Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "methods" rule property to routes.json #132

Closed
danspark opened this issue Aug 16, 2020 · 8 comments
Closed

Add "methods" rule property to routes.json #132

danspark opened this issue Aug 16, 2020 · 8 comments
Labels
enhancement New feature or request routing

Comments

@danspark
Copy link

It looks like I can use the routes.json file to add auth to my azure functions routes, so I think it makes sense to specify which methods the routes.json rules would apply to.

In my scenario, I have a route called api/catalog-items, and I would like to only allow POST, PUT and DELETE for authenticated users, but GET request have no auth rules. I'm thinking an array would be the best data type, and GET would be the default value for unspecified route objects.

Example:

{
  "routes": [
    {
      "route": "/api/catalog-items",
      "allowedRoles": ["authenticated"],
      "methods": ["POST","PUT","DELETE"]
    }
  ]
}

Are there any plans to support this?
@miwebst
Copy link
Contributor

miwebst commented Aug 19, 2020

We will take a look at adding this, thanks for the suggestion! I see this as really only applicable to the Functions api calls and not really relevant to the static content. Does that match your expectation?

@danspark
Copy link
Author

danspark commented Aug 19, 2020
edited

Yeah, I guess it's only applicable to the functions back-end. As it is now it's still really useful to be able to add authentication/authorization to my functions, but I'm really curious if this is something that I am supposed to be doing, is this a planned use-case? Thanks for answering by the way.

@miwebst
Copy link
Contributor

miwebst commented Aug 21, 2020

So there are 2 planned use cases when working with auth and Functions. One is using the routes.json to allow/deny particular sets of users based on roles. The second is using the auth information passed to the Function as a header to perform more in depth authentication checks (i.e. you may want to allow/deny based on the email of a user).

@danspark
Copy link
Author

danspark commented Sep 2, 2020

Great, thanks! Should I close this then?

@miwebst
Copy link
Contributor

miwebst commented Sep 2, 2020

We can leave this open in case anyone else wants to contribute to the conversation and we can also use this for tracking.

@anthonychu anthonychu added enhancement New feature or request routing labels Nov 20, 2020
@miwebst
Copy link
Contributor

miwebst commented Feb 23, 2021

Hey @danspark , we have launched a new config file today with some breaking changes that will allow us to continue to add functionality going forward. We have added a "methods" matching criteria to our routes; you can find more info here: https://docs.microsoft.com/en-us/azure/static-web-apps/configuration

@danspark
Copy link
Author

@miwebst This is great! I'm guessing this issue can be closed, then? Didn't find the breaking changes in the page, though.

@miwebst
Copy link
Contributor

miwebst commented Feb 23, 2021

Ah this is a great point @craigshoemaker should we consider making a section to talk about the breaking changes?

@danspark, the main changes are to the naming of different properties (i.e. response overrides) and the wildcard routing behavior / introduction of navigation fallbacks.

@miwebst miwebst closed this as completed Feb 23, 2021
@nogic1008 nogic1008 mentioned this issue Feb 24, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request routing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anthonychu @danspark @miwebst