Add RequireAuthorizationAsync
#118
Conversation
| fn on_authorized<B>(&mut self, _request: &mut Request<B>, _output: Self::Output) {} | ||
|
|
||
| /// Create the response for an unauthorized request. | ||
| fn unauthorized_response<B>(&mut self, request: &Request<B>) -> Response<Self::ResponseBody>; |
There was a problem hiding this comment.
Should there be a way to pass the error from authorize function to this? The use case for that is, if there is a db or redis call in authorize function, then on network error we should be able to send a 5xx error instead of a 401 error.
There was a problem hiding this comment.
I agree with you but IMO that's outside the scope of this PR. This PR adds async version of RequireAuthorization. Such a change would also need to made to RequireAuthorization in addition to RequireAuthorizationAsync.
There was a problem hiding this comment.
I think mapping errors to responses should be handled by a separate middleware. So I think this is fine. We can always consider adding error handling to these middleware for 0.2, if someone requests it.
There was a problem hiding this comment.
...and that person will be me. I was using it and ran into a case where it's impossible to return 401/403 depending upon the request. We need a better way here.
I was gonna make an issue but life got in the way...
There was a problem hiding this comment.
Hehe alright. Do you wanna address it here or should we move forward with this as is, and fix it for 0.2? I'm fine with either actually.
There was a problem hiding this comment.
Let's fix it in some other PR. It's a breaking change. I don't have the time for it right now anyway.
|
Just a quick heads up. I haven't forgotten about this. Things have just been busy with work and axum. |
| fn on_authorized<B>(&mut self, _request: &mut Request<B>, _output: Self::Output) {} | ||
|
|
||
| /// Create the response for an unauthorized request. | ||
| fn unauthorized_response<B>(&mut self, request: &Request<B>) -> Response<Self::ResponseBody>; |
There was a problem hiding this comment.
I think mapping errors to responses should be handled by a separate middleware. So I think this is fine. We can always consider adding error handling to these middleware for 0.2, if someone requests it.
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
…er-http into require_auth_async
|
Fixed the CI errors, should be good to go. |
|
Hm it seems CI doesn't actually check the docs for broken links 🤔 I'll fix that separately. |
Co-authored-by: David Pedersen <david.pdrsn@gmail.com>
Fixed the links |
|
Thanks for working on this! |
- New middleware: Add `Cors` for setting [CORS] headers ([#112]) - New middleware: Add `AsyncRequireAuthorization` ([#118]) - `Compression`: Don't recompress HTTP responses ([#140]) - `Compression` and `Decompression`: Pass configuration from layer into middleware ([#132]) - `ServeDir` and `ServeFile`: Improve performance ([#137]) - `Compression`: Remove needless `ResBody::Error: Into<BoxError>` bounds ([#117]) - `ServeDir`: Percent decode path segments ([#129]) - `ServeDir`: Use correct redirection status ([#130]) - `ServeDir`: Return `404 Not Found` on requests to directories if `append_index_html_on_directories` is set to `false` ([#122]) [#112]: #112 [#118]: #118 [#140]: #140 [#132]: #132 [#137]: #137 [#117]: #117 [#129]: #129 [#130]: #130 [#122]: #122
- New middleware: Add `Cors` for setting [CORS] headers ([#112]) - New middleware: Add `AsyncRequireAuthorization` ([#118]) - `Compression`: Don't recompress HTTP responses ([#140]) - `Compression` and `Decompression`: Pass configuration from layer into middleware ([#132]) - `ServeDir` and `ServeFile`: Improve performance ([#137]) - `Compression`: Remove needless `ResBody::Error: Into<BoxError>` bounds ([#117]) - `ServeDir`: Percent decode path segments ([#129]) - `ServeDir`: Use correct redirection status ([#130]) - `ServeDir`: Return `404 Not Found` on requests to directories if `append_index_html_on_directories` is set to `false` ([#122]) [#112]: #112 [#118]: #118 [#140]: #140 [#132]: #132 [#137]: #137 [#117]: #117 [#129]: #129 [#130]: #130 [#122]: #122
- New middleware: Add `Cors` for setting [CORS] headers ([#112]) - New middleware: Add `AsyncRequireAuthorization` ([#118]) - `Compression`: Don't recompress HTTP responses ([#140]) - `Compression` and `Decompression`: Pass configuration from layer into middleware ([#132]) - `ServeDir` and `ServeFile`: Improve performance ([#137]) - `Compression`: Remove needless `ResBody::Error: Into<BoxError>` bounds ([#117]) - `ServeDir`: Percent decode path segments ([#129]) - `ServeDir`: Use correct redirection status ([#130]) - `ServeDir`: Return `404 Not Found` on requests to directories if `append_index_html_on_directories` is set to `false` ([#122]) [#112]: #112 [#118]: #118 [#140]: #140 [#132]: #132 [#137]: #137 [#117]: #117 [#129]: #129 [#130]: #130 [#122]: #122
- New middleware: Add `Cors` for setting [CORS] headers ([#112]) - New middleware: Add `AsyncRequireAuthorization` ([#118]) - `Compression`: Don't recompress HTTP responses ([#140]) - `Compression` and `Decompression`: Pass configuration from layer into middleware ([#132]) - `ServeDir` and `ServeFile`: Improve performance ([#137]) - `Compression`: Remove needless `ResBody::Error: Into<BoxError>` bounds ([#117]) - `ServeDir`: Percent decode path segments ([#129]) - `ServeDir`: Use correct redirection status ([#130]) - `ServeDir`: Return `404 Not Found` on requests to directories if `append_index_html_on_directories` is set to `false` ([#122]) [#112]: #112 [#118]: #118 [#140]: #140 [#132]: #132 [#137]: #137 [#117]: #117 [#129]: #129 [#130]: #130 [#122]: #122
Fixes #116
Motivation
From #116
Solution
Add a new struct
RequireAuthorizationAsyncwhich usesAuthorizeRequestAsync.AuthorizeRequestAsyncallows the user to return aFuture.