riannucci
commented
8 years ago Wondering if there's any intent to pull this?
It would be super-handy for centralizing more advanced authorization logic (like fine-grained group membership/ACL checks). In fact, if there was a way to get the validated/decoded request body too, that would be fantastic. I'd like to have a static mapping of endpoint->authorization_functions and be able to ensure that it is applied consistently to all endpoint handlers within a given service. Right now I have to copypasta boilerplate (with duplicated method names to do map lookups) at the top of each endpoint handler... always nervous that we'll add/modify a handler and the boilerplate will have a bug (point at the wrong method, handle the error improperly, omit the boilerplate entirely, etc.)
Add EndpointInfo() method to pull the ServiceInfo and MethodInfo of the current endpoint out of the Context.
Defer generation of the context to after the service/method have been identified. This prevents unnecessary setup operations (including AppEngine binding), until after the request is verified to be referencing a valid endpoint.
This is a focused landing of the embedding portion of #125 built on top of #126 as requested.