Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge info from multiple @Security methods into req.user #1742

Open
bmeeder22 opened this issue Jan 21, 2025 · 1 comment
Open

Merge info from multiple @Security methods into req.user #1742

bmeeder22 opened this issue Jan 21, 2025 · 1 comment

Comments

@bmeeder22
Copy link

bmeeder22 commented Jan 21, 2025
edited
Loading

I want to echo issue #1637

There could be multiple authentication headers, for example: api key and secret key. Both of those add something to the user object independently of each other.

It seems very strange to allow multiple returns from the Security tag, but then NOT merge the user object together.

Solution

@daxadal identified the correct solution:

// routes.ts (Auto-generated)

secMethodOrPromises.push(
  Promise.all(secMethodAndPromises).then((users) => {
    return users.reduceRight((prev, current) => ({ ...prev, ...current }));
  })

Workarounds

You can build up a temp object and then use a middleware to set that to user. However that is not ideal as that temp object is going to get populated with variables from other @Security tags potentially leading to security vulnerabilities. So the best way is to do this inside of TSOA at the security group level.
@github-actions GitHub Actions
Copy link

Hello there bmeeder22 👋

Thank you for opening your very first issue in this project.

We will try to get back to you as soon as we can.👀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmeeder22