Comments (8)
I agree that extracting the headers is outside the scope of Twilight. There are multiple header implementations, for example, https://docs.rs/worker/latest/worker/struct.Headers.html and https://docs.rs/http/latest/http/header/struct.HeaderMap.html, and publically depending upon any of them mean tying ourselves to their major versions.
BTW, the example check_signature
signature needs an additional parameter for the signature.
from twilight.
We had a similar discussion about whether we want to inline validation, I think the best solution is to provide both a separate method and a method that chains validation and actual work. So in this case, both check_signature
and extract_interaction
, which does the checking itself.
from twilight.
- Providing a function which would make it easy to check the signature would be something im not opposed to.
- I would be against providing any further utilities like our own implementations for webservers.
There are many different crates out there and eventually we will have a bunch of middlewares we need to maintain.
Further more it shouldn't be that hard to get the headers of a request. To make it a little bit easier, we could additionally export the header names as constants. - I don't think we should overcomplicate that.
let is_valid = check_signature(timestamp, body, signature, key);
if !is_valid {
return Err("Body signature does not match.")
}
let interaction: Interaction = serde_json::from_str(body);
Sth. like this should be straight forward enough.
from twilight.
I agree that extracting the headers is outside the scope of Twilight. There are multiple header implementations, for example, https://docs.rs/worker/latest/worker/struct.Headers.html and https://docs.rs/http/latest/http/header/struct.HeaderMap.html, and publically depending upon any of them mean tying ourselves to their major versions.
Actually, I just realized that we could accept an iterator of (&str, &[u8])
, like how http-ratelimiting does it.
from twilight.
Actually, I just realized that we could accept an iterator of (&str, &[u8]), like how http-ratelimiting does it.
I'm unsure of whether this would be a reliable option.
Eg:
- actix-web provides an iterator of all headers but does not use strings but
HeaderValue
which does not implementToString
. - rocket provides an iterator but over
Header<'_>
where we need to call.value()
in order to get the data. - tide handles that different too.
from twilight.
let is_valid = check_signature(timestamp, body, signature, key); if !is_valid { return Err("Body signature does not match.") } let interaction: Interaction = serde_json::from_str(body);
I'd personally prefer an API that returns a result, similar to twilight-validate
, so that we can simply propagate with check_signature(timestamp, body, signature, key)?;
from twilight.
let is_valid = check_signature(timestamp, body, signature, key); if !is_valid { return Err("Body signature does not match.") } let interaction: Interaction = serde_json::from_str(body);I'd personally prefer an API that returns a result, similar to
twilight-validate
, so that we can simply propagate withcheck_signature(timestamp, body, signature, key)?;
Should it return the Interaction
in the Ok
variant, or just ()
so the check can be done with ?
and users handle doing the deserialization their selves?
let interaction = check_signature(timestamp, body, signature, key)?;
vs
check_signature(timestamp, body, signature, key)?;
let interaction: Interaction = serde_json::from_str(body);
(The former is why I named my initial suggestion extract_discord
, but it could be perfectly reasonable for someone to want to do the deserialization on their own, using their own model or their own parser other than serde_json
.)
from twilight.
Accordingly with the comment posted here: #2205 (comment),
I am closing this issue as "not wanted".
from twilight.
Related Issues (20)
- Unable to deserialize gateway ready event due to missing fields HOT 15
- [RFC] Flatten `PartialX` Types with `X`
- Support Media Channels
- Deserialization errors for members with joined_at=null HOT 1
- `Message.referenced_message` field doesn't exist or is `null` ambiguous
- Creating a ban does not delete any messages
- Investigate static HTTP form boundary
- Formatter macros HOT 10
- Editing a guild member (changing voice-channel) hangs indefinitely HOT 6
- Error message is unhelpful, and this doesn't require an error HOT 1
- Make `ListBody<T>` lazily deserializable HOT 4
- GuildCreate does not have guild_scheduled_event HOT 1
- Allow setting an initial resume_url on the Shard
- Seemingly unintentional limitations to update_guild_channel_positions HOT 1
- twilight-http: `Client::update_role_positions` uses wrong structure format
- Update lints used in Twilight
- Duplicate field error on Interaction when the `entitlements` field is present HOT 2
- Use Rustfmt Nightly HOT 6
- Ambiguity between Guild Joining and Unavailable Guilds becoming Available
- `ListApplicationEmojis`'s response body does not get deserialised into a list of `Emoji`s
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twilight.