Replace Endpoint middleware concept with Security concept #2888
Labels
Comments
|
/bounty $1500 |
💎 $1,500 bounty • ZIOSteps to solve:
Thank you for contributing to zio/zio-http! Add a bounty • Share on socials
|
|
/attempt
|
|
@987Nabil: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
|
The bounty is up for grabs! Everyone is welcome to |
|
/attempt |
|
Will be streaming the impl. tomorrow or on the weekend |
|
/attempt #2888 Options |
|
💡 @987Nabil submitted a pull request that claims the bounty. You can visit your bounty board to reward. |
|
@promisingcoder: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏 |
|
The bounty is up for grabs! Everyone is welcome to |
987Nabil
added a commit
to 987Nabil/zio-http
that referenced
this issue
Aug 15, 2024
jdegoes
pushed a commit
that referenced
this issue
Aug 15, 2024
Rework Endpoint authentication (#2888)
|
🎉🎈 @987Nabil has been awarded $1,500! 🎈🎊 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, we cannot enforce that endpoint middleware is actually implemented (it's a very complicated problem that cannot be solved in time for release). Simultaneously, we cannot document security requirements of endpoints.
To fix this issue, we should instead use a
sealed trait AuthType, or similar, which is placed intoEndpoint. Based on this, we can generate OpenAPI documentation, as well as potentially even leverage this information in the automatic HTTP client.Note that endpoint auth type would still be a type parameter, albeit constrained (Z <: AuthType). The reason is to statically retain the type members inside the
AuthTypevalue, so they can be used by client and server.This requires more R&D but should address all of the issues with endpoint middleware that we have, currently. The question is, can we do it in time? 😄
The text was updated successfully, but these errors were encountered: