Welcome the channel on the development of Cro, a set of libraries for building reactive distributed systems, lovingly crafted to take advantage of all the Raku Programming Language has to offer (cro.services). This channel is being logged for historical purposes.
Set by lizmat on 24 May 2021.
00:20 melezhik joined 00:27 melezhik left 07:20 sena_kun left
kawaii_ Hello! I have a very basic API Cro app which uses very rudimentary authentication by simply doing a select on a database for the keys, which at the moment is included in my only API route - but as my API grows I wanted to do the fancy cro middleware stuff and have a `before` running on all my routes, which I have started to write below the attached snippet - but I am unsure how to start putting this all together? If my check for a key fails in 13:03
my PFAPI::Authenticate class, how do I escape this block and throw a `forbidden`? www.irccloud.com/pastebin/gv9I1vGE/
I shifted some things around and I think this is now closer to what I'm trying to achieve? www.irccloud.com/pastebin/2UL7Pamb/ 13:20
jnthnwrthngtn kawaii_: Were you aware of github.com/croservices/cro-apitoken ? 13:32
kawaii_ ah um... no :(
I'll take a look now! hankyou!
thankyou*
jnthnwrthngtn The answer to your question is that the middleware should emit a Cro::HTTP::Response, but you need to use the Conditional midldeware base class. Example (even one giving forbidden) at cro.services/docs/reference/cro-ht...a_response 13:34
kawaii_ Oh wow! This example looks exactly like what I might need, just modified to do my DB lookup. :) 13:35
jnthnwrthngtn :) 13:37
kawaii_ jnthnwrthngtn: where does the $req variable come from in that example? I have no such variable in my program, I tried replacing $req with $request but that just causes my app to hang forever - but in the case where you provide a bad key it does the right thing and throws the 403, so that's progress! www.irccloud.com/pastebin/2m6xdULK/ 14:04
jnthnwrthngtn Why are you requesting the body? 14:19
Or why is the auth in the body, probably should be in a header... 14:20
Anyway, you'll need to obtain the body using a `whenever`, not an `await`, otherwise you'll block the request processing pipeline
Then you'll need to set-body to put the body back in place, because the body is only possible to consume once 14:21
kawaii_ Because the client app currently sends the auth payload in the body of the GET, and I don't currently have control over the client (for now), you're probably right about it going into a header though. 14:24
And ah yes that makes sense, blocking due to await - thanks!
jnthnwrthngtn Ah, OK. Was gonna say, if you get the choose, choose header. 14:27
kawaii_ it works 🎉 14:37
thanks for your help jnthnwrthngtn
jnthnwrthngtn Yay, welcome :) 14:47