Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Access AuthedUser in Request

See original GitHub issue

The tutorial I can find told me that define security property for contract, you can enable BearerAuthorization for your endpoint:

val http: HttpHandler = contract {
    renderer = OpenApi3(ApiInfo("my secure api", "v1.0", "API description"), Jackson)
    descriptionPath = "/api/swagger.json"
    routes += basicRoute
    security = BearerAuthSecurity({ bearer: String -> bearer.startsWith("123") })
}

but I find that BearerAuthSecurity accept a String -> Boolean, and so the authorization is only rely on the truth of the boolean. Seems there’s no way, like use a bearer: String -> E? or bearer: String -> Either[E, FailedOperation] to determine the authorization and let user access the E while defining HttpHandler (by it.authedUser: E?…? I’m not quite sure about the best design from your perspective). I think it’s a very useful feature because the authorization of http4s and Ktor seems done so.

BTW if the feature have been implemented in http4k, please ignore this… And if not, I think I can help implement this after the design is confirmed.

Issue Analytics

State:
Created 4 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

Ray-Eldathcommented, Jan 20, 2020

Thanks!!! Works now.

So kind of you for the fast reply as well as the detailed explanation! Thanks again! 😆

1reaction

daviddentoncommented, Jan 19, 2020

Np 😃

You can set the security instance onto each individual endpoint or the API as a whole. Like so…

routes += "/ping" meta {
            summary = "ping"
            description = " ping endpoint"
            returning(OK to "The result")
        } bindContract GET to { Response(OK).body("pong") }

Setting the security on an individual endpoint also overrides the “contract level” security, so if you just want an open endpoint you set it to use an instance of NoSecurity to achieve this in that endpoint’s meta block

Top Results From Across the Web

Auth::user() vs $request->user() ? - Laracasts

The SQL query executes in any way, by default, under the hood. The Laravel creates User object. The request()->user(), auth()->user() and Auth::user() just ......

How to get auth()->user() or $response->user() in api controller?

Pass the api guard as a parameter to fetch the authorized user without the middleware protecting the request. $request->user('api'); // Or ...

Authentication - Laravel - The PHP Framework For Web Artisans

You may access the authenticated user via the Auth facade: use Illuminate\Support\Facades\Auth;. // Get the currently authenticated user... $user = Auth::user ...

Authentication — Requests 2.28.1 documentation

Authentication ¶. This document discusses using various kinds of authentication with Requests. Many web services require authentication, and there are many ...

Laravel Authentication: A Laravel Passport Tutorial - Toptal

Full User Authentication and Access Control: A Laravel Passport Tutorial, Pt. 1 ; function handle($request, Closure $next) { return ; App\User ; function...