[MCC-961880] Add MAuthASGIMiddleware
#34
Conversation
|
I guess it is the path of less friction but I'm a little bit concerned with the approach. I guess creating another Python package even if hosted here in the same repo just for this would be overkill? |
probably we can make this as ASGI middleware: https://fastapi.tiangolo.com/advanced/middleware/ Flask is different (WSGI) so I think we should keep it as-is. |
|
hmm @jcarres-mdsol makes a good point, I just hadn't noticed it. it is also pretty easy to make a middleware for WSGI. I think we should do generic WSGI/ASGI middlewares for a future version 2.0.. as for this PR we can either:
FWIW, i prob would not bother to use this in that PoC we are doing and would instead wait for generic middlewares from 2.0. As for doing 2.0, i could prob get to that later this week. |
|
Actually:
think i will go with (4) unless someone has a preference |
sounds good to me 👍 FYI, the historical reason why we have Flask Mauth library is that we have combined this library into mauth-client-python: https://github.com/mdsol/flask-mauth |
🤔 |
|
@ykitamura-mdsol yea, you are correct. i missed 1.1.15 hiding between the RC tags when looking at the tag list on their github. should've just looked at their nicely formatted doc site 🤣 |
|
it might be good to have a "NoAppStatus" middleware also like the one we have in ruby or is there a way to not authenticate app_status calls? |
|
So in FastAPI you can mount an app with different middlewares onto the main app.. but it gets pretty weird in that you would need the main app to be open and have open_app = FastAPI()
protected_app = FastAPI()
protected_app.add_middleware(MAuthASGIMiddleware)
@open_app.get("/app_status")
async def app_status():
return {"msg": "ok"}
@protected_app.get("/")
async def root():
return {"msg": "protected root"}
open_app.mount("/apis", protected_app)But I can add an option to the middleware constructor for a list of exempt paths since that might be nicer. |
mauth_client/middlewares/asgi.py
Outdated
| def __init__(self, app: ASGI3Application, exempt: set = set()) -> None: | ||
| self._validate_configs() | ||
| self.app = app | ||
| self.exempt = exempt |
There was a problem hiding this comment.
Do we want to keep a reference or make a shallow copy of the set? As is, if a set is passed in, changes to that set will (potentially accidentally) change this exemption set in the middleware, which feels like it might be surprising behavior.
| self.exempt = exempt | |
| self.exempt = exempt.copy() |
(Also not sure what best practices are, but I typically like to set the argument to None and set the default here, since setting it in the arg list won't prevent someone from passing None in. e.g.
def __init__(self, app: ASGI3Application, exempt: set = None) -> None:
self._validate_configs()
self.app = app
self.exempt = exempt.copy() if exempt else set())
There was a problem hiding this comment.
for making a copy, yea good idea. will do.
for None as the default.. hmm does that mean we should change the typing notation to Union[set, None]?? theoretically the type hints should prevent them from passing a non-set for that arg. how about a compromise: raise TypeError if it's not a set?
There was a problem hiding this comment.
actually nevermind the compromise, i see the proper way to do type hints when using None default is to use Optional:
ejinotti-mdsol
changed the title
MAuthASGIMiddlewareMAuthASGIMiddleware
Adds a generic ASGI middleware for use with popular async frameworks like FastAPI.
@mdsol/architecture-enablement @omarmartinez325