Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

can't use SkipRequestBodyEncodeDecode and authentification at the same time #3328

Closed
zig opened this issue Aug 15, 2023 · 7 comments · Fixed by #3359
Closed

can't use SkipRequestBodyEncodeDecode and authentification at the same time #3328

zig opened this issue Aug 15, 2023 · 7 comments · Fixed by #3359

Comments

@zig
Copy link

zig commented Aug 15, 2023

I get the error 'HTTP endpoint request body must be empty when using SkipRequestBodyEncodeDecode but not all method payload attributes are mapped to headers and params. Make sure to define Headers and Params as needed.' when using goa gen.

However all my method payload attributes are mapped, one of them is an API key (in header) declared with 'APIKey', but seem to be ignored in this check.
@zig
Copy link
Author

zig commented Aug 15, 2023

OK I found I can use 'Header' to map the APIKey payload, but it seems that it should not have been necessary.

@raphael
Copy link
Member

raphael commented Aug 16, 2023

Some APIs use query string parameters for API keys so Goa can't assume it is a header.

@raphael raphael closed this as completed Aug 16, 2023
@zig
Copy link
Author

zig commented Aug 17, 2023

OK, but if I don't specify anything, it does automatically use a header. However the check in SkipRequestBodyEncodeDecode does not consider it was mapped in this case.

@raphael
Copy link
Member

raphael commented Aug 17, 2023

Ah sorry I had missed the point about the default behavior. That is indeed inconsistent - reopening :)

@raphael raphael reopened this Aug 17, 2023
@zig zig mentioned this issue Aug 19, 2023
Closed
@raphael
Copy link
Member

raphael commented Sep 10, 2023

I tried to reproduce this issue but wasn't able to, the following works as expected:

package design

import . "goa.design/goa/v3/dsl"

// APIKeyAuth defines a security scheme that uses API keys.
var APIKeyAuth = APIKeySecurity("api_key", func() {
	Description("Secures endpoint by requiring an API key.")
})

var _ = Service("foo", func() {
	Method("bar", func() {
		Security(APIKeyAuth)
		Payload(func() {
			APIKey("api_key", "key")
		})
		HTTP(func() {
			POST("/")
			SkipRequestBodyEncodeDecode()
		})
	})
})

If you are still seeing the issue can you please provide a design that reproduces it?

@zig
Copy link
Author

zig commented Sep 14, 2023
edited
Loading

Hi, it took me a bit of time to understand, to reproduce the issue, the Security statement must be made at the Service level, not Method

package design

import . "goa.design/goa/v3/dsl"

// APIKeyAuth defines a security scheme that uses API keys.
var APIKeyAuth = APIKeySecurity("api_key", func() {
	Description("Secures endpoint by requiring an API key.")
})

var _ = Service("foo", func() {
	Security(APIKeyAuth)
	Method("bar", func() {
		Payload(func() {
			APIKey("api_key", "key")
		})
		HTTP(func() {
			POST("/")
			SkipRequestBodyEncodeDecode()
		})
	})
})

@raphael raphael mentioned this issue Sep 16, 2023
Merged
@raphael
Copy link
Member

raphael commented Sep 17, 2023

Thanks for the repro! This is fixed by #3359

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Consider service and API level requirements goadesign/goa
2 participants
@raphael @zig