Replies: 2 comments 2 replies
-
You can use Mount with middleware that checks user access to nested routes. routes = [
Route(), # public
Mount(
routes=[], # private routes here
middleware=[], # add middleware here to check user access
),
] The idea here is a middleware that rejects unauthorized access to any child routes. |
Beta Was this translation helpful? Give feedback.
2 replies
-
Thanks for the idea to use the middleware on Route/Mount, I was not aware of that possibility. I ended up with the following approach:
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I was looking into possible ways to make all routes private and only allow several routes public.
For now there are no straight-forward way to achieve that. I see two ways how that could be implemented:
@public
decorator: it goes inline with existing@requires
decorator + some configuration on the app (router?) level.PublicRoute
class or by passing some argument to currentRoute
class likeRoute("/", index, public=True)
.The question is about maintaining backwards-compatibility. One solution could be to add configuration argument to the
Starlette
class.Making routes private by default makes routing more prone to security mistakes when newly introduced routes may be quietly become public because
@requires
decorator is not added to the endpoint.Beta Was this translation helpful? Give feedback.
All reactions