-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
Authentication is done in Turbo slightly different, in which you can define
a middleware that will be called before the request is processed, and will
go and get an authentication object for the request (accessible from the
context.getAuth() method), in the middleware you wil do all the required
authentication for that request, like calling an external database, or verifying
a token. When it comes to doing access control and route management, you can
use the wide range of decorators available to do this.
The middleware
handlemethod should be async, see Middlewares for more information.
There are various decorators for authentication, the below list has the current ones, but we plan to add a lot more.
| Decorator | Description |
|---|---|
@Auth.Use(Middleware) |
This decorator is a class decorator and should be applied to the controller class, you will then pass it the middleware you want it to run, this will be run for all route methods inside. Note: This is the middleware class constructor, not the instance. |
@Auth.Authenticated() |
This decorator will make sure that the user has an auth object. |
@Auth.Has('propertyName') |
This decorator will make sure that the user has the property propertyName in the returned auth object. |
@Auth.InArray('propertyName','value') |
This decorator will make sure that the auth object will contain an array called propertyName and that the value value (value can also be array and it will check if at least one is in the array) will be in that array. |
@Auth.Is('propertyName','value') |
This decorator will make sure that the auth object will contain a property called propertyName and that the value value will be the same as the value of that property. |
@Auth.Custom(func) |
This decorator takes a custom function to verify, as of course we can't catch all edge cases, see the Custom Checks section below. |
As you know, we can't catch every edge case that someone needs, so we have implemented custom checks, simply this is a synchronous function that you can run logic against to check the outcome.
Below is an example of a custom check which will verify that the isBlocked status is false and that the roles array contains both admin and user.
const customCheck = async (auth: Record<string, any>) => {
if (auth.isBlocked) return false;
if (!auth.roles.includes('admin') || !auth.roles.includes('user')) return false;
return true;
};As you can see we receive an authentication object, from here we can run our logic, and we return true or false depending on whether the check was successful or not.
To use the above with the @Custom decorator, you simply pass the function to the decorator, and it will be called when the route is called, like so:
//...
@Auth.Custom(customCheck)
public async api_users(): Promise<Http.Response> {
const users = await this.userService.getUsers();
return new Http.Response(200, users);
}
//...- Controllers
- Middleware
- Autowire
- Plugins
- Tasks
- Fibres
- Authentication
- Registry
- Services
- Dependecy Injection
- Translations (i18n)
- Safe Quit
- Exception Handling
- Event Listener
- Custom Logger
- HTTP Plugin - Built-In
- WS Plugin - Built-In
- Discord Plugin - External
- Vite Plugin - External
- Inspect Plugin - External
- CLI Plugin - External
- Got an issue? Join our Discord
- Need your own plugin? Contact Me
- Have an idea? Let's Discuss
- Want to support me? Buy me a coffee