Skip to content

Simplify AuthorizeRequest and AsyncAuthorizeRequest traits #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Nov 26, 2021
Merged

Simplify AuthorizeRequest and AsyncAuthorizeRequest traits #192

merged 6 commits into from
Nov 26, 2021

Conversation

davidpdrsn
Copy link
Member

@davidpdrsn davidpdrsn commented Nov 26, 2021
edited
Loading

Fixes #190

This changes the AuthorizeRequest and AsyncAuthorizeRequest traits to be quite a bit simpler I think.

Sync

Before: https://github.com/tower-rs/tower-http/blob/master/tower-http/src/auth/async_require_authorization.rs#L234-L269

After

pub trait AuthorizeRequest<B> {
    type ResponseBody;

    fn authorize(
        &mut self,
        request: &mut Request<B>,
    ) -> Result<(), Response<Self::ResponseBody>>;
}
  • authorize now returns Result<(), Response>
  • Ok(()) means the request was accepted and will be passed on the inner service
  • Err(response) means the request couldn't be authorized and the response will be returned without calling the inner service.

Async

Before: https://github.com/tower-rs/tower-http/blob/master/tower-http/src/auth/async_require_authorization.rs#L234-L269

After

pub trait AsyncAuthorizeRequest<B> {
    type RequestBody;
    type ResponseBody: Body;
    type Future: Future<Output = Result<Request<Self::RequestBody>, Response<Self::ResponseBody>>>;

    fn authorize(&mut self, request: Request<B>) -> Self::Future;
}
  • authorize now receives an owned request. This allows you to move the request into the future, do some async stuff which yields some data (such as user id from a database), and then save that in a request extension.
  • This wouldn't be possible if the future received a &mut Request because it would require GATs.
  • Therefore the future must resolve to Result<Request, Response> so the request can be passed on the inner service.
  • Authorization is allowed to change the request body type. Might be useful for someone to buffer and parse the request body to consider it for auth. Then one could change the request body from a generic B to http_body::Full.
  • This is essentially the same as AsyncPredicate from tower.

@davidpdrsn davidpdrsn added this to the 0.2.0 milestone Nov 26, 2021
@davidpdrsn
Copy link
Member Author

@hamza1311 what do you think?

@ranile
Copy link
Contributor

ranile commented Nov 26, 2021

API looks good. Better than the simple swapping of Option with Result that I suggested

@davidpdrsn
Copy link
Member Author

AuthorizeRequest and AsyncAuthorizeRequest are now also implemented for closures which is quite ergonomic 😊

Nehliin
Nehliin approved these changes Nov 26, 2021
View reviewed changes
Copy link
Collaborator

@Nehliin Nehliin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks a lot cleaner to me!

tower-http/src/auth/async_require_authorization.rs
type ResponseBody;

/// The Future type returned by `authorize`
type Future: Future<Output = Result<Request<Self::RequestBody>, Response<Self::ResponseBody>>>;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is really neat!

tower-http/src/auth/async_require_authorization.rs

/// The Future type returned by `authorize`
type Future: Future<Output = Option<Self::Output>>;
/// Set this to `B` if you need to change the request body type.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great to have this as part of the docs 👍

@davidpdrsn davidpdrsn merged commit 0f0671b into master Nov 26, 2021
@davidpdrsn davidpdrsn deleted the simpler-auth branch November 26, 2021 15:04
Nehliin
Nehliin reviewed Nov 26, 2021
View reviewed changes
tower-http/CHANGELOG.md
be used instead ([#170]) (BREAKING)
- **fs**: Changed response body type of `ServeDir` and `ServeFile` to
`ServeFileSystemResponseBody` and `ServeFileSystemResponseFuture` ([#187]) (BREAKING)
- **auth**: Change `AuthorizeRequest` and `AsyncAuthorizeRequest` traits to be simpler ([#???]) (BREAKING)
Copy link
Collaborator

@Nehliin Nehliin Nov 26, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah forgot to mention this, we can put in the proper pr number here now

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yeah good catch!

@davidpdrsn davidpdrsn mentioned this pull request Dec 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Nehliin Nehliin Nehliin approved these changes

@MarcusGrass MarcusGrass Awaiting requested review from MarcusGrass

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.2.0

Development

Successfully merging this pull request may close these issues.

Tell AuthorizeRequest::unauthorized_response why the request could not be authorized

3 participants

@davidpdrsn @ranile @Nehliin