Using HttpAuthentication wrapper on the same named scope but different handler about protect-endpoints HOT 7 CLOSED

Ok, sorry, I will create one.

from protect-endpoints.

Thank you for the amazing package!

Thanks, I appreciate it!

In general, the question more about how routes & scopes works in actix-web. The easiest (but trivial) way is wrapping only needed scopes. For example:

App::new()
    .service(
        web::scope("/api/v1")
            .service(
                web::scope("/reservations")
                    .wrap(HttpAuthentication::bearer(validator))
                    .configure(reservations_controllers::secured_routes),
            )
            .service(web::scope("/auth").configure(auth_controller::routes))
    )
    .app_data(data.clone())

But I'm not sure if it suits you

from protect-endpoints.

Thank you for the quick response.
I'll just wrap individual handlers as you said

from protect-endpoints.

Hello @DDtKey , I run into the same issue. The trick with different scops works, but not in all situations.

Is there a way to use Role based authentication and map all requests without a authorization header to role Guest and then using #[has_any_role("Role::Guest", "Role::User", type = "Role")] ?

from protect-endpoints.

Hello @DDtKey , I run into the same issue. The trick with different scops works, but not in all situations.

Is there a way to use Role based authentication and map all requests without a authorization header to role Guest and then using #[has_any_role("Role::Guest", "Role::User", type = "Role")] ?

Just to clarify this, do you want actix-web-grants to consider not authorized users as Guests? Looks like another topic 🤔
It should be authorization logic in that case IMHO.

I mean you can assign the Guest during checking header(in method that you pass to middleware), like:

if auth_header.is_none() {
  return Role::Guest
}

from protect-endpoints.

Just to clarify this, do you want actix-web-grants to consider not authorized users as Guests? Looks like another topic thinking It should be authorization logic in that case IMHO.

Not exactly, it depends what is the most easiest way. It was only one idea I had, to give all non authenticated users the role guest. But I thought that maybe actix-web-grants has a way to handle this situations.

I mean you can assign the Guest during checking header(in method that you pass to middleware), like:

But that means I have to write my one middleware? I tried to implement something like that in the validator() function, but there the checking is to late already.

from protect-endpoints.

@jb-alvarado oh, I see your point. But it worth to create separate issue, I'm pretty sure that's not related one

from protect-endpoints.