I have a few middlewares before the OAuth Middleware and a few after it.
app.Use<Middleware1>
app.Use<Middleware2>
app.UseOAuthBearerTokens(OAuthOptions)
app.Use<Middleware3>
app.Use<Middleware4>
app.Use<Middleware5>
If I set something in the CallContext in Middleware1 or in Middleware2, it isn't available in Middleware3 or 4 or in any of the API controllers; whereas, if I set something in the CallContext in Middleware3 or 4, it's available in all the succeeding middlewares and the API controllers.
I guess UseOAuthBearerTokens is resetting or creating a new CallContext?? Has anyone encountered this?
I can get away from it by taking one of these approaches:
1. Use OwinContext instead of CallContext. Drawback - need to reference OWIN in all the projects that need the value set in the context.
2. In Middleware1, I can set the value in OwinContext, and in the middleware that follows the OAuth middleware, I can retrieve the value from OwinContext and reset it in CallContext
Let me know a proper solution for this.
Related
So I have done a lot of research and could not find a proper answer. This might be a bit long post so sorry for that. I am making a backend API using golang. I am using gingonic for routing and api stuffs.
There are 2 part of the service. Application and user. When lets say createAccount endpoint is called from the other micro service, it need to pass the user information and application token in body. Each application is like micro service that is registered to this micro service that I am building and have a unique token. If the token they pass matches then I will get the id of that row and use that to create an entry in user table which will have the id associate with it.
Now for every API call to this micro service, it is important that they are sending the valid token and that row id is needed to do all sort of functionality like login user, edit user info and so on as the each user is connected with that app id by foreign key. Currently, I wrote a middleware and when any api call is made I get row id and save it to a global variable and then when necessary I am using it in any part of the codebase.
Lets say if 5 multiple API call is made, will that global variable information will be persisted or for each call its brand new value? If it is persisted then what can I do to achieve the brand new of Global variable for every API call or if there are better approach can you please recommend it?
A global variable is not the answer here. It will be overwritten by each request as you suspected. Instead, the typical way to handle this situation is to have a context object that is created within the scope of the HTTP Request and passed to each method that requires knowledge of that context.
One basic rule is to AVOID using the global variables, it is bad practices, you cannot manage the state and you are limited for testing and concurrency using.
In my mind come two basic solutions:
Use context for this. In your handler, add the value in context and propagate this context by all your service calls. It is also useful for tracing if you are working with microservices, then you also should take a look for this. And in the place where you need the value from your global variable, do simple call: ctx.Value(YOUR_KEY) Take a look at the end of the page, you shouldn't use string as the key to context values.
You can wrap your data in the struct with this variable value. For example:
type CreateReq struct {
Token string // value from global variable
User user
}
and use this Token in your services.
I have an ASP.NET Core 2.2 (preview3) project with several controllers decorated with ResponseCacheAttribute like this one:
[ResponseCache(Location = ResponseCacheLocation.Any, Duration = 60)]
Now I want to add a Middleware which is supposed to run before MVC and before Caching which might determine to not allow any clientside/proxy caching for this response.
But if I set context.Response.Headers[HeaderNames.CacheControl] = "no-cache, no-store"; in the Middleware it gets overwritten by the ResponseCacheAttribute of the controllers later in the pipeline.
So my pipeline looks like this:
Use new Middleware: checks for cachability, sets no-store under specific conditions
UseResponseCaching
UseMvc
How can I get this to work?
For my Codeigniter (v 3.1.7) project, i create debug menu (like prestashop) with all informations of the login user, error of the page... to debug quickly the page.
So, i want to call the name of the controller and the name of the function.
If i'm on the page "login" i want to display:
Controller: Account
Function: Login
I find on this post i tips for my problem but we use Url REWRITING and the name of the url is not the real name of the controller.
If your CI version is below 3, you have to use like that:
$this->router->fetch_class();
$this->router->fetch_method();
and if your CI version is 3 or above. These methods are deprecated.
$this->router->fetch_class();
$this->router->fetch_method();
You can access the properties instead.
$this->router->class;
$this->router->method;
See codeigniter user guide
URI Routing methods fetch_directory(), fetch_class(), fetch_method()
With properties CI_Router::$directory, CI_Router::$class and CI_Router::$method being public and their respective fetch_*() no longer doing anything else to just return the properties - it doesn’t make sense to keep them.
Those are all internal, undocumented methods, but we’ve opted to deprecate them for now in order to maintain backwards-compatibility just in case. If some of you have utilized them, then you can now just access the properties instead:
$this->router->directory;
$this->router->class;
$this->router->method;
You could use the URI Class to get that information:
$this->uri->segment(n); // n=1 for controller, n=2 for method, etc
I am diving into Koa2 and I see koa-compose. I get that I give it middlewares and it returns one, but why? What is the benefit of having multiple middleware wrapped as one instead of just adding them separately?
app.use(compose(m1, m2))
vs:
app.use(m1)
app.use(m2)
KoaJS uses koa-compose underneath (here), so app.use(compoase([m1,m2])); and app.use(m1); app.use(m2); are the same. Using koa-compose explicitly can give more power for customization. Following is one such case:
Adding middlewares through app.use(middleware), will cause all of the middlewares to be executed upon each request in the specified order. But if you want to selectively run different set of middlewares for each route (or in a different order), you can use explicitly use koa-compose to create specialized middleware stacks for each route.
var app = require('koa')();
var router = require('koa-router')();
var compose = require('koa-compose');
var allMiddlewares = compose([m1,m2,m3]);
router.get('/', allMiddlewares);
// selectively enable logging middleware for this route
router.get('/test', compose(logger, allMiddlewares));
app
.use(router.routes())
.use(router.allowedMethods());
I had the same questions of why we need to use koa-compose, since koa itself can handle multiple middlewares. But recently I have been working on the authentication part of my koa server.
I have to check if user is authenticated and sometimes I need to check if user role meets the requirement. In that case, I have two middlewares one is called isAuthenticated, another is hasRoles
Some routes expose to any user that is authenticated, so I can do
.get('/', auth.isAuthenticated, handler())
But for routes need to check if user role meets the requirement, I need to do
.get('/', auth.isAuthenticated, auth.hasRole('admin'), handler())
When I have other authentication middlewares, the middlewares I put in the route becomes pretty long.
I am benefited by using koa-compose, since in my case I can chain the isAuthenticated and hasRoles middlewares together.
requiresRole(role) {
return compose([isAuthenticated, hasRole(role)])
}
.get('/', auth.requiresRole('admin'), handler())
It's neat and less errors.
I want to separate my cakephp application in users authentications... I have created authentication key of 50 digits as boolean. that is 10111... in this way.. Now I wanna separate my application accordingly. Suppose for blog post. I want to access to view post if users first authentication digit is 1, If my post is private then I need to authenticate it using digit 2. For any other status of my post suppose private I wanna again check an action of digit. What should I do with this scope.? Is it better way to go with...
Second I want to have common function. I have just taken example of simple controller post I wanna do it for most of my models and controllers. How can I make single inbuilt function for all.
You'll need to create all these rules in your AppControllers Authorize() method, assuming you are using the AuthComponent and Controller as your auth method.