Suggestion: Exclude routes from MiddlewareBuilder about nest HOT 17 CLOSED

maybe forRoutes return the method exclude, so you can exclude right after defining routes for which to apply the middleware.

    consumer
      .apply(AuthMiddleware)
      .forRoutes({ path: '*', method: RequestMethod.ALL })
      .exclude({ path: '/auth', method: RequestMethod.ALL }) //or `excludeRoutes`

from nest.

Why not have both 🎉

from nest.

For those interested, I needed similar functionality in some of my middleware, particularly my AuthModule where I needed to allow access to one route, but not the rest in a particular controller. I followed this, and wanted to come up with a more standardised way of excluding the route.

    consumer
      .apply(AuthMiddleware)
      .with(
        { path: '/public/content/within/private/controller', method: RequestMethod.GET }
      )
      .forRoutes(PrviateContentController)

And my middleware as follows

interface Route {
    path: string;
    method: string;
}

@Middleware()
export class AuthMiddleware implements NestMiddleware {
  async resolve(...excludedRoutes: Route[]): Promise<ExpressMiddleware> {
    return async (req, res, next) => {
        if(
            excludedRoutes.filter(excludedRoute => {
                return excludedRoute.path == req.path && (excludedRoute.method === RequestMethod[req.method] || req.method === RequestMethod.ALL);
            }).length
        ){
            next();
        }else{
            runMyAuthMethod(req, res, next);
        }

    };
 }
}

Let me know what you think/any improvements as I am still learning.

from nest.

@kamilmysliwiec Can you reopen this issue or do you reject the feature as suggested by @wbhob ? I agree it would be very handy.

My example use case:
I have a global JWT authentication which is supposed to be disabled for the status route (where you can check the API's status) though.

from nest.

I was referring to a hypothetical case, it all depends on the requirements.

in fact I was researching and I found this package.
This it has about 165,622 downloads on the last month, therefore it can be considered that the exclusion of routes in a middleware is a common need of hight demand for many people.

from nest.

Hi @cdiaz,

You can just use with() to pass custom arguments to resolve() method.

resolve(path) {
    return (req, res, next) => {
        if (path.indexOf(req.path) > -1) {
            next();
        }
        ...
    };
}

from nest.

Definitely the suggestion of @wbhob is needed @kamilmysliwiec

from nest.

Hey @cdiaz,

The idea is very cool !
Do you have some use cases with 'express' without nest ?

from nest.

Hi @thomrick, It's the basic way I do it with express:

let except = function(path, middleware) {
  return function(req, res, next) {
      if (path.indexOf(req.path) > -1) {
          // Exclude 
          return next()
      } 
      else {
          // Apply for all others
          return middleware(req, res, next)
      }
  }
}

  app.use(except(['/some', '/another'], authMiddleware()));

I think it can be implemented in Nest, something like this:

builder.apply(authMiddleware)
    .forRoutes(UsersController)
    .except({
        path: ['/some', '/another']
    });

from nest.

Hey @cdiaz,

I looked up on the Nest documentation and I found this:

When you pass UsersController in forRoutes method, Nest will setup middleware for each route in controller:

GET: users
GET: users/:id 
POST: users

But it is also possible to directly define for which path middleware should be used, just like that:

builder.apply(AuthMiddleware)
        .forRoutes({ path: '*', method: RequestMethod.ALL });

It isn't be better than adding new methods ?
Can you try this in your use cases and see if it's cool enough ?

from nest.

@thomrick Assuming my controller has 20 routes and I need to exclude 2, it is better to write only 2 to exclude them instead of write 18 explicitly

from nest.

@cdiaz in fact you make a good point if you write these 20 routes in 1 Controller !!!

But why writing 20 routes in 1 Controller ?

This problem can't be solved be refining architecture / design ?
And so on applying Middlewares on concerned Controllers ?

from nest.

I agree something like that would be ideal, but @kamilmysliwiec already proposed solution.. I guess it's not a major issue at the moment

from nest.

Reiterating the previous comment, can this issue be reopened?
It is a typical case of excluding some route/methods of a Controller from the middleware and there is no easy way around it.

from nest.

Recreated in #790. Please continue all conversation there, and upvote if you need this functionality.

from nest.

Is it still possible exclude methods?

from nest.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

from nest.