Which reminds me, we've just added a repo of self ...
# http4k
d
Which reminds me, we've just added a repo of self contained example projects which showcase the various features of http4k. If there's anything you'd like to see then please let us know! https://github.com/http4k/examples
m
so it similar to Query though, thanks @dave
๐Ÿ™‚
m
Another question since I am using swagger ui How can I force swagger to get my customised header value and pass it to my API as a header value again?
d
the header will be available on the incoming request - see that example to see how it works
path parameters are extracted and passed to the function which creates the handler
m
I have bundled swagger ui in my project and pointed it into /my api/docs/swagger.json I want swagger to pass my header as well, so could I expect this from swagger?
Copy code
routes += "/foo" meta {
    summary = "my summary"
    description = "my desc"
    headers += Header.string().required("auth_token")
    receiving(myLens to MyDTO())
}
d
do you want to add a Security instead of a header?
m
yes I wanted to do that but for my case security is customised and I need to send auth_token as header value, I did not understand how to do it
could I do it using ApiKeySecurity?
d
I think you want to use an ApiKeySecurity with that Header lense passed to the constructor: https://swagger.io/docs/specification/authentication/
m
yes exactly, this is what I was looking for
Thanks
Another question: What if I want to do Authentication with oauth service provider same as keyCloak?
d
If it's standard oauth then it's built in, although we don't have a ready-made config for keycloak. There is an example of setting up the client config here: https://github.com/http4k/http4k-by-example/blob/master/src/main/kotlin/verysecuresystems/SecuritySystem.kt
m
Perfect I am falling in love with http4k
๐Ÿ˜€ 1
@dave how can I pass multiple headers params in ApiKeySecurity?
d
you can only do one header per ApiKeySecurity
you can compose the security instances with "this.and(that)"
m
but I can not combine two ApiKeySecurity right?
d
you can
I'm not sure what the UI will do TBH
m
UI shows the second one only
d
you need to override the "name" for one of them
Copy code
class ApiKeySecurity<out T>(val param: Lens<Request, T>,
                            validateKey: (T) -> Boolean,
                            authorizeOptionsRequests: Boolean = true,
                            val name: String = "api_key") : Security {
๐Ÿ‘Œ 1
m
This one fixed the UI but I do not know why it is not appending the second header
actually the second header for my case should be
origin
d
if works for me in my example of:
Copy code
security = ApiKeySecurity(Header.required("foobar2"), { true}, true, name="bob2").and(ApiKeySecurity(Header.required("foobar"), { true}, true, name="bob"))
you can see what it sends in the curl
Copy code
curl -X GET "<http://localhost:9000/api/whoIsThere>" -H "accept: application/json" -H "foobar2: asd" -H "foobar: dsa"
m
I am trying to send it using swagger UI, I can see two authorise button in the UI because of the two fields
Ah I got it
as the second header name is `origin`as I mentioned and it is being overwritten somewhere
d
cool. FYI: once you "execute" the swagger request, it shows the request that was sent as a curl. so you can see that it was doing the correct thing ๐Ÿ™‚
๐Ÿ‘Œ 1
m
How can I exclude some urls for the security? let say I want to exclude /ping
d
Override the security for the route with NoSecurity
๐Ÿ™ 1
m
Copy code
fun getMyRoute(): ContractRoute {
    val spec = "foo" / Path.of("name1") /  Path.of(name2) /"bar1" / "bar2" meta {
        summary = "summary"
        description = "description"
    } bindContract Method.PUT
    return spec to { s: String, s1: String, s2: String, s3: String -> ::myhandler() }
}
I do not get why I need to write spec to httpHandler like this to work.
d
short answer - the kotlin type system isn't good enough
๐Ÿ™‚
it's because of the way the lenses work
m
yes I guessed that, so I was wondering how does your samples work in the documents?
d
it should all be consistent. can you show me if it's not pls?
m
It does not work on my case, the sample should be consistent
d
so when you've got a suffix, you always end up with a "dead" parameter. This is unavoidable because of how the API works. the value injected into the lambda is always the value in quotes.
for leading parameters, this is not the case
(because it just concatenates the prefix)
but once you have a dynamic parameter, we are forced to split it
m
yes I experienced exactly the same thing
d
then it's working as expected ๐Ÿ™‚