Authorization middleware

[Jhfelectric]

Hi,

I need to make sure that certain routes are blocked to anonymous users.
I created a 'token' route which sends back a JWT token to the client.
How/where can I check if clients use the correct token ?

Thanks a lot for this nice project !
Julien

[scottoffen]

So, you have a route that generates the token and sends it back to the client. Now you need some middleware that validates that the token gets sent back and is valid on other routes. Do I understand your question correctly?

[Jhfelectric]

Hi @scottoffen thx for your reply.
Yes that's correct, I need to make sure that client is using the right token.

[scottoffen]

There are two places you can hook into to make this check. You can do it either when the request is received by the server, or prior to the request being routed. Handlers for both of these hooks are executed asynchronously.

• server.OnRequestAsync handlers are delegates of type RequestReceivedAsyncEventHandler, and run when the request has been received by the server. This is useful when you want code to run independent of whether the request is routed. For example, requests for static files served from content folders will not be routed.

• router.BeforeRoutingAsync handlers are delegates of type RoutingAsyncEventHandler, and run just before any routes are executed (and there is a corresponding router.AfterRoutingAsync). This is likely where you want to hook into.

While you can add this hook at any time, I'd recommend doing it in your startup file where you configure the server:

public void ConfigureServer(IRestServer server)
{
    // You can do this as a lambda
    server.Router.BeforeRoutingAsync += async (ctx) =>
    {
        // your code here
    };

    // Or you can reference another method somewhere (static is easiest)
    server.Router.BeforeRoutingAsync += MyJwtClass.MethodToValidateJwt;
}

[Jhfelectric]

Thank you !