Comments (4)
JamieREvans
commented on May 21, 2024
1
I think a 422, unprocessable entity, is the right exception for the error handler to receive. 400 means the HTTP request was faulty, but 422 means that the request cannot be served as requested. It says less than 404 or 403, in my mind.
from canary.
cpjk
commented on May 21, 2024
You might be able to accomplish what you're looking for with https://github.com/cpjk/canary#specifing-database-field
However, if you want a more custom authorization solution, it is fairly simple to do it yourself using custom plugs (and Canada as well if you like the can? user, :action, thing API). 😺
from canary.
JamieREvans
commented on May 21, 2024
Sorry for any confusion, @cpjk. What I meant was that if someone using canary with the default id field, which, in Ecto, only supports numbers, if a string is passed in the id field, Canary throws an exception in the plug before we're able to even catch / wrap it. We'd have to build a plug ahead of Canary for all connections to make sure the ID field isn't a string, which seems a little crazy.
I would suggest having Canary catch common exceptions like this, especially if it's just for a simple web app that uses basic Phoenix routing with object ids in the url, since the urls would be very susceptible to having bad IDs.
It is just a shame to see a server crash for something like this.
from canary.
cpjk
commented on May 21, 2024
Ah, I understand. What do you think would be the appropriate catching behaviour from canary?
Maybe return a 404? Maybe forbidden so as to not give anything away about URL structure.
from canary.
Related Issues (20)
- does canary integrate with guardian db? HOT 16
- Abilities for multiple models HOT 6
- Channels example? HOT 2
- Error when building for prod HOT 5
- not_found_handler not work HOT 11
- Compile warnings for elixir 1.4 HOT 1
- non_id_actions option on Hex HOT 2
- Use of non_id_actions: is not documented HOT 1
- How to restrict a user to see/update/delete his own posts only? HOT 2
- Adding permissions for nested models HOT 2
- Should unauthorized_handler really trigger before not_found_handler? HOT 2
- Update readme HOT 2
- nil comparison forbidden HOT 1
- Readme does not match warning - Anonymous Users HOT 2
- Update hex.pm and version HOT 1
- search for a resource using a field other than the default :id and multiple fields are required to define the resource HOT 1
- The parent nested resource does not handle errors
- Compatibility with Phoenix 1.4 HOT 2
- Weird application warnings and sometimes compile issues
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from canary.