Faced a problem while trying to implement self-documenting API using Rho lib (https://github.com/http4s/rho) By requirements our Routes should be protected by Auth middleware (https://http4s.org/v0.21/auth/) and now swagger.json generated by Rho middleware is also required authentication. Here is the code:
def startApp(xa:Transactor[IO],appConfig: AppConfig): IO[ExitCode] = {
val stream = for {
authService <- Stream.eval(IO(new AuthService(appConfig)))
routes <- Stream.eval(IO(appRoutes(xa,appConfig,authService.middleware())))
...
} yield exitCode
...
}
def appRoutes(transactor: Transactor[IO],appConfig: AppConfig,authMiddleware: AuthMiddleware[IO,APIUser]): Kleisli[IO, Request[IO], Response[IO]] = {
val service = Router[IO](
baseDataPath -> authMiddleware.apply(
AuthService.Auth.toService(BootstrapAPI.supportedAPI(transactor, appConfig).toRoutes(swaggerRhoMiddleware))))
}
Is there any way to exclude swagger.json REST call from Auth protection?
I override the SwaggerSupport and extract the swagger route.
Then I use it like this: