aldas
commented
2 months ago I do not know if this is a good idea for longrun and from your own maintenance standpoint. Basically you are introducing "magick" into your code that every new field can be automatically bound from request.
Lets say you have user struct you are binding to
type user struct {
ID uint64
}and you add IsAdmin field to it
type user struct {
ID uint64
IsAdmin bool
}now with this binder configuration you can automatically bind to that field. This is potentially unsecure.
Echo forcing you to add struct tags explicitly forces user to think what he/she is doing.
It seems that this this configuration te binder will automatically use Path variables, Query params and Form values as source.
Lets say you have route like that
e.Any("/product/:id/action", func(c echo.Context) error {
type payload struct {
ID uint64
id uint64
}
p := payload{}
if err := c.Bind(&p); err != nil {
return err
}
return c.JSON(http.StatusOK, p)
})and you send following POST request
curl -v 'http://localhost:8080/product/111/action?id=222&ID=333' \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "id=444&ID=555"NB: Golang standard library form parsing logic takes form field values from body and query string!
or GET request
curl -v 'http://localhost:8080/product/111/action?id=222&ID=333'What is the expectation? Values could be taken from path params, query string for GET request. For POST request fields could be bound from path and body. For form post the source could be even path+query+body.
Now try same request with that payload definition being
type payload struct {
ID uint64 `param:"id"`
id uint64
}What is the expectation?
recently been using echo and even porting apps to echo from net/http and others.
i have added some tiny improvements in struct binding:
(*Echo).Bindercontinues to work as it is(*Echo).Binder = echo.BinderWithFallback())-it is skipped (similar behavior as encoding/json)-field is extremely unlikely and us gophers already treat it as a skipper (from well known behavior of json and others)