How to access the current "request" from within "validateFunc"?

[rse]

I'm wondering whether it is possible to access the current "request" object from within the "validateFunc" callback function, for instance to check a contained IP address against the IP address of the requesting client? Is there a way I've overlooked? I would have expected that either the "request" object is passed into "validateFunc" as an additional parameter or that the "session" object has a backreference to the "request" object (perhaps directly via "session.request")...

[jaw187]

No, will not have access to the request. But you could use a combination of auth and the onPreAuth or onPostAuth extension points. http://hapijs.com/api#serverextevent-method-options

[jardakotesovec]

And what is the reason not having access to the request in validateFunc? I think getting some details from request is reasonable use-case.

We have bit different use case - where we have database connection handler per request, which is accessible from request object - so it would be handy for us to be able to access the request object.

[jaw187]

Is that database connection going to be used to validate the request?

[jardakotesovec]

It would be used to validate that token inside cookie is still valid - by checking sessions in database.

[jardakotesovec]

To provide bit more context - we are using hapi-node-postgres, which provide connection from pool to every request and return connection back to the pool once request is finished.

[jaw187]

Is there anyway to define the validation function such that it has a reference to the connection pool? If not, the only solution is to change the signature of validateFunc to include request.

[jardakotesovec]

Do you think that passing request as last parameter would be acceptable? It would not be breaking change and it would help for use cases when you need to access request object.

[jaw187]

@hueniverse Do you have any concerns about passing the request object to
validateFunc?

On Mon, May 25, 2015, 4:35 AM Jarda Kotěšovec notifications@github.com
wrote:

Do you think that passing request as last parameter would be acceptable?
It would not be breaking change and it would help for use cases when you
need to access request object.

—
Reply to this email directly or view it on GitHub
#58 (comment)
.

[hueniverse]

No, just need to find a way to minimize breaking changes. Not sure this is worth an option but this is a heavily used module and most people don't need this.

[jaw187]

@hueniverse If most people don't need this, is there a more common pattern for validating the session against a database while using a connection pool shared by the entire app?

@jardakotesovec Instead of adding it as the last argument, adding it as an optional argument makes more sense to me. Would you like to throw together a PR? If not, let me know and I'll put something together.

[jardakotesovec]

@jaw187 Not sure how you would make it as optional argument - based on some option? Maybe it could be passed via this like settings.validateFunc(...).bind({request: request}), so it would be accessible via this.request. What do you think? That would not cause any breaking change nor require new options.

And if you could look into it that would be awesome.. 👍

[hueniverse]

I have a feeling we need to make this change across the three auth modules and just suck up the breaking changes. Maybe line it up with the upcoming hapi 9.0 which will include a few minor breaking changes. People have asked for access to the request object over the years but never enough to make me reconsider but maybe now is the time to change this.

[jaw187]

Ok. @hueniverse would you prefer multiple arguments or a single options argument?

[hueniverse]

other than adding request is there anything else? options implies optional.

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.