I have an umbrella app made by Phoenix 1.3. So my ecto and business logic is in one app we’ll call
Core and my phoenix API is in another app called
User needs to create a new shipment on the platform.
- Logs into API
- Gets a Phoenix Token returned
- POST /shipments to
Apiwhich in turn calls
Now I need to determine is this user even authorized to do this action? So I’m using the library
bodyguard to protect the contexts in
Core app. However, we don’t even know who the user is?!
I’d create my own plug that will populate conn.assigns.user with user permissions on each request coming into the API and then just have the controller pass this along.
defmodule API.Plug.CurrentUser do def init(opts), do: opts def call(conn, _opts) do ## conn.assigns.user only has the user_id user = Core.Accounts.get_user!(conn.assigns.user) Plug.Conn.assign(conn, :current_user, user) end end
Pipe it up!
pipeline :authenticated do plug PhoenixTokenPlug.EnsureAuthenticated, handler: API.AuthController plug API.Plug.CurrentUser end
In the controller just… do:
def create(conn, params) do Core.Orders.create_shipment(conn.assigns.current_user, params) end
So any better way to get the user that’s making the API call to the Core app in the umbrella? Or is my way pretty much the way to do it without pass all of Plug.Conn.