As mentioned in #44 I would like to submit a PR to make it easy to create a simple validation middleware for HTTP requests, which can be used with any mux library.
Before I start with the implementation, I wanted to share some ideas and run them past you, to make sure I am moving into the right direction.
Current State (simplified)
Context requires a RoutableAPI object to find an appropriate handler for each request.- At the moment it uses an internal
routableUntypedAPI, which wraps around untyped.API and calls runtime.OperationHandler for each request after validation.
- It also uses other functions of
untyped.API for content negotiation, etc.
OperationHandler accepts body parameter, read from request, and returns a response object, which is then written into http response
With this implementation there is currently no easy way to bypass OperationHandlers, i.e. consumers of the library are forced to use untyped.API to specify handlers for each path and method.
Implementation suggestion
- create a new method in
Context NewRoutableProxyContext.
- reuse
untyped.API to allow to specify consumers, producers, authenticators
- question, why can't consumers and producers be read from swagger spec?
- reuse internal
routableUntypedAPI struct, but add a new factory function newRoutableProxyAPI, which will create http handlers for each operation/method, but instead of calling OperationHandler, they will call a provided proxy http.Handler, if validation succeeds
Caveats (at least the ones I thought about)
- in order to validate request body, it has to be read, which makes it unavailable in subsequent http handlers. One possible way to solve it, is to copy it and reset on the request when passing it to the proxy handler. Depending on the size of the body, this could consume too much memory.
- response validation is no longer possible
- any others ????
As an alternative I could add a completely new implementation of RoutableAPI without any references to untyped.API. I am just not quite sure, if it is still required in other modules.
As mentioned in #44 I would like to submit a PR to make it easy to create a simple validation middleware for HTTP requests, which can be used with any mux library.
Before I start with the implementation, I wanted to share some ideas and run them past you, to make sure I am moving into the right direction.
Current State (simplified)
Contextrequires aRoutableAPIobject to find an appropriate handler for each request.routableUntypedAPI, which wraps arounduntyped.APIand callsruntime.OperationHandlerfor each request after validation.untyped.APIfor content negotiation, etc.OperationHandleracceptsbodyparameter, read from request, and returns a response object, which is then written into http responseWith this implementation there is currently no easy way to bypass
OperationHandlers, i.e. consumers of the library are forced to useuntyped.APIto specify handlers for each path and method.Implementation suggestion
ContextNewRoutableProxyContext.untyped.APIto allow to specify consumers, producers, authenticatorsroutableUntypedAPIstruct, but add a new factory functionnewRoutableProxyAPI, which will create http handlers for each operation/method, but instead of callingOperationHandler, they will call a provided proxyhttp.Handler, if validation succeedsCaveats (at least the ones I thought about)
As an alternative I could add a completely new implementation of
RoutableAPIwithout any references tountyped.API. I am just not quite sure, if it is still required in other modules.