AuthenticateRequest called before GetBody() is ready for HTTP requests

[holleman]

Currently the problem I'm having is that when building and sending a request, the AuthenticateRequest is called before the body is built and therefore the call to ClientRequest.GetBody() returns nil. This is problematic for things that want to insert headers and sign messages based on both the header and the body.

I have tested a fix where the AuthenticateRequest is moved to the end of buildHTTP and it worked for me. I'm not sure if there are implications to this. I see that this was originally addressed via #75 where there were multiple calls to AuthenticateRequest added in buildHTTP, one of which was at the beginning and one at the end. Now there is only a single call but I have not been able to decipher when or why it was changed from that point. Maybe @tamalsaha is aware?

I can generate a simple PR to further the discussion with a more concrete proposal.

[casualjim]

You can also implement a http. RoundTripper that does this and plug it onto the client. IIRC you can override those per request too.

Global: https://github.com/go-openapi/runtime/blob/master/client/runtime.go#L207

For overriding it for a single operation, you can make a http client: https://github.com/go-swagger/go-swagger/blob/master/examples/todo-list/client/todos/add_one_parameters.go#L71

Here's an example of such a client middleware: https://github.com/go-openapi/runtime/blob/master/client/keepalive.go

[holleman]

Thanks for the pointer, will investigate the suggestion provided by @casualjim as well. Went ahead with the pull request since I more or less had it ready and so we could compare the solutions with a concrete proposal and decide what's the best way to handle this.

[holleman]

RoundTripper specifically says that the req shouldn't be modified or used for higher level things like authentication: https://golang.org/pkg/net/http/#RoundTripper. It also doesn't work - headers set there don't seem to be included in the request. Am I missing something obvious.

The AddOne seems to be only adding to the body, I need to set a specific header field for Auth.

[tooolbox]

Just ran into this, same issue as @holleman. Probably a better solution is to modify the request.GetBody() call so it's aware of what "mode" of data-providing we're doing. Then nothing else should break. (?!) Will try to submit a PR tomorrow.

Edit: Nope, that won't work; no producers available. Well, I'll figure something out.

[tooolbox]

Alright, PR submitted.