Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve authorization middleware #3048

Merged
merged 9 commits into from
Jan 15, 2024
Merged

Improve authorization middleware #3048

merged 9 commits into from
Jan 15, 2024

Conversation

apedroferreira
Copy link
Member

@apedroferreira apedroferreira commented Jan 3, 2024
edited
Loading

Improve authorization middleware to cover everything under /prod except static files and Toolpad dev server.
This way, the same middleware can be used to redirect to sign in and protect the RPC, among other things.

@apedroferreira apedroferreira added the enhancement This is not a bug, nor a new feature label Jan 3, 2024
@apedroferreira apedroferreira self-assigned this Jan 3, 2024
@apedroferreira apedroferreira changed the title Wider auth redirect Improve authorization middleware Jan 3, 2024
@apedroferreira apedroferreira mentioned this pull request Jan 4, 2024
Merged
@github-actions github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged label Jan 12, 2024
@github-actions github-actions bot removed the PR: out-of-date The pull request has merge conflicts and can't be merged label Jan 12, 2024
apedroferreira
apedroferreira commented Jan 12, 2024
View reviewed changes
packages/toolpad-app/src/server/auth.ts
if (
(!project.options.dev || isPageRequest) &&
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In dev mode it only redirects pages so that the user in preview sees the same behavior there will be in production. Can't hide RPC requests behind authentication in dev mode for example, as the editor needs to make them.

@apedroferreira apedroferreira marked this pull request as ready for review January 12, 2024 18:28
@apedroferreira apedroferreira requested a review from a team January 12, 2024 18:28
@Janpot
Copy link
Member

Janpot commented Jan 15, 2024

Looks good. Annoying that we have a parallel dev and prod implementation. A more ideal implementation would be one single function which switches on/off certain middleware based on a dev flag. That would guarantee consistency in ordering of the middlewares between the two environments. The challenge would be to avoid loading vite in prod. That's what causes high memory spikes on startup, even if a vite devserver isn't initialized.

@apedroferreira apedroferreira merged commit e700443 into mui:master Jan 15, 2024
11 checks passed
@apedroferreira apedroferreira deleted the wider-auth-redirect branch January 15, 2024 17:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Janpot Janpot Janpot approved these changes

Assignees

@apedroferreira apedroferreira

Labels
enhancement This is not a bug, nor a new feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@apedroferreira @Janpot