Description
Is your feature request related to a problem? Please describe.
when i implement custom checkAuth as recommended by examples (https://cube.dev/docs/security#custom-authentication) i cannot access the response to create my own status code and message. all i can do is throw which forces a 500 (not accurate response code, should be 401 or 403)
Describe the solution you'd like
checkAuth to take in the response so that i may mutate response
i'd like to write something like below:
checkAuth: async (req, res) => {
const auth = req.headers.authorization;
if (!auth) {
res.status(401).send({ message: 'auth token not provided' });
return;
}
// Replace `region` and `userPoolId` with your own
const jwks = await fetch(
'https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/jwks.json'
).then((r) => r.json());
const decoded = jwt.decode(auth, { complete: true });
const jwk = _.find(jwks.keys, (x) => x.kid === decoded.header.kid);
const pem = jwkToPem(jwk);
const token = jwt.verify(auth, pem);
if (!token) {
res.status(401).send({ message: 'unauthorized' });
return;
}
req.securityContext = token;
},
Describe alternatives you've considered
this could also be handled internally in node_modules/@cubejs-backend/api-gateway/dist/src/gateway.js > wrapCheckAuth but this doesn't allow for as much developer control
i.e.
if (req.securityContext && !req.authInfo) {
req.authInfo = req.securityContext;
} else if (req.authInfo) {
if (!warningShowed) {
this.logger('AuthInfo Deprecation', {
warning: (
'authInfo was renamed to securityContext, please migrate: ' +
'https://github.com/cube-js/cube.js/blob/master/DEPRECATION.md#checkauthmiddleware'
)
});
warningShowed = true;
}
req.securityContext = req.authInfo;
} else if (!req.authInfo || !req.securityContext) {
res.status(401).send('unauthorized');
}
also, wrapCheckAuth will still need to take in res for this
Additional context
Add any other context or screenshots about the feature request here.