Redirect from Service / Use hooks with custom middleware

[githugger]

I want to use my feathers app to manage authorization on static resources served by nginx. Using middleware this is easily possible by using the X-Accel-Redirect header:

(req, res, next) => {
  // assume the user is authorized
  res.setHeader('X-Accel-Redirect', redirectUrl);
  res.end('');
  next();
}

For the time being (I know that this will probably change with 1.0 - feather-authentication # 227) authentication hooks are the only way I know of to ensure a user is authenticated, get his user object, and do some custom auth-logic (can this use access this resource?).

So I am thinking that while the passwordless branch isn't merged I have to either:

1. Make hooks work properly with custom middleware functions in which I have access to the req and res objects, or
2. Be able to redirect a request from within a feathers-service.

The first option does not seem to work because, while it says in the docs that hooks are just small middleware functions, using them like express middleware does not work (hook.type not set, not calling or even having access to next). Am I not seeing something here? Is there an easy way to register and app.use hooks like middleware and daisy-chain them in front of custom middleware?

There doesn't seem to be a way to access the res and req objects in services. How would one go about implementing a redirect within a service?

Note:
I have tried chaining a service (which basically does nothing) and my custom middleware that executed the redirect together in one route (ex1) to facilitate using the authentication hook as before hooks to the service and then have the middleware work the request. But the request hangs and the custom middleware never gets executed.

// ex1
app.use('/fileapi/:a/:b/:c', {
  get(id, params) { console.log('get'); return {}; },  // noop
  find(params) { console.log('find'); return {}; },  // noop
}, xAccelRedirector('/assets', ['a', 'b', 'c']));  // this instantiates a middleware function that is able to handle requests with params a, b, and c
app.service('/fileapi/:a/:b/:c').before({
  all: [
    authentication.hooks.verifyToken(),
    authentication.hooks.populateUser(),
    authentication.hooks.restrictToAuthenticated(),
    // custom auth logic for the requested resource
    userHasRights(),
  ],
});

[daffl]

I think there is a workaround how to check the token and get the user in #357. You basically create your own middleware that decodes the token and then grabs the user from the user service and tacks it on the request.

In fact, you can probably just copy the decode-token and populate user Express middleware from the passwordless branch, it pretty much does exactly that.

I am going to close this since it is the same as #357 and will be covered in the next version of feathers-authentication (for the 1.0 discussion see feathersjs-ecosystem/authentication#226).

[HarisHashim]

Really need to know how to do the same!

I am planning to secure nginx public path using feathers. Appreciate pointer how to do this.

Thanks!

[daffl]

This is all documented now in https://docs.feathersjs.com/guides/auth/recipe.express-middleware.html

[lock]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue with a link to this issue for related bugs.