vibe.web.auth – optional authentication
p-mitana opened this issue · comments
P. Mitana commented
Hello,
I found a little hole in vibe.web.auth: imagine a situation, where I want everyone to be able to access the endpoint, but still want to know, whether this is a registered users and what roles does he have.
Currently I can do:
@noAuth get() // Anyone can access, but I don't know, if he is authenticated and who he is
@anyAuth get(AuthInfo authInfo) // I do know, who the user is, but unless he is authenticated, he cannot access.
What I would like to have is:
@anyAuth get(Nullable!AuthInfo authInfo) // If user is not authenticated authInfo is Nullable.null
Suggested solution: allow an authentication method overload, which returns Nullable:
@requiresAuthentication
interface API {
// either of these two can be used
@noRoute AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);
@noRoute Nullable!AuthInfo authenticate(HTTPServerRequest, HTTPServerResponse);
// Authentication required – if there is only Nullable authenticate variant and it returns null, 401 is returned
@anyAuth get(AuthInfo auth);
// Authentication not required, but still attempted
@anyAuth get(Nullable!AuthInfo auth);
}