I'm setting up a hook for BEFORE ALL of users service. The hook is to check requester's role and decide whether to continue the request or throw forbidden.
Auth needs to be called before my hook to make sure that context user is populated beforehand. That's fine.
But then, auth will fail on getting user since my hook is called first, leading to forbidden thrown since no context user found.
What I'm trying to do is to identify the context whether its from auth or not so that i can let auth passthrough without check. But how? or is my approach wrong?
FYI: only [authenticate("jwt"), acl] in BEFORE ALL. acl is my hook. also, auth(jwt) from @feathersjs/authentication's hook
-whotfisthis, pardon the bad grammar.
Solved, i guess.
Rather than trying to identify if it's auth hook and let it passthrough without check:
All GET request with _id params other than the _id's of requester will go through acl check. Initial GET request with
authenticated: trueand request with self _id will passthrough