Expose an endpoint as public

Question

What is a good strategy to expose an endpoint as public. Our Taffy API have authentication in every endpoint but we also want to expose some endpoints without authentication. My Initial strategy is create another Folder in the resources called /public which can bypass the authentication.

We have 2 ways to authenticate. 1. authenticate using an api key in the request 2. Basic Authentication

Our onTaffyRequest

function onTaffyRequest(verb, cfc, requestArguments, mimeExt){
            local.status = "forbidden";
            local.invalidReturnData = representationOf( local.status ).withStatus(401);


            if(structKeyExists(arguments.requestArguments, "apiKey")){

            }


            /* CATCH NO BASIC auth*/            
            //if username is blank return false
            if (structAuth.username is ""){
                return local.invalidReturnData;
            }

            //check invalid password
            if(structAuth.password is ""){
                return local.invalidReturnData;
            }

    return true;
}

Answer 1

Since Taffy version 2.1.0, onTaffyRequest can accept more arguments:

function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata){
    ...
}

(Version 3.0.0 also appended matchedURI to this list)

The methodMetadata argument was added for this purpose. Add something like allow_public="true" to it and inspect for this.

someResource.cfc:

component
extends="taffy.core.resource"
taffy:uri="/foo"
{
    function get() allow_public="true" {
        return rep({ echo: arguments });
    }
}

Application.cfc:

function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata, matchedURI){
    if ( methodMetadata.keyExists("allow_public") && methodMetadata.allow_public == true ){
        return true;
    }

    // your existing auth-enforcement code should go here
}