Request user authentication#141
Merged
Merged
Conversation
leoraba
commented
Apr 8, 2025
| ### Auth Custom Handler | ||
|
|
||
| The **authentication custom handler** is a customizable function that can be used to verify user authentication and grant write permissions to organizations. It is used by the auth middleware to process incoming requests before any operation is executed. | ||
| The **authentication custom handler** is a customizable function that can be used to verify user authentication and grant write permissions to organizations. It is used by the auth middleware to process incoming requests to modification endpoints (POST, PUT, DELETE) before any operation is executed, and to identify the user for audit purposes on these endpoints. |
Contributor
Author
There was a problem hiding this comment.
Updated the docs. TLDR: authentication middleware is executed only in POST/PUT/DELETE endpoints, in order to authorized user to modify, create or delete data.
No auth is required for GET endpoints.
UPDATE: By default, all HTTP methods are protected. Optionally, you can specify which methods to protect by setting the protectedMethods array (e.g., ['DELETE', 'POST', 'PUT']).
leoraba
commented
Apr 8, 2025
Contributor
Author
There was a problem hiding this comment.
standardize username variable (in lowercase) along the application.
leoraba
commented
Apr 10, 2025
|
|
||
| export type AuthConfig = { | ||
| enabled: boolean; | ||
| protectedMethods?: Array<'GET' | 'POST' | 'PUT' | 'DELETE'>; |
Contributor
Author
There was a problem hiding this comment.
new property added to auth configuration. Indicates what methods should run the auth middleware
leoraba
commented
Apr 10, 2025
Comment on lines
+47
to
+52
| Array.isArray(authConfig.protectedMethods) && | ||
| !authConfig.protectedMethods.some((method) => method === req.method) | ||
| ) { | ||
| return next(); | ||
| } | ||
|
|
Contributor
Author
There was a problem hiding this comment.
Main validation to protect incoming request or not depending on auth config
justincorrigible
approved these changes
Apr 11, 2025
leoraba
added a commit
that referenced
this pull request
Apr 14, 2025
* feat: export migration scripts (#113) * export migration scripts * export DbConfig from data-model Export models * export dist path (#116) * Feat #120 - Get previous submissions paginated (#121) * get submission by id * retrieve submissions by category * get submission by organization * relocate submission unit tests * Add customizable callback for post-commit (#126) * on finish commit callback * check record data changes * fix bytes parsing number (#128) * Submit data using JSON format (#133) * remove file reading * Update types.ts * fix typescript error & remove deprecated endpoint * Fix issue comparing Submitted Data property names (#136) * remove invalid keys * refactoring update entity data function * split submitted data unit test file * logging improvement * Fix Delete submitted data issue (#137) * return when record has no data dependencies * filter unique records to delete * eslint rule to enforce curly braces * make curly linting a suggestion warning --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * New Feature - Authentication Middleware Injection (#123) * retrieve username from userSession * rename config file * rename auth middleware * remove unused code * custom auth handler * auth middleware * fix readme typos * auth custom handle error codes * auth write privilege * log module * update auth handler readme * auth configuration * update auth README * updated docker compose file * Update packages/data-provider/src/utils/authUtils.ts Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Lyric Dev Documentation (#106) * initializing branch for documentation site * templated overview page * minor fix * minor update * minor change * template update * minor + test * updated readme * testing branch commit issue in build * updating contributing & code of conduct * minor update * updated overview page * links * updated image * Updated inline with PR feedback * minor update * netlify link * updated cross referenced urls to docs.overture.bio * removed code of conduct (.github covers this) removed repository structure in readme (it is in the overview) * updated submission system diagram * Update README.md --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * Request user authentication (#141) * auth required on modification endpoints * get submissions by user name * lowercase username variable * update auth custom handler readme * configure protected methods * bypass auth function * 0.9.1 --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> Co-authored-by: Mitchell Shiell <59712867+MitchellShiell@users.noreply.github.com>
leoraba
added a commit
that referenced
this pull request
Jul 9, 2025
