Description
As mentioned in #44 I would like to submit a PR to make it easy to create a simple validation middleware for HTTP requests, which can be used with any mux library.
Before I start with the implementation, I wanted to share some ideas and run them past you, to make sure I am moving into the right direction.
Current State (simplified)
Contextrequires aRoutableAPIobject to find an appropriate handler for each request.- At the moment it uses an internal
routableUntypedAPI, which wraps arounduntyped.APIand callsruntime.OperationHandlerfor each request after validation. - It also uses other functions of
untyped.APIfor content negotiation, etc. OperationHandleracceptsbodyparameter, read from request, and returns a response object, which is then written into http response
With this implementation there is currently no easy way to bypass OperationHandlers, i.e. consumers of the library are forced to use untyped.API to specify handlers for each path and method.
Implementation suggestion
- create a new method in
ContextNewRoutableProxyContext. - reuse
untyped.APIto allow to specify consumers, producers, authenticators- question, why can't consumers and producers be read from swagger spec?
- reuse internal
routableUntypedAPIstruct, but add a new factory functionnewRoutableProxyAPI, which will create http handlers for each operation/method, but instead of callingOperationHandler, they will call a provided proxyhttp.Handler, if validation succeeds
Caveats (at least the ones I thought about)
- in order to validate request body, it has to be read, which makes it unavailable in subsequent http handlers. One possible way to solve it, is to copy it and reset on the request when passing it to the proxy handler. Depending on the size of the body, this could consume too much memory.
- response validation is no longer possible
- any others ????
As an alternative I could add a completely new implementation of RoutableAPI without any references to untyped.API. I am just not quite sure, if it is still required in other modules.