // Authentication not required, but still attempted
    @anyAuth get(Nullable!AuthInfo auth); 
}