Accessing the Request Body in Plug

LeakyBucket · August 20, 2018, 7:55pm

I have a question about getting consistent access to the Request Body in Plug.

According to the documentation for Plug.Conn.read_body the body is consumed once it is accessed.

If you need to access the body multiple times, it is your responsibility to store it. Finally keep in mind some plugs like Plug.Parsers may read the body, so the body may be unavailable after being accessed by such plugs.

I’m trying to figure out a good way to build a Plug that plays nicely in an ecosystem where downstream code relies on Plug.Parsers handling JSON but some routes need to verify a signature on the raw request body? Is this possible at all or do I need to put a service in front of everything to block unsigned requests to the protected endpoints?

sribe · August 20, 2018, 8:09pm

It’s not that hard to add your own plug in the pipeline first which reads the body and stashes a copy (or reads it and validates a signature). Sorry I don’t have access anymore to my code that does that.

easco · August 20, 2018, 8:12pm

Do you really need to rely on Plug.Parser to handle the JSON for you… or could your verification plug read the body and put the JSON into the Conn in the same place that Plug.Parsers does (so it takes up the responsibility of validating what it needs to AND parsing the JSON)?

LostKobrakai · August 20, 2018, 8:21pm

https://hexdocs.pm/plug/Plug.Parsers.html#module-custom-body-reader

LeakyBucket · August 20, 2018, 8:44pm

Ha, I was in the wrong part of the docs, thanks.

suprafly · December 2, 2019, 5:51pm

This was a really useful post for me, thank you!