Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/gf: if env is production,swagger or openapi set auth config,eg: auth or password #3898

Open
FTLLOVE opened this issue Oct 29, 2024 · 6 comments
Open

cmd/gf: if env is production,swagger or openapi set auth config,eg: auth or password #3898

FTLLOVE opened this issue Oct 29, 2024 · 6 comments
Assignees
@wangle201210
Labels
feature help wanted planned This issue/proposal is planned into our next steps.

Comments

@FTLLOVE
Copy link
Contributor

FTLLOVE commented Oct 29, 2024

What do you want to ask?

swagger setting auth config
@FTLLOVE FTLLOVE changed the title if env is production,swagger or openapi set auth config,eg: auth or password cmd/gf: if env is production,swagger or openapi set auth config,eg: auth or password Oct 29, 2024
@gqcn
Copy link
Member

gqcn commented Nov 14, 2024

I spent two hours thinking and figured out, he wants an authentication mechanism for swagger api path when he takes the whole project online in public.

We might provide basic auth mechanism in ghttp.Server/Request/Respose to validate the visitor.

@github-actions github-actions bot removed the inactive label Nov 14, 2024
@gqcn gqcn added feature help wanted inactive planned This issue/proposal is planned into our next steps. and removed question labels Nov 14, 2024
@github-actions GitHub Actions
Copy link

Hello @FTLLOVE. We like your proposal/feedback and would appreciate a contribution via a Pull Request by you or another community member. We thank you in advance for your contribution and are looking forward to reviewing it!
你好 @FTLLOVE。我们喜欢您的提案/反馈,并希望您或其他社区成员通过拉取请求做出贡献。我们提前感谢您的贡献,并期待对其进行审查。

@houseme houseme assigned houseme and unassigned houseme Nov 25, 2024
@wangle201210
Copy link
Member

Let me try adding this feature

@github-actions github-actions bot removed the inactive label Nov 25, 2024
@wangle201210 wangle201210 mentioned this issue Nov 25, 2024
Open
@UncleChair
Copy link
Contributor

Why not just adding an auth middleware for the /swagger and /api.json in production? Don't think this is problem.

@houseme
Copy link
Member

houseme commented Nov 25, 2024
edited
Loading

Why not just adding an auth middleware for the /swagger and /api.json in production? Don't think this is problem.为什么不直接在生产环境中为 /swagger/api.json 添加一个 auth 中间件呢?不要认为这是问题。

在中间件中获取不到路由path,目前这个方式需要由下往上改造, @gqcn 辛苦确认一下,或许直接在ghttp中加一个中间件,无需用户自定义中间件

@UncleChair
Copy link
Contributor

Why not just adding an auth middleware for the /swagger and /api.json in production? Don't think this is problem.为什么不直接在生产环境中为 /swagger/api.json 添加一个 auth 中间件呢?不要认为这是问题。

在中间件中获取不到路由path,目前这个方式需要由下往上改造, @gqcn 辛苦确认一下,或许直接在ghttp中加一个中间件,无需用户自定义中间件

单就openapi相关的参数的话,path可以通过config获取,然后可以直接操作路由:

path, err := g.Config().Get(ctx, "server.openapiPath")
if err != nil {
	return err
}
s.BindMiddleware(path.String(),
	service.Middleware().Auth,
	service.Middleware().IsAdmin,
)

这样应该是可以的?而且和项目自身的鉴权统一的话也更方便管理,感觉另外加一个单独的鉴权有点怪怪的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wangle201210 wangle201210

Labels
feature help wanted planned This issue/proposal is planned into our next steps.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@houseme @wangle201210 @FTLLOVE @gqcn @UncleChair