Skip to content

Comments

Exclude auth for root path only#23

Open
tadejm wants to merge 1 commit intoeparreno:masterfrom
uplisting:allow-excluding-root-path
Open

Exclude auth for root path only#23
tadejm wants to merge 1 commit intoeparreno:masterfrom
uplisting:allow-excluding-root-path

Conversation

@tadejm
Copy link

@tadejm tadejm commented Apr 29, 2020

Hey @eparreno 👋

Merging this PR will allow a dev to exclude the root path ('/') without excluding all paths starting with a / from the JWT token auth check.
This comes handy when we want to have a pretty landing/docs page mounted on / and an JWT auth API that serves from other paths, i.e. /users.

@tadejm
Exclude root path only
5781234 
This commit allows a dev to only exclude the root path ('/') from
the JWT token auth check but keep the auth check on other paths.
@berkes
Copy link

berkes commented Oct 28, 2020

I like and need this exact case.

Anything I can do to push this forward and help getting this merged?

For example, I could make it more generic using a regex instead of start_with()? e.g. |ex| env['PATH_INFO'].match?(ex) that would probably degrade performance and not be backwards compatible, but does give implementers more freedom.

Alternatively, a switch based on wether it is a string, or a regex:

        @exclude.any? { |ex|
          path = env['PATH_INFO']
          ex.is_a?(String) && path.start_with?(ex) || ex.is_a?(Regexp) && path.match?(ex)
       }

But then a tad more readable :)

@berkes
Copy link

berkes commented Nov 30, 2021

Anything we can do to help get this merged?

berkes added a commit to berkes/rack-jwt that referenced this pull request Nov 30, 2021
@berkes
Add ability to provide regexp instead of just substrings for exclude
323b3c9 
This is another go at eparreno#23,

Where we make it a little more flexible by allowing either the old
string version or a now newly introduced regxp.

This is fully backwards compatible.
@berkes berkes mentioned this pull request Nov 30, 2021
Open
berkes added a commit to berkes/rack-jwt that referenced this pull request Dec 1, 2021
@berkes
Add ability to provide regexp instead of just substrings for exclude
b31cb6a 
This is another go at eparreno#23,

Where we make it a little more flexible by allowing either the old
string version or a now newly introduced regxp.

This is fully backwards compatible.
@tadas-s
Copy link

tadas-s commented Jun 19, 2024

We're having same issue as well - want to exclude root path, but / excludes everything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tadejm @berkes @tadas-s