NOJIRA make request body strict,

* request body is now consumed in one go and stored in memory * prevent occurrences of BodyAlreadyConsumedError
mdsol · Jul 8, 2024 · bf42749 · bf42749
1 parent 6f6b264
commit bf42749
Showing 1 changed file with 25 additions and 25 deletions.
diff --git a/...es/mauth-authenticator-http4s/src/main/scala/com/mdsol/mauth/http4s/MAuthMiddleware.scala b/...es/mauth-authenticator-http4s/src/main/scala/com/mdsol/mauth/http4s/MAuthMiddleware.scala
@@ -78,32 +78,32 @@ object MAuthMiddleware {
         else
           extractAll(V2) orElse extractAll(V1)
 
-      fk(request.as[Array[Byte]].flatMap { byteArray =>
-        authHeaderTimeHeader.flatMap { authCtx: MAuthContext =>
-          val mAuthRequest: MAuthRequest = new MAuthRequest(
-            authCtx.authHeader,
-            byteArray,
-            request.method.name,
-            authCtx.timeHeader.toString,
-            request.uri.path.renderString,
-            request.uri.query.renderString
-          )
-
-          // this mimics MAuthDirectives in the akka package - really needed?
-          val req = if (!authenticator.isV2OnlyAuthenticate) {
-            mAuthRequest.setXmwsSignature(getHeaderValOrEmpty(V1.authHeaderName)) // dreadful mutating type
-            mAuthRequest.setXmwsTime(getHeaderValOrEmpty(V1.timeHeaderName))
-            mAuthRequest
-          } else mAuthRequest
-
-          authenticator.authenticate(req)(requestValidationTimeout).map(res => (res, authCtx))
+      fk(for {
+        strictBody <- request.toStrict(none)
+        byteArray <- strictBody.as[Array[Byte]]
+        authCtx <- authHeaderTimeHeader
+        mAuthRequest = new MAuthRequest(
+                         authCtx.authHeader,
+                         byteArray,
+                         request.method.name,
+                         authCtx.timeHeader.toString,
+                         request.uri.path.renderString,
+                         request.uri.query.renderString
+                       )
+        req = if (!authenticator.isV2OnlyAuthenticate) {
+                mAuthRequest.setXmwsSignature(getHeaderValOrEmpty(V1.authHeaderName)) // dreadful mutating type
+                mAuthRequest.setXmwsTime(getHeaderValOrEmpty(V1.timeHeaderName))
+                mAuthRequest
+              } else mAuthRequest
+        res <- authenticator.authenticate(req)(requestValidationTimeout).map(res => (res, authCtx))
+      } yield res)
+        .flatMap { case (b, ctx) =>
+          if (b) http(AuthedRequest(ctx, request))
+          else logAndReturnDefaultUnauthorizedReq(s"Rejecting request as authentication failed")
+        }
+        .recoverWith { case MdsolAuthMissingHeaderRejection(hn) =>
+          logAndReturnDefaultUnauthorizedReq(s"Rejecting request as header $hn missing")
         }
-      }).flatMap { case (b, ctx) =>
-        if (b) http(AuthedRequest(ctx, request))
-        else logAndReturnDefaultUnauthorizedReq(s"Rejecting request as authentication failed")
-      }.recoverWith { case MdsolAuthMissingHeaderRejection(hn) =>
-        logAndReturnDefaultUnauthorizedReq(s"Rejecting request as header $hn missing")
-      }
     }
 
   def httpRoutes[F[_]: Async](requestValidationTimeout: Duration, authenticator: Authenticator[F])(