feat: auth context api proposal (#879)

erickzanardo · renancaraujo · web-flow · commit db08fddeef53 · 2023-08-07T10:32:05.000-03:00
Co-authored-by: Renan &lt;6718144+renancaraujo@users.noreply.github.com&gt;
diff --git a/examples/basic_authentication/routes/users/_middleware.dart b/examples/basic_authentication/routes/users/_middleware.dart
@@ -2,23 +2,20 @@ import 'package:basic_authentication/user_repository.dart';
 import 'package:dart_frog/dart_frog.dart';
 import 'package:dart_frog_auth/dart_frog_auth.dart';
 
-Future<User?> Function(String, String) userFromCredentials(
-  UserRepository repository,
-) =>
-    (String username, String password) =>
-        repository.userFromCredentials(username, password);
-
 Handler middleware(Handler handler) {
   final userRepository = UserRepository();
 
   return handler
-      .use(requestLogger())
-      .use(provider<UserRepository>((_) => userRepository))
       .use(
         basicAuthentication<User>(
-          userFromCredentials: userFromCredentials(userRepository),
+          authenticator: (context, username, password) {
+            final repository = context.read<UserRepository>();
+            return repository.userFromCredentials(username, password);
+          },
           applies: (RequestContext context) async =>
               context.request.method != HttpMethod.post,
         ),
-      );
+      )
+      .use(requestLogger())
+      .use(provider<UserRepository>((_) => userRepository));
 }
diff --git a/examples/bearer_authentication/routes/users/_middleware.dart b/examples/bearer_authentication/routes/users/_middleware.dart
@@ -3,31 +3,23 @@ import 'package:bearer_authentication/user_repository.dart';
 import 'package:dart_frog/dart_frog.dart';
 import 'package:dart_frog_auth/dart_frog_auth.dart';
 
-Future<User?> Function(String) userFromToken({
-  required UserRepository userRepository,
-  required SessionRepository sessionRepository,
-}) =>
-    (String token) async {
-      final session = await sessionRepository.sessionFromToken(token);
-      return session != null ? userRepository.userFromId(session.userId) : null;
-    };
-
 Handler middleware(Handler handler) {
-  final userRepository = UserRepository();
-  const sessionRepository = SessionRepository();
-
   return handler
-      .use(requestLogger())
-      .use(provider<UserRepository>((_) => userRepository))
-      .use(provider<SessionRepository>((_) => sessionRepository))
       .use(
         bearerAuthentication<User>(
-          userFromToken: userFromToken(
-            userRepository: userRepository,
-            sessionRepository: sessionRepository,
-          ),
+          authenticator: (context, token) async {
+            final sessionRepository = context.read<SessionRepository>();
+            final userRepository = context.read<UserRepository>();
+            final session = await sessionRepository.sessionFromToken(token);
+            return session != null
+                ? userRepository.userFromId(session.userId)
+                : null;
+          },
           applies: (RequestContext context) async =>
               context.request.method != HttpMethod.post,
         ),
-      );
+      )
+      .use(requestLogger())
+      .use(provider<UserRepository>((_) => UserRepository()))
+      .use(provider<SessionRepository>((_) => const SessionRepository()));
 }
diff --git a/packages/dart_frog_auth/.gitignore b/packages/dart_frog_auth/.gitignore
@@ -4,4 +4,6 @@
 .dart_tool/
 .packages
 build/
-pubspec.lock
+pubspec.lock
+
+coverage
diff --git a/packages/dart_frog_auth/lib/src/dart_frog_auth.dart b/packages/dart_frog_auth/lib/src/dart_frog_auth.dart
@@ -37,7 +37,7 @@ Future<bool> _defaultApplies(RequestContext context) async => true;
 /// ```
 ///
 /// In order to use this middleware, you must provide a function that will
-/// return a user object from the username and password.
+/// return a user object from the username, password and request context.
 ///
 /// If the given function returns null for the given username and password,
 /// the middleware will return a `401 Unauthorized` response.
@@ -47,27 +47,53 @@ Future<bool> _defaultApplies(RequestContext context) async => true;
 /// [RequestContext]. If the function returns false, the middleware will not
 /// apply to the route and the call will have authentication validation.
 Middleware basicAuthentication<T extends Object>({
-  required Future<T?> Function(String, String) userFromCredentials,
+  @Deprecated(
+    'Deprecated in favor of authenticator. '
+    'This will be removed in future versions',
+  )
+  Future<T?> Function(
+    String username,
+    String password,
+  )? userFromCredentials,
+  Future<T?> Function(
+    RequestContext context,
+    String username,
+    String password,
+  )? authenticator,
   Applies applies = _defaultApplies,
-}) =>
-    (handler) => (context) async {
-          if (!await applies(context)) {
-            return handler(context);
+}) {
+  assert(
+    userFromCredentials != null || authenticator != null,
+    'You must provide either a userFromCredentials or a '
+    'authenticator function',
+  );
+  return (handler) => (context) async {
+        if (!await applies(context)) {
+          return handler(context);
+        }
+
+        Future<T?> call(String username, String password) async {
+          if (userFromCredentials != null) {
+            return userFromCredentials(username, password);
+          } else {
+            return authenticator!(context, username, password);
           }
+        }
 
