Middleware to inspect RPC method in body #1128
Comments
|
Hey, You are correct there is "no easy way" to read HTTP request and get JSON-RPC request, thus you need to do implement such customized middleware yourself. See #998 which explains how to write such middleware. I get that it's annoying to deal with but we would like to keep the RpcHandler abstraction and not leak the HTTP request down there. |
|
The problem is that RpcHandler is too abstracted to the point makes a lot of things impossible to implement such as auth, rate limiting, matrix, etc. We should have a version of it that exposes all the connection details and build the current version on top of it by just not exposing those inner details |
Absolutely agree with this. Maybe add this functionality under a feature flag to keep the default as is. |
Is it possible for my middleware to be able to inspect the body of the RPC request and determine the RPC method?
Essentially what I'm trying to do is require authentication but only for certain RPC methods.
In more detail, I'm building a GUI desktop application that exposes a server. The goal is to open a dialog to alert the user when a request comes in such that the user can either confirm or deny the request. Once confirmed, requests from the host that originated the request are whitelisted for the remainder of the session.
Ideally, I could do this all in a middleware that I create but parsing the RPC method from the body is non-trivial. The other option is to handle this all in the actual RPC handler, but I don't have access to the request headers at that point (i.e. to get the headers/hostname that initiated the request).
Any advice here is greatly appreciated!
The text was updated successfully, but these errors were encountered: