search

poem-web / poem

A full-featured and easy-to-use web framework with the Rust programming language.
Apache License 2.0
3.51k stars 283 forks source link

How to use sessions with poem-openapi? #457

Open TheCataliasTNT2k opened 1 year ago

TheCataliasTNT2k commented 1 year ago

You can use sessions like this with poem: https://github.com/poem-web/poem/blob/master/examples/poem/auth/src/main.rs. But how do you attach data to requests (Data used in poem) or use sessions in openapi? You start the server by using:

let api_service =
        OpenApiService::new(Api, "Title", "1.0").server(format!("{}:{}", host, port));
    let ui = api_service.swagger_ui();

    let app = Route::new().nest("/api", api_service).nest("/", ui);

    println!("Starting server at {}", server_url);
    Server::new(TcpListener::bind(format!("{}:{}", host, port)))
        .run(app)
        .await

instead of 

 let app = Route::new()
        .at("/", get(index))
        .at("/signin", get(signin_ui).post(signin))
        .at("/logout", get(logout))
        .with(CookieSession::new(CookieConfig::new()));
    Server::new(TcpListener::bind("127.0.0.1:3000"))
        .run(app)
        .await

So the with statement is not usable, is it? And if I have multiple API structs (like one for user, one for posts etc.), how to do it when the admin API should have other middlewares than the user API? Sadly, a lot of things shown in the examples for poem are missing in the examples for poem-openapi. This session thing, Data, and a lot more. What is #[oai(path = "/hello", method = "get")]? Is it documented somewhere? Where? I want to build an API, and a friend suggested poem-openapi instead of actix. It looks very promising, but either I am just blind, or these things are missing in the documentation right now.... An example for a middleware for "role based authentication" (admin, moderator, user, guest etc) would also be helpful...

EDIT: https://docs.rs/poem-openapi/latest/poem_openapi/attr.OpenApi.html#operation-parameters found this one for the #[oai] stuff, now the question with the session remains...

sunli829 commented 1 year ago

You can also use poem's extractor in poem-openapi:

#[OpenApi]
impl Api {
    #[oai(path = "/hello", method = "get")]
    async fn index(&self, session: &Session) {
    }
}
TheCataliasTNT2k commented 1 year ago

How to do that? The session should be signed. I found a "solution" for this, but not really usable.... "It just works for now"

dreamerlzl commented 1 year ago

It's unclear from the documents that whether I should use #[oai(transform)] or just .with.

Currently, I use .with with a separate poem handler rather than a OpenApi

https://github.com/dreamerlzl/zero2prod/blob/main/src/routes/mod.rs#L18 https://github.com/dreamerlzl/zero2prod/blob/main/src/main.rs#L27