Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT]: create server only access control for loaders and actions #884

Merged
merged 3 commits into from
Jan 16, 2025
Merged

[FEAT]: create server only access control for loaders and actions #884

merged 3 commits into from
Jan 16, 2025

Conversation

IncognitaDev
Copy link
Contributor

@IncognitaDev IncognitaDev commented Jan 16, 2025
edited
Loading

This PR adds the capability of export a access control const defaultVisibility that determines if a loader or a action is server only acessible or public accssible.

A server only accessible loader/action its only callable by ctx.invoke, this prevent exposing private endpoints on webisite calls on client.

Exemple:

export const defaultVisibility = 'private'

image

export const defaultVisibility = 'public'

image

@github-actions GitHub Actions
Copy link
Contributor

Tagging Options

Should a new tag be published when this PR is merged?

  • 👍 for Patch 1.108.4 update
  • 🎉 for Minor 1.109.0 update
  • 🚀 for Major 2.0.0 update

@IncognitaDev
Copy link
Contributor Author

IncognitaDev commented Jan 16, 2025
edited
Loading

I add a visibilityOverride to deco plugin that allows overrite the visibility of a block. With this you can explicity turn a default private block to act as public or a public to act as a private one.

usage:

import { defineConfig } from "$fresh/server.ts";
import { plugins } from "deco/plugins/deco.ts";
import manifest from "./manifest.gen.ts";

export default defineConfig({
  plugins: plugins<typeof manifest>({
    manifest,
    htmx: true,
    visibilityOverrides:  {
      "site/loaders/minicart.ts": "public",
    },
  }),
});

@IncognitaDev IncognitaDev merged commit 9628ebd into main Jan 16, 2025
2 checks passed
@IncognitaDev IncognitaDev deleted the feat/loader-acess-control branch January 16, 2025 22:31
@IncognitaDev IncognitaDev mentioned this pull request Jan 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcandeia mcandeia mcandeia approved these changes

@matheusgr matheusgr Awaiting requested review from matheusgr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@IncognitaDev @mcandeia