Effect CommunityEC
Effect Community14mo ago
Elliot Dauber

Questions on Implementing Security Middleware and Custom Headers with HttpApi

hi! i have a couple questions about effect/platform HttpApi:

1. I am trying to implement a security middleware layer. i have defined it as below. The bearer token works great, but the projectKey doesn't work if the key is in the body instead of the query params, so for non-GET requests I'm not sure how to make this work, except to just implement a custom version where I parse the body manually. Is there a configuration where this is supposed to work?
security: {
    bearer: HttpApiSecurity.bearer,
    projectKey: HttpApiSecurity.apiKey({
      key: 'projectKey',
      in: 'query',
    }),
  },

2. one of my endpoints returns some custom headers that contain data that originates from the handler (it would be a little weird/awkward to do it in middleware). before using HttpApi, i was just returning an HttpServerResponse, so i could easily add custom headers. The way HttpApi wants you to do things is to just return a success payload from the handler and it gets transformed into a response. What's the cleanest way to do this? Similarly, there is a streaming option on the endpoint, which before I did like so. Is there a good way to represent this with HttpApi?
HttpServerResponse.stream(rawStream, {
   status: 200,
   headers,
});
Was this page helpful?