You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure if authentication header parsing should run before path parsing. Let's say we have two endpoints:
/a with authentication
/b
in that order. If a /b request comes in, without authentication, shouldn't the first endpoint be skipped, and only the second attempted? This is in-line with request <-> endpoint matching as defined by OpenAPI, that is that the endpoint is uniquely defined by the path + method combination.
Tapir version: 0.17.19
Scala version: 2.13.3
Describe the bug
Here authentication header decodes after path and method decoding.
How to reproduce?
Additional information
Authentication way from docs was not satisfied me, because
serverLogicForCurrent
runs after request body parsing. I found hack how to avoid it:Auth "middleware" for base header:
And
decodeFailureHandler
for 400 to 401 fix:It fixes body parsing but does not work for path codecs.
Anyway, my hacks is my problems. But in simple case with completely missing auth header tapir doesn't return 401 before path segments parsing!
The text was updated successfully, but these errors were encountered: