When I am in the .net world and using MVC a common pattern used when wanting to do cross cutting concerns such as logging, authentication, transaction management etc I would use DI paired with AOP to basically put attributes on my methods which required proxying/weaving.
So it may look like:
public class SomeController
{
[Authenticate]
public ActionResult SomeAuthenticatedAction() {}
public ActionResult NotAuthenticatedAction() {}
}
So given the above when SomeAuthenticatedAction was called it would check the request for an authorization cookie do some logic around that and either bomb the user out with a 401 or something. It would know to do this because it has an attribute on it that at runtime it knows to hook into and proxy.
Now I am in javascript land and am looking at getting the same sort of functionality but doing it the best way for that platform. So I am wondering how I should go about doing this in nodejs, as there is no sort of attribute paradigm in javascript so without either ingraining the authentication into each app.* (get,post etc) call which I dont like, or at the application entry point proxy each action I know needs to be authenticated, which is not ideal either.
So is there a way for me to indicate that a method should have some cross cutting concern applied to it, without actually putting the logic in there? So that way the web code doesnt know about the authentication mechanism, and the app entry point doesnt know about the specific method, it just knows it wants all methods which have some meta-data with them?
I hope this makes sense, as if you dont use AOP much you probably will think im talking in riddles, but doing this this way makes my code a lot easier to test and maintain and also allows me to re-configure applications very quickly.
So far I have found Hooker, which can do the proxying part of the puzzle although not quite sure how I would get the underlying request object in it, but I wouldnt see the proxying of an object in JS being too much of a pain, but I just need to find a way to identify the methods to intercept... any info would be great.
== Edit ==
After reading up a bit more it may look like what I should be doing is using middleware layers to do what I need, as this would at least allow simpler code and the intentions of routes would be clearer. Will keep looking at come back once I find out more or a better answer appears.
As there has been no answers I will mention what I have done, which is made a class which contains the logic that needs to be carried out on the route, then made a function that is exported as the middleware entry point. That way I can unit test the logic and use the middleware to inject the "concern" into that route.