Fork me on GitHub
Slack Archive

This page is not created by, affiliated with, or supported by Slack Technologies, Inc.

2021-07-19

Channels

#reitit
<
2021-07-19
>
n2o14:07:21

Has anyone ever tried to restrict access to the swagger-ui, e.g. using Basic Auth?

plins23:07:08

yep you need to add a middleware to the swagger route that checks for the presence of the header

n2o19:07:51

Great, I tried this without success so far 😄 did you use buddy? @U3QUAHZJ6

plins14:07:56

no buddy experience but: the middleware needs to check if there is a Authorization: Basic .... header if the header is there, decode it and check its contents, if its not then return 401 with the WWW-Authenticate: Basic realm="User Realm" and the browser will ask for the crendentials

plins15:07:59

attach that middleware to the swagger html endpoint or the json endpoint (I dont remember which one Ive used)

plins23:07:34

Im having a hard time understanding why this request gets parsed correctly in this first example everything is parsed as expected 

clj => (do (prn (:headers request)) (prn (-> request :parameters :body))
{"user-agent" "Restler/0.17.6 (android)",
 "host" "192.168.1.200:3002",
 "accept-encoding" "gzip, deflate, br",
 "content-length" "18",
 "content-type" "application/json"}
{:employees [1]}
but here it fails 
{"te" "gzip, deflate; q=0.5",
 "user-agent"
 "Dalvik/2.1.0 (Linux; U; Android 9; SM-A530F Build/PPR1.180610.011)",
 "connection" "keep-alive",
 "host" "192.168.1.200:3002",
 "accept-encoding" "gzip",
 "content-length" "86",
 "content-type" "application/json"}
"{\"employees\":[1]}"

plins23:07:40

both have the correct content type why only one is being parsed?