Comments (6)
Hey @danielgtaylor, I hit a similar limitation trying to send headers for errors and found this issue.
I'm implementing a route-specific secondary rate limiter (after a general IP-based limiter) that exponentially increases the required time between password resets based on the POSTed email address.
It seems that:
- the middleware approach won't work because it hasn't unmarshalled and validated the request body at that point.
- the handler approach won't work because I can't send rate limit headers back with a 429 status.
- transformers would split up my rate limiting logic between the handler and transformer with a custom error in between.
I've reviewed the wrapping solution in #387 and it would work well for me.
from huma.
@danielgtaylor the provided approach looks great! I took a close look at it over the weekend. I just don't feel it works in a "Huma-way" because all the rest is so well thought and designed that it feels we are missing something here. But I just can't put my finger on it. For now I would say "let's go with it" and we can always think of a new approach down the road.
from huma.
@victoraugustolls that's true, though you can use middleware to set some headers (e.g. if you never want caching, or to set rate limits, etc).
Take a look at #387 which is a proposal for enabling headers on error responses.
from huma.
I took a quick look in the cellphone (at the gym right now) and it got me thinking: wouldn't it be more natural for the user to define "header" tags in an error as an error response than to create a new error type? This would follow existing request approach. WDYT?
from huma.
@victoraugustolls sort of, and I like the desire for consistency of response headers. It's actually a bit complicated for a few reasons:
- We want a single error type shared between all operations and error responses for consistency, and I'm not sure how to define the headers while also letting you use stuff like
huma.Error404NotFound
utilities. - Only some operations may set the headers, so documenting them for all operations seems wrong.
- Errors in Go are weird...
error
is just a small interface that says nothing about how it'll be used or marshaled, and the idiomatic way in modern Go to augment errors with additional information is by wrapping and then usingerrors.Is
orerrors.As
. - Using
error
was in itself kind of a compromise to enable handlers to return one success response and any number of error responses in a sane way that's also idiomatic.
For my prototype implementation in #387 I went with the wrapping approach, but it's not perfect either. As you pointed out, it's different from the existing non-error response headers, and it also means error headers are not automatically documented in the OpenAPI. I'm not too concerned about that as you can still manually document them.
Anyway I'm happy to have people chime in on alternative ideas/implementations and the pros/cons. I'll hold off on merging my PR for a bit until we can get some kind of consensus.
from huma.
@victoraugustolls any additional thoughts on this? Should I continue to hold off on the implementation?
from huma.
Related Issues (20)
- Fiber adapter NewWithGroup should accept fiber.Router interface
- Getting "Example cannot be created for this schema" in stoplight Response Example section. HOT 4
- Parameters description added to incorrect level HOT 3
- Panic in OnAddOperation HOT 2
- How to add versioning to my API using huma? HOT 7
- Register routes functionality with middlewares HOT 3
- Api grouping bug - /openapi.yaml request from the docs page does not consider the groups HOT 2
- huma.NewError doesn't support error wrapping. HOT 3
- Support Discriminator and DiscriminatorMap HOT 2
- Add more tests for cookie HOT 3
- Add custom header from SSE Handler HOT 3
- How should nullable query params be handled without pointers? HOT 4
- Add support for netip.Addr HOT 1
- Forwarding headers through the middleware not working HOT 5
- Override ErrorModel for single operations HOT 6
- Feature: Accept valueless path/query/header/cookie tags
- Docs UI doesn't handle multiple cookies properly HOT 1
- Allow custom Transform for nested objects HOT 2
- Error thrown when setting cli name HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from huma.