Hi, We are working on a nodeJS/loopback application which has few REST APIs to do some CRUD operations. This application also needs to forward requests to external URLs identified at runtime based on a user requests and the data added by CRUD operations. The CRUD operations need authentication and authorization. Where as the requests to be forwarded do not need this support. One of the approach to implement this application I could think off is
i) Implement global interceptors for Authentication, authorization as global interceptors
ii) Controllers, services for CRUD operations on URI /data and apply authentication and authorization on this.
iii) Implement a local interceptor for a controller for particular URI say /forward to invoke middleware provided by node module http-proxy-middleware, to forward the requests to external URLs with headers and body.
Is this a good solution for this problem? What could be a better approach?
How to avoid authentication interceptors getting invoked for requests beling forwarded
Do we need to do any additional to avoid CORS issues as cors is the first middleware called in the sequence
Sharing the sample code as an attachment