weavejester
commented
8 years ago What's the use-case?
Open erez-rabih opened 8 years ago
weavejester
commented
8 years ago What's the use-case?
erez-rabih
commented
8 years ago The use case is verifying webhook authenticity from Shopify: https://help.shopify.com/api/tutorials/webhooks#verify-webhook
I need to compare a given signature with a signature I make on the request body to make sure this is an authentic call from Shopify.
If I use the middleware I can't read the body myself to compare the signatures. I had to create a custom middleware to duplicate the body as two InputStream objects but that looks like a patch.
I believe developers should always have access to the original request as it was sent regardless of which middleware they chose to use.
This issue is related to #43 #31
weavejester
commented
8 years ago Rather than create a solution specifically for Ring-JSON, it might be better to create some middleware that reads the body InputStream, and then replaces it with a ByteArrayInputStream. The stream could also be added to an additional key for middleware that happen to replace the request body.
ska2342
commented
7 years ago GitHub seems to be doing exactly what shopify does. So, here is a gist outlining the solution I created after the short discussion in #43
https://gist.github.com/ska2342/4567b02531ff611db6a1208ebd4316e6
IMHO, that is perfectly fine the way it is.
Currently there is no way to access the original body of the request when using the middleware since the middleware reads and InputStream and there's no way to reset its position to 0.
I'd suggest at least assoc-ing the body string from here: https://github.com/ring-clojure/ring-json/blob/master/src/ring/middleware/json.clj#L14 to the request map for future reference.