Closed camaeel closed 2 years ago
If you're using a framework like gin-gonic which takes over the response writer you need to ensure proper ordering of middlewares. I don't generally help sort out custom frameworks issues though. This library works fine with the stdlib http package and many other packages like chi and httprouter.
I just ran into this and did some debugging. If you're using the example from https://github.com/jesusvazquez/authboss-gin-sample that's using github.com/gwatts/gin-adapter to convert regular middleware into Gin middleware.
If you step through the flow in a debugger you see that authboss.LoadClientStateMiddleware
calls h.ServeHTTP
at the end of that method. If you step into that you'll find yourself in the github.com/gwatts/gin-adapter code, specifically here:
func (h *connectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
state := r.Context().Value(h).(*middlewareCtx)
defer func(r *http.Request) { state.ctx.Request = r }(state.ctx.Request)
defer func(w gin.ResponseWriter) { state.ctx.Writer = w }(state.ctx.Writer)
state.ctx.Request = r
state.ctx.Writer = swap(state.ctx.Writer, w)
state.childCalled = true
state.ctx.Next()
}
Note that swaps out the response writer via the swap
call which returns a swappedResponseWriter
which contains the original writer but hidden as a member. The defer
should swap it back when this returns but authboss
tries to use the writer before this method returns so you get the panic.
To make this work we'd need an alternative form of adapter but I'm not sure how that could work. authboss creates a new response writer derived from the http.ResponseWriter
but we can't just construct a Gin one from that because it's missing some of the data in gin's response writer (number of bytes written so far and status code to send). I might be missing something but I think this just won't work with gin.
Oh! It looks like maybe somebody found a workaround. This is a update to github.com/gwatts/gin-adapter
that has their swappedResponseWriter
implement the UnderlyingResponseWriter
interface: https://github.com/bscottm/authboss-worked/blob/6b1cea2dd7df0788790fbf6d48d4d25591aa5413/abossworked/adapter/ginWrap.go
When using with gin-gonic with authboss I get exception:
Reply steps:
Add
in main() after
router.GET("/status", status)
curl localhost:3000/admin/
-> an exception is thrown