poem icon indicating copy to clipboard operation
poem copied to clipboard

Published 20 hours ago verified publisher icon poem-web

How to use sessions with poem-openapi?

Open TheCataliasTNT2k opened this issue 2 years ago • 3 comments

You can use sessions like this with poem: https://github.com/poem-web/poem/blob/master/examples/poem/auth/src/main.rs. But how do you attach data to requests (Data used in poem) or use sessions in openapi? You start the server by using:

let api_service =
        OpenApiService::new(Api, "Title", "1.0").server(format!("{}:{}", host, port));
    let ui = api_service.swagger_ui();

    let app = Route::new().nest("/api", api_service).nest("/", ui);

    println!("Starting server at {}", server_url);
    Server::new(TcpListener::bind(format!("{}:{}", host, port)))
        .run(app)
        .await

instead of

let app = Route::new()
       .at("/", get(index))
       .at("/signin", get(signin_ui).post(signin))
       .at("/logout", get(logout))
       .with(CookieSession::new(CookieConfig::new()));
   Server::new(TcpListener::bind("127.0.0.1:3000"))
       .run(app)
       .await

So the with statement is not usable, is it? And if I have multiple API structs (like one for user, one for posts etc.), how to do it when the admin API should have other middlewares than the user API? Sadly, a lot of things shown in the examples for poem are missing in the examples for poem-openapi. This session thing, Data, and a lot more. What is #[oai(path = "/hello", method = "get")]? Is it documented somewhere? Where? I want to build an API, and a friend suggested poem-openapi instead of actix. It looks very promising, but either I am just blind, or these things are missing in the documentation right now.... An example for a middleware for "role based authentication" (admin, moderator, user, guest etc) would also be helpful...

EDIT: https://docs.rs/poem-openapi/latest/poem_openapi/attr.OpenApi.html#operation-parameters found this one for the #[oai] stuff, now the question with the session remains...

TheCataliasTNT2k avatar Dec 19 '22 22:12 TheCataliasTNT2k

You can also use poem's extractor in poem-openapi:

#[OpenApi]
impl Api {
    #[oai(path = "/hello", method = "get")]
    async fn index(&self, session: &Session) {
    }
}

sunli829 avatar Dec 21 '22 01:12 sunli829

How to do that? The session should be signed. I found a "solution" for this, but not really usable.... "It just works for now"

TheCataliasTNT2k avatar Dec 21 '22 16:12 TheCataliasTNT2k

It's unclear from the documents that whether I should use #[oai(transform)] or just .with.

Currently, I use .with with a separate poem handler rather than a OpenApi

https://github.com/dreamerlzl/zero2prod/blob/main/src/routes/mod.rs#L18 https://github.com/dreamerlzl/zero2prod/blob/main/src/main.rs#L27

dreamerlzl avatar Feb 27 '23 13:02 dreamerlzl