Add the ability for services to be internal only.

[pierretasci]

The service and hooks abstraction in feathers is awesome and really powerful. So much in fact, that I want to use it more extensively. I want to be able to create internal only services that have useful server side logic like a file storage service or a field validator service.

The problem becomes that I have to expose that service's CRUD methods as rest methods. I don't necessarily want to do that. So far I have taken to namespacing my internal services with an service_name. This is obviously not an ideal solution.

Having peeked into the logic that hooks a service up to express, it seems like it wouldn't be hard to just skip that part if some flag is set on the service, or if the name is service_name or some other construct.

Thanks!

[daffl]

I think what you are asking for is already possible using the disable hook. The disable hook allows to disable access to all or specific service methods for all or specific external providers or to disable it completely:

const hooks = require('feathers-hooks');

app.service('users').before({
  // Users can not be created by external access
  create: hooks.disable('external'),
  // A user can not be deleted through the REST provider
  remove: hooks.disable('rest'),
  // Disable calling `update` completely (e.g. to only support `patch`)
  update: hooks.disable()
});

[pierretasci]

Oh yes I see now. Apologies, I should have read the docs more closely. Thanks!

[daffl]

It's a great question and granted, it is a little hidden. I created a follow-up issue in feathersjs-ecosystem/docs#93 and will add it to the FAQ.

[epozsh]

Hello, i have got one simiral issue.
I am using react-starter-kit.
I use express.
I use feathers like this

const api = feathers();
api.use(compress())
  .configure(hooks())
  .configure(rest())
  .configure(services)
  .configure(middleware);

module.exports = api;

const app = express();
app.use('/api/feathers', api);

TestService

'use strict';

const service = require('feathers-sequelize');
const Test= require('./Test-model');
const hooks = require('./hooks');

module.exports = function(){
  const app = this;

  const options = {
    Model: Test(app.get('sequelize')),
  };

  // Initialize our service with any options it requires
  app.use('/Test', service(options));

 /// Get our initialize service to that we can bind hooks
  const TestService = app.service('/Test');

  // Set up our before hooks
  TestService .before(hooks.before);

  // Set up our after hooks
  TestService .after(hooks.after);
};

In my application i am using

fetch("/api/feathers/Test"+query) (GET)

I do not have got user authentication my application can have any visitors.
When a visitor visit the site he can type "/api/feathers/Test"+query in adress bar and get some data
How i can disable this? So only the application can make this rest calls and nobody else?

[daffl]

I would remove the sub-app setup and just add the api/ prefix to you service names and then add authentication as documented and created by the generator. Sub-apps are definitely not recommended because they don't play very nicely with websockets or the authentication plugin.

[epozsh]

What u mean remove sub-app? you mean i have to remove const app = express(); ?
And if add authentication don't i need to authenticate every user with login? (i do not have registration system as i do not need it)

[fauzanss]

disable is DEPRECATED, so change with disallowed

app.service('track_record').hooks({
    before : {
      update : hooks.disallow(),
      create : hooks.disallow(),
      remove : hooks.disallow(),
      patch :  hooks.disallow()
    },
    after : {
      find : response(),
      get : response()
    }
  })