Skip to content

Comments

Exclude auth for root path only#23

Open
tadejm wants to merge 1 commit intoeparreno:masterfrom
uplisting:allow-excluding-root-path
Open

Exclude auth for root path only#23
tadejm wants to merge 1 commit intoeparreno:masterfrom
uplisting:allow-excluding-root-path

Conversation

@tadejm
Copy link

@tadejm tadejm commented Apr 29, 2020

Hey @eparreno 👋

Merging this PR will allow a dev to exclude the root path ('/') without excluding all paths starting with a / from the JWT token auth check.
This comes handy when we want to have a pretty landing/docs page mounted on / and an JWT auth API that serves from other paths, i.e. /users.

This commit allows a dev to only exclude the root path ('/') from
the JWT token auth check but keep the auth check on other paths.
@berkes
Copy link

berkes commented Oct 28, 2020

I like and need this exact case.

Anything I can do to push this forward and help getting this merged?

For example, I could make it more generic using a regex instead of start_with()? e.g. |ex| env['PATH_INFO'].match?(ex) that would probably degrade performance and not be backwards compatible, but does give implementers more freedom.

Alternatively, a switch based on wether it is a string, or a regex:

        @exclude.any? { |ex|
          path = env['PATH_INFO']
          ex.is_a?(String) && path.start_with?(ex) || ex.is_a?(Regexp) && path.match?(ex)
       }

But then a tad more readable :)

@berkes
Copy link

berkes commented Nov 30, 2021

Anything we can do to help get this merged?

berkes added a commit to berkes/rack-jwt that referenced this pull request Nov 30, 2021
This is another go at eparreno#23,

Where we make it a little more flexible by allowing either the old
string version or a now newly introduced regxp.

This is fully backwards compatible.
berkes added a commit to berkes/rack-jwt that referenced this pull request Dec 1, 2021
This is another go at eparreno#23,

Where we make it a little more flexible by allowing either the old
string version or a now newly introduced regxp.

This is fully backwards compatible.
@tadas-s
Copy link

tadas-s commented Jun 19, 2024

We're having same issue as well - want to exclude root path, but / excludes everything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants