Comments (3)
This works as designed:
Any security inputs are decoded first, before regular inputs.
Maybe you can share the use-case of not having the security segment as the first ones, and maybe we can find another solution to the problem?
from tapir.
@adamw thank you for the clarification.
The problematic scenario is related to the authorization in the multi-tenancy service.
I will tackle the issue
of declaring security path parameters as regular ones and share authorization logic between the endpoints. But it's not so clear solution, because security logic will leak to the service logic.
The example:
Let's take an OCPI protocol token interface as an example:
https://github.com/ocpi/ocpi/blob/master/mod_tokens.asciidoc#12-interfaces-and-endpoints
Endpoint structure definition:
{token_endpoint_url}/{country_code}/{party_id}/{token_uid}[?type={type}]
Example:
https://www.server.com/ocpi/cpo/2.2.1/tokens/NL/TNM/012345678
Authorization should check if a bearer is allowed to conduct actions for {country_code}/{party_id}. So we need to extract those two segments - NL/TNM in the example.
If we could extract those two segments to security logic we could have authentication and authorization enclosed in security scope.
Now we need to share the authorization code between GET/PUT/PATCH service logics.
This is not so uncommon pattern in authorization.
from tapir.
Ah ok, I see. In this situation, yes, you'll need to extract all path parameters that come before whatever you need in the security logic and make them pass-through, that is part of the security logic's output.
I think there were some downsides of having order-dependent decoding (it would probably complicate the data structure that represents an endpoint), but I agree that it's not always ideal.
from tapir.
Related Issues (20)
- [BUG] Netty servers shouldn't reply to WS Close frame immediately
- io.netty.handler.timeout.ReadTimeoutException logged for a simple endpoint HOT 13
- Auto-derive default values HOT 1
- [BUG] NoContent with emptyOutput generates string body example HOT 3
- Can we provide better error messages for jsoniter? HOT 3
- confusing validation message when validating all query params HOT 2
- Can we provide some integration which would make it easier to work with htmx projects?
- Can we support custom error message for Enumeration Validation? HOT 3
- [BUG] In documentation collection refined as NonEmpty does not appear as required HOT 1
- [BUG] Not[Empty] iron constraint on collection generates a "Could not find Schema for type io.github.iltotore.iron.IronType" compile error
- [BUG] Enhance iron library support in Tapir HOT 1
- [BUG] Incorrect Either schema names for HKT params
- [BUG] Incorrect schema name for aliased HKT param for map schema HOT 4
- [BUG] incorrect names for newtyped map schemas HOT 2
- Partial<> from javascript analog HOT 5
- [BUG] `zio-http` aspect gets run for each Tapir app, instead of only once HOT 15
- [BUG, DOC] Wrong link to http4s/fs2 streaming artifact HOT 1
- Add docs about array path params HOT 1
- Netty gRPC server HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tapir.