rlipscombe

rlipscombe

Plug: Per-route authentication

I’m using plug (without Phoenix), and I’ve got a router that contains something like the following:

get "/users/:user_id/favorites" do
    body = get_favorites(user_id)
    send_resp(conn, 200, body)
end

I’d like to use JWT to restrict access to this route based on :user_id, but using a secret associated with :user_id.

Using Guardian (or, more directly, using Joken), I can implement JWT checking for the entire application, but I can’t figure out how to attach authentication “middleware” to this route and get hold of the value of :user_id.

Any pointers?

First Post!

idi527

idi527

:waving_hand:

You can put your auth logic in a plug and route the requests that need to be authenticated via it.

One way to do it is by adding an extra “authenticated” router plug.

defmodule YourApp.MainRouter do
  use Plug.Router
  
  plug :match
  # ...
  plug :dispatch

  get "/" do
    send_resp(conn, 200, "all unauthenticated requests can be handled in this router")
  end

  forward "/users", to: YourApp.AuthedRouter
end
defmodule YourApp.AuthedRouter do
  use Plug.Router

  plug :match
  plug YourApp.AuthPlug
  plug :dispatch

  get "/:user_id/favorites" do
    body = get_favorites(user_id)
    send_resp(conn, 200, body)
  end
end

But if you don’t have many routes that need to be authenticated, you can put the “whether to authenticate?” logic into the authenticating plug itself.

defmodule YourApp.AuthPlug
  @behaviour Plug

  def init(opts), do: opts # maybe list the routes that need to be authenticated in opts

  def call(%{path_info: ["users" | _rest]}, _opts) do
    # authenticate
  end

  def call(conn, _opts) do
    # don't authenticate
    conn
  end
end

Where Next?

Popular in Questions Top

Kurisu
For example for a current url like http://localhost:4000/cosmetic/products?_utf8=✓&query=perfume&page=2, I would like to get: ...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
tduccuong
Hi, is there any work on GUI with Elixir, that is similar to Electron/Javascript? My idea is to bundle Phoenix and BEAM into a single se...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New

Other popular topics Top

TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41539 114
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New
SoCreat
i’m a new one to elixir which editor can i use vs code? or atom? Thanks! :smiley:
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36128 110
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I’m a nov...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

We're in Beta

About us Mission Statement