payment tiered access control middleware
Hi, I know wasp integrated with stripe, and defined 3 tiers, how can I add an access control? like hobby can upload 5 times, read 20 times, pro can upload 20 times, read unlimited, enterprise everything unlimited, like I was thiking of add a middleware to my specific api, but will the middleware has to be global? or do you have have any solution for this type of feature? Thank you.
@miho @sodic
kapa.ai•15d ago
Hi @terrence. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
In Wasp, you can customize middleware at three levels: globally, per-api, and per-path. This means you can add middleware to a specific API route, which could be useful for your case of tiered access control.
Here's how you can customize middleware for a specific API route:
In this example,
customMiddlewareForUpload would be your custom middleware function that checks the user's tier and limits their upload attempts accordingly.
However, this only sets up the middleware. You would still need to implement the logic for tracking and limiting the number of uploads and reads for each user, which could involve updating your data model and operations.
For more complex access control, Wasp is considering adding support for permissions-focused middleware, but this feature is still under discussion. You can follow the progress on this Github issue (https://github.com/wasp-lang/wasp/issues/584).
For more information on configuring middleware in Wasp, you can check out the official documentation (https://wasp-lang.dev/docs/advanced/middleware-config).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @terrence, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?terrence•15d ago
what about payment tiered feature access control @kapa.ai
kapa.ai•15d ago
Let me check the knowledge base for you. One moment! :books:
----------------------
For implementing payment tiered feature access control in Wasp, you would need to manually implement this logic in your application. Currently, Wasp does not provide built-in support for this feature.
Here's a basic idea of how you could approach this:
1. Add a
tier field to your User entity to track the user's current payment tier. This could be a string or an enum, depending on your preference.
2. In your queries or actions, check the value of the user's tier field to determine what they should be able to do. For example, if a user tries to upload a file, you would first check their tier and how many times they've already uploaded. If they're over their limit, you can throw an HTTP error.
Here's a rough example of what this might look like in code:
In this example, getUploadCountForUser would be a function you define that queries your database to get the number of uploads for a user.
This is a simplified example and you would need to adapt it to your specific use case. For more complex access control, you might want to consider using a dedicated access control library. Wasp is considering adding support for permissions-focused middleware, but this feature is still under discussion. You can follow the progress on this Github issue (https://github.com/wasp-lang/wasp/issues/584).
For more information on how to implement this in Wasp, you can check out the official documentation (https://wasp-lang.dev/docs/main/introduction).
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @terrence, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?Filip•13d ago
Hi @terrence.
As you guessed, there's no first-class support for something like this in Wasp. This is mostly by design, since we're dealing with business logic here.
The solution proposed by the bot seems reasonable. You need to somehow keep track of a user's tier, and then perform (or not perform) the operation based on that.
What did you originally want to have in your middleware? It can't see how middleware could play into this kind of thing, but I may be missing context.
Maybe you wanted to have a middleware that returns 403 when, for example, the upload limit is reached (to avoid cluttering the operation's code with tiered pricing logic)? If that's the case, the bot's first answer seems appropriate.
Still, I'd probably go for a more direct solution myself and write a higher-order function that acts as a guard for tiered pricing. More explicit this way:
Hope this helps! 🙂
Filip•8d ago
FYI, there are plans to introduce more first-class support for such features (if I got you correctly): https://github.com/wasp-lang/wasp/issues/1133
GitHub
Revisit our
auth middleware behaviour Queries, Actions and APIs ·...We have multiple places where we have some sort of auth related logic. Some of the logic is maybe a bit unclear and we might want to extend the existing logic. 1️⃣ Current state Backend Users can u...
2.7KMembers
View on DiscordWant results from more Discord servers?
More PostsDoes Wasp support other LLMs such as Claude or open-source models from Hugging face?Hi everyone, I recently came across this project and was very intrigued. Props to the team for theircheckStripePortalLInkExists in shared/constants.tsI'm using OpenSaas with with wasp 0.13.2 and WSL2.
The documentation (https://docs.opensaas.sh/guid[Authentification] NetworkError when singin on a fresh installHello ,
I have an authentification NetworkError when I try to signin on a first use of the app. I Can someone help me in making chat application using waspHey I was trying to make random chat app to learn more about mern, but now i am clueless. Can someonHaving multiple generator in schema.prismaHello,
Currently if I add my entities in `main.wasp` then the generated `schema.prisma` has generatDirect to a defined page after successful loginHello
I have the standard LoginPage, as given in the ToDo App tutorial (see picture).
I now would lRemove email loginIs it possible to only rely on OAuth and disable email login when using OpenSaas? When I comment outHow to use Env variables in main.wasp?I want to set the email authentication
`fromField.name` to `process.env.FROM_NAME`
and `fromField.can not find "wasp/server/_types" module or declarationany suggestion? this error won't effect dev, but I can't have the right type with action's params arDisable email loginIf I only want Google signup, is there a way to remove the email login? I tried commenting
```
emailDo I have a way to use useLazyQuery ?My app filters some data.
I need to be able to refetch whenever the user clicks on "search" with theWhere to see migration files?I have messed up one migration (because I had to delete my local code), and now I don't know where tFile upload size limitI'm trying to implement max file upload size to the s3 bucket. I've handled the front-end but I worrAuthis there a sample bypass to login the auth while in developmentQuick Start not working?I'm following this tutorial: https://wasp-lang.dev/docs/quick-start
After opening my terminal and rI cant see ubunbtu on my Linux sub system folderI just started with this programming stuff and i wanted to try my app with this new ai called magegpIs it possible to separate client and server wasp build?each time I update stuff on client, and want to push to netlify, I need to run wasp build, but it refly.io deployment errorI tried to deploy to fly.io, and I set DATABASE_URL, and I tested it can connect successfully with dfront end developers demand in job marketCan anyone please tell me about the demand of a beginner level front end developer in job market nowPassing Context for Dependency InjectionIs there a standard pattern for passing the context object for database interaction to functions?
W