-
Notifications
You must be signed in to change notification settings - Fork 170
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling authorization header #998
Comments
Hi, If I understand correctly, you want to enable some authentication-based mechanisms before letting the RPC core handle your requests. Indeed that could be achieved with a middleware: pub struct AuthLayer {
pub secret: String, // unsafe for example purposes only
}
impl AuthLayer {
fn new(secret: String) -> Self ...
} There are a few more examples here: https://docs.rs/tower-http/latest/tower_http/auth/struct.AddAuthorizationLayer.html, maybe the middleware that you want to implement is already there. And here is a snippet how to integrate the middleware with our RPC jsonrpsee/examples/examples/cors_server.rs Lines 80 to 86 in a330dae
|
Yes, I want to add an authorization layer. But I also have to pass the Information which user is authenticated to the rpc method handler. |
I found an example from tower_http::auth::AuthorizeRequest where the user is stored with
But I assume I can´t access this from the handler. |
You mean that you want to fetch the user info from the I think it should be possible to do something similar as we have to Basically, read the data from the authorization header and an create a new RPC call with the authorization data as params which you then send as the HTTP request body (https://github.com/paritytech/jsonrpsee/blob/master/server/src/middleware/proxy_get_request.rs#L101-#L118) |
Thanks. Wouldn't that mean I have to parse the request, amend it, build a new request,which get parsed again? That seems a bit wasteful, if my understanding is correct. But I could solve it that way until direct header access is possible. |
Yepp, you are right but if you really care about that overhead you can manage your own server and just use That's the trade-off right now. |
Thanks! |
I'm building a jsonrpc server and like to handle the http authorization header. The handler itself has no access to the headers. I've seen that I can add a middleware handler which has access to the header, but I don't see a way how to pass that information (the authorized user) down to the jsonrpc handler. Is there an easy way to achieve this?
The text was updated successfully, but these errors were encountered: