Tectu
commented
3 years ago I'm sorry for not having gotten back to you yet - I was stuck away from home handling some private matters...
Closed 0x00002a closed 3 years ago
Tectu
commented
3 years ago I'm sorry for not having gotten back to you yet - I was stuck away from home handling some private matters...
This adds support for access policies as a customisation point. The usage is similar to preflights and currently the only requirement is that its invocable with a
const boost::beast::http::request_header&and returnsstd::optional<malloy::http::response<...>>. The body type for the response can be anything.I've also added a basic http authentication policy, which uses template-based dependency injection for the base64 decoding. I think the implementation is correct but I didn't actually know how http authentication worked at the protocol level until I started writing it, so I'm not 100% on it (seems to work when testing with a browser though).
One important note is that policies are only checked for http requests (not websocket) and only once a handler is actually found for it. i.e. if no handler is avaliable for the specified route, no policies will be used even if they match.
Implements: #76