Plugin to check Permissions.

[apescione]

I'm creating a plugin to check if the user has the right roles to use the API. It works, but it is applying for other endpoints downstream.
is there a way to say that my plugin must be applied only to the ElysiaJs instance that I apply, and not to the main instance?

[mtt-artis]

👋
I think this is what you're looking for
https://elysiajs.com/essential/scope.html

[apescione]

I've updated Elysia to the latest version, and now I can see the scope. I created one plugin to check user roles.
Before upgrading to elysiaJs version 1 derive was invoked in the sub instance, after the upgrading it is not invoked anymore. What has changed?

[apescione]

Just to give more context:
I have a main application that use:
First middleware to authorize the user
the second one to check the roles of the user.
The first plugin needs to pass to second one the user.
What is the best approach in this case? With the version before 1 (0.8.x) Using derive was working, but I cannot avoid downstream due to missing scope.
@mtt-artis, can you help me on this?

[apescione]

Using
.derive({ as: "global" }, ({ user }) => {
it seems being invoked

[mtt-artis]

Hi @apescione
I'll tell you what I've done not knowing if it is best practice.

I used to inline all my routes on the same Elysia instance. I check the authorisation in a scoped middleware and then check the user's profile in the beforeHandle of each route like below

import { Elysia, t } from "elysia";

const hasRole = (profil: string) =>  ({ error, jwt }) => { 
  if (!jwt.roles.includes(role)) throw error("Unauthorized");
};

export const routes = new Elysia()
    .use(jwt())
    .get('/', () => 'hi', {
        beforeHandle: hasRole("BASIC_USER")
    })
   .get('/admin', () => 'admin', {
        beforeHandle: hasRole("ADMIN")
    })

[apescione]

@mtt-artis thank for your suggestions.
that you know, what is the scope of the guard? How can I put in main instance from the child?
https://elysiajs.com/essential/scope#guard

[apescione]

Maybe the response is in this feature
#617

[mtt-artis]

I don't think you can with guard (yet ?). But you can use model to reuse a schema on multiple routes.
https://elysiajs.com/validation/reference-model

[mtt-artis]

@apescione
this works fine

import { Elysia, t } from "elysia";

const guard = (app: Elysia) => app.guard({
  body: t.Object({ b: t.String()}),
});

export const server = new Elysia()
  .use(guard)
  .post("/", ({ body }) => body)

server.listen(3000, ({ hostname, port }) => {
  console.log(`🦊 Elysia is running at ${hostname}:${port}`);
});

[apescione]

At the moment I moved the guard on the main instance waiting for new improvement.
thanks a lot for the support.