* feat: export migration scripts (#113) * export migration scripts * export DbConfig from data-model Export models * export dist path (#116) * Feat #120 - Get previous submissions paginated (#121) * get submission by id * retrieve submissions by category * get submission by organization * relocate submission unit tests * Add customizable callback for post-commit (#126) * on finish commit callback * check record data changes * fix bytes parsing number (#128) * Submit data using JSON format (#133) * remove file reading * Update types.ts * fix typescript error & remove deprecated endpoint * Fix issue comparing Submitted Data property names (#136) * remove invalid keys * refactoring update entity data function * split submitted data unit test file * logging improvement * Fix Delete submitted data issue (#137) * return when record has no data dependencies * filter unique records to delete * eslint rule to enforce curly braces * make curly linting a suggestion warning --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * New Feature - Authentication Middleware Injection (#123) * retrieve username from userSession * rename config file * rename auth middleware * remove unused code * custom auth handler * auth middleware * fix readme typos * auth custom handle error codes * auth write privilege * log module * update auth handler readme * auth configuration * update auth README * updated docker compose file * Update packages/data-provider/src/utils/authUtils.ts Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Lyric Dev Documentation (#106) * initializing branch for documentation site * templated overview page * minor fix * minor update * minor change * template update * minor + test * updated readme * testing branch commit issue in build * updating contributing & code of conduct * minor update * updated overview page * links * updated image * Updated inline with PR feedback * minor update * netlify link * updated cross referenced urls to docs.overture.bio * removed code of conduct (.github covers this) removed repository structure in readme (it is in the overview) * updated submission system diagram * Update README.md --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * Request user authentication (#141) * auth required on modification endpoints * get submissions by user name * lowercase username variable * update auth custom handler readme * configure protected methods * bypass auth function * Upgrade Lectern Client to 2.0.0-beta.4 (#144) * fix(auth): update customAuthHandler to accpet async functions * #26: Fix Submit new data - Data loss on Submission with multiple files (#148) * fix submit data * small refactor code * Add Validation Endpoint with Configurable Category, Entity, and Field Validation (#124) * Add Validation Endpoint with Configurable Category, Entity, and Field Validation * validator query endpoint * external validation config * update documentation * validator exists endpoint * refactor code for readability --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * 0.10.0 --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> Co-authored-by: Mitchell Shiell <59712867+MitchellShiell@users.noreply.github.com> Co-authored-by: Jon Eubank <joneubank@gmail.com> Co-authored-by: James Lopez <jamestlopez.code@gmail.com> Co-authored-by: Azher2Ali <121898125+Azher2Ali@users.noreply.github.com>
leoraba
added a commit
that referenced
this pull request
Jul 11, 2025
* feat: export migration scripts (#113) * export migration scripts * export DbConfig from data-model Export models * export dist path (#116) * Feat #120 - Get previous submissions paginated (#121) * get submission by id * retrieve submissions by category * get submission by organization * relocate submission unit tests * Add customizable callback for post-commit (#126) * on finish commit callback * check record data changes * fix bytes parsing number (#128) * Submit data using JSON format (#133) * remove file reading * Update types.ts * fix typescript error & remove deprecated endpoint * Fix issue comparing Submitted Data property names (#136) * remove invalid keys * refactoring update entity data function * split submitted data unit test file * logging improvement * Fix Delete submitted data issue (#137) * return when record has no data dependencies * filter unique records to delete * eslint rule to enforce curly braces * make curly linting a suggestion warning --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * New Feature - Authentication Middleware Injection (#123) * retrieve username from userSession * rename config file * rename auth middleware * remove unused code * custom auth handler * auth middleware * fix readme typos * auth custom handle error codes * auth write privilege * log module * update auth handler readme * auth configuration * update auth README * updated docker compose file * Update packages/data-provider/src/utils/authUtils.ts Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Lyric Dev Documentation (#106) * initializing branch for documentation site * templated overview page * minor fix * minor update * minor change * template update * minor + test * updated readme * testing branch commit issue in build * updating contributing & code of conduct * minor update * updated overview page * links * updated image * Updated inline with PR feedback * minor update * netlify link * updated cross referenced urls to docs.overture.bio * removed code of conduct (.github covers this) removed repository structure in readme (it is in the overview) * updated submission system diagram * Update README.md --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * Request user authentication (#141) * auth required on modification endpoints * get submissions by user name * lowercase username variable * update auth custom handler readme * configure protected methods * bypass auth function * Upgrade Lectern Client to 2.0.0-beta.4 (#144) * feat(provider): add data file template download route by data category * Updating the lectern dependency and fixing imports * Changes related to the feedback * Refactoring the request validation * Refactoring the data-model and code cleanup * fix: Resolving Build failures * Refactor: Minor code fixes and adding routes to files * Refactor: Simplify type annotation * fix(auth): update customAuthHandler to accpet async functions * #26: Fix Submit new data - Data loss