-          final authorization = context.request.headers.basic();
-          if (authorization != null) {
-            final [username, password] =
-                String.fromCharCodes(base64Decode(authorization)).split(':');
+        final authorization = context.request.headers.basic();
+        if (authorization != null) {
+          final [username, password] =
+              String.fromCharCodes(base64Decode(authorization)).split(':');
 
-            final user = await userFromCredentials(username, password);
-            if (user != null) {
-              return handler(context.provide(() => user));
-            }
+          final user = await call(username, password);
+          if (user != null) {
+            return handler(context.provide(() => user));
           }
+        }
 
-          return Response(statusCode: HttpStatus.unauthorized);
-        };
+        return Response(statusCode: HttpStatus.unauthorized);
+      };
+}
 
 /// Authentication that uses the `Authorization` header with the `Bearer`
 /// scheme.
@@ -80,7 +106,7 @@ Middleware basicAuthentication<T extends Object>({
 /// The token format is up to the user. Usually it will be an encrypted token.
 ///
 /// In order to use this middleware, you must provide a function that will
-/// return a user object from the received token.
+/// return a user object from the received token and request context.
 ///
 /// If the given function returns null for the given username and password,
 /// the middleware will return a `401 Unauthorized` response.
@@ -90,21 +116,41 @@ Middleware basicAuthentication<T extends Object>({
 /// [RequestContext]. If the function returns false, the middleware will not
 /// apply to the route and the call will have no authentication validation.
 Middleware bearerAuthentication<T extends Object>({
-  required Future<T?> Function(String) userFromToken,
+  @Deprecated(
+    'Deprecated in favor of authenticator. '
+    'This will be removed in future versions',
+  )
+  Future<T?> Function(String token)? userFromToken,
+  Future<T?> Function(RequestContext context, String token)? authenticator,
   Applies applies = _defaultApplies,
-}) =>
-    (handler) => (context) async {
-          if (!await applies(context)) {
-            return handler(context);
+}) {
+  assert(
+    userFromToken != null || authenticator != null,
+    'You must provide either a userFromToken or a '
+    'authenticator function',
+  );
+
+  return (handler) => (context) async {
+        if (!await applies(context)) {
+          return handler(context);
+        }
+
+        Future<T?> call(String token) async {
+          if (userFromToken != null) {
+            return userFromToken(token);
+          } else {
+            return authenticator!(context, token);
           }
+        }
 
-          final authorization = context.request.headers.bearer();
-          if (authorization != null) {
-            final user = await userFromToken(authorization);
-            if (user != null) {
-              return handler(context.provide(() => user));
-            }
+        final authorization = context.request.headers.bearer();
+        if (authorization != null) {
+          final user = await call(authorization);
+          if (user != null) {
+            return handler(context.provide(() => user));
           }
+        }
 
-          return Response(statusCode: HttpStatus.unauthorized);
-        };
+        return Response(statusCode: HttpStatus.unauthorized);
+      };
+}
diff --git a/packages/dart_frog_auth/test/src/dart_frog_auth_test.dart b/packages/dart_frog_auth/test/src/dart_frog_auth_test.dart
