Feature: Middlewares per handler in chi-server #259
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
1. Add
HandlerMiddlewares
toServerInterfaceWrapper
What changed
A
HandlerMiddlewares []middlewareFunc
field was added toServerInterfaceWrapper
, storing a slice of middleware functions.type middlewareFunc func(http.HandlerFunc) http.HandlerFunc
follows the basic middleware convention used withinchi
.The middlewares are applied from
0
ton
before the wrapped handler:The stack receives a
*http.Request
with any context values set for the handler.Rationale
It was previously possible to add middlewares to the auto-generated
chi
server, but it was attained through passing a customchi.Router
toHandlerFromMux
orHandlerFromMuxWithBaseURL
.Before, the context values were added to
ctx
after allchi.Middlewares
had already fired, between the auto-generated wrapper and the wrapped handler:note: I added a
pets:delete
expected scope to the operation to make my point clearerNow, the enriched context will be passed through the stack of middlewares, enabling a permissions middleware that reads the expected scopes from ctx values dictated by the OpenApi definition, and compares them to the scopes that came with the request:
The permissions middleware can read the
bearer.Scopes
context value to find out what scopes are expected for the call and compare with what's presented for the request.The Openapi def becomes the only source of truth for expected security scopes for every operation, and there's no need to duplicate them in non-auto-generated code.
Because of the middleware pattern, it may pass to lower handler in the stack or cut it short, writing a
401
or403
status.2. Add a
HandlerWithOptions
auto-generated constructor for the chi Server handler.What changed
A new constructor
HandlerWithOptions(si ServerInterface, options ChiServerOptions) http.Handler
was added that takes an options struct:Unfortunately, there are 3 different constructors introduced previously, so this is starting to pollute the scope.
However, this newest constructor is extensible, so no new ones will be necessary.
All the previous constructors (
Handler
,HandlerFromMux
,HandlerFromMuxWithBaseURL
) have been expressed in terms of the new one, to avoid duplication and to retain previous functionality.Zero values of
ChiServerOptions
behave in a sane manner.Rationale
I wanted to retain symmetry with the previous approaches that there's a designated
Handler*
function to create a new handler, so thatServerInterfaceWrapper
doesn't have to be enriched withMiddlewares
manually.This will improve adding new features in the future, because
ChiServerOptions
is extensible without breaking the API.