on Submission with multiple files (#148) * fix submit data * small refactor code * Add Validation Endpoint with Configurable Category, Entity, and Field Validation (#124) * Add Validation Endpoint with Configurable Category, Entity, and Field Validation * validator query endpoint * external validation config * update documentation * validator exists endpoint * refactor code for readability --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * refactor(dictionary): simplify routes and params to use categoryId * Resolving built issues in schemas.ts * refactor: move categoryId to path param and clean up controller imports and request parsing * 0.11.0 --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> Co-authored-by: Mitchell Shiell <59712867+MitchellShiell@users.noreply.github.com> Co-authored-by: Jon Eubank <joneubank@gmail.com> Co-authored-by: Azher2Ali <121898125+Azher2Ali@users.noreply.github.com> Co-authored-by: James Lopez <jamestlopez.code@gmail.com>
leoraba
added a commit
that referenced
this pull request
Sep 16, 2025
* feat: export migration scripts (#113) * export migration scripts * export DbConfig from data-model Export models * export dist path (#116) * Feat #120 - Get previous submissions paginated (#121) * get submission by id * retrieve submissions by category * get submission by organization * relocate submission unit tests * Add customizable callback for post-commit (#126) * on finish commit callback * check record data changes * fix bytes parsing number (#128) * Submit data using JSON format (#133) * remove file reading * Update types.ts * fix typescript error & remove deprecated endpoint * Fix issue comparing Submitted Data property names (#136) * remove invalid keys * refactoring update entity data function * split submitted data unit test file * logging improvement * Fix Delete submitted data issue (#137) * return when record has no data dependencies * filter unique records to delete * eslint rule to enforce curly braces * make curly linting a suggestion warning --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * New Feature - Authentication Middleware Injection (#123) * retrieve username from userSession * rename config file * rename auth middleware * remove unused code * custom auth handler * auth middleware * fix readme typos * auth custom handle error codes * auth write privilege * log module * update auth handler readme * auth configuration * update auth README * updated docker compose file * Update packages/data-provider/src/utils/authUtils.ts Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Lyric Dev Documentation (#106) * initializing branch for documentation site * templated overview page * minor fix * minor update * minor change * template update * minor + test * updated readme * testing branch commit issue in build * updating contributing & code of conduct * minor update * updated overview page * links * updated image * Updated inline with PR feedback * minor update * netlify link * updated cross referenced urls to docs.overture.bio * removed code of conduct (.github covers this) removed repository structure in readme (it is in the overview) * updated submission system diagram * Update README.md --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * Request user authentication (#141) * auth required on modification endpoints * get submissions by user name * lowercase username variable * update auth custom handler readme * configure protected methods * bypass auth function * Upgrade Lectern Client to 2.0.0-beta.4 (#144) * feat(provider): add data file template download route by data category * Updating the lectern dependency and fixing imports * Changes related to the feedback * Refactoring the request validation * Refactoring the data-model and code cleanup * fix: Resolving Build failures * Refactor: Minor code fixes and adding routes to files * Refactor: Simplify type annotation * fix(auth): update customAuthHandler to accpet async functions * #26: Fix Submit new data - Data loss on Submission with multiple files (#148) * fix submit data * small refactor code * Add Validation Endpoint with Configurable Category, Entity, and Field Validation (#124) * Add Validation Endpoint with Configurable Category, Entity, and Field Validation * validator query endpoint * external validation config * update documentation * validator exists endpoint * refactor code for readability --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * refactor(dictionary): simplify routes and params to use categoryId * Resolving built issues in schemas.ts * refactor: move categoryId to path param and clean up controller imports and request parsing * fix(docker): resolve docker issues not connecting auth * feat(data): add stream endpoint * feat(view): add view to stream endpoint * feat(transformer): add transformer config * fix(stream): cleanup stream logic and use totalRecords * fix(stream): fix variable increment logic * feat(swagger): add swagger for stream * fix(stream): resolve issues with content-type * fix(readme): add transformer documentation * refactor(stream): remove transformer function * feat(helper): create isDataRecordValue helper function * fix(util): incorrect return boolean * chore(import): remove unused import * chore(logger): update logger message * feat(entityNames): add entity names filter option and comments * feat(swagger): add entityName param * fix(stream): bail if no data is returned * Update Dockerfile * 0.12.0 --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> Co-authored-by: Mitchell Shiell <59712867+MitchellShiell@users.noreply.github.com> Co-authored-by: Jon Eubank <joneubank@gmail.com> Co-authored-by: Azher2Ali <121898125+Azher2Ali@users.noreply.github.com> Co-authored-by: James Lopez <jamestlopez.code@gmail.com>
