Pass request object to validateFunc method?

[HankMcCoy]

Would it be possible to pass the request object to the validateFunc method? See my fork for a very trivial/slapdash implementation.

In my use case I'm writing a Hapi server that largely acts as a proxy to a different API. My validateFunc implementation includes a call out to this backing service to verify the user's auth token. The actual information I'm seeking to validate I'm storing in the session cookie (and thus get back as the first argument in validateFunc) but there's some other data in the request (like the user's IP address) that I'd like to forward on to the backing API for general logging/tracking purposes.

Is this a reasonable addition? Or is there some best practice I might be missing in my approach?

[hueniverse]

The request is reasonable, but... I don't want to add arguments after the callback, and adding before the callback means a breaking change. From a security perspective, you really should not be consulting the request for validation decisions (at least not in the context of this scheme). I know you only wants to log the information but adding it opens the door for others to use it for anything.

You can instead use the 'onPostAuth' extension point in hapi to log the result of the authentication where you have full access to the request.

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.