-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request Pynacl Encryption Middleware #8232
Comments
We don't debug third party software, sorry. Take it up with whoever provides you with that library. |
The report makes it sound like |
I opened a feature request, I proposed one reference implementation for the feature as well. It is request to evaluate implementing this feature in aio_http. |
It's rather unclear what the request is. You start by describing a problem with some middleware we know nothing about and then just link to some code as the suggested solution. Please describe the actual feature you want. I don't think we generally have any middlewares included in aiohttp itself, so if the proposal is for a pre-built middleware, I think probably this is not the right place for it. |
The feature is a middleware that works for both websocket and http requests. The middleware is responsible to pick the encrypted message and sender's public key from query parameters, and upon successful decoding to forward the request to the handier regardless if that was a websocket or http request. |
You mean that you want changes to aiohttp to allow a middleware to work for both websocket/http requests? What currently stops this from working and what changes would be needed? |
Can you provide a minimal reproducer that demonstrates the issue? |
I believe there is not need to change aiohttp as the middleware is currently working as is. But in addition to what the middleware does, I would like to forward a cloned request to the handler with the content changed to be the decrypted message which is json (either a string or object). I am not sure which is the correct way to accomplish this using aiohttp though... |
Sure, let me prepare this. |
Here is the server side of the minimal reproducer: https://github.com/CosmicDNA/pynacl-middleware-canonical-example. I will start preparing a client minimal reproducer and instructions. |
I was expecting a single file, probably without any classes. i.e. something comparable to our quickstart example with a middleware added: https://docs.aiohttp.org/en/stable/#server-example
Without knowing about the details, I'd suggest the middleware could store the decrypted message on the request object (i.e. |
@Dreamsorcerer, I have provided a single file implementation for the server and for the client. Was it along these lines that you were expecting? |
Looks like a good example, yes. Seems you've created a library for this now, so feel free to create a PR to add it to the list of third-party libraries in our docs (if you haven't already). |
Is your feature request related to a problem?
The problem with the
token_auth_middleware
is the inability to use the same authentication middleware for both websocket and http connections.Describe the solution you'd like
Something along these lines of https://github.com/CosmicDNA/plover_websocket_server/blob/d15cdcd7073ce50053b82edbbaeab3856dc4c9b1/plover_engine_server/websocket/nacl_middleware.py
And which is being used by the React frontend and server within Plover plugin.
Describe alternatives you've considered
I tried using token_auth_middleware but token headers should not be used by the websocket connection. So I developed this middleware and it is working for both http and websocket connections.
Related component
Server
Additional context
Here I am assigning the decrypted data to the _payload attribute of the aio_http web.Request. https://github.com/CosmicDNA/plover_websocket_server/blob/d15cdcd7073ce50053b82edbbaeab3856dc4c9b1/plover_engine_server/websocket/nacl_middleware.py#L50
But I would like to access the decrypted content here to evaluate if the content matches the request I made here.
Code of Conduct
The text was updated successfully, but these errors were encountered: