verk_web
verk_web copied to clipboard
edgurgel
Authorization requires compile time settings
Since Endpoint is all macros it checks :authorization config during verk_web compile time. Since compiling dependency happens only once, changing config after dependencies have been compiled has no effect. I think the reasonable solution would be to have a plug that checks the config on init. BasicAuth does exactly that, but because of https://github.com/edgurgel/verk_web/blob/master/lib/verk_web/endpoint.ex#L39 it is not even loaded.
It probably could be something simple like this:
defmodule VerkBasicAuth do
@behaviour Plug
def init(_opts) do
if Application.get_env(:verk_web, :authorization) do
BasicAuth.init(use_config: {:verk_web, :authorization})
else
:no_auth
end
end
def call(conn, :no_auth), do: conn
def call(%{request_path: "/verk" <> _} = conn, opts), do: BasicAuth.call(conn, opts)
def call(conn, _), do: conn
end
Ahh, actually this won't work, as stated in Plug docs init might be called during compilation.
I have submitted a PR in Verk to address this kind of issue by leveraging Confex. Happy to submit a PR here to do the same.
@tlvenn, I don't think this issue is related to environment variables versus application configuration. I may be completely wrong here but the issue here is that the plug is added at compile time.
Good catch @edgurgel. With Phoenix 1.3, you can leverage load_from_system_env to solve this problem:
@doc """
Dynamically loads configuration from the system environment
on startup.
It receives the endpoint configuration from the config files
and must return the updated configuration.
"""
def load_from_system_env(config) do
config = Confex.process_env(config)
unless config[:secret_key_base] do
raise "Set SECRET_KEY environment variable!"
end
{:ok, config}
end
https://github.com/Nebo15/pkcs7_verify.api/blob/master/lib/pkcs7_verify_api/web/endpoint.ex#L30