Closed zacharyburkett closed 2 years ago
Currently the goapi-gen request validation middleware performs security checks after other checks. This can result in getting a 400 error before a 401 when unauthed. Expected behavior is no other data would be returned if I'm unauthed.
Line in question https://github.com/discord-gophers/goapi-gen/blob/main/pkg/middleware/oapi_validate.go#L74
This can be fixed by calling openapi3filter.ValidateSecurityRequirements first in our middleware.
openapi3filter.ValidateSecurityRequirements
Currently the goapi-gen request validation middleware performs security checks after other checks. This can result in getting a 400 error before a 401 when unauthed. Expected behavior is no other data would be returned if I'm unauthed.
Line in question https://github.com/discord-gophers/goapi-gen/blob/main/pkg/middleware/oapi_validate.go#L74
This can be fixed by calling
openapi3filter.ValidateSecurityRequirementsfirst in our middleware.