vapor
vapor7mo ago

Advanced Permissioning In Middleware

I need to handle somewhat complicated permissioning logic, for example: User A can read (but not write) tasks from Facility B Is there a good pattern for applying this sort of logic in middlewares? Currently, I can create a verbose permission set in Context for that user, but I'm not sure how best to handle a facility-specific route, for example trying to read tasks from Facility B.
The Context will contain all of that user's permissions, but I'm not sure how to check those permissions against a route-specific ID (for example facilityID) in a middleware. I don't think I'd want to set that facilityID in context (since a lot of procedures won't have a facilityID at all) and it doesn't look like there's a way to pass dynamic values into middleware using Meta. Any thoughts?
1 Reply
Louis
Louis7mo ago
Just an idea, store some kind of flag in context, you can then filter out most of the calls that don't need to verify the users permissions. Also you'll have access to the url/route, use regex with a capture group to capture Facility B, foo, bar, blah etc. to use in your permission logic. If you're worried about performance, you could store the permission set in a cache, either in memory or redis. This would be quicker than hitting a db with every verify flag in context.
More Posts
How is the Client Generated with just the typesI'm trying to build a trpc like app for building restful apis with sveltekit. In trpc sveltekit onlyGenerate iOS Swift tRPC clientHey all, I'm looking to get pointed in the right direction for how to best generate a native tRPC cMiddleware that returns data instead of throwing errorIs there any way for a middleware to return typed data instead of throwing an error? I can only see Including multi-tenant config into tRPC contextHey all, I've been working on upgrading my app to support multi-tenancy, inspired by Vercel's PlatfSuggestion to deal with external dependencies on backend side?Hello, i have a question about dealing with external dependencies inside mutations and queries on tTRPC & Zod LoggingI'm building a backend and if my input validation fails I want to log the failure but couldn't figurHow to handle Query Errors on client side (show toast on 401)Hey ! Hope you're doing well ! I wanted to know if someone can explain to me how to handle errors onTRPCClientError: JSON Parse error: Single quotes (') are not allowed in JSONI am getting this error when deployed but not when running locally. ```json TRPCClientError: JSON PHow to access isLoading if a Query is inside a componentI am having trouble in accessing isLoading from a query, the problem is that the Query is placed instRPC and vite serverless, are there any exmaples?Now that tanstack router is out I would want to move out of nextjs, but keep the convenience of host