search

zio / zio-http

A next-generation Scala framework for building scalable, correct, and efficient HTTP clients and servers
https://zio.dev/zio-http
Apache License 2.0
748 stars 380 forks source link

Replace Endpoint middleware concept with Security concept #2888

Open jdegoes opened 1 month ago

jdegoes commented 1 month ago

Right now, we cannot enforce that endpoint middleware is actually implemented (it's a very complicated problem that cannot be solved in time for release). Simultaneously, we cannot document security requirements of endpoints.

To fix this issue, we should instead use a sealed trait AuthType, or similar, which is placed into Endpoint. Based on this, we can generate OpenAPI documentation, as well as potentially even leverage this information in the automatic HTTP client.

sealed trait AuthType {
  type ClientRequirements
  type ServerRequirements
}
object AuthType {
  case object Basic extends AuthType {
    type ClientRequirements = ...
    type ServerRequirements = ...
  }
  ... 
}

Note that endpoint auth type would still be a type parameter, albeit constrained (Z <: AuthType). The reason is to statically retain the type members inside the AuthType value, so they can be used by client and server.

This requires more R&D but should address all of the issues with endpoint middleware that we have, currently. The question is, can we do it in time? 😄

jdegoes commented 1 month ago

/bounty $1500

algora-pbc[bot] commented 1 month ago

💎 $1,500 bounty • ZIO

Steps to solve:

  1. Start working: Comment /attempt #2888 with your implementation plan
  2. Submit work: Create a pull request including /claim #2888 in the PR body to claim the bounty
  3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to zio/zio-http!

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🔴 @987Nabil Jun 6, 2024, 7:04:48 PM #2947
🟢 @promisingcoder Jul 2, 2024, 10:05:25 PM WIP
987Nabil commented 1 month ago

/attempt

Algora profile Completed bounties Tech Active attempts Options
@987Nabil    35 ZIO bounties
+ 1 bounty from 1 project
Scala
Cancel attempt
algora-pbc[bot] commented 3 weeks ago

@987Nabil: Reminder that in 7 days the bounty will become up for grabs, so please submit a pull request before then 🙏

algora-pbc[bot] commented 2 weeks ago

The bounty is up for grabs! Everyone is welcome to /attempt #2888 🙌

987Nabil commented 2 weeks ago

/attempt

987Nabil commented 2 weeks ago

Will be streaming the impl. tomorrow or on the weekend

promisingcoder commented 5 days ago

/attempt #2888

algora-pbc[bot] commented 11 hours ago

💡 @987Nabil submitted a pull request that claims the bounty. You can visit your bounty board to reward.

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.