Comments (2)
mikestead
commented on May 17, 2024
@jamesskinner Thanks for digging this one out, good find.
What if we move the exception catching to only target the direct middleware.
function authorize(req, res, next) {
return Promise.all(...)
.then(() => next(), e => next(e))
}I think that was my original intention. There's no reason this middleware should be special in being responsible for capturing errors down the chain in other middleware.
from swagger-routes.
jamesskinner
commented on May 17, 2024
@mikestead I think (and just tested) the problem then is then is that nothing is handling the rejection. In this scenario, (i.e. next() throws an error), the promise that is returned from authorize will be rejected, but nothing is handling this promise so the rejection will go unnoticed.
In a way it would be better as you get the unandledRejection warning
I am actually not sure what the solution here is beyond dropping support for promise based "authorizers" and removing the promises from this function. Looking at this, it does seem there might be a bug there anyway
form https://github.com/mikestead/swagger-routes/blob/master/src/routeSecurity.js#L63:
try {
const result = authorizer(req, res, err => err ? reject(err) : resolve())
if (result && result.catch) result.catch(e => reject(e))
} catch(e) {
reject(e)
}
Looks like there should be a result.then(resolve) line somewhere. If that is correct then technically removing support will not break anything :-)
from swagger-routes.
Related Issues (15)
- Removing an API, adding an API using JSON and preventing handler generation. HOT 4
- Parameter with an array is not being validated and maybe not parsed correctly HOT 5
- Support for OpenAPI 3.0 HOT 6
- Response validation
- Unexpected fields validation HOT 1
- Help on usage HOT 3
- Not initializing on Windows
- Support for restify 7.x and 8.x HOT 2
- Order of excecution of security handlers
- formData required validation HOT 2
- `apiSpecs.js` broken after axios update
- Split apiSpecs into separate module
- path.id is not of a type(s) integer HOT 1
- Array items failing validation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swagger-routes.