Skip to content

Allow middleware to redirect without the controller being involved. #6894

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
benjamincburns opened this issue Dec 9, 2020 · 2 comments
Open

Allow middleware to redirect without the controller being involved. #6894

benjamincburns opened this issue Dec 9, 2020 · 2 comments
Labels
feature REST Issues related to @loopback/rest package and REST transport in general

Comments

@benjamincburns
Copy link

benjamincburns commented Dec 9, 2020
edited
Loading

Suggestion

It would appear that today if some middleware logic wishes to send a redirect response, the controller must be aware of that and handle the redirection on behalf of the middleware. This seems a bit incoherent, as the controller is generally concerned with managing the resource defined by the REST endpoint, and not the needs of the middleware.

Use Cases

Authentication. See this example. Why do I need special controller logic for loginToThirdParty there? If the middleware abstraction weren't leaking, I'd expect that I could just decorate any endpoint method of my controller with @authenticate(STRATEGY_NAME) and if the strategy requires redirection (e.g. OIDC), the user should be redirected to login/grant access, then redirected back to the endpoint in question. If I want to enable this behaviour today it would appear that I need this redirection logic for every single protected controller function that I write.

Examples

One way to achieve this would be to follow the pattern that AuthenticationActionProvider uses here, but instead of writing to setters that are bound to a binding specific to the Authentication namespace, write to some more generic binding that can be picked up and handled before the controller is ever called, subverting the need to call the controller entirely.

Another way might be to inspect the return value of the middleware. If it returns a RedirectRoute, redirect instead of calling the controller. I find this to be a cleaner option than injecting setters, but I can imagine this being more difficult to implement. As an aside, it'd be nice if controllers could do this as well, rather than requiring the Response object to be injected.

Acceptance criteria

TBD - will be filled by the team.
@achrinza achrinza added the REST Issues related to @loopback/rest package and REST transport in general label Dec 23, 2020
@stale
Copy link

stale bot commented Jul 14, 2021

This issue has been marked stale because it has not seen activity within six months. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository. This issue will be closed within 30 days of being stale.

@stale stale bot added the stale label Jul 14, 2021
@benjamincburns
Copy link
Author

@achrinza assuming LoopBack wants this feature, you may wish to label it such that stalebot ignores it.

@stale stale bot removed the stale label Jul 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature REST Issues related to @loopback/rest package and REST transport in general
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@benjamincburns @achrinza