How do you implement a response filter in ServiceStack to filter out unwanted DTO's

Question

I'm having trouble finding any complete tutorials on how to implement a Response Filter in ServiceStack.

The best I've found is a portion of code: https://github.com/ServiceStack/ServiceStack/wiki/Request-and-response-filters#apply-custom-behavior-to-multiple-dtos-with-interfaces

What I am ultimately wanting to do is implement a filter that removes any DTO's that the authenticated person should not be able to see. Kind of a 'catch any impossible results' for 100% peace of mind in case some junior accidentally mucks up a SQL stored procedure and returns the wrong results, amongst other scenarios.

Can anyone point me in the right direction? The code from the Github Wiki eludes to how/where to put it, and use it!

Answer 1

The docs show how to register a Response Filter which you should register in your AppHost.Configure() - this is where all your AppHost configuration should be maintained.

It's not clear what you mean by "filter unwanted DTO's", each Service only returns a single DTO (the Response), which you can either return, modify or choose to not return at all by short-circuiting the response.

In the example Response Filter below we'll prevent any DTO's implementing a custom ISpecialDto interface to only be returned to Authenticated Users:

this.GlobalResponseFilters.Add((req, res, responseDto) => {
    var specialDto = responseDto as ISpecialDto;
    if (specialDto == null) return;

    var userSession = req.GetSession();
    if (!userSession.IsAuthenticated) 
    {
        res.StatusCode = (int)HttpStatusCode.Forbidden;
        res.StatusDescription = "Must be Authenticated";
        res.EndRequest();
    }
});

So if a non-authenticated user calls a Service that returns a response DTO that implements ISpecialDto they'll receive an empty 403 Forbidden response instead.