Implement HttpContext & AuthProvider in inversify-express-utils

[remojansen]

The motivation for this issue was this comment.

I would like to implement the following:

A) Access to current request and response via HttpContext

The idea of HttpContext is based on ASP.NET and is a feature that allows the request and response to objects to be injected.

What should happen then is the following:

1. An HTTP request hits the server.
2. A child container is created using this._container.createChild() to prevent rare conditions.
3. A binding is declared for TYPE.HttpContext and it includes current request and response

interface HttpContext {
    request: Request;
    response: Response; 
}

3. Routing takes places and container.get is invoked.
4. The TYPE.HttpContext is resolved usinginRequestScope if the controller has a dependency on it.
5. Other dependencies of the Controller are resolved.
6. All the dependencies (including TYPE.HttpContext) are injected into de Controller.
7. The controller method is invoked

B) Access to current user via HttpContext

This will add an extra bit to the previous workflow. What should happen then is the following:

1. The developer configures a custom AuthProvider before a request hits the server.
2. An HTTP request hits the server.
3. A child container is created using this._container.createChild() to prevent rare conditions.
4. The current user is resolved using a AuthProvider if it is available (undefined by default).
5. A binding is declared for TYPE.HttpContext and it includes current request, response, and user

interface HttpContext {
    request: Request;
    response: Response; 
    user: UserIdentity;
}

6. Routing takes places and container.get is invoked.
7. The TYPE.HttpContext is resolved usinginRequestScope if the controller has a dependency on it.
8. Other dependencies of the Controller are resolved.
9. All the dependencies (including TYPE.HttpContext) are injected into de Controller.
10. The controller method is invoked

C) Investigate support BaseHttpController to reduce boilerplate

We could also create a base controller instance that gets HttpContext injected by default so users will be able to do:

import * as express from "express";
import { interfaces, controller, httpGet, httpPost, httpDelete, request, queryParam, response, requestParam, BaseHttpController } from "inversify-express-utils";
import { injectable, inject } from "inversify";

@controller("/foo")
@injectable()
export class FooController extends BaseHttpController {

    @inject("FooService") private fooService: FooService;

    @httpGet("/")
    private index(): string {
        if (this.httpContext.user === undefined) {
            throw new Error();
       }
       return this.fooService.get((this.httpContext.user.id);
    }

}

D) Document authorize middleware using HttpContext

We can document examples to implement a middleware that uses the HttpContext to validate if an user has access to certan feature:

@controller(
    "/foo",
     authorize({ feature: FEATURE.SOME_FEATURE_FLAG }),
)
@injectable()
export class FooController extends BaseHttpController {
    // ...
}

Or validate if an user has access to certan role:

@controller(
    "/foo",
     authorize({ role: ROLE.SOME_ROLE }),
)
@injectable()
export class FooController extends BaseHttpController {
    // ...
}

The community will then develop libraries for particular databases etc.

[remojansen]

I have implemented A, B and C inversify/inversify-express-utils#72 and I have moved D to a new issue #673

[remojansen]

• HttpContext docs
• AuthProvider docs