how to persist and reuse http body in strict server boilerplate

[humbledshuttler]

Hi,

we are using oapi-codegen for a go-gin web server. For one of our endpoints(that serves as a webhook), for security and validation purposes we need the http body raw bytes. Reading through the generated server biolerplate, it seems like the oapi-codegen generated code will bind the json body to the request's body struct and then the http body is no longer available to read. More specifically, ctx.ShouldBindJSON(&body) is used in the generated code. Are there options that can be used to tell the generator to use ctx.ShouldBindBodyWith ?

Also curious to hear from others, what are my other options to persist the body raw bytes and read it in a middleware?

[danspts]

Same - can't perform HMAC validation on the webhook

I propose that we can create a flag to generate the middlewares before the body is read or that it runs something like c.Request.Body = io.NopCloser(bytes.NewReader(body))

In general a request can be blocked before the content is ever read so I think it's an expensive operation to do reflections on the body in that case.

If needed I can contribute to add that flag

[humbledshuttler]

@danspts for now I am adding gin native middlewares that run before the body is read(the sequence of operations are gin middlewares -> request parsing & binding -> middlewares from oapi-codegen -> request handler. This solution does not seem too bad to me; but i would like to see an option where we dont have to use gin-native middleware as using a mixture of middleware is confusing and could run into unknown issues, if not done carefully.

[SBhanushali]

@humbledshuttler we faced similar issue and we are doing similar to how kin-openapi has handled the body in ValidateRequestBody method by first reading it to a variable and then again putting it back https://github.com/getkin/kin-openapi/blob/2de45f70d4afe6446074321af3f6d542e91f7f0d/openapi3filter/validate_request.go#L254