Skip to content

Commit

Permalink
NOJIRA make request body strict,
Browse files Browse the repository at this point in the history
* request body is now consumed in one go and stored in memory

* prevent occurrences of BodyAlreadyConsumedError
  • Loading branch information
fserra-mdsol committed Jul 8, 2024
1 parent 6f6b264 commit e8c2b22
Showing 1 changed file with 19 additions and 21 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -78,27 +78,25 @@ object MAuthMiddleware {
else
extractAll(V2) orElse extractAll(V1)

fk(request.as[Array[Byte]].flatMap { byteArray =>
authHeaderTimeHeader.flatMap { authCtx: MAuthContext =>
val mAuthRequest: MAuthRequest = new MAuthRequest(
authCtx.authHeader,
byteArray,
request.method.name,
authCtx.timeHeader.toString,
request.uri.path.renderString,
request.uri.query.renderString
)

// this mimics MAuthDirectives in the akka package - really needed?
val req = if (!authenticator.isV2OnlyAuthenticate) {
mAuthRequest.setXmwsSignature(getHeaderValOrEmpty(V1.authHeaderName)) // dreadful mutating type
mAuthRequest.setXmwsTime(getHeaderValOrEmpty(V1.timeHeaderName))
mAuthRequest
} else mAuthRequest

authenticator.authenticate(req)(requestValidationTimeout).map(res => (res, authCtx))
}
}).flatMap { case (b, ctx) =>
fk(for {
strictBody <- request.toStrict(none)
byteArray <- strictBody.as[Array[Byte]]
authCtx <- authHeaderTimeHeader
mAuthRequest = new MAuthRequest(
authCtx.authHeader,
byteArray,
request.method.name,
authCtx.timeHeader.toString,
request.uri.path.renderString,
request.uri.query.renderString
)
req = if (!authenticator.isV2OnlyAuthenticate) {
mAuthRequest.setXmwsSignature(getHeaderValOrEmpty(V1.authHeaderName)) // dreadful mutating type
mAuthRequest.setXmwsTime(getHeaderValOrEmpty(V1.timeHeaderName))
mAuthRequest
} else mAuthRequest
res <- authenticator.authenticate(req)(requestValidationTimeout).map(res => (res, authCtx))
} yield res).flatMap { case (b, ctx) =>
if (b) http(AuthedRequest(ctx, request))
else logAndReturnDefaultUnauthorizedReq(s"Rejecting request as authentication failed")
}.recoverWith { case MdsolAuthMissingHeaderRejection(hn) =>
Expand Down

0 comments on commit e8c2b22

Please sign in to comment.