Flexible Authentication Hook #9
Conversation
| @@ -159,15 +170,31 @@ func (conn *connection) readLoop(ctx context.Context, send sendFunc) { | |||
|
|
|||
| switch msg.Type { | |||
| case typeConnectionInit: | |||
| var initMsg initMessagePayload | |||
|
|
|||
There was a problem hiding this comment.
No need for empty line here. Please, remove it.
| continue | ||
| } | ||
| } | ||
| conn.authenticated = true |
There was a problem hiding this comment.
So if authenticateFunc is nil the connection is marked as authenticated? Why is that? This doesn't sound ok to me. Am I missing something? Should you move this line
conn.authenticated = trueinside of the if statement above it?
| send("", typeConnectionAck, nil) | ||
|
|
||
| case typeStart: | ||
|
|
There was a problem hiding this comment.
Unnecessary empty line. Please, remove it.
|
@fproulx-dfuse could you, please, use the opts to provide the authFunc as an option? |
|
Also, the code needs to be rebased. |
| ws wsConnection | ||
| authenticated bool | ||
| authenticateFunc AuthenticateFunc | ||
| request *http.Request |
There was a problem hiding this comment.
Why do you need the request as a field of the connection?
|
@fproulx-dfuse I just figured out that you can use a custom ContextGenerator and use it to access the request and its headers and store the auth info in the current context. |
|
any progress on this? @fproulx-dfuse |
|
@tot-ra contributions would be accepted. This PR is not in a mergeable state. |
According to Apollo
Authentication Over WebsSocketspec (i.e. https://www.apollographql.com/docs/graphql-subscriptions/authentication) the authentication credentials shall be passed in theconnection_initmessage payload asauthToken.In order to support this - and - more flexible authentication / authorization schemes which may require inspection of HTTP request headers in addition of the message payload, we add this optional
onConnecthook.