Authentication and authorization before validation

[bmakan]

I've implemented my first app in Elysia, and I've noticed I cannot set up authentication/authorization before validation. I was using python's flask on several other apps before.

E.g., I want to check for session cookie - if it's not set I redirect users to the login page. Or I want to check if the logged-in user is an admin. I am using beforeRequest hook for this.

Currently, if I have a route like /pokemon/:name, the validation will kick in before my beforeHandles where I handle the redirect and user check. This means the non-admins will be warned on how to properly send a request instead of outright being sent packing.
I also tried the derive hook, but it doesn't allow me to redirect.

Basically, what I miss is a handle that will happen once the routing is done, but before the validation kicks in.

Or, maybe there's something I have missed? Any suggestions are appreciated.

[bmakan]

I found a workaround.

I moved the logic of handling user session into onTransform. This happens before the validation. But, I cannot return redirects from here as they are ignored. So, instead I throw an error. Then, I handle this error in the onError handle, and here I can return redirects.

Now, when I access a protected API, the validation doesn't show before the Unauthorized is returned.