leoraba
added a commit
that referenced
this pull request
Sep 25, 2025
* feat: export migration scripts (#113) * export migration scripts * export DbConfig from data-model Export models * export dist path (#116) * Feat #120 - Get previous submissions paginated (#121) * get submission by id * retrieve submissions by category * get submission by organization * relocate submission unit tests * Add customizable callback for post-commit (#126) * on finish commit callback * check record data changes * fix bytes parsing number (#128) * Submit data using JSON format (#133) * remove file reading * Update types.ts * fix typescript error & remove deprecated endpoint * Fix issue comparing Submitted Data property names (#136) * remove invalid keys * refactoring update entity data function * split submitted data unit test file * logging improvement * Fix Delete submitted data issue (#137) * return when record has no data dependencies * filter unique records to delete * eslint rule to enforce curly braces * make curly linting a suggestion warning --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * New Feature - Authentication Middleware Injection (#123) * retrieve username from userSession * rename config file * rename auth middleware * remove unused code * custom auth handler * auth middleware * fix readme typos * auth custom handle error codes * auth write privilege * log module * update auth handler readme * auth configuration * update auth README * updated docker compose file * Update packages/data-provider/src/utils/authUtils.ts Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> * Lyric Dev Documentation (#106) * initializing branch for documentation site * templated overview page * minor fix * minor update * minor change * template update * minor + test * updated readme * testing branch commit issue in build * updating contributing & code of conduct * minor update * updated overview page * links * updated image * Updated inline with PR feedback * minor update * netlify link * updated cross referenced urls to docs.overture.bio * removed code of conduct (.github covers this) removed repository structure in readme (it is in the overview) * updated submission system diagram * Update README.md --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * Request user authentication (#141) * auth required on modification endpoints * get submissions by user name * lowercase username variable * update auth custom handler readme * configure protected methods * bypass auth function * Upgrade Lectern Client to 2.0.0-beta.4 (#144) * feat(provider): add data file template download route by data category * Updating the lectern dependency and fixing imports * Changes related to the feedback * Refactoring the request validation * Refactoring the data-model and code cleanup * fix: Resolving Build failures * Refactor: Minor code fixes and adding routes to files * Refactor: Simplify type annotation * fix(auth): update customAuthHandler to accpet async functions * #26: Fix Submit new data - Data loss on Submission with multiple files (#148) * fix submit data * small refactor code * Add Validation Endpoint with Configurable Category, Entity, and Field Validation (#124) * Add Validation Endpoint with Configurable Category, Entity, and Field Validation * validator query endpoint * external validation config * update documentation * validator exists endpoint * refactor code for readability --------- Co-authored-by: Leonardo Rivera <leorivera_88@hotmail.com> * refactor(dictionary): simplify routes and params to use categoryId * Resolving built issues in schemas.ts * refactor: move categoryId to path param and clean up controller imports and request parsing * fix(docker): resolve docker issues not connecting auth * feat(data): add stream endpoint * feat(view): add view to stream endpoint * feat(transformer): add transformer config * fix(stream): cleanup stream logic and use totalRecords * fix(stream): fix variable increment logic * feat(swagger): add swagger for stream * fix(stream): resolve issues with content-type * fix(readme): add transformer documentation * refactor(stream): remove transformer function * feat(helper): create isDataRecordValue helper function * fix(util): incorrect return boolean * chore(import): remove unused import * chore(logger): update logger message * feat(entityNames): add entity names filter option and comments * feat(swagger): add entityName param * fix(stream): bail if no data is returned * Update Dockerfile * #79: Enable auth to read data (#157) * enable auth to read data * read access validation * filter repository by organization * custom request user session * code refactoring * 0.13.0 * version 0.13.0 --------- Co-authored-by: Anders Richardsson <2107110+justincorrigible@users.noreply.github.com> Co-authored-by: Mitchell Shiell <59712867+MitchellShiell@users.noreply.github.com> Co-authored-by: Jon Eubank <joneubank@gmail.com> Co-authored-by: Azher2Ali <121898125+Azher2Ali@users.noreply.github.com> Co-authored-by: James Lopez <jamestlopez.code@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Description
protectedMethodsarray (e.g., ['DELETE', 'POST', 'PUT']).usernamequery param to retrieve submissions filtered by username (GET submission/category/{categoryId}?username={username})Type of change
How Has This Been Tested?
Checklist:
You do not need to fullfill all requirements of this checklist, select all that apply: